On Friday, 12 בSeptember 2008, Amos Shapira wrote: > Frankly, how do you expect hackers to sniff your password on the wire > between you and the server? > (maybe on shared cable segment?) > I'm not saying that I'd feel comfortable sending password in the > clear, but what REALLY are the practical risks?
* You assume I needed it from home. * The issue actually came up when I prepared for connecting to my mailbox remotely (from Mexico City -- do you want to count the number of networks from there to bezeqint?) * The link from their main page to their webmail service points to an http connection... (and hosted on a different domain, perfect for phishing people passwords). * After jumping through their support lines (which, btw, were accessible and polite) they found out that they *do* have https webmail service. There is just no link to it from their site. * I thanked them for that and adviced to fix the link so naive people won't be trapped by mistake -- just checked now -- the same... Under these conditions, do you think I'm talking about some theoretical minor risk? Or can we start betting on the number of stolen passwords from traveling salesmans/pointy-haired-bosses/etc? > On 9/12/08, Oron Peled <[EMAIL PROTECTED]> wrote: > > On Thursday, 11 בSeptember 2008, Noam Rathaus wrote: > >> The credentials for the SMTP were the same as that for the POP3 account > >> they > >> used, and of course the same ones for the ADSL login (without the @Bezint > >> thingy). > > > > That's very wise.... especially without any SSL/TLS support ;-) > > > > * I had a discussion with them about it a few months ago. > > * I would be more than happy to know they bothered doing something > > about it. > > * One of their support people even "explained" to me how using > > ftp for uploading my home page is a security feature because > > the password is hidden in the protocol (it wasn't April 1st). > > > > [not that the other existing ISP's are better] > > > > Cheers, > > > > -- > > Oron Peled Voice/Fax: +972-4-8228492 > > [EMAIL PROTECTED] http://www.actcom.co.il/~oron > > "UNIX was not designed to stop you from doing stupid things, because > > that would also stop you from doing clever things." > > --Doug Gwyn > > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > the word "unsubscribe" in the message body, e.g., run the command > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > > > -- > Sent from Google Mail for mobile | mobile.google.com > -- Oron Peled Voice/Fax: +972-4-8228492 [EMAIL PROTECTED] http://www.actcom.co.il/~oron If it ain't unix I ain't touching it ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
