Re: Microsoft announces new ways to bypass security controls

North American Network Operators Group

Re: Microsoft announces new ways to bypass security controls

From: Mans Nilsson
Date: Mon Sep 15 03:24:34 2003

Subject: Microsoft announces new ways to bypass security controls Date: Sun, Sep 14, 2003 at 10:03:32PM -0400 Quoting Sean Donelan (sean@donelan.com):
> Of course, Microsoft isn't the only one with mail protocol security
> weaknesses.
> 
> POP3 is probably responsible for more cleartext passwords being
> transmitted over the Internet than any other network protocol.

That statement is nicely supported by my dnsiff logs from various 
networking conferences -- the top three have always been:

POP
webmail without SSL
other http apps without SSL. 

Below this we see IMAP, IM, telnet (rare) and a storm of snmp from
windows machines trying to manage HP printers.

-- 
Måns Nilsson         Systems Specialist
+46 70 681 7204         KTHNOC
                        MN1334-RIPE

Send your questions to ``ASK ZIPPY'', Box 40474, San Francisco, CA
94140, USA

Attachment: pgp00007.pgp
Description: PGP signature

Follow-Ups:
- Re: Microsoft announces new ways to bypass security controls Daniel Senie

References:
- Microsoft announces new ways to bypass security controls Sean Donelan

Prev by Date: Microsoft announces new ways to bypass security controls
Next by Date: Weekly lamer report
Date Index
Thread Index
Author Index
Historical