The 02.12.07 at 18:25, zentara wrote:
Gosh, nice program! I installed it time ago, meaning to try it, but I forgot. Couldn't convince sux to run it right now, though, I had to run an alternate xwindows session for root (startx -- :1). Astonishing the amount of passwords in clear that go out (pop3), I was unaware of that :-(
Yeah, I had trouble getting a user to run it too. sudo didn't seem to want to work with it. :-(
I convinced sux to run it later. I have to type: sux -c /usr/X11R6/bin/ethereal on a console (don't use "&" at the end). I wonder if making ethereal suid would work :-?
Yeah, it's a real eye-opener to see all those passwords. You gotta figure the NSA has them all filtered out and stored away.
I thought mail servers used challenge/response methods that do not need the password to be sent... No, I'm mistaken, that is PAP/CHAP for ppp, not for pop3. I think only one of my mail servers uses such a method, tiscali in fact (Capabilities: SASL CRAM-MD5 DIGEST-MD5 PLAIN). Another says "CAPABILITY STARTTLS IMAP4 IMAP4rev1 LITERAL+ AUTH=LOGIN AUTH=PLAIN AUTH=EXTERNAL", meaning plain password :-( Of course, the messages themselves travel in clear, but if somebody gets my password he may steal my messages, or impersonate me.
I wonder what you are going to uncover? Maybe some super-secret anti-terrorist backdoor? heh,heh.
Yeah, sure X'-) That reminds me: once there were some people that intentionally included sentences like "kill the president" in all the messages, so as to get them tracked, and be a nuissance :-) In fact, what all that tracking may, and does, serve is for industrial and bussines spionage, by some countries on other countries. Any people involved in real subsersive work will use really sofisticated methods, like in the movies or John Le Carre novels. -- Cheers, Carlos Robinson