After TELNET has been replaced by SSH in many cases and serious admins have started to replace FTP with SFTP/SCP the most common insecure protocols are IMAP and POP3.
Although most Emailprograms support a secure Emailprotocol the insecure variants are still much more common. I have installed the dovecot IMAP/POP3-server on my mailserver, but unfortunately at the moment it does not support SSL because the gnutls version in the FreeBSD ports collection is incompatible, so i read mail via SSH/mutt which is probably a lot faster than waiting until Mail.app has synced my 70MB mailbox over my ADSL line.
At university i always wonder that even computer science students don’t think when they start their MUA while connected to the university WLAN.
And I wonder even more when I read their passwords, more than 15% of my small sample (a 45 minutes course) use their surname as password.
3 thoughts on “The most common insecure protocol”
Comments are closed.
I always use POP3/IMAP/SMTP over SSH tunneling so it ought to be safe (enough).
For the passwords, there’s always APOP and SMTP-AUTH. For the e-mail messages themselves flying about in plaintext, though – I dunno… I mean, I dunno why people are still doing it, too. That’s why at the Network Security course at the Sofia University’s Faculty of Mathematics and Informatics we always make a point of mentioning dsniff in several lectures – it’s amazing, the things you can do with it 🙂 Throw in EtherPEG or Driftnet, and you’re all set 🙂
Unfortunately Sofia is a bit too far away to point offenders to your lectures :-).
At least the Security course I attended this term was a joke. We learned about things like radiation from cathode-ray tubes, although nearly everyone today (at least in companies) uses TFT screens.
This was probably related to the fact that the Professor was nearly 70 years old.