Hotmail sign-in through Outlook Express -- clear-text?

rdd37it_at_hotmail.com
Date: 05/22/03

  • Next message: Jeff: "Re: suggestions on a good firewall" 
    Date: 22 May 2003 16:27:03 -0000
To: security-basics@securityfocus.com
    ('binary' encoding is not supported, stored as-is)

    Hello All:

    I am wondering if the hotmail authentication through outlook express is
    encrypted in any way? It doesn't appear to be, as the server (in Account
    properties) is listed as HTTP. However, keep in mind that the hotmail web
    login is also an HTTP page which is run through HTTPS for the login. Is
    the OE sign-in similar? Also, on the Security tab of account properties,
    it does have 3DES selected for the encryption type...?

    I know I could just install a sniffer on my network to check it out for
    myself and see if the credentials are passed in cleartext, but I'm hoping
    someone here with knowledge on this matter can just give me a definitive
    answer, instead. I have done several searches on this and other sites
    (including Microsoft) without locating a definite answer, as of yet...

    Thanks a lot for your responses!

    Bob

    ---------------------------------------------------------------------------
    Thinking About Security Training? You Can't Afford Not To!

    Vigilar's industry leading curriculum includes: Security +, Check Point,
    Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
    --UP TO 30% off classes in select cities--
    http://www.securityfocus.com/Vigilar-security-basics
    ----------------------------------------------------------------------------

  • Next message: Jeff: "Re: suggestions on a good firewall"

    Relevant Pages

    • CryptoSurvey -- Results ..
      ... Many same or similar behavioral barriers for the ... effective utilization of many security solutions still exist limiting ... applications of encryption technologies currently in commercial ... Many people do not care about cryptography and/or security products ...
      (sci.crypt)
    • CryptoSurvey -- Results ..
      ... Many same or similar behavioral barriers for the ... effective utilization of many security solutions still exist limiting ... applications of encryption technologies currently in commercial ... Many people do not care about cryptography and/or security products ...
      (sci.crypt)
    • WhiteHat Arsenal 1.06 Beta Released
      ... fitted with an HTTP Response Code lookup utility. ... WHArsenal the best web application security product available. ... WhiteHat Arsenal logs all HTTP Request activities in either XML or HTML ... The Session Manager keeps log files ...
      (SecProg)
    • Re: OT - Kuwait
      ... > One place where I agree with you is that the scope of government intrusion ... > into the private matters of Americans is much greater than most Americans ... >>> strict security procedures to prevent unauthorized release of the keys. ... >> Feds Want to Control Encryption ...
      (alt.sports.football.pro.ne-patriots)
    • Re: OT - Kuwait
      ... Making the case for encryption standards that would allow the Feds to ... One place where I agree with you is that the scope of government intrusion ... into the private matters of Americans is much greater than most Americans ... >> strict security procedures to prevent unauthorized release of the keys. ...
      (alt.sports.football.pro.ne-patriots)