Jason S. on Tue, 31 Aug 1999 15:24:20 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Plug] Microsoft Striks Again


Run a packet sniffer on a box on you local lan with an interface in
pomisc mode, capture port 110, tcp and jot down everyones 
username/password and read their mail while they retrieve it.

Its not overly hard in that situation. POP, and SMTP are clear text,
and wide open for sniffing.

J.

When I grow up, I wanna be more like me.
I had a clue. I didn't like it. I took it back and exchanged it for an
attitude.  

On Tue, 31 Aug 1999, Nick R wrote:

> Outside of social engineering and brute force crack attempts how's this so 
> w/ POP3?
> 
> 
> >From: Morgan Wajda-Levie <mpwl@locke.ccil.org>
> >Reply-To: plug@lists.nothinbut.net
> >To: plug@lists.nothinbut.net
> >Subject: Re: [Plug] Microsoft Striks Again
> >Date: Tue, 31 Aug 1999 07:12:16 -0500
> >
> >On Mon, Aug 30, 1999 at 10:20:02PM -0400, Andy Bradley wrote:
> > > http://www.cnn.com/TECH/computing/9908/30/hotmail.06/
> >
> >The only problem I have with this and a lot of other coverage of the
> >cracking is that it makes the assumption that e-mail normally is
> >secure.  The hotmail cracking makes things a lot easier, but reading
> >other people's e-mail is still a juvenile task, as is faking their
> >address.  That's what pgp is for.
> >
> >--
> >Morgan Wajda-Levie
> >http://www.worldaxes.com/wajdalev
> >PGP fingerprint:
> >A353 C750 660E D8B6 5616  F4D8 7771 DD21 7BF6 221C
> >http://www.worldaxes.com/wajdalev/public.asc for PGP key
> >encrypted mail preferred
> ><< attach3 >>
> 
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
> 
> _______________________________________________
> Plug maillist  -  Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
> 


_______________________________________________
Plug maillist  -  Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug