[snip]
[Steve Petrie]
Is it EVEN POSSIBLE for a clever hacker to spoof my email inbox and
steal my inbound email messages ??
[Alvin Starr]
In theory yes.
If they can gain control of your DNS entries they could redirect your MX
but that is low risk.
If they get your login they could insert an email filter that forwards
all your messages to somewhere else.
If they have access to your mail server then your messages may be
readable using 'cat' or they could modify the mail transport to redirect
mails.
[Steve Petrie]
I suppose this would require the hacker to: (1) steal my password
protecting my email access login at my email hosting provider, or (2)
Steal my password protecting my personally-maintained DNS records at my
DNS provider, or (3) hack my email hosting provider's infrastructure,
or (4) hack my DNS provider's infrastructure.
[Alvin Starr]
We have the same list of hacks.
But here is one more.
If you access your email via a browser it is possible for a hacker to
get your session keys and craft up a session and then login to your
email without having to actually log in.
Which is a good reason to not use SSO services.
[Steve Petrie]
Ahhhh. SSO (single sign on) -- Is it an SSO offer, when my Firefox
browser "helpfully" asks me if I would like it [my browser] to
"remember" my login credentials ??
I always respond in the NEGATIVE to these "helpful" browser offers.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list
https://gtalug.org/mailman/listinfo/talk---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
