Date: Wed, 14 Dec 2005 15:34:37 -0500 From: gwen <gwen@nvnsvch.org> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: caleb <destroyingculture@netspace.net.au>, freebsd-questions@freebsd.org, RW <list-freebsd-2004@morbius.sent.com> Subject: Re: pine Message-ID: <20051214203437.GA17667@nvnsvch.org> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNIEAIFDAA.tedm@toybox.placo.com> References: <200512140207.44237.list-freebsd-2004@morbius.sent.com> <LOBBIFDAGNMAMLGJJCKNIEAIFDAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Ted Mittelstaedt (tedm@toybox.placo.com) [051214 15:22]: > > > >> 'Can't do secure authentication with this server' > > > >If the server supports neither ssl, nor any form secure > >authentication, there > >nothing you can do to protect your password. > > Garbage. > > The first thing you can do is go out and shoo the crackers > off the telephone pole who are tapped into your phone line > and sniffing your passwords. > > Then you can ask your ISP to start locking the door to his > NOC and kick out all the crackers who have sleeping bags in > the NOC and are tapped into the ISP's ethernet cable from his > router to his mail server. > > But the thing that would probably put your mind at ease the most > is to stop going to Hollywood movies like The Net which make it appear > as though crackers can magically sniff your cleartext passwords > when they have access to the network between your > PC and the ISP's mailserver. Have you ever seen the output of tcpdump? You see anything on the same network as you. So any of the following *likely* situations leaves your non-encrypted password open for sniffing: 1) Wireless access, *any* wireless access. 2) Cable modem pools, or any internet hookup where there's a communal line shared. 3) public networks (OK, I know the scenario presented is for home usage, but it's worth it to put this point here). 4) Any network where a computer has been at all compromised. 5) Any ISP with untrustable SysAdmins (I've known this to happen). 6) Almost a corrolary to 5) and 3); any ISP with a compromised machine. You cannot assume that there are not nasty sniffers on your line. I have seen passwords sniffed out in all kinds of places. And with that, I go back into lurking mode. gwen. gamergothgeekgrrl. http://www.gw3n.com/ * martygreene shivvers <martygreene> why is it so damn cold?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051214203437.GA17667>