Security, Microsoft, etc...

[Kit Plummer]

Not until recently, and to my own fault, have I given any considerable
thought the security of my login information [to websites, to get my
mail, to my ISP].

Well, here is what has significantly opened my eyes even further:

I have a dial-in account with AT&T which I use while on the road.  Every
once in a while I will check the email account that comes with the
service just to make sure I am not missing anything.  Until recently,
AT&T required that you be dialed into them in order to POP their mail.
It has always been possibly get via the web.  Well, the reason they now
allow access from any ISP is because MS's Outlook Express is capable of
SSLing the POP login information.  Turns out that MS's OE is the only
email client anywhere which allows SSLed logins.  That's right...with
all the ranting about telnet being so insecure - here we are committing
the same insecure act while checking our mail.  

I tested it too, running snort on my network, then hit the ole
send/receive button on Evolution, and wham there was my password plain
as day for the entire network to see.  Now, if you are like me...you
probably use the same password for your various requirements.  You can
probably get where I am going.

So...now I feel just a little helpless - waiting for a more secured POP
login process.  And this is only login information...not considering
that most of us haven't bothered with PGP-encrypted mail.

Anyway...just thought i'd throw this out there.

Kit