| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Aug 2010 10:39:07 +0200 From: Holger Rabbach <hrabbach@...ssroad-networks.com> To: Kari Hurtta <hurtta+bugtraq@...ja.mh.fmi.fi> Cc: bugtraq@...urityfocus.com Subject: Re: Web Tool Announcement: ismymailsecure.com Hi Kari, it does not - yet. This is actually what I'm working on at the moment. However, since most MTAs at the moment don't do this kind of check, it is not very useful. So the tool currently only checks for encryption capabilities, it does *not* check for protection against MiTM attacks. The next, enhanced version of the tool will have an optional check for this and also the supported ciphers. Holger On 25/08/2010 09:59, Kari Hurtta wrote: > Holger Rabbach <hrabbach@...ssroad-networks.com>: (Wed Aug 18 12:59:19 2010) > [ Charset ISO-8859-1 converted... ] >> Dear Bugtraq community, >> >> I am happy to announce the immediate availability of a web based email >> security testing tool at http://www.ismymailsecure.com. The tool is an >> end-user friendly way to determine if the mail servers for a certain >> email address support the STARTTLS capability to encrypt the email >> transfer between servers. While most email providers have frontends that >> use encryption, the actual email transfers via SMTP are often not secure > > It seems not check if certificate returned is signed by trusted CA. >
Powered by blists - more mailing lists