Hotmail sign-in through Outlook Express -- clear-text?

rdd37it_at_hotmail.com
Date: 05/22/03

  • Next message: Jeff: "Re: suggestions on a good firewall"
    Date: 22 May 2003 16:27:03 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Hello All:

    I am wondering if the hotmail authentication through outlook express is
    encrypted in any way? It doesn't appear to be, as the server (in Account
    properties) is listed as HTTP. However, keep in mind that the hotmail web
    login is also an HTTP page which is run through HTTPS for the login. Is
    the OE sign-in similar? Also, on the Security tab of account properties,
    it does have 3DES selected for the encryption type...?

    I know I could just install a sniffer on my network to check it out for
    myself and see if the credentials are passed in cleartext, but I'm hoping
    someone here with knowledge on this matter can just give me a definitive
    answer, instead. I have done several searches on this and other sites
    (including Microsoft) without locating a definite answer, as of yet...

    Thanks a lot for your responses!

    Bob

    ---------------------------------------------------------------------------
    Thinking About Security Training? You Can't Afford Not To!

    Vigilar's industry leading curriculum includes: Security +, Check Point,
    Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
    --UP TO 30% off classes in select cities--
    http://www.securityfocus.com/Vigilar-security-basics
    ----------------------------------------------------------------------------


  • Next message: Jeff: "Re: suggestions on a good firewall"