Re: Hotmail sign-in through Outlook Express -- clear-text?

From: Anders Reed Mohn (anders_rm_at_utepils.com)
Date: 06/06/03

Next message: Ronish Mehta: "Public IP information"

Previous message: Luiz Otávio Duarte: "RE: wireless access point"
Next in thread: SVater_at_oh.hra.com: "Re: Hotmail sign-in through Outlook Express -- clear-text?"
Maybe reply: SVater_at_oh.hra.com: "Re: Hotmail sign-in through Outlook Express -- clear-text?"
Reply: James Fields: "Re: Hotmail sign-in through Outlook Express -- clear-text?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Kenzo" <kenzo_chin@hotmail.com>, "Security Basics List (SecurityFocus)" <security-basics@securityfocus.com>
Date: Fri, 6 Jun 2003 10:37:39 +0200

----- Original Message -----
From: "Kenzo" <kenzo_chin@hotmail.com>
To: <security-basics@securityfocus.com>
Sent: Friday, May 23, 2003 9:04 PM
Subject: Re: Hotmail sign-in through Outlook Express -- clear-text?

> I'm pretty sure that it's not encrypted.
> At one point I ran a sniffer and was able to see all the usernames and
> password in clear text.

How? Can you tell me how to read that from the packets?
I just did the same, and I could not see my password in clear text.
Did see a lot of mentions of "MD5" among the packets, thought.
Is the password simply a little "obfuscated" in some way?

I'm not very experienced in this, so I'd like to know if I missed something.
Once before, I've seen people claim that it passwords (for VNC)
were sent in clear text, but I couldn't see them then either.
I use Ethereal for packet captures.

Cheers,
Anders :)

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Ronish Mehta: "Public IP information"

Previous message: Luiz Otávio Duarte: "RE: wireless access point"
Next in thread: SVater_at_oh.hra.com: "Re: Hotmail sign-in through Outlook Express -- clear-text?"
Maybe reply: SVater_at_oh.hra.com: "Re: Hotmail sign-in through Outlook Express -- clear-text?"
Reply: James Fields: "Re: Hotmail sign-in through Outlook Express -- clear-text?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: fun with posiden rootkit
... > I had one incident that I investigated for a client recently. ... file, you can show a direct link between an intruder, the sniffer, ... send fake data packets with random garbage on every ACK packet - ...
(Incidents)
RE: WLAN
... someone using that same sniffer can crack the WEP after about 400,000 ... WEP every 200,000 packets or so. ... registered MAC addresses or WLAN cards to join the network. ...
(Security-Basics)
Re: tcp socket problem
... What does "goes dead" mean in this case? ... the server, or both. ... packets into multiple packets, or to aggregate multiple packets into a ... and using a sniffer may help too. ...
(comp.lang.python)
Re: W2kserver/SQLserver generating mass Netwrok load
... You'd first want to look at what ports are being used in the packets. ... router or sniffer should show you that. ... The SQL Slammer ...
(microsoft.public.win2000.security)
Re: Packet filter statistics
... Steve Bertrand wrote: ... as well as each packets frequency and size. ... You may want to check out Ethereal (free packet sniffer) ... you may be able to run Ethereal on you Win2k box.... ...
(freebsd-questions)