Re: Wireless ISPs

[Xavier Beaudouin <kiwi () oav net>]

Hi Brian and Dan,

> Sit down sometime inside a wireless ISPs area and run
> kismet. You can see someone connect to a service via
> SSL, then immediately after they purchase something
> they check the email. Guess what ? the Credit card #
> and address are in that email.

Yeah...

There is 2 problems :

- one is from purchase site that *should*not* send any
  credit card number on email
- one is the way people gets mails

On the second hand, there is some way to fix that :

 pop3-ssl
 imap-ssl

Why ISP don't provide such way to get mail ? FYI I do such setup on my 
servers for more than 4 year since it is implemented on lots of MUAs 
included from some from a redmont software producers.

Yes, using encrypted connections is not the solution, but can help...

Also have some SMTP server that allow STARTTLS, are good starting point 
about security...

If you are paranoid, like I am, you can also use : WEP + IPsec... that 
with encrypted connection (ssh, pop3-ssl, imap-ssl, smtp+tls) will give 
you more confident about your network....

People that don't use that are, IMHO, just non aware of the possibility 
that their data can be stolen without any intrusion.

/Xavier

--
Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html