On Dienstag, 3. März 2015 13:10:43 CET, Jan Kundrát wrote:
What do others think, should we make this user-configurable?
While the OP is largely exaggerating on the topic, this might be a valuable
feature for some very exposed people, who're likely subject to specialized
attacks (we're not talking about ransomware, but industrial or political
espionage here)
The attack vector is that the "attacker" fishes your UA out of some public
mail or from a mail server and uses that information to forge an attack by
mail (exploiting a vulnarability in the SW stack)
Obviously, such potential victim will have to protect itself on many fronts
(ie. the UA of a browser is just as much a problem) and will likely rather
run every process in a virtual machine, apply MDA scans, fix software on
known issues and likely uses no GUI SW stack at all - so I'd question the
relevance of such scenario (an attack by a malicious mail server is far
more likely, so stashing trojitá here makes sense)
The reason of the User-Agent header is likely to allow the other side to
apply quirk modes for particular MUAs, known to be broken (ie. send junk) -
since we do not intend to send junk ;-) the UA seems superfluous (but for
statistic/advertising reasons =)
tl;dr
I don't think removing the header field will gain you anything, but don't
think we really need it either.
My advice to the OP btw. would be to NOT rely on the MUA here at all, but
have the MSA or even a proxy strip all non-whitelisted headers (ie.
likewise protect against unwanted B/CC or other information exposure)
Cheers,
Thomas
PS:
This *IS* "security by obscurity" - the vulnarability is stashed.
However, security by stashing oneself is, unlike security by stashing a
process, actually real.
