RE: CRIME postings/e-mail from Heidi Henry -mcps@private

From: Andrew Plato (aplato@private)
Date: Thu Jun 20 2002 - 02:18:36 PDT

  • Next message: John E Jewkes-AAA0OR-AAA0ID: "Re: CRIME postings/e-mail from Heidi Henry -mcps@private"

    MSN and Hotmail are certainly not alone here. A lot of people check that "save password" feature for many of these online mail systems. Yahoo can do it as well. 
     
    One of the things I have seen is IT folks poking around people's machines and easily getting on their private email thanks to a cached password. Its once again a place where a convenience feature can cause a security problem. 
     
    Which should serve as an FYI for anybody sending a recieving private mails at work - beware of those cached passwords. If the hackers don't get them, your boss might. Do you want your boss reading your private email? I sure don't. My boss is a real jerk. :-) 
     
    Andrew Plato
    President / Principal Consultant
    Anitian Corporation
    www.anitian.com 
    
    	-----Original Message----- 
    	From: John E Jewkes-AAA0OR-AAA0ID [mailto:aar0miat_private] 
    	Sent: Wed 6/19/2002 10:19 PM 
    	To: crimeat_private 
    	Cc: forensicsboxat_private 
    	Subject: Re: CRIME postings/e-mail from Heidi Henry -mcpsat_private
    	
    	
    
    	One note many of you may have already known, but ignored....
    	MSN and Hotmail use the same servers. They are in each others pockets,
    	as both are owned by Mssr. Gates. Hotmail is simply a 'web-mail' solution
    	that MSN users also get access to. Hotmail addresses and vice-versa in
    	certain circumstances. On the Good side, MSN grants the initial Password
    	as
    	a randomly based combination of Alphas and Numbers, and Hotmail allows
    	the user to select their initial passwords themselves. MSN/Hotmail does,
    	However use their 'PASSPORT' technology to allow buffered/cookied access
    	each time you login. All it would take would be someone visiting Heidi's
    	PC
    	when she's out to lunch or down the hall to login when the 'cookies' are
    	not set to
    	expire on exit, and boom!!
    	
    	de John Jewkes
    	
    
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 08:21:36 PDT