Security Basics mailing list archives

RE: LM and NTLM Hashes

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 8 Sep 2005 18:17:21 -0400

Telnet, Pop3, and FTP all send clear-text passwords by default. If
you're using Outlook or OE with Exchange, you can enable SPA (Secure
Protected Authentication..or something like that) in both the client and
server. If it is another combination, then you can use IPSec, SSL, or
something like that to encrypt communications.

Roger

************************************************************************
***
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), TICSA, CEH, CHFI
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****



-----Original Message-----
From: Flavio Braga [mailto:flaviobs () uol com br]
Sent: Tuesday, September 06, 2005 12:56 PM
To: security-basics () securityfocus com
Subject: LM and NTLM Hashes

I saw that pop3 clients send passwords in text mode. Is there any way to
protect passwords from email clients? Or the users have to access emails
from webmails?

Current thread:

LM and NTLM Hashes Flavio Braga (Sep 06)
- <Possible follow-ups>
- RE: LM and NTLM Hashes Roger A. Grimes (Sep 08)
- RE: LM and NTLM Hashes Roger A. Grimes (Sep 09)