> Question: How will this work? Are passwords still so easy to read as > 10 years ago in Win95 or will the malware listen the IP-traffic and > read out the clear-text SMTP-Auth or POP3-Password?
If it _is_ sniffing, I'd think it's most likely to attack the POP3 password on the wire, since if you're using AUTH CRAM-MD5, AUTH DIGEST-MD5, or other secure SMTP AUTH, the SMTP password is only decrypted in memory (from local persistent storage), then reencrypted before it's put on the wire. While the AUTH PLAIN and AUTH LOGIN methods are plain-text, if I were trying for the most likely exposure, I'd sniff POP3 on the wire, since APOP is surely used much less than the secure SMTP methods. However, the local persistent storage used by Netscape, Outlook, et al. is -- by necessity -- reversibly encrypted. There are existing decryption algorithms for almost all of them (Google 'MailPV'). This is more likely to be the way it's done. Decrypting from local password caches isn't anything new, and it will always be with us. It's a cryptographic truism: 'any encryption that must be decrypted without user intervention is not secure.' Unless people set their clients up to prompt them at each POP3 download or SMTP send, they're telling the machine to mix up their password, jumble it around, but basically leave it open to hijacking. Slicing up the passwords and distributing them across binary files, stuff like that, can help, but there are enough hackers to work anything out eventually, especially with widely deployed clients like Outlook and OE that make tempting targets for show-offs and profiteers. Further linking the encryption algorithm to local hardware inventory and measures of that sort can definitely frustrate hackers, but they also frustrate admins. You know how that goes. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
