Email based attack on University

classic Classic list List threaded Threaded
70 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Brad Rogers
On Thu, 3 Oct 2019 04:09:38 +1000
Andrew McGlashan <[hidden email]> wrote:

Hello Andrew,

>So, NOT very transparent at all then!

They were transparent about *what* happened and what was *taken*(0).  At
this stage, to tell the detailed 'how' could be opening the door to harm
at other vulnerable organisations(1).

As the paper notes, as _soon_ as they publicised the fact that they had
been the victims of such a serious attack, the ANU servers /immediately/
came under further attacks.

(0)  As far as they can tell.
(1)  I think it's safe to assume there are some.  Possibly many.

--
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
It's only the children of the f****** wealthy tend to be good looking
Ugly - The Stranglers

attachment0 (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Brian
In reply to this post by deloptes-2
On Wed 02 Oct 2019 at 19:13:01 +0200, deloptes wrote:

> Henning Follmann wrote:
>
> > And I hear already the crowds crying, but we need this for work.
> > No you don't!
> > I do not need a powerpoint presentation in my mail. If you want bullet
> > points just use "-" and indentation. You can do that in a text made from
> > ASCII characters only.
> > Excel is  shit to begin with. Get rid of it, not only in e-mail.
> > Whatever can be written in Word, can be written just in ASCII text.
> > And you suck at typography anyway, do not even try.
>
> I suggest you go and talk to my boss who has specific expectations. I
> understand your point but it is BS for business. I sent management today
> one PP and one Excel. Everybody is happy and you want to destroy it?!

Good point.

The starting post has nothing to do with Debian and, one may notice, the
OP has not reappeared to join the conversation and give his considered
opinion. It's a typical c'mon post which should have been ignored.

--
Brian.

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Carl Fink-4
In reply to this post by David Wright-3
On Wed, Oct 02, 2019 at 11:57:50AM -0500, David Wright wrote:

> On Wed 02 Oct 2019 at 12:47:13 (-0400), Carl Fink wrote:
> > On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
> >
> > > I don't believe MP3 allows executable code by specifications
> > > either, so shouldn't the PNG image format.  But think of DSA
> > > 4435 which affected libpng earlier this year.  When the OS
> > > library for handling multimedia has flaws, if an HTML email
> > > embeds a specifically crafted PNG image inlined in the content,
> > > then you wouldn't even have to hit the ???preview??? button to be
> > > screwed:
> >
> > That would logically apply to ASCII text as well.
>
> I'm not sure why an ASCII email would be handed to a multimedia library.

Nor am I. But "multimedia" is an imposition here. Text is also rendered by
libraries.
--
Carl Fink                           [hidden email]

Read John Grant's book, Corrupted Science: http://a.co/9UsUoGu 
Dedicated to ... Carl Fink!

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Igor Cicimov
In reply to this post by Lee-7

On Thu, Oct 3, 2019, 1:00 AM Lee <[hidden email]> wrote:
On 10/2/19, Henning Follmann <[hidden email]> wrote:
> On Wed, Oct 02, 2019 at 10:40:34AM +0100, Jeremy Nicoll wrote:
>> On Wed, 2 Oct 2019, at 10:03, Keith Bainbridge wrote:
>>
>> > Details are at
>> >
>> > https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578
>> > https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540
>>
>> It seems to me that everything follows from whatever access the initial
>> 'unclicked email' malware
>> gave to the hackers.
>>
>> But how can malware jump from an email that's not "clicked", into some
>> part of the university's
>> systems?
>
> Well, somebody is not telling the truth.

With so much left out of the public report, lying hardly seems necessary.

Take a look at
  https://portal.msrc.microsoft.com/en-us/security-guidance
select severity: critical & remote code execution, security feature
bypass & information disclosure inpacts.
Which security patches seem applicable here?

>> Unless... the email was being viewed via a webmail system running on a
>> server not owned by the
>> university?

What if the email was being viewed via webmail using Windows Internet Explorer?

Regards,
Lee

+1 for this as it makes lots of sense in this case as the code was executed in the browser we're it could easily reach the saved passwords. From there on it is just a matter of using those credentials to gain system access, nothing ever reached a disk to get executed there.
Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Keith Bainbridge-2
In reply to this post by Brian

On 3/10/19 5:05 am, Brian wrote:
> The starting post has nothing to do with Debian and, one may notice, the
> OP has not reappeared to join the conversation and give his considered
> opinion. It's a typical c'mon post which should have been ignored.
>


Oops, pushed the wrong keys, and replied only to Brian.


