Re: [Liveaboard] (no subject)

Fri, 12 Oct 2012 11:07:14 -0700 

On Fri, Oct 12, 2012 at 01:21:16PM -0400, Craig wrote:
> Another account hacked?  Yahoo and Hotmail are bad about this.  My
> understanding is that Yahoo and Hotmail login passwords are sent in the clear,
> so if you’re using a public network (McDonald’s?) then your password can be
> captured.

In principle, if you're using a network that you don't control, then a
man-in-the-middle attack is fairly trivial (given sufficient know-how -
which is a good bit more complex than cracking a WiFi access point, for
example.) In practice, going after and collecting individual logins is
way too time- and effort-intensive, so that's generally not how it's
done.
 
> It is also my understanding that Gmail encrypts their passwords end-to-end, 
> and
> therefore are more secure.  If I’m wrong, then courteous corrections would be
> appreciated.

If you go to gmail.com, you'll note that you immediately get forwarded
to an 'https://'-based URI. At that point, Google has handed you a
public key exchange cookie, so you've got encryption as well as the rest
of the security menu. Yahoo does the same; so does Hotmail. None of
which really makes a difference - sending your initial login/password in
the clear is actually very low risk, and barring truly unusual
circumstances, would not result in your account being hacked.

The problems, as well as the attacks, are happening further up the chain
- at the corporate levels. Google is fairly decent about protecting its
data; others, not nearly as good (with Hotmail and Yahoo being some of
the worst.)


Ben
-- 
                       OKOPNIK CONSULTING
        Custom Computing Solutions For Your Business
Expert-led Training | Dynamic, vital websites | Custom programming
  443-250-7895   http://okopnik.com   http://twitter.com/okopnik
_______________________________________________
Liveaboard mailing list
[email protected]
To adjust your membership settings over the web 
http://liveaboardonline.com/mailman/listinfo/liveaboard
To subscribe send an email to [email protected]

To unsubscribe send an email to [email protected]
The archives are at http://www.liveaboardonline.com/pipermail/liveaboard/

To search the archives http://www.mail-archive.com/[email protected]

The Mailman Users Guide can be found here 
http://www.gnu.org/software/mailman/mailman-member/index.html

Reply via email to