Kevin Hill on Tue, 31 Aug 1999 15:30:16 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Plug] Microsoft Striks Again


The best alternative would be to run a secure IMAP server.  This gives
you the encryption option to eliminate the snooping problem (or at
least, make it more difficult to interpret).

Of course, your sysadmin hates you for taking up all the filesystem
space with stupid emails and ridiculous MS Office attachments.  But
that's secondary.  Unless you're the sysadmin.

- khill

"Jason S." wrote:
> 
> Run a packet sniffer on a box on you local lan with an interface in
> pomisc mode, capture port 110, tcp and jot down everyones
> username/password and read their mail while they retrieve it.
> 
> Its not overly hard in that situation. POP, and SMTP are clear text,
> and wide open for sniffing.
> 
> J.
> 
> When I grow up, I wanna be more like me.
> I had a clue. I didn't like it. I took it back and exchanged it for an
> attitude.
> 
> On Tue, 31 Aug 1999, Nick R wrote:
> 
> > Outside of social engineering and brute force crack attempts how's this so
> > w/ POP3?
> >
> >
> > >From: Morgan Wajda-Levie <mpwl@locke.ccil.org>
> > >Reply-To: plug@lists.nothinbut.net
> > >To: plug@lists.nothinbut.net
> > >Subject: Re: [Plug] Microsoft Striks Again
> > >Date: Tue, 31 Aug 1999 07:12:16 -0500
> > >
> > >On Mon, Aug 30, 1999 at 10:20:02PM -0400, Andy Bradley wrote:
> > > > http://www.cnn.com/TECH/computing/9908/30/hotmail.06/
> > >
> > >The only problem I have with this and a lot of other coverage of the
> > >cracking is that it makes the assumption that e-mail normally is
> > >secure.  The hotmail cracking makes things a lot easier, but reading
> > >other people's e-mail is still a juvenile task, as is faking their
> > >address.  That's what pgp is for.
> > >
> > >--
> > >Morgan Wajda-Levie
> > >http://www.worldaxes.com/wajdalev
> > >PGP fingerprint:
> > >A353 C750 660E D8B6 5616  F4D8 7771 DD21 7BF6 221C
> > >http://www.worldaxes.com/wajdalev/public.asc for PGP key
> > >encrypted mail preferred
> > ><< attach3 >>
> >
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
> >
> > _______________________________________________
> > Plug maillist  -  Plug@lists.nothinbut.net
> > http://lists.nothinbut.net/mail/listinfo/plug
> >
> 
> _______________________________________________
> Plug maillist  -  Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
begin:vcard 
n:Hill;Kevin
tel;fax:215.283.4942
tel;work:215.283.4877
x-mozilla-html:TRUE
url:http://www.quarterleaf.com/
org:The Sycamore Group;Enterprise Development Division
version:2.1
email;internet:khill@quarterleaf.com
title:Senior Application Architect
adr;quoted-printable:;;580 Virginia Drive=0D=0ASuite 100;Fort Washington;PA;19034;USA
x-mozilla-cpt:;25440
fn:Kevin Hill
end:vcard