>>All your questions about this particular username/password combo are
>>related to Yahoo!. How it's hashed, when, etc. are all things dictated by
>>how Yahoo! wrote their web pages. Not being a user of their service, I
>>cannot comment. POP user/pass data should go by in the clear, for example.
I'm a user of Yahoo! service and I'm just a bit nervous.. all these
"what-Ifs"
AS I mentioned, I'm not gonna check my ISP POP mail using wifi. Definately a
No-No.
>>How it's hashed,
That's the thing. How does my PC know which algo to use to hash the
password, if it's client-side processing? I don't believe there's javascript
or something..
Oh well.. Until I know enough, I doubt I'm gonna trust using webmail like
Yahoo.
ANyone know how to encapsulate yahoo mail or any other webmail with SSH?
>>I check mail using webmail over SSL, typically Squirrelmail which is my
>>favorite. That way I know my data goes over the Internet strongly
encrypted.
I take it that its safe cause you implemented it. SInce as the Mini-howto
states, you can run through ssh but need to be certain that the other end
also is running sshd. (which I can't control)
>>Don't worry too much about it... there are no hard-and-fast rules
(although
>> think "short, sweet, and to the point" comes close to being a rule,
IMHO).
Actually I do worry quite a lot.. Since I want to be in the good graces of
the community..
So.. If anyone has an answer to how someone could get the login/pass combo..
do let me know.. (unless it's proven that there is no way..)
Cheers, .^.
Mun Heng, Ow /V\
H/M Engineering /( )\
Western Digital M'sia ^^-^^
DID : 03-7870 5168 The Linux Advocate
-----Original Message-----
From: Rodolfo J. Paiz [mailto:rpaiz@xxxxxxxxxxxxxx]
Sent: Monday, October 13, 2003 2:52 PM
To: shrike-list@xxxxxxxxxx
Subject: RE: WiFi + web based Login + Sniffer + Security
At 00:32 10/13/2003, you wrote:
>AFAIK / can tell, I can see the username from ethereal capture, but as I
>mentioned, the password is hashed or something.
All your questions about this particular username/password combo are
related to Yahoo!. How it's hashed, when, etc. are all things dictated by
how Yahoo! wrote their web pages. Not being a user of their service, I
cannot comment. POP user/pass data should go by in the clear, for example.
>So.. basically, the login name will be visible, and the password will be
>hashed. How easy would it be to decode the hash? What sort of algo does it
>use to hash it? What stipulates whether it uses MD5/blowfish etc..etc..
>(frankly I have no idea, just throwing out some algo I know/heard about)
All Yahoo!-specific questions in this case.
>SSH tunnel is okay for implementation for my home, but for a public
>eg:T-Mobile hotspot, how would one go about it? Don't check pop mail
there??
In any case where I'm not at my own computer, I check mail using webmail
over SSL, typically Squirrelmail which is my favorite. That way I know my
data goes over the Internet strongly encrypted.
> >>Thanks for trimming; much easier this time to write back and much easier
>to
>
>Actually, I thought that cutting and pasting whatever I was replying to was
>adequate. So.. I guess it's not.. :)
Basically it is... I don't mean to make things sound like there is One
Right Way to do things. In effect, a Linux saying: TIMTOWTDI means to
remember that "There Is More Than One Way To Do It" usually.
If you keep text from earlier messages that helps provide context, that's
OK. If you delete unnecessary text from earlier messages, that's great. You
are sort of expected not to leave four or five list signatures lying around
the bottom of your message. It's all basically about common sense and
making your messages easier to read (which means more people will read them
and you will have more of a chance that someone will answer them). It is
also about courtesy to others since many people still pay for traffic and
many connect on dial-up. This means that every extra line you leave in
costs someone money, and costs everyone time. Wasting everyone's time and
money is not a nice thing to do, which is why you see people who repost an
entire digest getting flamed hard.
Don't worry too much about it... there are no hard-and-fast rules (although
I think "short, sweet, and to the point" comes close to being a rule, IMHO).
--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
