Subgraph - BlogSubgraphhttps://subgraph.com//blog/index.fr.htmlSubgraphikiwiki2017-09-23T20:42:58ZSubgraph OS September 2017 ISO Availabilityhttps://subgraph.com//blog/subgraph-sep2017-iso-availability/2017-09-23T20:42:58Z2017-09-22T22:00:00Z
<h1 id="anewsubgraphosalphaisoisavailablefordownloadsgosdownload.">A new Subgraph OS Alpha ISO is available for <a href="https://subgraph.com/sgos/download/">download</a>.</h1>
<p>This is a release mainly targeting some bugs that were present in the
last available ISO. </p>
<p>We are working on some major new features that aren't
done yet or aren't yet robust enough to be included in a release to users.
Some of those new features are described below.</p>
<p>We really should have released an ISO sooner than this as there were
some annoying bugs that got in the way of new users trying Subgraph
OS for the first time. We've setup a new, more aggressive release
schedule and should be making non-release ISO builds available as
we produce them monthly.</p>
<h2 id="newfeatures:alpharelease4">New features: Alpha release 4</h2>
<p>Ther are <em>some</em> new features in this ISO. Note that existing users
should have most of these, as Subgraph is a rolling release distro. </p>
<p>One exception is the HexChat default configuration for use with SOCKS5,
implemented with a default config put in /etc/skel/.config/hexchat.</p>
<h3 id="multi-bridgeincludingclearnetsupportinoz">1. Multi-bridge (including clearnet) support in Oz</h3>
<p>Oz now has support for an arbitrary number of named bridges to be created
and attached to sandboxes to support flexible layer 3 network exits. We have
included chromium as the first default configuration that uses this
feature to provide a clearnet browser. To get the chromium clearnet browser,
just run:</p>
<p><code>
sudo apt-get install chromium
</code></p>
<p>..and chromium should be setup as the clearnet browser in Subgraph OS. We
will likely include chromium in the next ISO.</p>
<p>There is also a proof-of-concept implementation for launching OpenVPN
and wiring a sandbox bridge to the tun device. Try it, but don't
rely on it: it's fragile and insecure, and we know that. We intend to make
substantial improvements to this for future releases, as well as support
other VPN technologies.</p>
<h3 id="useofgpgrestrictedsocketinthunderbirdsandbox">2. Use of GPG restricted socket in Thunderbird sandbox</h3>
<p>We redesigned the Thunderbird sandbox so that private keys are not
accessible in the sandbox, and decryption/signing operations
are requested via gpg-agent through the GPG restricted socket.</p>
<h3 id="experimentalsupportforlaunchingephemeralsandboxes">3. Experimental support for launching ephemeral sandboxes</h3>
<p>There is an experimental feature that allows for users to optionally
launch sandboxes without any persistence. To enable this, add
the following to /etc/oz/oz.conf:</p>
<p><code>
, "enable_ephemerals": true
</code></p>
<p>Following this, launching sandboxes will produce a pop-up asking if
the sandbox should be launched ephemerally. We will make this less
annoying in the future as this feature becomes more robust.</p>
<h3 id="reworkofxdg_dirsinsandboxfilesystem">4. Rework of XDG_DIRS in sandbox filesystem</h3>
<p>In earlier versions of Subgraph OS, users would have to remember to use
a a special shared folder in a sandbox that applications would
have no awareness of. We've automatically mapped the XDG_DIRS directories
to shared folders outside of the sandbox, which improves the user experience
within applcations. For example, Chromium downloads will be saved to a
location accessible outside of the sandbox without any extra user interaction.</p>
<p>The only exception to this is Tor Browser, which still saves downloads
to .local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/Downloads/,
which we acknowledge is ridiculous and will be addressing as soon as possible.</p>
<h2 id="improvementsandbugfixes">Improvements and bug fixes</h2>
<ul>
<li>Pure UEFI boot fixed</li>
<li>Hexchat default configuration is to use a SOCKS5 proxy</li>
</ul>
<h2 id="knownissues">Known issues</h2>
<p>Subgraph OS is a work in progress, and major changes are underway. There are
some important issues users should be aware of. Some of them are included
below; for more, review the <a href="https://github.com/subgraph/subgraph-os-issues">open issues</a> at our <a href="https://github.com/subgraph">Github
repository</a>.</p>
<h3 id="systemtimeatstartupinlivemodeandafterfirstinstall">1. System time at startup in live mode and after first install</h3>
<p>Requiring system time be already set to the correct time is still an
issue for bootstrapping Tor. We will address this issue in the coming
ISO.</p>
<h3 id="torbrowserwriteableinhomedirectorysandbox">2. Tor Browser writeable in home directory/sandbox</h3>
<p>Tor Browser Launcher installs Tor Browser into the user's home directory, where
it ends up being writeable in the sandbox. This is a long-standing issue
we hope to address soon.</p>
<h3 id="openvpnclientrunsasroot">3. OpenVPN client runs as root</h3>
<p>Our implementation of support for OpenVPN is very rudimentary and experimental.
