Re: which pop3/imap secure method should I use?

To: debian-security@lists.debian.org
Subject: Re: which pop3/imap secure method should I use?
From: Radu Spineanu <radus@smartpost.ro>
Date: Tue, 14 Jun 2005 08:57:34 +0300
Message-id: <[🔎] 42AE71CE.9050103@smartpost.ro>

Ian Eure wrote:
>> On Monday 13 June 2005 04:41 pm, LeVA wrote:
>> I don't see why it would be helpful, unless you're trying to keep
your info
>> secret from a determined/resourceful attacker. But an attacker like that
>> would probably get it anyways.
>>
>> I use TLS & PLAIN, and encrypt/sign my messages with GPG for my business
>> email, and I think that's plenty secure for my needs.
>>
>>

That would maka it very easy for a sniffer running ettercap for example
to do a MiTM attack.

And of course the certificate is changed a little, but 80% of users
ignore this change and click yes on whatever is shown just to read their
emails, not knowing what this could lead to.

Also an attacker could alter that data the server sends so that it
doesn't advertise cram-md5 as an authentication method but this is more
advanced.

Doing a simple MiTM in ettercap is script kiddie friendly.

Radu

Reply to:

Follow-Ups:
- Re: which pop3/imap secure method should I use?
  - From: LeVA <leva@az.isten.hu>

Prev by Date: Re: which pop3/imap secure method should I use?
Next by Date: Re: Crypto File System-Problems Creating One
Previous by thread: Re: which pop3/imap secure method should I use?
Next by thread: Re: which pop3/imap secure method should I use?
Index(es):
- Date
- Thread