MSGID: 2:221/1.58@fidonet 07d3e0e4   
   PID: OpenXP/5.0.57 (Win32)   
   CHRS: ASCII 1   
   TZUTC: -0400   
      
   cc: INTERNET, MOBILE, SECURITY, SN_INTEL   
      
   > https://www.kuketz-blog.de/mailbox-org-entdeckt-    
   unverschluesselte-passwortuebertragung-in-mymail/   
   >   
   > Severe safety issue in mymail app found.   
      
      
   Google Translate yields --   
      
    mailbox.org discovers unencrypted password transmission in myMail   
      
   The mailbox.org team recently discovered a critical   
   vulnerability in the myMail client for iOS, which leads to   
   unencrypted transmission of user passwords and emails.   
      
   mailbox.org became aware of the problem after customers pointed   
   out transmission errors in the user forum that occurred when   
   sending emails via the myMail client. After examining the logs,   
   the team found that the myMail app was attempting to transmit   
   passwords without the otherwise required TLS encryption . After   
   the connection was established, the app did not send the usual   
   STARTTLS-Kommando, but instead continued to transmit the user's   
   unencrypted login data. This enabled mailbox.org to extract or   
   read the passwords from the connection logs.   
      
   According to Peer Heinlein, managing director of mailbox.org,   
   their e-mail servers consistently reject such unencrypted   
   connections in order to ensure user security. This is the only   
   reason why the connection attempts of the myMail app failed, so   
   that users and postmasters of mailbox.org were taken aback.   
      
   This problem is not only relevant for mailbox.org customers: It   
   also represents a general security risk for all users who use   
   the myMail client. Content and passwords can be read and tapped   
   by third parties, especially if the users are in an open   
   network (e.g. WiFi airport, train, etc.). If other providers   
   allow unencrypted connections and are used in connection with   
   the current version of the myMail app, attackers can also read   
   the content of the unencrypted e-mails.   
      
   Therefore, mailbox.org strongly recommends not using the myMail   
   client in connection with their service or other e-mail   
   providers until the developers of the app have fixed the   
   security problems. There are numerous alternative email clients   
   that offer higher security standards and protect privacy   
   better. At the same time, the current incident once again   
   underlines the importance of communicating exclusively via   
   systems that are configured securely and enforce encryption.   
      
      
   --- OpenXP 5.0.57   
    * Origin: A turtle that surfs the dark web. [o] A TORtoise (2:221/1.58)   
   SEEN-BY: 1/123 10/0 1 15/0 90/1 92/1 103/705 105/81 106/201 123/131   
   SEEN-BY: 129/305 153/7715 154/10 203/0 214/22 218/0 1 700 840 850   
   SEEN-BY: 218/860 880 221/1 6 360 226/30 227/114 229/110 112 113 206   
   SEEN-BY: 229/275 307 317 400 426 428 452 470 550 664 700 240/1120   
   SEEN-BY: 266/512 280/464 5003 282/1038 292/854 301/1 113 317/3 320/219   
   SEEN-BY: 322/757 342/200 396/45 423/81 460/58 633/280 712/848 5020/1042   
   PATH: 221/1 301/1 218/700 229/426