David, that reminds me of something peripheral that has always puzzled me how insecure is WEP as opposed to WPA-xxx?
Your remark was about unencrypted wifi (café wifi, etc), I realise. _____ Ian Thomas Victoria Park, Western Australia _____ From: [email protected] [mailto:[email protected]] On Behalf Of David Connors Sent: Friday, November 12, 2010 7:12 AM To: ozDotNet Subject: Re: [OT] HTTPS and Email On 12 November 2010 09:04, Bec Carter <[email protected]> wrote: Just signed up with a new web hosting company and noticed the web-based email doesn't have https.....so my login and password get passed in clear text. Is this normal procedure or should I be worried? "It depends" on your appetite for risk. The essential attack vector for grabbing your credentials or cookie is either over unencrypted wifi or by sniffing wired network traffic. Both have always been a risk but you'd think the issue arose yesterday with the amount of press that firesheep is getting. If you use unencrypted wifi a lot then it is probably an issue. Man-in-the-middle attacks on wired networks are not really practical in modern switched networks unless it is an inside job. People still send a pant load of stuff 'in the clear' over wired networks (i.e. even if you protect your e-mail web UI with HTTPS, the e-mail itself is still largely send between providers in the clear). That aside, I'd just ditch your web host e-mail and go with Google Apps or whatever the latest Live/Hotmail offering is. Google Apps has been on the SSL bandwagon for a couple of years now and is not susceptible to traffic sniffing attacks. I think Live/Hotmail just announced a complete implementation of SSL a week or so ago. Web host e-mail and calendaring is generally pretty lame and unreliable anyway. David. -- David Connors | <mailto:[email protected]> [email protected] | <http://www.codify.com> www.codify.com Software Engineer Codify Pty Ltd Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: <https://www.codify.com/cards/davidconnors> https://www.codify.com/cards/davidconnors Address Info: <https://www.codify.com/contact> https://www.codify.com/contact
