Re: Apple OSX and iDisk and Mail.app

From: Eric Hall (bugtraqat_private)
Date: Wed Jul 24 2002 - 16:18:23 PDT

Next message: Jack Lloyd: "Re: VNC authentication weakness"

Previous message: Casper Dik: "Re: Interface promiscuity obscurity in Linux"
In reply to: spam_bucketat_private: "Re: Apple OSX and iDisk and Mail.app"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 24, 2002 at 10:06:27PM -0000, spam_bucketat_private wrote:
> In-Reply-To: <86vg75xg18.fsfat_private>
> 
> Actually all I did was click on the SSL button and it seems to do everything over 
> SSL now. I'm using 10.1.5 and it "just works" and I cant see the stream anymore. As 
> a side effect it seems to also protect all of the email as well. 

	I took a look w/ tcpdump, Mail.app IMAP+SSL appears to be fine, nicely
obfuscated.  Mail.app authenticated SMTP through smtp.mac.com appears to
try to start TLS, but the connection closes, a new port 25 connection is
opened and AUTH happens in the clear (AUTH=PLAIN) and the message is sent
in the clear.


			-eric

Next message: Jack Lloyd: "Re: VNC authentication weakness"
Previous message: Casper Dik: "Re: Interface promiscuity obscurity in Linux"
In reply to: spam_bucketat_private: "Re: Apple OSX and iDisk and Mail.app"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 13:55:12 PDT