• What does "Msg Kinds" specify?

    From Niels Haedecke@2:240/8002 to All on Wed Dec 11 11:23:06 2019
    Hi there,
    I've set up a local message area and set "Msg Kinds" to "Private". I
    uderstand that by doing things this way, only the sender and addressee of a specific message can read it. Still, other users can use "Quickscan" to view who sent a specific message, who was the addressee for that message and what its subject was.

    My assumption would be that if "Msg Kinds" is set to "Private", a user
    would only be able to see his/her sent/received messages. It seems to work
    that way if "Msg Kinds" is set to "Private" on a non-local, Echomail message area.

    In other ways: is it possible to have a non-networked (local) but private message area similar to what "personal messages" are on other BBS systems?

    Kind regards,
    Niels


    Greetings, Niels Haedecke

    --- MBSE BBS v1.0.7.13 (GNU/Linux-ARM)
    * Origin: Wintermute BBS (2:240/8002 2:240/1895 75:49/1895) (2:240/8002)
  • From Vincent Coen@2:250/1 to Niels Haedecke on Fri Mar 20 17:15:50 2020
    Hello Niels!

    Wednesday December 11 2019 11:23, you wrote to All:

    Hi there,
    I've set up a local message area and set "Msg Kinds" to "Private". I uderstand that by doing things this way, only the sender and addressee
    of a specific message can read it. Still, other users can use
    "Quickscan" to view who sent a specific message, who was the addressee
    for that message and what its subject was.

    My assumption would be that if "Msg Kinds" is set to "Private", a user
    would only be able to see his/her sent/received messages. It seems to
    work that way if "Msg Kinds" is set to "Private" on a non-local,
    Echomail message area.

    In other ways: is it possible to have a non-networked (local) but
    private message area similar to what "personal messages" are on other
    BBS systems?

    I thought that setting a echo to private no one see content other than the sender and
    recipient.

    Are you saying that is NOT the case and if so under what circumstances, i.e., dany user
    logged into the system or a remote user via internet or QWK packets ?


    One way of making sure would be trying out the settings for each area that raises the
    security of it but I am not sure that is a gain or a hindrance.

    The security of the Private flag should be dealing with it and if not sound like a bug and
    will need looking into.

    Tell me what the conditions are when it can be see by all others.
    Note that the Sysop can always see echo message content unless the security is raised above
    that of the sysop which is what happens on my system for military areas both UK and USA so I
    can not see them when using tools like golded. Note that some of these echos are also
    protected by encryption which fully locks down such security as there is no way I can read
    them .

    Echo security can be found via mbset 9.2. area number then Read = 16, Write = 17 and 18
    sysop with 24, 25 both No and 27 as needed but poosibly same as 16 - 18.


    Vincent

    --- Mageia Linux v7.1 X64/Mbse v1.0.7.13/GoldED+/LNX 1.1.5-b20180707
    * Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1)
  • From Niels Haedecke@2:240/8002 to Vincent Coen on Mon May 25 13:44:27 2020
    Vincent Coen wrote to Niels Haedecke:
    Hello Niels!

    I thought that setting a echo to private no one see content other than the

    sender and
    recipient.

    Are you saying that is NOT the case and if so under what circumstances, i.e.,
    dany user
    logged into the system or a remote user via internet or QWK packets ?



    Hi Vincent,
    sorry for the very delayd reply. So here's what user "test" (who is a
    non-sysop user) sees when he is querying the local, private echo:

    # From To Subject

    1 amiganer niels haedecke Hi

    2 lodger amiganer Re: Hi


    So as you can see, the user I'm logged in (test) can see that there are
    private messages between amiganer and lodger. He can even see the subject of any private message. This should not be possible. When querying the local, private echo, user "test" should not see any messages listed he is neither sender nor recipient of.

    However, when user "test" is then trying to read one of the two messages he
    was shown, he gets:

    "This is a private message; only the owner and addressee can view it."

    So is this the expected behaviour and could this be fixed so you can't "spy"
    on other conversation topics and participants by running the Quickscan
    command.

    Kind regards,
    Niels

    Greetings, Niels Haedecke

    --- MBSE BBS v1.0.7.13 (GNU/Linux-ARM)
    * Origin: Wintermute BBS - Duesseldorf, Germany (2:240/8002)
  • From Vincent Coen@2:250/1 to Niels Haedecke on Mon May 25 15:54:37 2020
    Hello Niels!

    Monday May 25 2020 13:44, you wrote to me:

    Vincent Coen wrote to Niels Haedecke:
    Hello Niels!

    I thought that setting a echo to private no one see content other
    than the

    sender and
    recipient.

    Are you saying that is NOT the case and if so under what
    circumstances, i.e., dany user logged into the system or a remote
    user via internet or QWK packets ?



    Hi Vincent,
    sorry for the very delayd reply. So here's what user "test" (who is a non-sysop user) sees when he is querying the local, private echo:

    # From To Subject


    1 amiganer niels haedecke Hi


    2 lodger amiganer Re: Hi



    So as you can see, the user I'm logged in (test) can see that there
    are private messages between amiganer and lodger. He can even see the subject of any private message. This should not be possible. When
    querying the local, private echo, user "test" should not see any
    messages listed he is neither sender nor recipient of.

    However, when user "test" is then trying to read one of the two
    messages he was shown, he gets:

    "This is a private message; only the owner and addressee can view it."

    So is this the expected behaviour and could this be fixed so you can't
    "spy" on other conversation topics and participants by running the
    Quickscan command.

    Can you confirm that user test cannot see the content of these messages .

    Clearly from your testing it looks like the content SHOULD be private but the msgs lists are not.

    I must admit I am in two minds on this, but leaning that this behaviour is correct.

    It is the content that must be private.

    The information provided by seeing a list of from, to, subject is not confidentaal.

    In my system areas that are secure cannot be seen by any one who does not have the required level let alone any form of content.

    These are areas for the military seperated by country ie., USA and UK.

    They are set so even I cannot look at some of them but there is encryption turned on so unless you have the key you cannot see them any way.

    This is done on purpose to protect to a very high level all content now matter who you are and that includes police, security forces etc as allowing them such
    access would in itself be a breach of the official security act sections 1 & 2 (for the UK) and similar for the USA. The system also supports the mititary of other countries but using similar encryption all using 128 byte keys and in some cases larger.

    I guess you are not worried to this level ?

    Vincent

    --- Mageia Linux v7.1 X64/Mbse v1.0.7.13/GoldED+/LNX 1.1.5-b20180707
    * Origin: Air Applewood, The Linux Gateway to the UK & Eire (2:250/1)
  • From Alan Ianson@1:153/757 to Vincent Coen on Mon May 25 11:02:16 2020
    Hello Vincent,

    Clearly from your testing it looks like the content SHOULD be private
    but the msgs lists are not.

    Yes, it should be. The details of the messages from, to and subject should also be private and not displayed to anyone aside from the sender or recipient.

    I must admit I am in two minds on this, but leaning that this
    behaviour is correct.

    Why display to details of a private message to others?

    It is the content that must be private.

    The information provided by seeing a list of from, to, subject is not confidentaal.

    This looks like a bug that went unnoticed.

    Probably not hard to fix if anyone is caring for MBSE.

    Ttyl :-),
    Al

    --- GoldED+/LNX
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
  • From Andrew Leary@1:320/219 to Alan Ianson on Tue May 26 04:05:26 2020
    Hello Alan!

    25 May 20 11:02, you wrote to Vincent Coen:

    Clearly from your testing it looks like the content SHOULD be
    private but the msgs lists are not.

    Yes, it should be. The details of the messages from, to and subject
    should also be private and not displayed to anyone aside from the
    sender or recipient.

    Why display to details of a private message to others?

    This looks like a bug that went unnoticed.

    Agreed.

    Probably not hard to fix if anyone is caring for MBSE.

    I'll look into it.

    Andrew

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Andrew Leary@1:320/219 to Niels Haedecke on Sat May 30 02:49:06 2020
    Hello Niels!

    25 May 20 13:44, you wrote to Vincent Coen:

    So as you can see, the user I'm logged in (test) can see that there
    are private messages between amiganer and lodger. He can even see the subject of any private message. This should not be possible. When
    querying the local, private echo, user "test" should not see any
    messages listed he is neither sender nor recipient of.

    However, when user "test" is then trying to read one of the two
    messages he was shown, he gets:

    "This is a private message; only the owner and addressee can view it."

    So is this the expected behaviour and could this be fixed so you can't "spy" on other conversation topics and participants by running the Quickscan command.

    This bug has been fixed in v1.0.7.16, which was just committed to the SourceForge Mercurial and Git repositories.

    Thanks for letting me know about the issue.

    Andrew

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Niels Haedecke@2:240/8002 to Andrew Leary on Mon Jun 1 18:10:35 2020
    Hi Andrew,
    thank you for fixing this issue (and the one regarding the user handle in From/To fields) so quick! I've already updated my Wintermute BBS to 1.0.7.17

    Working perfect so far!

    Kind regards,
    Niels

    Andrew Leary wrote to Niels Haedecke:
    Hello Niels!

    25 May 20 13:44, you wrote to Vincent Coen:

    So as you can see, the user I'm logged in (test) can see that there are private messages between amiganer and lodger. He can even see the subject of any private message. This should not be possible. When querying the local, private echo, user "test" should not see any messages listed he is neither sender nor recipient of.

    However, when user "test" is then trying to read one of the two messages he was shown, he gets:

    "This is a private message; only the owner and addressee can view
    it."

    So is this the expected behaviour and could this be fixed so you
    can't
    "spy" on other conversation topics and participants by running the Quickscan command.

    This bug has been fixed in v1.0.7.16, which was just committed to the SourceForge Mercurial and Git repositories.

    Thanks for letting me know about the issue.

    Andrew

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)



    Greetings, Niels Haedecke

    --- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
    * Origin: Wintermute BBS - Duesseldorf, Germany (2:240/8002)
  • From Andrew Leary@1:320/219 to Niels Haedecke on Mon Jun 1 21:17:47 2020
    Hello Niels!

    01 Jun 20 18:10, you wrote to me:

    thank you for fixing this issue (and the one regarding the user handle
    in From/To fields) so quick! I've already updated my Wintermute BBS to 1.0.7.17

    Please continue to report any issues you find; if we aren't aware of them they won't get fixed.

    Working perfect so far!

    Glad to hear it!

    Andrew

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Tommi Koivula@2:221/1 to Andrew Leary on Tue Jun 2 19:37:34 2020
    * Originally in mbse
    * Crossposted in netmail

    01 Jun 20 21:17, Andrew Leary wrote to Niels Haedecke:

    Glad to hear it!

    Sorry to write you here, but I've sent a couple of netmails to you during the last few weeks... Did you get them? I didn't get any respond.

    'Tommi

    ---
    * Origin: rbb.fidonet.fi (2:221/1)