On 18.05.2009, at 15:06, Daniel Kamm wrote: > Hey Steven > > Steven Glogger wrote: >>> But anyway, Steven, why do you want to block pop/imap on a hotspot? >> >> because i'm evil ,-) > > Or your company is. ;) > >> after I informed the customer by this mail (and a website) he can get >> access again to his mailbox. >> just want to inform that he might be virus infected or so ,-) > > Couldn't that be known as 'man in the middle' attack? As I understand > right, your server first will receive username/password credentials > of a > foreign user. So for every spammer, it will be veeery interesting to > get > that box hacked.
And very annoying for every person using IMAP/s who sees a certificate error. Usually when I see that, I assume that I'm not logged onto the hotspot correctly, and cancel the connection. Many people will never see this funny little email. Why not think of another way to provide the information, like at logon? Chris PS: there may be some legal ramifications for running a MITM attack as a matter of business practices. There's a similar thread going on at NANOG right now about how people have forced providers to stop using transparent proxies. You might want to read that. _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
