BugTraq
Web Tool Announcement: ismymailsecure.com Aug 18 2010 09:59AM
Holger Rabbach (hrabbach crossroad-networks com) (2 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 07:59AM
Kari Hurtta hurtta+bugtraq (at) leija.mh.fmi (dot) fi [email concealed] (hurtta+bugtraq leija mh fmi fi) (1 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 08:39AM
Holger Rabbach (hrabbach crossroad-networks com) (2 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 05:23PM
Tim (tim-security sentinelchicken org)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 09:30AM
Kari Hurtta hurtta+bugtraq (at) leija.mh.fmi (dot) fi [email concealed] (hurtta+bugtraq leija mh fmi fi) (1 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 11:48AM
Holger Rabbach (hrabbach crossroad-networks com) (1 replies)
Hi Kari,

On 25/08/2010 11:30, Kari Hurtta wrote:

> And because mail server name and email address does not need to be any
> connection also checking of signature of certificate agaist CA does not
> help much. It does not protect attack agaist MX records on DNS.

true - so in an ideal world, we would need DNSSec everywhere and strict
certificate checking to significantly reduce the possibility of MiTM
attacks. In a not so ideal world, every little bit helps, so if we can
get mail servers to routinely use encryption between each other, that's
a nice first step and using valid certificates that can actually be
verified is a second one. Both will help significantly already.

Holger

[ reply ]
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 06:02PM
Tim (tim-security sentinelchicken org) (1 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 08:56PM
Brian Behlendorf (brian behlendorf com)
Re: Web Tool Announcement: ismymailsecure.com Aug 19 2010 10:11PM
Chuck Swiger (cswiger mac com)


 

Privacy Statement
Copyright 2010, SecurityFocus