OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dale Southard (southard1_at_llnl.gov)
Date: Wed Jul 24 2002 - 15:48:10 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    merlynstonehenge.com (Randal L. Schwartz) writes:

    > Net effect: your iDisk password is transmitted in the clear without
    > your awareness, albeit as a mail password.
    >
    > Problems:
    >
    > - mac.com SMTP doesn't support encrypted passwords

    Are you sure?

      myhost{dsouth}: telnet smtp.mac.com 25
      Trying 204.179.120.48...
      Connected to smtp.mac.com.
      Escape character is '^]'.
      220 ESMTP service
      ehlo foo.bar
      250-asmtp02.mac.com
      250-PIPELINING
      250-ETRN
      250-DSN
      250-STARTTLS
      250-AUTH PLAIN LOGIN
      250 AUTH=LOGIN
      ^]
      telnet> quit
      Connection closed.

    It looks like smtp.mac.com supports STARTTLS, which could be used to
    armor the PLAIN/LOGIN authentication. Granted, it isn't clear that
    mail.app is capable of doing SSL/TLS when connecting to a SMTP server
    for sends, but mail.app does support SSL/TLS for IMAP receives. 

    -- 

    /*  Dale Southard Jr.  dsouthllnl.gov  925-422-1463, fax 422-9429  */
/*  Computer Scientist, Accelerated Strategic Computing Initiative  */
/*  L-073,  Lawrence Livermore National Lab,  Livermore CA   94551  */
/*  AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving  */