But I have been lurking.   And I asked here as it is perhaps the
broadest group I'm a member of.  It is connected to Debian, and Linux in
general IF my initial thought had been more helpful in avoiding such
attacks.

I have been very interested in the bulk of your responses - good general
advice for individuals, but not practicable for businesses who engage
graduates who were trained primarily in one OS - because that is what
business demands, or so my tutors told me in 2005, when I returned to
study after 40 years in the work force.   I don't understand it
(business demanding WindOS) given the amount of time wasted with most
daily updates.


My original question had 1 direct answer - no; and several that have
shown why - because the attachment was data and was executed but the
program it called. I get that.   What I haven't fathomed is how the
attached file was opened without any interaction beyond reading the note.


A comment this morning (the sun rose about 4 hours ago here; and the
news broke at about sun-set yesterday. Please forgive my sleeping in the
meantime.) was that the ANU is part of the Defence Force training
system. Given the suspected source of the attack, the suggestion now is
that the attack was aimed at Defence Force people.







Keith Bainbridge

[hidden email]

+61 (0)447 667 468




Keith Bainbridge

[hidden email]

+61 (0)447 667 468

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Keith Bainbridge-2
In reply to this post by Paul Sutton-2
So it's not just 4 major regional hospitals here.  Could it be the
attacks are connected.


By the bye, I a current-time documentary earlier this year, in a local
public hospital with what looked very like WinXP on the monitor behind
the doctor being interviewed.


Keith Bainbridge

[hidden email]

+61 (0)447 667 468
On 3/10/19 1:09 am, Paul Sutton wrote:
> a Malware (well
> Ransomware) attack on some US Hospitals
>
> US hospitals turn away patients as ransomware strikes

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Andrew McGlashan
In reply to this post by Keith Bainbridge-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

On 3/10/19 10:28 am, Keith Bainbridge wrote:
...

Well, given the fact that too many emails these days are HTML type;
ala web based.... they are suspect to email programs running
javascript and/or other scripting languages due to default settings.

The most likely suspect is scripting of some kind, which /may/ come in
to play to render the HTML email content when previewed.  It is also
possible that other scripting languages, particularly on Winblows will
be automatically ran during preview.

There have been numerous bugs with LookOut (otherwise known as
Outlook), running scripts and having other vulnerabilities due to
preview pane being open.  I try to encourage people NOT to have a
preview pane, but people will still do what they want even if you tell
them it is potentially dangerous.

Kind Regards
AndrewM
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXZXMEgAKCRCoFmvLt+/i
+xAvAQC0d92aSRBieRBh5wN2v8QnCL/DSNRd4j2y447EKziTcAEAwrzXxZPca7t4
E7Wjo7mSO4hlz2fEwYYhvS0GnhWU2mc=
=7Wj4
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

rhkramer
On Thursday, October 03, 2019 06:23:20 AM Andrew McGlashan wrote:
> There have been numerous bugs with LookOut (otherwise known as
> Outlook), running scripts and having other vulnerabilities due to
> preview pane being open.  I try to encourage people NOT to have a
> preview pane, but people will still do what they want even if you tell
> them it is potentially dangerous.

Ahh, a preview pane -- I don't believe I've encountered that term before, but
I'm guessing that means the pane (for example, in kmail) which shows the
content of an email as soon as it is selected from the list of emails in a
folder (and before you press enter, if ever, to open the email in a separate
stand alone window)?

And, I suppose then, that the same vulnerabilities that you allude to are
present in (at least older versions of) kmail?

(I'm still using Wheezy with kmail 1.13.7 as my daily driver.)

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Gene Heskett-4
On Thursday 03 October 2019 08:05:27 [hidden email] wrote:

> On Thursday, October 03, 2019 06:23:20 AM Andrew McGlashan wrote:
> > There have been numerous bugs with LookOut (otherwise known as
> > Outlook), running scripts and having other vulnerabilities due to
> > preview pane being open.  I try to encourage people NOT to have a
> > preview pane, but people will still do what they want even if you
> > tell them it is potentially dangerous.
>
> Ahh, a preview pane -- I don't believe I've encountered that term
> before, but I'm guessing that means the pane (for example, in kmail)
> which shows the content of an email as soon as it is selected from the
> list of emails in a folder (and before you press enter, if ever, to
> open the email in a separate stand alone window)?
>
> And, I suppose then, that the same vulnerabilities that you allude to
> are present in (at least older versions of) kmail?
>
> (I'm still using Wheezy with kmail 1.13.7 as my daily driver.)

