The most common insecure protocol

After TELNET has been replaced by SSH in many cases and serious admins have started to replace FTP with SFTP/SCP the most common insecure protocols are IMAP and POP3.
Although most Emailprograms support a secure Emailprotocol the insecure variants are still much more common. I have installed the dovecot IMAP/POP3-server on my mailserver, but unfortunately at the moment it does not support SSL because the gnutls version in the FreeBSD ports collection is incompatible, so i read mail via SSH/mutt which is probably a lot faster than waiting until has synced my 70MB mailbox over my ADSL line.
At university i always wonder that even computer science students don’t think when they start their MUA while connected to the university WLAN.
And I wonder even more when I read their passwords, more than 15% of my small sample (a 45 minutes course) use their surname as password.

3 thoughts on “The most common insecure protocol”

  1. I always use POP3/IMAP/SMTP over SSH tunneling so it ought to be safe (enough).

  2. For the passwords, there’s always APOP and SMTP-AUTH. For the e-mail messages themselves flying about in plaintext, though – I dunno… I mean, I dunno why people are still doing it, too. That’s why at the Network Security course at the Sofia University’s Faculty of Mathematics and Informatics we always make a point of mentioning dsniff in several lectures – it’s amazing, the things you can do with it 🙂 Throw in EtherPEG or Driftnet, and you’re all set 🙂

  3. Unfortunately Sofia is a bit too far away to point offenders to your lectures :-).
    At least the Security course I attended this term was a joke. We learned about things like radiation from cathode-ray tubes, although nearly everyone today (at least in companies) uses TFT screens.
    This was probably related to the fact that the Professor was nearly 70 years old.

Comments are closed.