lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <D2A61883-A404-11D8-AEDD-000A958871B8@oav.net> From: kiwi at oav.net (Xavier Beaudouin) Subject: Wireless ISPs Hi Brian and Dan, > Sit down sometime inside a wireless ISPs area and run > kismet. You can see someone connect to a service via > SSL, then immediately after they purchase something > they check the email. Guess what ? the Credit card # > and address are in that email. Yeah... There is 2 problems : - one is from purchase site that *should*not* send any credit card number on email - one is the way people gets mails On the second hand, there is some way to fix that : pop3-ssl imap-ssl Why ISP don't provide such way to get mail ? FYI I do such setup on my servers for more than 4 year since it is implemented on lots of MUAs included from some from a redmont software producers. Yes, using encrypted connections is not the solution, but can help... Also have some SMTP server that allow STARTTLS, are good starting point about security... If you are paranoid, like I am, you can also use : WEP + IPsec... that with encrypted connection (ssh, pop3-ssl, imap-ssl, smtp+tls) will give you more confident about your network.... People that don't use that are, IMHO, just non aware of the possibility that their data can be stolen without any intrusion. /Xavier -- Xavier Beaudouin - Unix System Administrator & Projects Leader. President of Kazar Organization : http://www.kazar.net/ Please visit http://caudium.net/, home of Caudium & Camas projects
Powered by blists - more mailing lists