Wow!  Thats newer than mine, but I'm running TDE.  But the emphasis on
progress for TDE has been on fixing KDE's bugs.  And TDE is generally
stable, but kmail is 1.9.10.  Whats been added since?  Is it usefull?

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Curt
In reply to this post by rhkramer
On 2019-10-03, [hidden email] <[hidden email]> wrote:
> On Thursday, October 03, 2019 06:23:20 AM Andrew McGlashan wrote:
>> There have been numerous bugs with LookOut (otherwise known as
>> Outlook), running scripts and having other vulnerabilities due to
>> preview pane being open.  I try to encourage people NOT to have a
>> preview pane, but people will still do what they want even if you tell
>> them it is potentially dangerous.
>
> Ahh, a preview pane -- I don't believe I've encountered that term before, but

I've been completely free of preview pain myself since I started using
Alpine tablets.


--
"There are no foreign lands. It is the traveler only who is foreign."
-- Robert Louis Stevenson

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

rhkramer
In reply to this post by Gene Heskett-4
On Thursday, October 03, 2019 09:03:57 AM Gene Heskett wrote:
> On Thursday 03 October 2019 08:05:27 [hidden email] wrote:
> > (I'm still using Wheezy with kmail 1.13.7 as my daily driver.)
>
> Wow!  Thats newer than mine, but I'm running TDE.  But the emphasis on
> progress for TDE has been on fixing KDE's bugs.  And TDE is generally
> stable, but kmail is 1.9.10.  Whats been added since?  Is it usefull?

I can't answer your questions -- I don't really remember what might have been
added in Wheezy / kmail 1.13.7 vs. whatever previous version I used.

I may have to switch to TDE / 1.9.10 as it seems mbox is being deprecated in
the more up-to-date versions of kmail, and there are reasons why I want / have
to continue to use mbox.

I guess other alternatives are finding (or making?) an appimage or similar of
kmail 1.13.7 (or the latest version of kmail in which mbox is still fully
supported), or switching to some other (preferably GUI style) mail client that
continues to support mbox (I think thunderbird might fit that category).

Have a good day!

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Gene Heskett-4
On Thursday 03 October 2019 09:24:16 [hidden email] wrote:

> On Thursday, October 03, 2019 09:03:57 AM Gene Heskett wrote:
> > On Thursday 03 October 2019 08:05:27 [hidden email] wrote:
> > > (I'm still using Wheezy with kmail 1.13.7 as my daily driver.)
> >
> > Wow!  Thats newer than mine, but I'm running TDE.  But the emphasis
> > on progress for TDE has been on fixing KDE's bugs.  And TDE is
> > generally stable, but kmail is 1.9.10.  Whats been added since?  Is
> > it usefull?
>
> I can't answer your questions -- I don't really remember what might
> have been added in Wheezy / kmail 1.13.7 vs. whatever previous version
> I used.
>
> I may have to switch to TDE / 1.9.10 as it seems mbox is being
> deprecated in the more up-to-date versions of kmail, and there are
> reasons why I want / have to continue to use mbox.

I've been using maildir's for at least 15 years, the alternates have a
problem with really big and old email corpuses, and some of this goes
back to 2002.

> I guess other alternatives are finding (or making?) an appimage or
> similar of kmail 1.13.7 (or the latest version of kmail in which mbox
> is still fully supported), or switching to some other (preferably GUI
> style) mail client that continues to support mbox (I think thunderbird
> might fit that category).
>
I haven't use t-bird in a decade, no idea what it supports now.

> Have a good day!

You too.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Brian
In reply to this post by Keith Bainbridge-2
On Thu 03 Oct 2019 at 10:28:58 +1000, Keith Bainbridge wrote:

>
> On 3/10/19 5:05 am, Brian wrote:
> > The starting post has nothing to do with Debian and, one may notice, the
> > OP has not reappeared to join the conversation and give his considered
> > opinion. It's a typical c'mon post which should have been ignored.
> >
>
>
> Oops, pushed the wrong keys, and replied only to Brian.
>
>
> But I have been lurking.

Keep at it. It's probably your métier.

>                            And I asked here as it is perhaps the broadest
> group I'm a member of.

-user isn't a broad group into which to dump some random happening out
on the internet.

>                         It is connected to Debian, and Linux in general IF
> my initial thought had been more helpful in avoiding such attacks.

Opening an email causes no problem to the system on Debian. We would be
in deep trouble if it did. Does that address your concern?

--
Brian.

