Re: Password Secure?

On Fri, 30 Jun 2006 07:55:35 -0400, "Bill Kearney"
<wkearney99@xxxxxxxxxxx> wrote in
<jKGdnWw5U7uljDjZnZ2dnUVZ_sCdnZ2d@xxxxxxxxxxxxx>:

If you're connecting to POP and IMAP on ports 110 or 143 then it's not
secure.

Not true. Most servers these days do TLS over the standard ports. My
mail/news program correctly negotiates TLS with any server that advertises
it. I don't know if OE would, these days.

Interesting to know, I didn't really give TLS over standard ports
consideration. This, however, assumes they'll be using a recent vintage of
mail server. I've no idea how many servers out there aren't recent enough,
or configured properly, to do TLS in this manner. So while it may well be
incorrect to assume use of plain ports as insecure, it's at least a rule of
thumb worth considering.

So no, it's not safe to use services with passwords unless you're SURE
the
connection is using some form of encryption. Otherwise anyone else on
link can sniff your username and password out VERY, VERY easily.

That I'll agree with - it isn't a simple matter to verify that traffic on
the standard ports is using TLS.

Indeed, it would be handy to have a way to easily verify the availability of
TLS on the server and actual USE by the client. Meanwhile I'll stick with
using secure port numbers as my primary guide.

Mozilla Thunderbird provides the following secure connection options:
* Never
* TLS, if available
* TLS
* SSL

By selecting TLS or SSL, you can ensure that all connections are secure.

Otherwise, I always configure it for TLS if available rather than Never.

Given that free Gmail (Google Mail) supports TLS, I strongly advise
people to never use any service that lacks support for TLS.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
.

Relevant Pages

  • Re: Password Secure?
    ... Most servers these days do TLS over the standard ports. ... mail/news program correctly negotiates TLS with any server that advertises ... using secure port numbers as my primary guide. ...
    (alt.internet.wireless)
  • RE: 802.1x and PEAP
    ... I disagree with your comment about TKIP and MIC being proprietary. ... Broadcast key rotation can only be done with an authentication server. ... > the TLS - thus providing the necessary security. ... > protected by the TLS session or a protected error. ...
    (Security-Basics)
  • RE: 802.1x and PEAP
    ... Broadcast key rotation can only be done with an authentication server. ... IOS a different vendors card will not work with TKIP and MIC, ... > protected by the TLS session or a protected error ...
    (Security-Basics)
  • Re: radtest ok, xsupplicant fails (was : Problem compiling Freeradius on RH 9.0)
    ... The radius server compiles and installs now, ... tls: rsa_key_exchange = no ... Module: Loaded preprocess ... Module: Loaded radutmp ...
    (comp.os.linux.misc)
  • OWA works, RPC over HTTP does not
    ... we have an Exchange 2003 server running as front end and back end server at once. ... The server is behind NAT and port 443 is forwarded to the Exchange server. ... 194.35.207.125 TLS Client Hello ...
    (microsoft.public.exchange.admin)