Sometimes when you are looking for an answer to one thing, you end up finding something else rather surprising. Case in point, Google’s statement that Mozilla Thunderbird is less secure, but why do they say that? Today’s SuperUser Q&A post has the answer to a confused reader’s question.
有时,当您寻找某件事的答案时,最终会发现其他令人惊讶的事情。 例如,谷歌关于Mozilla Thunderbird的安全性较低的说法,但是为什么他们这么说呢? 今天的“超级用户问答”帖子回答了一个困惑的读者的问题。
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
今天的“问答”环节由SuperUser提供,它是Stack Exchange的一个分支,该社区是由社区驱动的Q&A网站分组。
问题 (The Question)
SuperUser reader Nemo wants to know why Google considers Thunderbird to be less secure:
超级用户读者Nemo想知道为什么Google认为Thunderbird安全性较低:
I have never had problems using Gmail with Thunderbird, but while trying to use a free software client for Google Talk/Chat/Hangout I discovered the following unexpected statement. According to Google’s document on Less Secure Apps:
我从未在将Gmail与Thunderbird结合使用方面遇到过问题,但是在尝试将免费软件客户端用于Google Talk / Chat / Hangout时,我发现了以下意外声明。 根据Google在不太安全的应用程序上的文档 :
- Some examples of apps that do not support the latest security standards include […] Desktop mail clients like Microsoft Outlook and Mozilla Thunderbird. 不支持最新安全性标准的应用程序的一些示例包括[…]桌面邮件客户端,例如Microsoft Outlook和Mozilla Thunderbird。
Google then offers an all-or-nothing secure vs. non secure account switch (“Allow less secure apps”).
然后,Google提供了安全性与非安全性之间的全有或全无的切换 (“ 允许安全程度较低的应用程序” )。
Why does Google say Thunderbird does not support the latest security standards? Is Google trying to say that standard protocols like IMAP, SMTP and POP3 are less secure ways to access a mailbox? Are they trying to say that the activities users engage in with the software puts their accounts at risk or what?
Google为什么说Thunderbird不支持最新的安全标准? Google是否要说IMAP,SMTP和POP3等标准协议是访问邮箱的安全性较低的方法? 他们是在说用户使用该软件进行的活动会使他们的帐户面临风险吗?
Secunia’s Vulnerability Report on Mozilla Thunderbird 24.x says:
Secunia的Mozilla Thunderbird 24.x漏洞报告说:
Unpatched 11 percent (1 of 9 Secunia advisories) […] The most severe unpatched Secunia advisory affecting Mozilla Thunderbird 24.x, with all vendor patches applied, is rated highly critical (apparently SA59803).
未修补的11%(9个Secunia通报中的1个)[…]在应用了所有供应商补丁的情况下,影响Mozilla Thunderbird 24.x的最严重的未修补Secunia通报被评为非常严重( 显然是SA59803 )。
Why does Google say Mozilla Thunderbird is less secure?
Google为什么说Mozilla Thunderbird安全性较低?
答案 (The Answer)
SuperUser contributor Techie007 has the answer for us:
超级用户贡献者Techie007为我们提供了答案:
It is because those clients (currently) do not support OAuth 2.0. According to Google:
这是因为这些客户端(当前)不支持OAuth 2.0 。 根据Google的说法:
- Beginning in the second half of 2014, we will start gradually increasing the security checks performed when users log into Google. These additional checks will ensure that only the intended user has access to their account, whether through a browser, device, or application. These changes will affect any application that sends a user name and/or password to Google. 从2014年下半年开始,我们将逐渐增加用户登录Google时执行的安全检查。 这些额外的检查将确保只有目标用户才能通过浏览器,设备或应用程序访问其帐户。 这些更改将影响向Google发送用户名和/或密码的任何应用程序。
- To better protect your users, we recommend you upgrade all of your applications to OAuth 2.0. If you choose not to do so, your users will be required to take extra steps in order to keep accessing your applications. 为了更好地保护用户,我们建议您将所有应用程序升级到OAuth 2.0。 如果您选择不这样做,则将要求您的用户采取额外的步骤,以便继续访问您的应用程序。
- In summary, if your application currently uses plain passwords to authenticate to Google, we strongly encourage you to minimize user disruption by switching to OAuth 2.0. 总而言之,如果您的应用程序当前使用普通密码向Google进行身份验证,我们强烈建议您切换到OAuth 2.0,以最大程度地减少对用户的干扰。
Source: New Security Measures Will Affect Older (non-OAuth 2.0) Applications (Google Online Security Blog)
资料来源: 新的安全措施将影响较旧的(非OAuth 2.0)应用程序 (Google在线安全博客)
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
有什么补充说明吗? 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案? 在此处查看完整的讨论线程 。
翻译自: https://www.howtogeek.com/206534/why-does-google-say-mozilla-thunderbird-is-less-secure/
261
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
