SSL/TLS-configuration in KDE 4.3

John john_82 at tiscali.co.uk
Fri Sep 4 22:56:02 BST 2009 

On Friday 04 September 2009 13:53:24 Boyd Stephen Smith Jr. wrote:
> In <200909041312.26461.john_82 at tiscali.co.uk>, John wrote:
> >Dare I mention how it's impossible to add to the address book once kwallet
> > has been activated without editing files.
>
> That doesn't make sense to me.  I just KWallet for all my passwords for KDE
> 3.5 and KDE 4.2 and I have no problem editing and adding to my address book
> when it is open.
>
> > I'm also
> > concerned about the fact that there is clearly a back door into the
> > system.
>
> Details?
I'm running kde 3.5.7 release 92.9 and kmail 1.9.6 enterprise suse 64bit
 Say I right click an email address in from and select add to address book I 
get

The address book '/home/john/.kde/share/apps............' is locked by 
application ''.
If you believe this is incorrect, just remove the lock file 
from '/home/john...................

If I open the address book and select and entry and delete it I get the same 
message and the deleted entry disappears. If I close the address book and 
open it again it's there again. This also leaves me wondering why an 
application can read the files without having obtained a password but maybe 
the kmail start up password explains this.

The backdoor goes back to a spooky experience on here. I asked how to recover 
email passwords from kmail. I had lost my hard copy of them. The thread 
eventually suggested that I should really use kwallet to protect the password 
files and my address book as they are not secure. Next thing my address book 
and email password files had gone. This is too spooky to be a coincidence. 
The install is as per suse and I haven't activated anything that could allow 
this to happen. Also checked for root kits etc. On top of this I have 
wondered if Kevin posts via a proxy to protect himself - just on the basis of 
a question he asked some time ago. One thing for sure my email files 
disappeared at an extra ordinarily appropriate time to leave me feeling a 
more than a little paranoid on this subject.  I have also gone through rites 
and sharing etc. No clue there either. My set up also flies through all of 
the grc.com checks. Pity there isn't a site that aims the checks specifically 
at a linux machine.

These days I take steps to ensure that back tracing my emails to the list are 
highly unlikely to lead to my machine but the mechanism some one used must 
still be there.

John
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list