Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] No encryption on imap on some servers [WAS: Basically every WiFi device just hacked?]
On 16/10/17 05:59 PM, Carlos E. R. wrote:
On 2017-10-16 23:41, James Knott wrote:
On 10/16/2017 05:22 PM, Carlos E. R. wrote:
It is the ISP, email is secondary for them. It is no longer offered to
new clients, so they don't care that much.

So currently the IMAP connection has no security at all, whereas the smtp
connection does. I tried to enable starttls or ssl/tls and the connection
failed.

Time to get another email provider. GMail supports SSL/TLS & HTTPS. You
can even configure it to pull email from your old provider, to help you
transition. Also, I ran my own IMAP server for a few years. I used IMAPS
(IMAP over SSL./TLS) with it.

Oh, I use other email providers as well.

But is Gmail really secure? The FBI and CIA will be reading it. Google
machine reads it. So I guess it is not really more secure and private.


It might be worse, much worse.

There's an entry in my DatabaseOfDotSigQuotes


Using encryption on the Internet is the equivalent of arranging
an armored car to deliver credit card information from someone
living in a cardboard box to someone living on a park bench.
-- Gene Spafford

Or perhaps in reverse. Securing the end points but leaving the steps along the
way unsecured.


If and only if the originator used a secured machine that overwrote the temp
file, overwrote the temp memory, after using TLS to authenticate itself the
server and SMTP-S to transfer, and the server was the machine you accessed via
TLS and IMAPS so you didn't have to worry about the security of any intermediate
machines (check the 'received-by in your headers!), and it also wiped temporary
storage .... and you PGP encrypted the message ... and traffic analysis wasn't
an issue for your operational security, then OK.

But I don't think all that holds when reading this list.

And WTF, its not like most mailing list that I subscribe to don't send me a
reminder of what my password each and every month, in plain text.

Not this one :-)

--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups