pine

[gwen]

* Ted Mittelstaedt (tedm at toybox.placo.com) [051214 15:22]:
> 
> 
> >> 'Can't do secure authentication with this server'
> >
> >If the server supports neither ssl, nor any form secure 
> >authentication, there 
> >nothing you can do to protect your password.
> 
> Garbage.
> 
> The first thing you can do is go out and shoo the crackers
> off the telephone pole who are tapped into your phone line
> and sniffing your passwords.
> 
> Then you can ask your ISP to start locking the door to his
> NOC and kick out all the crackers who have sleeping bags in
> the NOC and are tapped into the ISP's ethernet cable from his
> router to his mail server.
> 
> But the thing that would probably put your mind at ease the most
> is to stop going to Hollywood movies like The Net which make it appear
> as though crackers can magically sniff your cleartext passwords
> when they have access to the network between your
> PC and the ISP's mailserver.

Have you ever seen the output of tcpdump?  You see anything on the
same network as you.  So any of the following *likely* situations
leaves your non-encrypted password open for sniffing:

1) Wireless access, *any* wireless access.
2) Cable modem pools, or any internet hookup where there's a communal
line shared.
3) public networks (OK, I know the scenario presented is for home
usage, but it's worth it to put this point here).
4) Any network where a computer has been at all compromised.
5) Any ISP with untrustable SysAdmins (I've known this to happen).
6) Almost a corrolary to 5) and 3); any ISP with a compromised machine.

You cannot assume that there are not nasty sniffers on your line.
I have seen passwords sniffed out in all kinds of places.

And with that, I go back into lurking mode.

gwen.
 gamergothgeekgrrl.
 http://www.gw3n.com/
  
* martygreene shivvers
<martygreene> why is it so damn cold?