Sit down sometime inside a wireless ISPs area and run kismet. You can see someone connect to a service via SSL, then immediately after they purchase something they check the email. Guess what ? the Credit card # and address are in that email.
Yeah...
There is 2 problems :
- one is from purchase site that *should*not* send any credit card number on email - one is the way people gets mails
On the second hand, there is some way to fix that :
pop3-ssl imap-ssl
Why ISP don't provide such way to get mail ? FYI I do such setup on my servers for more than 4 year since it is implemented on lots of MUAs included from some from a redmont software producers.
Yes, using encrypted connections is not the solution, but can help...
Also have some SMTP server that allow STARTTLS, are good starting point about security...
If you are paranoid, like I am, you can also use : WEP + IPsec... that with encrypted connection (ssh, pop3-ssl, imap-ssl, smtp+tls) will give you more confident about your network....
People that don't use that are, IMHO, just non aware of the possibility that their data can be stolen without any intrusion.
/Xavier
-- Xavier Beaudouin - Unix System Administrator & Projects Leader. President of Kazar Organization : http://www.kazar.net/ Please visit http://caudium.net/, home of Caudium & Camas projects
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
