lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 25 Aug 2010 13:48:49 +0200
From: Holger Rabbach <hrabbach@...ssroad-networks.com>
To: Kari Hurtta <hurtta+bugtraq@...ja.mh.fmi.fi>
Cc: bugtraq@...urityfocus.com
Subject: Re: Web Tool Announcement: ismymailsecure.com

Hi Kari,

On 25/08/2010 11:30, Kari Hurtta wrote:

> And because mail server name and email address does not need to be any
> connection also checking of signature of certificate agaist CA does not
> help much. It does not protect attack agaist MX records on DNS.

true - so in an ideal world, we would need DNSSec everywhere and strict
certificate checking to significantly reduce the possibility of MiTM
attacks. In a not so ideal world, every little bit helps, so if we can
get mail servers to routinely use encryption between each other, that's
a nice first step and using valid certificates that can actually be
verified is a second one. Both will help significantly already.

Holger

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