There are a number of options on the table for us to support it in a way
that's much more safe and robust, and implementing this is a work in progress.
Part of the reason we are taking our time is because we want to support multiple
modes: attaching the tun device to a bridge that is used by multiple sandboxes,
for example (this is not yet possible). We can also put a tun device
into the namespace of a single sandbox and remove all exposure of the host
routing table to the VPN server.</p>
<h2 id="comingsoon">Coming soon</h2>
<p>Here's a preview of <em>some</em> of the things we're working on and are excited about.</p>
<h3 id="majorsubgraphfirewallimprovements">1. Major Subgraph Firewall improvements</h3>
<p>We're working on some major improvements to Subgraph Firewall. These
include:</p>
<ul>
<li>A SOCKS5 application firewall (i.e. filter Tor access)</li>
<li>TLSGuard</li>
<li>UDP and ICMP support</li>
<li>Sandbox awareness and policy support</li>
</ul>
<p>If we can fix all bugs and are happy with the user interface changes,
we'll release this in the next ISO.</p>
<p>Screenshot:</p>
<p><img src="https://support.subgraph.com/sgfw-ng6.png"></p>
<h3 id="supportforterminalapplicationsinoz">2. Support for terminal applications in Oz</h3>
<p>Oz will support terminal applications with seccomp-bpf whitelists
installed. We also sandbox gnome-terminal.</p>
<h3 id="system-widetorthroughsubgraphfirewall">3. System-wide Tor through Subgraph Firewall</h3>
<p>With support for a SOCKS5 filter, we'll be able to apply system-wide
filtering of network exits via Tor. No unprivileged process will have direct
access to the Tor SOCKS5 port: they will have to go through Subgraph Firewall, where
mandatory TLS can be enforced on a per-process/application basis. We are currently
testing this and working out bugs.</p>
<h3 id="supportforusbdevicesinsandboxes">4. Support for USB devices in sandboxes</h3>
<p>We've been working on dynamic support for popular devices such as Yubikeys
and hardware cryptocurrency wallets. This has been prototyped and
we have had Yubikeys working with Chromium in an Oz sandbox, as well as
Ledger Nano S in an Electrum sandbox.</p>
<h3 id="i2psupport">5. i2p Support</h3>
<p>We have successfully implemented experimental support for i2p, with
specific sandboxes (HexChat, Chromium) configured to exit via
i2p tunnels (see note below on Chronion re: privacy issues with
Chromium).</p>
<h3 id="chronionasandboxprofileforusingchromiumwithtor">6. "Chronion", a sandbox profile for using Chromium with Tor</h3>
<p>Chronion is an experimental sandbox configuration for the Chromium
that launches it so that it exits via Tor. The Chronion profile
also enforces ephemerality so that there's no persistent state
left (apart from an optional shared Downloads/ folder) between
instantiations. The Oz sandbox runtime also prevents known leaks
of interface IP addresses via webrtc.</p>
<p>The primary reasons for a Chromium-over-Tor sandbox configuration
are superior security against browser exploits and performance.</p>
<p>There are privacy drawbacks to using Chromium with Tor, and we
have been reluctant to make this widely available for those reasons.
