From owner-freebsd-questions@FreeBSD.ORG Wed Dec 14 20:34:43 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10B7016A41F for ; Wed, 14 Dec 2005 20:34:43 +0000 (GMT) (envelope-from gwen@nvnsvch.org) Received: from nvnsvch.org (nvnsvch.org [205.201.58.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4D1443D62 for ; Wed, 14 Dec 2005 20:34:42 +0000 (GMT) (envelope-from gwen@nvnsvch.org) Received: by nvnsvch.org (Postfix, from userid 1001) id AB03480E5; Wed, 14 Dec 2005 15:34:37 -0500 (EST) Date: Wed, 14 Dec 2005 15:34:37 -0500 From: gwen To: Ted Mittelstaedt Message-ID: <20051214203437.GA17667@nvnsvch.org> References: <200512140207.44237.list-freebsd-2004@morbius.sent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Cc: caleb , freebsd-questions@freebsd.org, RW Subject: Re: pine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2005 20:34:43 -0000 * Ted Mittelstaedt (tedm@toybox.placo.com) [051214 15:22]: > > > >> 'Can't do secure authentication with this server' > > > >If the server supports neither ssl, nor any form secure > >authentication, there > >nothing you can do to protect your password. > > Garbage. > > The first thing you can do is go out and shoo the crackers > off the telephone pole who are tapped into your phone line > and sniffing your passwords. > > Then you can ask your ISP to start locking the door to his > NOC and kick out all the crackers who have sleeping bags in > the NOC and are tapped into the ISP's ethernet cable from his > router to his mail server. > > But the thing that would probably put your mind at ease the most > is to stop going to Hollywood movies like The Net which make it appear > as though crackers can magically sniff your cleartext passwords > when they have access to the network between your > PC and the ISP's mailserver. Have you ever seen the output of tcpdump? You see anything on the same network as you. So any of the following *likely* situations leaves your non-encrypted password open for sniffing: 1) Wireless access, *any* wireless access. 2) Cable modem pools, or any internet hookup where there's a communal line shared. 3) public networks (OK, I know the scenario presented is for home usage, but it's worth it to put this point here). 4) Any network where a computer has been at all compromised. 5) Any ISP with untrustable SysAdmins (I've known this to happen). 6) Almost a corrolary to 5) and 3); any ISP with a compromised machine. You cannot assume that there are not nasty sniffers on your line. I have seen passwords sniffed out in all kinds of places. And with that, I go back into lurking mode. gwen. gamergothgeekgrrl. http://www.gw3n.com/ * martygreene shivvers why is it so damn cold?