Skip to main content

Hackers can steal the contents of Horde webmail inboxes with one click

A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox.

Horde is one of the most popular free and open-source web email systems available. It’s built and maintained by a core team of developers, with contributions from the wider open-source community. It’s used by universities, libraries, and many web hosting providers as the default email client.

Numan Ozdemir disclosed his vulnerabilities to Horde in May. An attacker can scrape and download a victim’s entire inbox by tricking them into clicking a malicious link in an email.

Once clicked, the inbox is downloaded to the attacker’s server.

But the researcher did not hear back from the Horde community. Security researchers typically give organizations three months to fix flaws before they are publicly disclosed.

NIST, the government department that maintains the national vulnerability database, said this week that the flaws pose a “high” security risk to users.

Ozdemir said some — though not all — of the vulnerabilities were recently fixed in the latest Horde webmail version. But the Horde community has not publicly acknowledged the vulnerability — or that users of earlier versions of the webmail are still vulnerable.

“It is really very easy to steal people’s email,” he told TechCrunch.

His bug report filed with Horde remains open at the time of writing. We emailed Horde several times, but did not hear back until after publication. Jan Schneider, a core developer on the project, said the vulnerabilities “have indeed been fixed, won’t be fixed, or didn’t even exist anymore at the time of the reporting.”

We found a massive spam operation — and sunk its server



from TechCrunch https://ift.tt/2qWfPPm
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

The Silent Revolution of On-Device AI: Why the Cloud Is No Longer King

Introduction For years, artificial intelligence has meant one thing: the cloud. Whether you’re asking ChatGPT a question, editing a photo with AI tools, or getting recommendations on Netflix — those decisions happen on distant servers, not your device. But that’s changing. Thanks to major advances in silicon, model compression, and memory architecture, AI is quietly migrating from giant data centres to the palm of your hand. Your phone, your laptop, your smartwatch — all are becoming AI engines in their own right. It’s a shift that redefines not just how AI works, but who controls it, how private it is, and what it can do for you. This article explores the rise of on-device AI — how it works, why it matters, and why the cloud’s days as the centre of the AI universe might be numbered. What Is On-Device AI? On-device AI refers to machine learning models that run locally on your smartphone, tablet, laptop, or edge device — without needing constant access to the cloud. In practi...
1 comment
Read more

Apple’s AI Push: Everything We Know About Apple Intelligence So Far

Apple’s WWDC 2025 confirmed what many suspected: Apple is finally making a serious leap into artificial intelligence. Dubbed “Apple Intelligence,” the suite of AI-powered tools, enhancements, and integrations marks the company’s biggest software evolution in a decade. But unlike competitors racing to plug AI into everything, Apple is taking a slower, more deliberate approach — one rooted in privacy, on-device processing, and ecosystem synergy. If you’re wondering what Apple Intelligence actually is, how it works, and what it means for your iPhone, iPad, or Mac, you’re in the right place. This article breaks it all down.   What Is Apple Intelligence? Let’s get the terminology clear first. Apple Intelligence isn’t a product — it’s a platform. It’s not just a chatbot. It’s a system-wide integration of generative AI, machine learning, and personal context awareness, embedded across Apple’s OS platforms. Think of it as a foundational AI layer stitched into iOS 18, iPadOS 18, and m...
Post a Comment
Read more

Max Q: Psyche(d)

In this issue: SpaceX launches NASA asteroid mission, news from Relativity Space and more. © 2023 TechCrunch. All rights reserved. For personal use only. from TechCrunch https://ift.tt/h6Kjrde via IFTTT
Post a Comment
Read more