At a minimum, Chromium is likely less resistant to known browser
fingerprinting attacks mitigated by Tor Browser's pro-privacy
and anti-fingerprinting customizations. We will elaborate
on this in a future blog post.</p>
<p>Screenshot:</p>
<p><img src="https://support.subgraph.com/chronion.jpg"></p>
<h3 id="supportforwireguardandotheripsecbasedvpnsinoz">7. Support for WireGuard and other IPSec based VPNs in Oz</h3>
<p>We have successfully setup Oz sandboxes that exit via wg interfaces,
and there should be no reason why we cannot also support any IPSec
based firewall. This is a work in progress being implemented
alongside the very basic and experimental support for OpenVPN.</p>
<h3 id="bettersupportfortorconfigurationbridges">8. Better support for Tor configuration, bridges</h3>
<p>We're improving support for configuration of Tor, both in live mode
and for installed users. This includes managing bridges via a GUI,
and providing more control over how/when Tor bootstraps. </p>
<h3 id="non-tormode">9. Non-Tor mode</h3>
<p>Subgraph OS without a default system-wide Tor exit is planned for
the future, with use of Tor and other alternate network
transits manageable on a flexible, per app/sandbox basis
(or system-wide perhaps if chosen during install).</p>
<p>Follow us on Twitter at <a href="https://twitter.com/subgraph">@subgraph</a> as well as at this blog for progress updates.</p>
Subgraph OS December 2016 ISO Availabilityhttps://subgraph.com//blog/subgraph-dec2016-iso-availability/2016-12-31T03:13:41Z2016-12-30T23:00:00Z
<h1 id="anewsubgraphosalphaisoisavailablefordownloadsgosdownload.">A new Subgraph OS Alpha ISO is available for <a href="https://subgraph.com/sgos/download/">download</a>.</h1>
<div style="margin: 0 auto 0 auto;width: 480px;text-align:center">
<video width="480" height="320" controls="controls" style="margin: 0 auto 0 auto;width: 480px;">
<source src="https://dist.subgraph.com/videos/iso-12-30-2016.mp4" type="video/mp4">
</video>
<small>(Onionshare and Ricochet now work out of the box, fully sandboxed)</small>
<p><a href="https://subgraph.com/sgos/download/" title="Download the latest release of Subgraph OS">Download it here!</a></p>
</div>
<h2 id="newfeatures:alpharelease3">New features: Alpha release 3</h2>
<h3 id="roflcoptortorcontrolportfilterandstatetrackerdaemon">1. ROFLCoptor Tor Control Port Filter and State Tracker Daemon</h3>
<p>ROFLCoptor filters Tor control port traffic. It is configured with
application-specific security policies to limit what actions may be performed
through the control port. ROFLCoptor also includes integration with
OZ for dynamic port forwarding capabilities to support fully sandboxed
applications that create ephemeral Tor hidden services, such as OnionShare,
Ricochet, and Bitcoin core.</p>
<h3 id="onionshare">2. OnionShare</h3>
<p>Subgraph OS now includes OnionShare. OnionShare is an application for sharing
files securely and anonymously over the Tor network. OnionShare is
fully sandboxed in OZ and has been integrated into the Nautilus
file manager (right-click on file to share over OnionShare).</p>
<h3 id="ricochet">3. Ricochet</h3>
<p>Ricochet is an anonymous peer-to-peer instant messager. It is different from
other instant messagers because instead of using central chat servers, users
connect directly to one another over Tor hidden services. Ricochet
runs fully sandboxed in OZ.</p>
<h3 id="subgraphoshandbook">4. Subgraph OS Handbook</h3>
<p>We have included our documentation in the operating system. A shortened version
can be read from the desktop (using yelp). The complete documentation (HTML,
PDF) can be found in the following directory:
/usr/share/sgos-handbook/</p>
<h2 id="improvementsandbugfixes">Improvements and bug fixes</h2>
<p>Our last ISO was released in June. There have been many improvements and fixes
since. We'd like to highlight a few major ones.</p>
<h3 id="ourgrsecuritykernelhasbeenupgradedtoversion4.8.15">1. Our Grsecurity kernel has been upgraded to version 4.8.15</h3>
<p>Among other improvements, this fixes the "Dirty COW" vulnerability
(CVE-2016-5195). We addressed this vulnerability earlier for users who have
installed Subgraph OS. It is now addressed in the live disc as well.</p>
<h3 id="macaddressspoofinghasbeenfixed">2. MAC address spoofing has been fixed</h3>
<p>For as long as memory serves, Linux users have used <code>if-pre-up</code> scripts to accomplish
MAC spoofing for network interfaces. A number of years ago changes in NetworkManager
broke this functionality. This bug <a href="https://bugzilla.gnome.org/show_bug.cgi?id=600167">first reported in 2010</a>
remained unfixed until a couple of years ago, however the implemented fix via nm-dispatcher did not actually
allow for MAC Spoofing and was only helpful for bringing up iptable rules.</p>
<p>Thankfully a reliable method was implemented via udev to spoof on boot. Recently, NetworkManager
started implementing some new MAC spoofing technics of its own. However these are not yet fully capable,
and broke the udev technique in passing. Thankfully upstream quickly provided a fix this time around.
This means that our udev based mechanism works again. This required a configuration change for
NetworkManager to "preserve" spoofed MAC addresses.</p>
<h3 id="audioissuesaddressedinoz">3. Audio issues addressed in OZ</h3>
<p>We have updated the PulseAudio configuration to correct audio-related
issues in sandboxed applications.</p>
<h3 id="applicationfirewallimprovements">4. Application firewall improvements</h3>
<p>The application firewall now includes "system" rules. These are the default
rules for Subgraph OS. With this upgrade, they are now treated differently than
the user-defined rules. The firewall settings UI has been updated to reflect
this change. We have also improved the usability of the firewall settings UI and Prompt.</p>
<h3 id="oznowincludessupportfordynamicforwarders">5. OZ now includes support for dynamic forwarders</h3>
<p>Dynamic forwarders lay the groundwork for running servers in the OZ sandbox.
This has enabled us to support OnionShare, Ricochat, and Bitcoin core,
which all both start Tor hidden server servers in the sandbox. Incoming
client connections are forwarded into the sandbox. </p>
<h3 id="thisreleaseaddressestheaptsignatureverificationvulnerability">6. This release addresses the APT signature verification vulnerability</h3>
<p>(CVE-2016-1252)</p>
<p>CVE-2016-1252 is now addressed in the live disc. Subgraph OS is only
distributed for the x64 architecture, so it was not believed to be at risk.
This release closes the vulnerability completely.</p>
<h3 id="porttogosecco">7. Port to gosecco</h3>
<p>In this release we have integrated a new Go seccomp-bpf library developed
by the ThoughtWorks Tiger team. <a href="https://github.com/twtiger/gosecco">Gosecco</a> allows us to create more expressive
and efficient policies for our sandboxed applications.</p>
<h2 id="acknowledgements">Acknowledgements</h2>
<p>We would like to thank everybody for all of your help and feedback during the
Alpha. We expect to have a Beta out sometime in 2017. There are some people
we'd like to call out specifically:</p>
<ul>
<li><p>Stephen Watt (<a href="https://twitter.com/uT_infection">@uT_infection</a>) for a bunch of stuff, notably
assisting greatly with porting the seccomp-bpf policy generator
to gosecco as well as the early version of the log monitor</p></li>
<li><p>Leif Ryge (<a href="https://twitter.com/wiretapped">@wiretapped</a>), Claudio Guarnieri (<a href="https://twitter.com/botherder">@botherder</a>), Will Scott
(<a href="https://twitter.com/willscott">@willscott</a>), Special (<a href="https://twitter.com/jbrooks_">@jbrooks_</a>), Donncha O'Cearbhaill <a href="https://twitter.com/DonnchaC">@DonnchaC</a>,
and Rafael Bonifaz (<a href="https://twitter.com/rbonifaz">@rbonifaz</a>) for testing and valuable feedback</p></li>
<li><p><a href="https://twitter.com/david415">@david415</a> for contributing ROFLCoptor + some help from <a href="https://twitter.com/wiretapped">@wiretapped</a></p></li>
<li><p>Alison Macrina (<a href="https://twitter.com/flexlibris">@flexlibris</a>) for numerous bug reports and help testing</p></li>
<li><p><a href="https://twitter.com/femmetasm">@femmetasm</a> for testing, patient help bugfixing, and useful ideas</p></li>
<li><p>ThoughtWorks Tiger/Strike teams: Ola Bini (<a href="https://twitter.com/olabini">@olabini</a>), Yakira Dixon
(<a href="https://twitter.com/ultrastoic">@ultrastoic</a>), Rosalie Tolentino (<a href="https://twitter.com/rosatolen">@rosatolen</a>), Chelsea Komlo
(<a href="https://twitter.com/chelseakomlo">@chelseakomlo</a>), Fan (<a href="https://twitter.com/tcz001">@tcz001</a>),
Tania Silva (<a href="https://twitter.com/tdruiva">@tdruiva</a>), Reinaldo Junior (<a href="https://twitter.com/reinaldojunior">@reinaldojunior</a>),
Ivan Pazmino (<a href="https://twitter.com/iapazmino">@iapazmino</a>) for: CoyIM, gosecco</p></li>
</ul>
<p>Follow us on Twitter at <a href="https://twitter.com/subgraph">@subgraph</a> as well as at this blog for progress updates.</p>
Subgraph OS Announcementhttps://subgraph.com//blog/subgraph-os-announcement/2015-07-17T02:19:24Z2015-06-13T22:00:00Z
