Security Basics mailing list archives
Re: Sniffing emails - how?
From: xyberpix <xyberpix () xyberpix com>
Date: Tue, 16 Nov 2004 21:28:45 +0000
It's possible over the Net if the user has to POP mail from a box on the Net. xyberpix On Sat, 2004-11-13 at 10:50 +0800, Derek Fountain wrote:
Reading the archives of this and other lists, I occasionally come across quotes like this (from the WebApp list in this case): "2/ That sending a user's password in clear text over email systems is a secure method; inappropriate for most sites. For example, an attacker could provoke the password recovery procedure for his colleague and sniff the email containing the password with relative ease." Am I correct in thinking that this is only a real problem when an attacker has access to the same network as the email recipient? Or is this kind of sniffing possible across the internet in general?
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Sniffing emails - how? Derek Fountain (Nov 15)
- Re: Sniffing emails - how? Jonathan Kline (Nov 16)
- Re: Sniffing emails - how? xyberpix (Nov 16)
- RE: Sniffing emails - how? Clement Dupuis (Nov 16)
- <Possible follow-ups>
- Re: Sniffing emails - how? miguel . dilaj (Nov 16)
- RE: Sniffing emails - how? Justin Acquaro (Nov 16)
- RE: Sniffing emails - how? Dahate, Pramod (Nov 17)
- RE: Sniffing emails - how? Clement Dupuis (Nov 18)