|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [Plug] Microsoft Striks Again
|
Of course, a mentioned http is cleartext, and that's what https was
invented to protect -- it's just a encrypted socket connection between your
browser and the webserver, though the http that travels inside that tunnel
is still in the clear, unless you're privy to the stream encryption, it
all looks like garbarge to an eavesdropper.
k
------------------------------------------------------------------------------
"Success covers a multitude of blunders."
-- George Bernard Shaw
mortis@voicenet.com http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
On Tue, 31 Aug 1999, Michael W. Ryan wrote:
> On Tue, 31 Aug 1999, Nick R wrote:
>
> > Umm, aren't the passwords encrypted?
>
> Nope. Only if the protocol supports encrypted passwords, and POP isn't
> one of them. POP is clear text. So is HTTP. If you capture packets,
> you can reconstruct a persons session VERBATIM, headers, content,
> everything.
>
> Michael W. Ryan, MCP, MCT | OTAKON 1999
> mryan@netaxs.com | Convention of Otaku Generation
> http://www.netaxs.com/~mryan/ | http://www.otakon.com/
>
> PGP fingerprint: 7B E5 75 7F 24 EE 19 35 A5 DF C3 45 27 B5 DB DF
> PGP public key available by fingering mryan@unix.netaxs.com (use -l opt)
>
>
> _______________________________________________
> Plug maillist - Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
>
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|