December 13, 2018, 02:20:17 PM

Author Topic: SSL  (Read 7760 times)

0 Members and 1 Guest are viewing this topic.

CBK

  • Guest
SSL
« on: March 04, 2003, 05:33:57 PM »
I about had a heart-attact this morning!!  I was palying around with ethereal (packet-sniffer) when my email client checked for mail.  So when I was going through the data returned form ehtereal, lo and behold... I got the excahage between my email client and pop3 email server.   What I saw that made me upset.... clear as day, plain text, user name and password!!!  I was like "What the..." I checked my settings in evolution (email client i use)  to make shure I was using SSL, I had the setting set to "whenever possible"  So i quickly changed this to "Always " then  tryed to check my email again watching the packets off the wire.  But nothing, as it turns out, COX Cable, doesn't support nor use SSL!  And from what I have gatherd from their tech. support, they don't have any plans on doing so.  Now I have some concerns regarding my cable connection,  I have been thinking about switching to DSL so with this and the recent price increase the reason should be an easy one.  I was also thinking of running my own pop3 server and just using that but I haven't even look into it yet.  Any Ideas?

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:SSL
« Reply #1 on: March 04, 2003, 07:45:56 PM »
yeah..

personally, I would switch to DSL. Some here might disagree with me, but I personally hate cable. The truth is, cable is SHARED ! DSL is complete loop and doesn't goto anyone else. Think about it..

your phone line.. the local loop. The cable goes from the CO to your premise and back to the CO. Doesn't go anywhere else. Oh there are main fibers that goto the area, BUT they split and the bandwidth is dedicated to you and only you.

Cable TV.. the same as cable modem.. it's shared. You share it with others in your neighborhood.

and yes, aren't sniffers really interesting ?

mail server.. uh. what os ?

Met

"My Terminal is my Soul"

CBK

  • Guest
Re:SSL
« Reply #2 on: March 05, 2003, 11:27:01 AM »
Well I'm going to have to keep cable for the next 6 months at least  :-[  All of the DSL Co's here only have a 1 year contract and I may be moving agian after the 6 months...  Oh well  when the time comes I'll switch.  In the mean-time I'm going out and getting an HUB and an extra NIC... ;D
As far as the mail server, well I haven't even started to look at it yet.  The OS is ehter going to be Red Hat 8.0, Mandrake 9.0, Debain, FreeBSD 4.7  I'm really thinking about seting up another box up and  work with Debain or FreeBSD,  as thoses are the ones I have the least amount of time with.

Offline Uneek

  • Administrator
  • Seasoned Poster
  • *****
  • Posts: 306
  • Country:
  • Gender: Male
    • HFX International Org.
Re:SSL
« Reply #3 on: March 06, 2003, 03:12:08 AM »
I use cable... and it's not any more insecure than DSL... same shit... if you're sending your username/pass in plain text it can be compromised just as easily. And POP3 authentication unless using a secure login is sent in plain text.
*** Sleep: A completely inadequate substitute for caffeine. ***
01010010010101000100011001001101

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:SSL
« Reply #4 on: March 06, 2003, 12:10:29 PM »
well

cable is fine for some, but regardless, it still is shared and dsl isn't. but yeah, if you don't have encryption then everything will be plain text. simple concept.

I don't know.. I just dislike cable, but for some it works.

but again, everyone needs to use whatever works for them.
DSL works for me, cable works for others.



"My Terminal is my Soul"

Offline Cobra

  • cool?
  • Administrator
  • Seasoned Poster
  • *****
  • Posts: 447
  • Country:
  • Gender: Male
  • My mom says im cool!
Re:SSL
« Reply #5 on: March 06, 2003, 06:19:51 PM »
I am with you on this one Metty, I don't like cable for the very fact that it is shared.

Having said that i am stuck on Dial-up so anything is better.
I am not suffering with insanity... I am loving every minute of it.

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:SSL
« Reply #6 on: March 06, 2003, 10:17:47 PM »
Yep

and come to think of it.. I would say that cable is less secure by the very fact that it is shared. If it is shared it is easier to view, plain and simple.

Ok, sure the fact is both can be sniffed, but regardless, cable would be easier, even without being directly in the network.

It's pretty simple. Shared is easier to view. That's just common sense if you ask me. Besides, do you really want your bandwidth shared with others? I sure as hell would not.

an analogy.. who would have an easier time looking in your house..

your room mate who has the key and knows where you store things, or

a person who just saw your house, does not have the key and does not know where to look for whatever they are after?

the room mate would have an easier time, of course.

well in this example, the others who share it are the 'room mates'. They would be closer, they would have more knowledge and they would have the (most important thing) access.



Met



"My Terminal is my Soul"

Offline Uneek

  • Administrator
  • Seasoned Poster
  • *****
  • Posts: 306
  • Country:
  • Gender: Male
    • HFX International Org.
Re:SSL
« Reply #7 on: March 10, 2003, 03:43:54 PM »
Well, I think that theory is just a little flawed from one perspective... If you're on the Internet... guess what... it's gonna be shared bandwidth unless you link up directly to a backbone connection. Let's say you are on DSL... from your house to the switching station is dedicated. But from there on, you will be sharing bandwidth. And I can tell you from my past experience and having been on dial-up, DSL, Wireless Broadband, Dual DS3's (here at work), and now Cable at home, that my current cable hookup with the exception of the DS3's is faster than any of the others. And as far as the security aspect of it, the only thing you're eliminating is one segment to be sniffed. If you take the proper precautions, the risk will be so minimized that shared cable isn't even a factor any more. Just my $0.025...
*** Sleep: A completely inadequate substitute for caffeine. ***
01010010010101000100011001001101

Offline Metgod

  • the deranged hacker
  • Administrator
  • Forum Hero
  • *****
  • Posts: 1116
  • Country:
  • Gender: Male
Re:SSL
« Reply #8 on: March 10, 2003, 04:21:58 PM »
I was about to ask about OC's but then I realized you covered that. Uhm.. well yeah I understand that. And I am not even talking security so much as principle. And further, DSL and (I think cable ?) are both considered dedicated links. Well anything that is static, is dedicated.

So maybe it is a matter of perspection. Don't get me wrong, I'm not saying cable is inferior and is a worthless piece of crap (kind of redundant there huh ?).. just I like 'more dedicated', if that makes sense.

I guess I was thinking about the actual loop. But yeah, I reckon that at some point, it will be shared or at least boggled down due to others on the fiber. So I see your point. I don't know, I just prefer DSL is all.

I think what I mean is that in a PSTN environment, your connect is dedicated and no one shares it with you, as a cable goes into your house and you have dedicated bandwidth that isn't shared (and that would be similar to xDSL). Now I don't know a lot about cable at all, so maybe it is very similar ? Care to explain Uneek ?

I don't know. I think this is a feeble argument of mine, because no matter how I look at it, there are other perspections. It goes the other way around of course...

Met


"My Terminal is my Soul"