[62015] in North American Network Operators' Group
Re: Microsoft announces new ways to bypass security controls
daemon@ATHENA.MIT.EDU (Mans Nilsson)
Mon Sep 15 03:22:42 2003
Date: Mon, 15 Sep 2003 09:22:02 +0200
From: Mans Nilsson <mansaxel@sunet.se>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.44.0309142130320.978-100000@clifden.donelan.com>
X-synced-from: Pilsnet
Errors-To: owner-nanog-outgoing@merit.edu
--aVD9QWMuhilNxW9f
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Microsoft announces new ways to bypass security controls Date: Sun=
, Sep 14, 2003 at 10:03:32PM -0400 Quoting Sean Donelan (sean@donelan.com):
> Of course, Microsoft isn't the only one with mail protocol security
> weaknesses.
>=20
> POP3 is probably responsible for more cleartext passwords being
> transmitted over the Internet than any other network protocol.
That statement is nicely supported by my dnsiff logs from various=20
networking conferences -- the top three have always been:
POP
webmail without SSL
other http apps without SSL.=20
Below this we see IMAP, IM, telnet (rare) and a storm of snmp from
windows machines trying to manage HP printers.
--=20
M=E5ns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE
Send your questions to ``ASK ZIPPY'', Box 40474, San Francisco, CA
94140, USA
--aVD9QWMuhilNxW9f
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
iD8DBQE/ZWia02/pMZDM1cURAtTvAJ9poYaLWL7NC7BtBIncFpenrhfPuwCgj5q9
GP3kqry+S9WuOQCnWq+yumE=
=asGo
-----END PGP SIGNATURE-----
--aVD9QWMuhilNxW9f--
