[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: which pop3/imap secure method should I use?

Ian Eure wrote:
>> On Monday 13 June 2005 04:41 pm, LeVA wrote:
>> I don't see why it would be helpful, unless you're trying to keep
your info
>> secret from a determined/resourceful attacker. But an attacker like that
>> would probably get it anyways.
>> I use TLS & PLAIN, and encrypt/sign my messages with GPG for my business
>> email, and I think that's plenty secure for my needs.

That would maka it very easy for a sniffer running ettercap for example
to do a MiTM attack.

And of course the certificate is changed a little, but 80% of users
ignore this change and click yes on whatever is shown just to read their
emails, not knowing what this could lead to.

Also an attacker could alter that data the server sends so that it
doesn't advertise cram-md5 as an authentication method but this is more

Doing a simple MiTM in ettercap is script kiddie friendly.


Reply to: