RE: WiFi + web based Login + Sniffer + Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>>I would hardly do anything WIFI unless it was encrypted.  And I don't
>>mean ROT13 encrypted, I mean SSL or so.  But then, I'm paranoid!

The thing here is.. It's _fast_. I only have a dial-up at home and it's
sloooooowww. Painfully slow... If there is a way I can secure/tunnel the
connection to yahoo, that would be great. 

Otherwise, I need to know what it takes for someone with a little bit of
know-how to use ethereal or some other packet sniffer and grab the
pass/login combo.

There's nothing much in my webmail account, but I would still like to know
that it's not transmitted in plain-text. (which It is not) Even so, It'll be
nice to know what it would take for someone armed with a bit of knowledge
can do with the hashes.

AS I said, does Yahoo specify which sort of algo to hash the password? I
believe it's client-side but there has to be an understanding on which algo
to use. No point bein server-side, if it is then I'm screwed, all my info is
transversing through the wires/airwaves for _all_ to see.. :)

But hey.. if it's not a simple solution.. then.. I think I'll still use the
wifi..

Cheers,                                                 .^.
Mun Heng, Ow                                            /V\
H/M Engineering                                       /(   )\
Western Digital M'sia                                  ^^-^^
DID : 03-7870 5168                          The Linux Advocate

        


-----Original Message-----
From: Iain Buchanan [mailto:iain@xxxxxxxxxxxx]
Sent: Monday, October 13, 2003 3:24 PM
To: shrike-list@xxxxxxxxxx
Subject: RE: WiFi + web based Login + Sniffer + Security


On Mon, 2003-10-13 at 16:40, Ow Mun Heng wrote:
> >>All your questions about this particular username/password combo are 
> >>related to Yahoo!. How it's hashed, when, etc. are all things dictated
by 
> >>how Yahoo! wrote their web pages. Not being a user of their service, I 
> >>cannot comment. POP user/pass data should go by in the clear, for
example.
> 
> I'm a user of Yahoo! service and I'm just a bit nervous.. all these
> "what-Ifs"
> AS I mentioned, I'm not gonna check my ISP POP mail using wifi. Definately
a
> No-No.

I would hardly do anything WIFI unless it was encrypted.  And I don't
mean ROT13 encrypted, I mean SSL or so.  But then, I'm paranoid!

> >>How it's hashed,
> That's the thing. How does my PC know which algo to use to hash the
> password, if it's client-side processing? I don't believe there's
javascript
> or something..
> Oh well.. Until I know enough, I doubt I'm gonna trust using webmail like
> Yahoo. 
> 
> ANyone know how to encapsulate yahoo mail or any other webmail with SSH?

You could ssh from wireless laptop to desktop machine, which would very
securely encrypt everything (even plain text stuff) between then two,
and then use the desktop to connect on through the internet the way you
normally do.

If I were you, I wouldn't be connecting to anything that wasn't https
anyway, WIFI or no WIFI.

HTH,
-- 
Iain Buchanan <iain@xxxxxxxxxxxx>


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux