At 09:13 PM 2/14/99 -0600, Haze wrote: >Well >then the cracker could perform a brute force crack on the encryption and >attempt to gain access to the Regular Joe A's ISP and/or pop3 e-mail >account... To get to the POP3 account, you'd only need to put the password in a registry key of your own, then check the mail. I would imagine that the key to encrypt is the same across all copies of Netscape. Along those lines, if you had a sniffer next to the computer you put the encrypted password on, you could sniff the real password in transit and thus not have to brute force attack the password, since POP3 is cleartext traffic. -Pete K -- Pete Krawczyk http://www.uiuc.edu/ph/www/pkrawczy/ pkrawczy at uiuc dot edu Finger the 2nd address for PGP Public Key petek at bsod dot net "No spammies, no spammies, no spammies... stop!"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:22 PDT