From: Cony.Zhou@cpic-ing.com.cn
Date: Wed May 16 2007 - 04:18:57 EDT
Lot of free mail websites don't encrypt the password. For example, If I know in my company there are some guys always check mail at 10:00am, I can turn my sniffer on and I will get a lot user names and passwords.
The following is the list about what you could do:
You can mail him and tell him not access free mail at public place.
You can tell him to change his password regularly
You can run a free awareness training on the internet security to him, or his company
You can write an article about that and publish it to magazine.
Regards
Cony
-----邮件原件-----
发件人: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] 代表 jasper.o.waale@kh.pwc.com
发送时间: 2007年5月16日 13:20
收件人: listbounce@securityfocus.com; pen-test@securityfocus.com
主题: Sneaking a peek on Wlan in airports
I'm sure you as I have many time been in airport with public wlan access
and by error had some kind of sniffer running ?
well I has Cain open because of a general scan I was making related to a
test, and I picked up a Pop3 account and password,
I did try to find the guy to tell him but did not see anybody with a
laptop, so what now do I email him as asking him to update the password
or do I just ignore it and let he carry on doing this to him self and his
firm.
Regards
Jasper O Waale
_________________________________________________________________
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
-----------------------------------------------------------------------
注意:
本电子邮件所载的,是向收件人所发出的私人的、保密的讯息。如
您误收本邮件,请注意任何对该邮件的披露,复制、传播或使用的
行为均被严格禁止。就误收邮件的情况,请您以回复方式通知发件
人,并删除该邮件,不得打开或复制。
所有讯息和附件都已进行病毒检测。如本讯息附有密码保护的附件,
则太平洋安泰的邮件系统并没有对其进行病毒检测。
-----------------------------------------------------------------------
The information in this Internet email is confidential
and may be legally privileged.It is intended solely
for the addressee. Access to this Internet email by
anyone else is unauthorised.
If you are not the intended recipient, any disclosure,
copying,distribution or any action taken or omitted to
be taken in reliance on it, is prohibited and may be
unlawful. When addressed to our clients any opinions
or advice contained in this Internet email are subject
to the terms and conditions expressed in any applicable
governing Pacific-Antai's terms of business or client
engagement letter.
Visit us at www.Cpic-Ing.Com.Cn
-----------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:47 EDT