<p>We are happy to announce that Subgraph is to receive support for 12 months of Subgraph OS development from the <a href="https://www.opentechfund.org/">Open Technology Fund</a>.</p>
<p>This means that we will be able to focus our efforts over the next year on development exclusively.</p>
<p>Our current areas of focus are:</p>
<ol>
<li><p><a href="https://github.com/subgraph/oz">Oz</a>, our framework for application isolation</p></li>
<li><p>Tooling and automation for builds and tests of Subgraph OS packages as well as for the base OS image. We are working towards a downloadable ISO as soon as possible.</p></li>
</ol>
<p>All of our code is to be hosted on <a href="https://github.com/subgraph">Github</a>, though for now everything there is very alpha. We invite the community to check it out.</p>
<p>Follow us on Twitter at <a href="https://twitter.com/subgraph">@subgraph</a> as well as at this blog for progress updates.</p>
<p>We will be posting soon about Oz.</p>
Vega SSL/TLS Configuration Probes: Detecting POODLE and Other Issueshttps://subgraph.com//blog/vega-ssltls-configuration-probes/2015-07-17T02:02:38Z2014-10-14T22:00:00Z
<p>We recently added a feature in Vega: probing HTTPS server configuration settings for issues that have implications for user and application security.</p>
<p>Vega now attempts to detect and will alert on the following issues:</p>
<ul>
<li>SSLv2, SSLv3 (POODLE) support</li>
<li>Certificate analysis: SHA-1, MD5, key size</li>
<li>Server/client ciphersuite preference</li>
<li>Forward secrecy support and prioritization</li>
<li>RC4</li>
<li>Cipher suite enumeration</li>
<li>Identifcation of weak / export grade cipher suites, anonymous Diffie-Hellman</li>
<li>TLS compression (susceptibility to CRIME attacks)</li>
</ul>
<p>The probes occur before the crawler is started and will run for every HTTPS server target. Full details on the HTTPS audit will be output to the console after the probes have finished running.</p>
<p>This is still a work in progress, so consider it a beta release. The Vega HTTPS server configuration probing will be more comprehensive, reliable, and configurable in the future.</p>
<p><a href="https://subgraph.com/vega/">Download a new build from our website to try it out.</a></p>
<p><img src="https://subgraph.com/blog/vega-ssltls-configuration-probes/vega-https-config-probes.png" alt="Vega HTTPS Config Probes" id="vegahttpsconfigprobes" /></p>
<p><img src="https://subgraph.com/blog/vega-ssltls-configuration-probes/vega-https-config-probes-details.png" alt="Vega HTTPS Config Probes Details" id="vegahttpsconfigprobesdetails" /></p>
New Vega Build: Improved Shellshock Detection, Bugfixeshttps://subgraph.com//blog/new-vega-build-improved-shellshock-detection/2015-07-17T02:17:21Z2014-09-30T22:00:00Z
<p>We put up a new Vega build (118) that includes an improved Shellshock module and fixes a couple of bugs.</p>
<p><a href="https://subgraph.com/vega/">Click here to download.</a></p>
<p><img src="https://subgraph.com/blog/new-vega-build-improved-shellshock-detection/shellshock.png" alt="Vega Improved Shellshock Detection" id="vegaimprovedshellshockdetection" /></p>
Subgraph Vega module for Bash Environment Variable OS Command Injection Vulnerability (CVE-2014-6271)https://subgraph.com//blog/subgraph-vega-module-for-bash-environment-variable-os-command-injection/2016-05-11T18:49:49Z2014-09-23T22:00:00Z
<p>Today, a critical and trivially remotely exploitable vulnerability was announced in <a href="https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/">bash</a>. To help users of our <a href="https://subgraph.com/vega/">Vega web application scanner</a> to identify this vulnerability, we have a released a basic standalone module to detect this vulnerability in web applications.</p>
