Security, Microsoft, etc...

Technomage plug-discuss@lists.PLUG.phoenix.az.us
Wed, 11 Jul 2001 09:50:36 -0700 

hmmm,
you think thats bad.
I ran ngrep here with the match on SERVER PASSWORD USER and
I got tons of stuff thats supposed to be encrypted but is not. :(

Privacy may not be dead, but the programs we use sure aren't
doing their part to insure it.

Technomage Hawke

Kit Plummer wrote:
> 
> Not until recently, and to my own fault, have I given any considerable
> thought the security of my login information [to websites, to get my
> mail, to my ISP].
> 
> Well, here is what has significantly opened my eyes even further:
> 
> I have a dial-in account with AT&T which I use while on the road.  Every
> once in a while I will check the email account that comes with the
> service just to make sure I am not missing anything.  Until recently,
> AT&T required that you be dialed into them in order to POP their mail.
> It has always been possibly get via the web.  Well, the reason they now
> allow access from any ISP is because MS's Outlook Express is capable of
> SSLing the POP login information.  Turns out that MS's OE is the only
> email client anywhere which allows SSLed logins.  That's right...with
> all the ranting about telnet being so insecure - here we are committing
> the same insecure act while checking our mail.
> 
> I tested it too, running snort on my network, then hit the ole
> send/receive button on Evolution, and wham there was my password plain
> as day for the entire network to see.  Now, if you are like me...you
> probably use the same password for your various requirements.  You can
> probably get where I am going.
> 
> So...now I feel just a little helpless - waiting for a more secured POP
> login process.  And this is only login information...not considering
> that most of us haven't bothered with PGP-encrypted mail.
> 
> Anyway...just thought i'd throw this out there.
> 
> Kit
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

-- 
I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
numbered!
My life is my own - No. 6