Intercepted plaintext login details on the web

Discussion in 'other security issues & news' started by BankHoliday, Jan 28, 2010.

Thread Status:
Not open for further replies.
  1. BankHoliday

    BankHoliday Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    2
    Hello
    We've recently had our server compromised by some unscrupulous types who gained access via FTP. I think this is because our FTP details were in some way harvested in between source and destination as we were using plain old FTP and not SFTP as we are now.

    This got me think about all username and passwords passing over the web.
    I notice when I log into my Gmail account that the SSL lock appears in the browser. But, when I log into Orange mail there is no such lock icon and therefore I am assuming that the login details are passed to Orange in plaintext and could therefore be intercepted. Is this the case?

    The same gos for Outlook and Thunderbird, they don't appear to have any encryption so are they also send out login credentials to the web in plain text?

    If anyone can shed any light on this for me I'd appreciate it.
    Thanks
    B
     
    BankHoliday, Jan 28, 2010
    #1
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    If you are using plain mail protocols in Thunderbird/Outlook (like POP3) you will always send your password in clear over the internet. In order to solve this problem, you can encrypt your mail protocol session by using TLS/SSL. For this to work, you need an emal client that supports TLS/SSL (Thunderbird for instance) and that is properly configured to use it, but you also need a mail server that supports this kind of encryption.
    You can find out more about TLS here: http://en.wikipedia.org/wiki/Transport_Layer_Security
     
    Nebulus, Jan 28, 2010
    #2
  3. BankHoliday

    BankHoliday Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    2
    Thanks for your answer, I will look into that.

    One of the web application servers I am working on does not support secure FTP so I am doing my stuff over FTP then going in to the control panel and changing the FTP password to something new so it can't be abused.
    However I've just noticed that the control panel is not SSL protected therefore I'm sending my new password (and the control panel password) in plain text every time I do this!

    I know it's unlikely that people will get these passwords out on the web but it's happened once so I naturally think it could happen again.
    Is it common for people to get these passwords and how do they do it?

    Thanks
    B
     
    BankHoliday, Jan 28, 2010
    #3
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I thought this might be relevent.
    http://isc.sans.org/diary.html?storyid=7567
     
    Searching_ _ _, Feb 1, 2010
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...