Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'still insecure without SSL' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
still insecure without SSL
Authored by: schaps on Jan 18, '06 08:38:07AM

When working at public hotspots, I always check whether my system is sending out cleartext username password combos using DsnifFE. .Mac through port 25 does, and the POP does as well. I therefore disable .Mac when on a public wireless network. I'll have to try this alternate port trick to see if it makes a difference. However, I don't discount the fact that real hackers might also be scanning for alternate ports used by major ISPs.

However, I have a Comcast cable modem, and Comcast requires you to use SSL authentication and alternate port when connecting to POP and SMTP from other networks. Their settings work even when on a Comcast network, too, so I leave them on all the time. This way, no one is able to snatch my login/password.

Google's Gmail does this also, the only difference being you cannot use a vanity "@mydomain.com" e-mail address when sending through Gmail's SSL SMTP - well you can, but it gets changed to your Gmail address when it goes through.

SSL - don't settle for anything less!



[ Reply to This | # ]
still insecure without SSL
Authored by: Anonymous on Jan 18, '06 09:01:23AM

I use ssl on dot mac. Port 587 supports this and i use imap secure on port 993

I presume POP will have a secure option i think port 995 ??

I would urge people to use this service then removes a chance of your dotmac password becoming compromised.

In the old days you would have to pay for SSL now it come as standard with good ISP's



[ Reply to This | # ]
still insecure without SSL
Authored by: schaps on Jan 18, '06 11:40:23AM

awesome, that did not used to be the case. Does .Mac mail still require you to send "from" your @mac.com e-mail address? I guess I could try it... I have about 20 different "from" addresses with the various jobs and organizations I am involved in. They all filter into 2 Gmail accounts for the excellent spam filtering. Between them, there are over 103,000 junk mails in the Spam folders from the past 30 days.

Anyway, with Comcast SSL SMTP, I can use any "from" address I like. Gmail changes it to Gmail, and .Mac used to just stop it from going out. Again, wonder if that's still the case-- will check it tonight.

Thanks for the tip...



[ Reply to This | # ]
still insecure without SSL
Authored by: Trunkmonkey on Jan 18, '06 10:13:34AM

Uhhh...instead of disabling your .Mac accounts you could just use SSL. After all, you did mention SSL at the bottom of your post. ;)



[ Reply to This | # ]
still insecure without SSL
Authored by: schaps on Jan 18, '06 11:12:49AM

uhh (whatever language that is...)
Didn't know till I read the comment above you that SSL was allowed. It was not offered as of a few years ago, and since then I've used my Comcast.

Good for Apple.



[ Reply to This | # ]
still insecure without SSL
Authored by: edcroteau on Jan 18, '06 05:30:46PM

I was under the impression that .Mac uses SSL for login/password even at a hotspot ... now I'm concerned ...

Thanks,

Ed



[ Reply to This | # ]
still insecure without SSL
Authored by: rumirocks on Jan 18, '06 10:19:34PM

This is very unsettling. Everything is sent clear text when accessing .Mac on a public wireless network?!?!?!

Can someone explain this some more? What are you supposed to do when you're traveling and in a hotel somewhere? How do you alter the .Mac web-based email prefs? They dont have any stinkin' prefs.



[ Reply to This | # ]