View Single Post
  #6  
Old 29th March 2007, 11:59
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,501 Times in 4,330 Posts
Default

Maybe a additional sidenote. I see the problem that vogelor describes, but I wont call it a big security problem in general and it affects any unencrypted email communication on the net and alsmost all users use unencrypted FTP, so it makes no difference if the cleartext password is in a FTP or smtp communication stream. If you want to read the cleartext communication, you must do a man in the middle attack. So you must either hack the client or the gateway of the client. In this case you may install a keylogger on the client as well and dont have to listen to the streams. The next possibility is that the target server is hacked, but then I dont need the client password anymore. The remaining possibility is that some of the routers are hacked, which is possible but does it really happen that often? I guess the telcos have some good security guys.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote