Simple wireless security Lab.

2»

Comments

  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    Danman32 wrote:
    Heck, I am just discovering that RoadRunner doesn't seem to offer secure POP3 connections so I can download my email.
    Email is always sent in the clear. Most people think of email being as a letter sealed in an envelope. It's actually a postcard that anyone can pick up and read (if they know how).

    Even if RR had an encrypted connection between their email server and your PC, your email would still need to be decrypted before it is sent out to the public Internet. The encryption would only be protecting your email from other people on RR's private network. Your email is still in clear-text for 99.9% of it is in transit and on the receiver's computer.

    Time for all of us to take personal responsibility for our email's privacy and start using PGP.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    keatron wrote:
    Also, as I pointed out, some hotels DO issue WEP keys or WPA passphrases.
    This points out the difference between attackers who are external to the hotel and those who are actual guests. External attacks not having the WEP or WPA key will need to perform conventional WEP cracking, dumpster diving, or social engineering to get the key. Once the key is known, to them the entire wireless network is in the clear. I wonder how often these hotels rotate their WPA passphrase? I hope it's (at least) weekly.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • Danman32Danman32 Member Posts: 1,243
    jdmurray wrote:
    Danman32 wrote:
    Heck, I am just discovering that RoadRunner doesn't seem to offer secure POP3 connections so I can download my email.
    Email is always sent in the clear. Most people think of email being as a letter sealed in an envelope. It's actually a postcard that anyone can pick up and read (if they know how).

    Even if RR had an encrypted connection between their email server and your PC, your email would still need to be decrypted before it is sent out to the public Internet. The encryption would only be protecting your email from other people on RR's private network. Your email is still in clear-text for 99.9% of it is in transit and on the receiver's computer.

    Time for all of us to take personal responsibility for our email's privacy and start using PGP.

    True, but now that I think about it, my main concern was sending my POP3 password. I tried setting OL to use APOP but RR didn't like that.
    · Share on FacebookShare on Twitter
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    JDMurray wrote: »
    Those must be the Windows/AD/Kerberos shops. icon_wink.gif

    Ok, this thread got bumped because of spam, but that's just cold JD icon_lol.gif
    · Share on FacebookShare on Twitter
Sign In or Register to comment.