Security Basics mailing list archives
RE: LM and NTLM Hashes
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 8 Sep 2005 18:17:21 -0400
Telnet, Pop3, and FTP all send clear-text passwords by default. If you're using Outlook or OE with Exchange, you can enable SPA (Secure Protected Authentication..or something like that) in both the client and server. If it is another combination, then you can use IPSec, SSL, or something like that to encrypt communications. Roger ************************************************************************ *** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, MCSE: Security (2000/2003/MVP), TICSA, CEH, CHFI *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ **** -----Original Message----- From: Flavio Braga [mailto:flaviobs () uol com br] Sent: Tuesday, September 06, 2005 12:56 PM To: security-basics () securityfocus com Subject: LM and NTLM Hashes I saw that pop3 clients send passwords in text mode. Is there any way to protect passwords from email clients? Or the users have to access emails from webmails?
Current thread:
- LM and NTLM Hashes Flavio Braga (Sep 06)
- <Possible follow-ups>
- RE: LM and NTLM Hashes Roger A. Grimes (Sep 08)
- RE: LM and NTLM Hashes Roger A. Grimes (Sep 09)