<p>The module works by injecting test cases into certain HTTP header values as well as any web application form/query parameters. This should be adequate to detect this vulnerability in CGI setups where HTTP header values are turned into bash environment variables while also detecting cases where user-supplied input is passed through functions that spawn subshells such as system(), exec(), popen() in various languages. We will refine the module as more information becomes available and we are able to test it more.</p>
<p>This module is a good example of the power of Vega to quickly create proofs-of-concept in Javascript using the module API.</p>
<p><a href="https://dist.subgraph.com/downloads/bash-inject.js">The module can be obtained here</a>. It can be installed simply by adding it to the ‘vega/scripts/scanner/modules/injection/’ directory.</p>
<p>If you are not a Vega user, you can <a href="https://subgraph.com/vega/">download it here</a> or build it <a href="https://github.com/subgraph/Vega">from source</a>. We will soon bundle this module into our release tarball.</p>
<p>Due to the seriousness of this vulnerability, we also strongly advise everybody to install patches immediately.</p>
Security vulnerability in Geary: Invalid server certificates accepted silentlyhttps://subgraph.com//blog/security-vulnerability-in-geary/2015-07-17T02:20:53Z2014-08-28T22:00:00Z
<p><a href="https://wiki.gnome.org/Apps/Geary">Geary</a> is a nice looking mail client for Linux / Gnome users.</p>
<p>We identified a vulnerability in Geary during some recent testing related to <a href="https://subgraph.com/sgos/">Subgraph OS</a>, <a href="https://subgraph.com/sgos/secure-communication/">Mail</a> and <a href="http://nyms.io/">Nyms</a>. Thankfully the maintainer responded to our report really quickly and there has already been a <a href="https://git.gnome.org/browse/geary/commit/?id=809128692cd23edeaaae827623f0bfe22b808218">patch</a> committed and backported. There are updated tarballs on the <a href="https://wiki.gnome.org/Apps/Geary">Geary homepage</a> and hopefully distro upgrades will be available soon.</p>
<p>Here are the details on CVE-2014-5444:</p>
<p>When Geary connects to any server endpoint over SSL/TLS (IMAPS, SMTPS, IMAP + STARTTLS, SMTP + STARTTLS), it doesn’t act on certificate validation errors, which are detected but ignored. Further, the user is not even made aware when certificate validation fails except when Geary is run with optional debug output via the -d command-line switch.</p>
<p>In all validation failure cases the user credentials are transmitted to the server. This creates an effective attack to harvest user email passwords through active interception.</p>
<p>Geary is fairly identifiable on the wire, meaning that an adversary in a position to perform the attack can do so selectively, reducing the likelihood of detection if another, non-vulnerable mail client is intercepted.</p>
<p>One way to fingerprint Geary is to observe the IMAP IDLE refresh frequency, which occurs every 30 seconds. This is unusually short compared to the <a href="http://tools.ietf.org/html/rfc2177">maximum</a> IDLE limit of 30 minutes and the default behavior of other clients (Evolution: 10 minutes, Thunderbird: 10 minutes, Claws Mail: 5 minutes).</p>
<p>If exploited, an interception attack would not be perceptible to most users.</p>
<p>Here’s the problematic code, take note of the TODO in engine/api/geary-endpoint.vala:</p>
<pre><code>private bool report_tls_warnings(string cx_type, TlsCertificateFlags warnings) {
// TODO: Report or verify flags with user, but for now merely
log for informational/debugging
// reasons and accede
message("%s TLS warnings connecting to %s: %Xh (%s)", cx_type,
to_string(), warnings, tls_flags_to_string(warnings));
return true;
}
</code></pre>
<p>It turns out that this is not an issue unknown to the developers, there is an <a href="https://bugzilla.gnome.org/show_bug.cgi?id=713247">open ticket</a> that goes as far back as 2012. Our report prompted them to prioritize a fix. Big thank you to Geary developer Jim Nelson for acknowledging that this is a serious vulnerability for Geary users, some of whom are exposed to a high risk of active network interference.</p>