Re: which pop3/imap secure method should I use?

To: debian-security@lists.debian.org
Subject: Re: which pop3/imap secure method should I use?
From: LeVA <leva@az.isten.hu>
Date: Tue, 14 Jun 2005 13:14:17 +0200
Message-id: <[🔎] 200506141314.17649.leva@az.isten.hu>
In-reply-to: <[🔎] 42AE71CE.9050103@smartpost.ro>
References: <[🔎] 42AE71CE.9050103@smartpost.ro>

2005. június 14. 07:57,
Radu Spineanu <radus@smartpost.ro>
-> debian-security@lists.debian.org,:
> Ian Eure wrote:
> >> On Monday 13 June 2005 04:41 pm, LeVA wrote:
> >> I don't see why it would be helpful, unless you're trying to keep
>
> your info
>
> >> secret from a determined/resourceful attacker. But an attacker like that
> >> would probably get it anyways.
> >>
> >> I use TLS & PLAIN, and encrypt/sign my messages with GPG for my business
> >> email, and I think that's plenty secure for my needs.
>
> That would maka it very easy for a sniffer running ettercap for example
> to do a MiTM attack.
>
> And of course the certificate is changed a little, but 80% of users
> ignore this change and click yes on whatever is shown just to read their
> emails, not knowing what this could lead to.
>
> Also an attacker could alter that data the server sends so that it
> doesn't advertise cram-md5 as an authentication method but this is more
> advanced.
>
> Doing a simple MiTM in ettercap is script kiddie friendly.

What's this MiTM attact means?

Daniel

-- 
LeVA

Reply to:

Follow-Ups:
- Re: which pop3/imap secure method should I use?
  - From: Demonen <demmydemon@gmail.com>

References:
- Re: which pop3/imap secure method should I use?
  - From: Radu Spineanu <radus@smartpost.ro>

Prev by Date: Re: Crypto File System-Problems Creating One
Next by Date: Re: which pop3/imap secure method should I use?
Previous by thread: Re: which pop3/imap secure method should I use?
Next by thread: Re: which pop3/imap secure method should I use?
Index(es):
- Date
- Thread