BugTraq
Web Tool Announcement: ismymailsecure.com Aug 18 2010 09:59AM
Holger Rabbach (hrabbach crossroad-networks com) (2 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 07:59AM
Kari Hurtta hurtta+bugtraq (at) leija.mh.fmi (dot) fi [email concealed] (hurtta+bugtraq leija mh fmi fi) (1 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 08:39AM
Holger Rabbach (hrabbach crossroad-networks com) (2 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 05:23PM
Tim (tim-security sentinelchicken org)

> it does not - yet. This is actually what I'm working on at the moment.
> However, since most MTAs at the moment don't do this kind of check, it
> is not very useful. So the tool currently only checks for encryption
> capabilities, it does *not* check for protection against MiTM attacks.
> The next, enhanced version of the tool will have an optional check for
> this and also the supported ciphers.

Too bad.

When you consider the attack scenarios, being vulnerable to MitM is
just as bad as having no encryption. How many realistic situations
can you think of in modern networking where an attacker can read
someone else's TCP streams but aren't able to modify them?

tim

[ reply ]
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 09:30AM
Kari Hurtta hurtta+bugtraq (at) leija.mh.fmi (dot) fi [email concealed] (hurtta+bugtraq leija mh fmi fi) (1 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 11:48AM
Holger Rabbach (hrabbach crossroad-networks com) (1 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 06:02PM
Tim (tim-security sentinelchicken org) (1 replies)
Re: Web Tool Announcement: ismymailsecure.com Aug 25 2010 08:56PM
Brian Behlendorf (brian behlendorf com)
Re: Web Tool Announcement: ismymailsecure.com Aug 19 2010 10:11PM
Chuck Swiger (cswiger mac com)


 

Privacy Statement
Copyright 2010, SecurityFocus