Home page logo

basics logo Security Basics mailing list archives

RE: Hotmail sign-in through Outlook Express -- clear-text?
From: "Mailer" <new () falqon com>
Date: Tue, 27 May 2003 00:48:01 +0800

Hi, I am not sure as if the login is in clear-text/SSL.
For slower systems and those that do not-uncheck the Notify when switching
to SSL.
You will actually see that is switches between Secure and non-secure pages.

BTW, can anyone verify how true is this issue on .NET passport being
compromised ?


-----Original Message-----
From: rdd37it () hotmail com [mailto:rdd37it () hotmail com]
Sent: Friday, May 23, 2003 12:27 AM
To: security-basics () securityfocus com
Subject: Hotmail sign-in through Outlook Express -- clear-text?

Hello All:  I am wondering if the hotmail authentication through outlook
express is  encrypted in any way?  It doesn't appear to be, as the server
(in Account  properties) is listed as HTTP.  However, keep in mind that the
hotmail web  login is also an HTTP page which is run through HTTPS for the
login.  Is  the OE sign-in similar?  Also, on the Security tab of account
properties,  it does have 3DES selected for the encryption type...?  I know
I could just install a sniffer on my network to check it out for  myself and
see if the credentials are passed in cleartext, but I'm hoping  someone here
with knowledge on this matter can just give me a definitive  answer,
instead.  I have done several searches on this and other sites  (including
Microsoft) without locating a definite answer, as of yet...  Thanks a lot
for your responses!  Bob

Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
--UP TO 30% off classes in select cities--


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]