|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [Plug] Microsoft Striks Again
|
Uh, you can sniff the _whole_ session, this includes http posts, and the
_entire_ POP session, from loggin in, to retreiving mail
k
------------------------------------------------------------------------------
"Success covers a multitude of blunders."
-- George Bernard Shaw
mortis@voicenet.com http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
On Tue, 31 Aug 1999, Nick R wrote:
> Well if you're dialing in from your PC at home, then you can't really do
> that to a person, but even if you do capture anything, you only get what
> they access, not the password (unless you use a really bad system where it's
> part of the URL like hotmail, though it doesn't seem to happen to me like
> that).
>
> -Laktar, a.k.a. Nick Rosen, laktar.dyndns.org
>
>
> If I Ever Became An Evil Overlord:
> 95. My dungeon will have its own qualified medical staff complete with
> bodyguards. That way if a prisoner becomes sick and his cellmate tells the
> guard it's an emergency, the guard will fetch a trauma team instead of
> opening
> up the cell for a look.
> -- Peter's Evil Overlord List,
> http://www.eviloverlord.com/lists/overlord.html
>
>
> >From: "Michael W. Ryan" <mryan@netaxs.com>
> >Reply-To: plug@lists.nothinbut.net
> >To: plug@lists.nothinbut.net
> >Subject: Re: [Plug] Microsoft Striks Again
> >Date: Tue, 31 Aug 1999 09:06:06 -0400 (EDT)
> >
> >On Tue, 31 Aug 1999, Morgan Wajda-Levie wrote:
> >
> > > The only problem I have with this and a lot of other coverage of the
> > > cracking is that it makes the assumption that e-mail normally is
> > > secure. The hotmail cracking makes things a lot easier, but reading
> > > other people's e-mail is still a juvenile task, as is faking their
> > > address. That's what pgp is for.
> >
> >I have to agree, especially when it's using a clear text protocol like
> >HTTP. If you'd like to see it for yourself, just install a decent
> >packet-capturing utility on your system. Just start capturing packets,
> >and have someone access a web page, and you'll see. I demonstrated this
> >to a student in my NT class with the Network Monitor utility from SMS, and
> >his access to his college's web-based email.
> >
> >Michael W. Ryan, MCP, MCT | OTAKON 1999
> >mryan@netaxs.com | Convention of Otaku Generation
> >http://www.netaxs.com/~mryan/ | http://www.otakon.com/
> >
> >PGP fingerprint: 7B E5 75 7F 24 EE 19 35 A5 DF C3 45 27 B5 DB DF
> >PGP public key available by fingering mryan@unix.netaxs.com (use -l opt)
> >
> >
> >_______________________________________________
> >Plug maillist - Plug@lists.nothinbut.net
> >http://lists.nothinbut.net/mail/listinfo/plug
> >
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
> _______________________________________________
> Plug maillist - Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
>
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|