Am 22.08.2007 um 01:29 schrieb Tom Collins:
On Aug 21, 2007, at 12:45 PM, John Simpson wrote:
and before you do this: if your qmailadmin interface is available
on a non-SSL web site, that needs to be changed. otherwise,
anybody with a packet sniffer in the right place will be able to
literally WATCH your users log into their domains, and read their
passwords right off the wire.
this is dangerous, not only because it lets them go back in and
change mailboxes around, but because if you allow people to relay
using the AUTH command, this gives the attacker an email/password
combination which can be used to relay spam through your server.
John,
I've always wondered whether this actually happens, at least in the
US. I'm a little more concerned when traveling overseas, but do
hackers still get passwords this way? Maybe sniffing an
unencrypted Wifi network, but with most wired networks using
switches, it'd be very hard to get a packet logger on a segment
that could see all traffic.
I don't think there are many cases in the literature where it
happened like this - if at all.
Most cases of password-theft envolve keyloggers or rootkits that
directly intercept the datastream after it has been decrypted.
And of course, stupid people filling them directly into phishing-forms.
I am too lazy to check - does the onchange-facility log the IP of the
client?
Going through the apache logfile can be tedious, if it is large.
Rainer
--
Rainer Duffner
CISSP, LPI, MCSE
[EMAIL PROTECTED]