NEWS: Google's Wi-Fi snoop nabbed passwords and emails
in [Wireless Internet]
|
Prev: NEWS: Cheap Smartphones Will Help Android Overtake the IPhone
Next: NEWS: Google to integrate PDF reader into Chrome (in addition to Flash)
From: John Navas on 19 Jun 2010 10:26 On Sat, 19 Jun 2010 12:53:35 +0100, in <hvib3v$fsi$1(a)speranza.aioe.org>, alexd <troffasky(a)hotmail.com> wrote: >On 19/06/10 04:14, John Navas wrote: > >> I respectfully disagree -- the problem is the fundamentally flawed POP3 >> protocol that many (most?) ISPs still use -- it shouldn't take a >> computer science degree to use basic Internet services. Shame on us. > >POP3 doesn't necessarily need to be insecure. In fact, both of the POP3 >servers I connect to use TLS. One is live.com on port 995 so POP3S, the >other is on port 110 but the client and the server negotiate TLS without >any intervation on my part. That's up to the ISP, not the customer. -- Best regards, FAQ for Wireless Internet: <http://wireless.navas.us> John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: JC Dill on 19 Jun 2010 11:22 Malcolm Hoar wrote: > In article <ec4o165c3s0ac1n3u4ifmv5unffkholfuf(a)4ax.com>, John Navas <jncl1(a)navasgroup.com> wrote: > >> "However, we can already state that [...] Google did indeed record >> e-mail access passwords [and] extracts of the content of email >> messages." > > That's not good but if folks are using cleartext passwords > over a wireless connection, they really shouldn't have a > "reasonable expectation of privacy". Not just using cleartext passwords over wifi, using cleartext passwords over UNPROTECTED wifi. (If they had any protection on their wifi, then Google wouldn't have connected or recorded anything.) In that case they absolutely have no expectation of privacy. It's like shouting your password to your friend across the street. jc
From: JC Dill on 19 Jun 2010 11:24 John Navas wrote: > On Sat, 19 Jun 2010 01:44:26 GMT, in > <hvh7dqg3aa002malch(a)news.sonic.net>, malch(a)malch.com (Malcolm Hoar) > wrote: > >> In article <ec4o165c3s0ac1n3u4ifmv5unffkholfuf(a)4ax.com>, John Navas <jncl1(a)navasgroup.com> wrote: >> >>> "However, we can already state that [...] Google did indeed record >>> e-mail access passwords [and] extracts of the content of email >>> messages." >> That's not good but if folks are using cleartext passwords >> over a wireless connection, they really shouldn't have a >> "reasonable expectation of privacy". > > I respectfully disagree -- the problem is the fundamentally flawed POP3 > protocol that many (most?) ISPs still use -- it shouldn't take a > computer science degree to use basic Internet services. Shame on us. Most ISPs offer protected protocols. I use protected protocols with all my email accounts on 3 different ISPs. Most end users don't bother to learn how to setup their software to use the protected protocols. This is not the ISPs fault. jc
From: John Navas on 19 Jun 2010 11:34 On Sat, 19 Jun 2010 08:24:04 -0700, in <hvinei$4k0$4(a)speranza.aioe.org>, JC Dill <jcdill.lists(a)gmail.com> wrote: >John Navas wrote: >> On Sat, 19 Jun 2010 01:44:26 GMT, in >> <hvh7dqg3aa002malch(a)news.sonic.net>, malch(a)malch.com (Malcolm Hoar) >> wrote: >> >>> In article <ec4o165c3s0ac1n3u4ifmv5unffkholfuf(a)4ax.com>, John Navas <jncl1(a)navasgroup.com> wrote: >>> >>>> "However, we can already state that [...] Google did indeed record >>>> e-mail access passwords [and] extracts of the content of email >>>> messages." >>> That's not good but if folks are using cleartext passwords >>> over a wireless connection, they really shouldn't have a >>> "reasonable expectation of privacy". >> >> I respectfully disagree -- the problem is the fundamentally flawed POP3 >> protocol that many (most?) ISPs still use -- it shouldn't take a >> computer science degree to use basic Internet services. Shame on us. > >Most ISPs offer protected protocols. Some do, some do not, and there's no excuse for those that still market and provide unsafe and insecure service. >I use protected protocols with all >my email accounts on 3 different ISPs. You're not typical. >Most end users don't bother to learn how to setup their software to use >the protected protocols. This is not the ISPs fault. It absolutely is the fault of the ISP to market and provide an unsafe and insecure mail protocol to non-experts, just as it would be the fault of a car manufacturer to make a car without enough bolts to hold on the wheels. Average users are not required to become computer experts just to use standard Internet services safely. -- Best regards, FAQ for Wireless Internet: <http://wireless.navas.us> John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: John Navas on 19 Jun 2010 11:40
On Sat, 19 Jun 2010 08:22:43 -0700, in <hvinc0$4k0$3(a)speranza.aioe.org>, JC Dill <jcdill.lists(a)gmail.com> wrote: >Malcolm Hoar wrote: >> In article <ec4o165c3s0ac1n3u4ifmv5unffkholfuf(a)4ax.com>, John Navas <jncl1(a)navasgroup.com> wrote: >> >>> "However, we can already state that [...] Google did indeed record >>> e-mail access passwords [and] extracts of the content of email >>> messages." >> >> That's not good but if folks are using cleartext passwords >> over a wireless connection, they really shouldn't have a >> "reasonable expectation of privacy". > >Not just using cleartext passwords over wifi, using cleartext passwords >over UNPROTECTED wifi. (If they had any protection on their wifi, then >Google wouldn't have connected or recorded anything.) In that case they >absolutely have no expectation of privacy. It's like shouting your >password to your friend across the street. The problem is hardware manufacturers that marketed insecure wireless devices, not the unsuspecting victims that bought them -- users are not required to become computer security experts just to use Internet services safely. The industry has at last faced up to its responsibilities, and is now doing much more to ensure that wireless networks are secure by default: Wi-Fi Protected Setup. <http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup> -- Best regards, FAQ for Wireless Internet: <http://wireless.navas.us> John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes> |