Lycos Webmail offers a checkbox named "SSL LOGIN" which let you assume a secure transfer of your credentials - it's only pretended! Repeatedly sniffs shows account and password in cleartext - no https-packet came across... The interesting part of the relating http-packet: ... login=dasbinich&hiddenlogin=Nutzername&hiddenpassword=******&password=geheim000&ssl=on HTTP/1.0 302 Found Date: Thu, 25 Aug 2005 17:51:48 GMT Content-Length: 63 Content-Type: text/html Expires: Fri, 26 Aug 2005 17:51:48 GMT Cache-Control: max-age=86400, private Proxy-Connection: keep-alive Server: Apache/1.3.33 (Unix) Resin/2.1.12 mod_gzip/1.3.26.1a mod_ssl/2.8.22 OpenSSL/0.9.6c ...and so on. Funny, isn't it? Or poor! Lycos informed in july 27. greetings - fish