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Joe Rowan
On Thu, 3 Oct 2019 20:54:10 +0100
Brian <[hidden email]> wrote:

 
>
> Opening an email causes no problem to the system on Debian. We would
> be in deep trouble if it did.

That has been my experience, but I did bring some cautious habits from
Windows, I don't render HTML and don't use a preview window and I
don't, if I can possibly avoid it, use webmail.

*If* I were to use the latest flashy GUI email client with all the bells
and whistles, and *if* I were to enable all rendering options (they're
probably on by default) and *if* I were to open a malicious email, is
there any possible risk from JS expecting to find a Windows system but
still managing to do harm to a Linux system? I make only simple web
pages and applications for my own use, and believe that client-side
scripting is the work of the Devil, so I don't have any idea of what
can be done by malicious JS.

--
Joe

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Keith Bainbridge-2
In reply to this post by Brian
Yes Brian - precisely.

Thanks.

And Joe has repeated you, with a few suggestions to 'improve' the situation.


Now to convince people to switch.  I believe it is easier than adjusting
to recent updates elsewhere, but...........


Worth trying though.




Keith Bainbridge

[hidden email]

+61 (0)447 667 468
On 4/10/19 5:54 am, Brian wrote:
> Opening an email causes no problem to the system on Debian. We would be
> in deep trouble if it did. Does that address your concern?

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Andrew McGlashan
In reply to this post by Joe Rowan
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

On 4/10/19 6:17 am, Joe wrote:

> On Thu, 3 Oct 2019 20:54:10 +0100 Brian <[hidden email]>
> wrote:
>
>
>>
>> Opening an email causes no problem to the system on Debian. We
>> would be in deep trouble if it did.
>
> That has been my experience, but I did bring some cautious habits
> from Windows, I don't render HTML and don't use a preview window
> and I don't, if I can possibly avoid it, use webmail.
>
> *If* I were to use the latest flashy GUI email client with all the
> bells and whistles, and *if* I were to enable all rendering options
> (they're probably on by default) and *if* I were to open a
> malicious email, is there any possible risk from JS expecting to
> find a Windows system but still managing to do harm to a Linux
> system? I make only simple web pages and applications for my own
> use, and believe that client-side scripting is the work of the
> Devil, so I don't have any idea of what can be done by malicious
> JS.

There are so many things that can go wrong in ANY desktop environment.

Users expect things to happen when you plug in a USB stick ....
sometimes the processing of files on that USB stick can lead to
vulnerabilities coming in to play.

Sometimes the hardware can be compromised and a USB stick plays like a
keyboard (rubby ducky style) and presents problems.

The more we have our Linux desktop work as Windows users expect; ala
adding usability, the more attack surface is there to be possibly
exploited.  Auto-mounting, auto-opening ... they are just for starters.

If we stuck to more traditional desktop environments, especially
without systemd, just for starters, then the environment has more
potential to be more safe.  But when we auto anything to make the
desktop experience better, then we add risks and potential problems.
It doesn't have to be gui mail or http renderers here, it could be
many things.  It could be just a plain simple file explorer.

Best practice dictates that you shouldn't run as a privileged user for
'normal' computer usage, the Windows and Mac worlds make the first
users admin users .... that is a huge problem in itself.  And in the
Linux world, it is all too often that an ordinary user /may/ have
access to super user via sudo that is too weak and adds further risk
(not unlike removing the need to accept Windows UAC prompts).  Damage
can easily be done in all sorts of ways, if you don't take good care.

Also, the less the desktop just works (as a Windows user might want),
then the less likelihood there will be of those such Windows users
migrating to Linux systems.

You can turn off JS in Thunderbird, but it's neigh on impossible in a
browser -- there are things you can do with noscript and other tools,
but some of those can be painful if used.  TB does HTML just like
Firefox does, so any kinds of HTTP vulnerabilities are ripe for use
with TB as well.

Anyway, I'm sure that is far more than enough to think about, it just
quite simply isn't limited to preview panes of email programs or other
closely related potential security issues.

Cheers
AndrewM
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXZajCQAKCRCoFmvLt+/i
++wPAP9LvY0El5jRbOVbz5WanLGLpFZ15vuKhnmtJ46eiH+UtQEAssIdt/WPJWxM
4uUGuwtyV+TT4RMvoAte2vRlgMcIANo=
=go2L
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

tomas@tuxteam.de
In reply to this post by Brian
On Thu, Oct 03, 2019 at 08:54:10PM +0100, Brian wrote:

[...]

> Opening an email causes no problem to the system on Debian. We would be
> in deep trouble if it did. Does that address your concern?

Woah. A sweeping assertion which would start making sense if you
tried to explain what "opening an email" means to you. Next step
would be to fix "no problem to the system" (does the disappearance
of all user files count?) and the step after that would be "on
Debian" (which MUA? Desktop environment, or just X cum WM or
console? Which set of installed programs? Is user in sudoers? Are
the last Spectre patches in? And so on).

Yes, "our" security story is way better than theirs, and this is
partly based on technical reasons, partly on social reasons and
partly on practical reasons. But feeling smug about it is a
vulnerability in itself :-)

Cheers
-- tomás

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Brian
On Fri 04 Oct 2019 at 10:49:49 +0200, [hidden email] wrote:

> On Thu, Oct 03, 2019 at 08:54:10PM +0100, Brian wrote:
>
> [...]
>
> > Opening an email causes no problem to the system on Debian. We would be
> > in deep trouble if it did. Does that address your concern?
>
> Woah. A sweeping assertion which would start making sense if you
> tried to explain what "opening an email" means to you. Next step
> would be to fix "no problem to the system" (does the disappearance
> of all user files count?) and the step after that would be "on
> Debian" (which MUA? Desktop environment, or just X cum WM or
> console? Which set of installed programs? Is user in sudoers? Are
> the last Spectre patches in? And so on).
>
> Yes, "our" security story is way better than theirs, and this is
> partly based on technical reasons, partly on social reasons and
> partly on practical reasons. But feeling smug about it is a
> vulnerability in itself :-)

A single reliable, well-documented and repeatable example of a problem
caused by pressing enter or clicking on a mail would go a long way to
wipe the smile of my face. User files are not necessary for the health
of the system.

--
Brian.

Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

tomas@tuxteam.de
On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote:

[...]

> > Yes, "our" security story is way better than theirs [...]

[edit: I forgot to put "theirs" in quotes]

> A single reliable, well-documented and repeatable example of a problem
> caused by pressing enter or clicking on a mail would go a long way to
> wipe the smile of my face.

That's not my goal, anyway. Smiles are like sunshine, so why would
I want to wipe them?

But still: every "code execution" escape in your MUA paired with a
privilege escalation (or some social-engineering equivalent like
"click here to install shiny package) is an example. And "we" have
had bunches of those.

> User files are not necessary for the health of the system.

But they're the those which really count: after all, I can reproduce
the system easily.

Of course, smart users compartmentalize the risk: as an example,
my tax declaration is done under a different user (for one, it's
somewhat sensitive data, for the other, my tax overlords force
me to use a browser with all gates open, which I consider as
inherently insecure, so I prefer to keep things separate. And
this separation is helped [1] by the system's integrity.

Others wanting to go the extra mile do QubesOS or something
similar. There's more than one way to do it.

All in all, smugness amounts to underestimate your enemy.
And, as Sun Tzu taught us long ago, that's a bad idea.

Cheers

[1] Some would say "guaranteed". I'm in this job for too long
   to dare use such a harsh word :)

-- tomás

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Email based attack on University

Brian
On Fri 04 Oct 2019 at 11:36:02 +0200, [hidden email] wrote:

> On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote:
>
> [...]
>
> > > Yes, "our" security story is way better than theirs [...]
>
> [edit: I forgot to put "theirs" in quotes]
>
> > A single reliable, well-documented and repeatable example of a problem
> > caused by pressing enter or clicking on a mail would go a long way to
> > wipe the smile of my face.
>
> That's not my goal, anyway. Smiles are like sunshine, so why would
> I want to wipe them?

:)

> But still: every "code execution" escape in your MUA paired with a
> privilege escalation (or some social-engineering equivalent like
> "click here to install shiny package) is an example. And "we" have
> had bunches of those.

That's *after* the mail is opened.

> > User files are not necessary for the health of the system.
>
> But they're the those which really count: after all, I can reproduce
> the system easily.

The integrity of a user's files is underpinned by the integrity of
the system. What price a user's files when the system knocks a few
0s and 1s off them at random times? Replacing one defective system
with another equally defective one leaves those files in the same
precarious situation.
 
> Of course, smart users compartmentalize the risk: as an example,
> my tax declaration is done under a different user (for one, it's
> somewhat sensitive data, for the other, my tax overlords force
> me to use a browser with all gates open, which I consider as
> inherently insecure, so I prefer to keep things separate. And
> this separation is helped [1] by the system's integrity.

I'd see it in stronger terms than "helped". Otherwise, you are just
exchanging one risk for another if the separation is not enforced.

--
Brian.

1234