8/30 Is there any possibility that politburo will reconsider their policy
concerning ftp? Too, we are unable to understand why POP3 access is ok
\_ shut up, ikiru
whereas those of us who have a tough time comprehending s/key ftp
have to suffer. Plain text passwds are sent willy nilly via pop are they
not?
\_ Before you can begin to expect consistent policy from CSUA
leadership, you need to exhibit consistent policy with your
margins in the motd
\_ The real answer is that since this is all done on a voluntary basis,
they don't have time to lock down everything at once. Your gripe
that you're being unfairly treated while pop folks are somehow
allowed to continue violating basic security concepts is ill
conceived. Expect that in time *all* of the incredibly lame
services including pop will be either secured or disabled in time.
services including pop will be either secured or disabled.
If the csua was run by full time staff getting paid to do so, I'm
sure this would have happened a long time ago. kudos to root and
any of root's elves who helped for putting in the time required and
biting the bullet from the whiners with zero security clue.
\_ Mikeh and the rest of root staff rock!
off POP3 for the foreseeable future (> 1 year). Turning off POP3
\_ POP3 is cleartext; there will be no solution other than turning
off POP3 for the foreseeable future (> 1 year).
\_ APOP is trivial to implement, and not cleartext. -tom
\_ does APOP work with everyone's favorite GUI mail reader, or
will they be bombarding root@csua with "My Outlook 95 doesn't
work anymore? Is e-mail b0rken?" My assumption was that
widespread conformance to encrypted POP won't happen in < 1
year. In regards to threads below, I eventually foresee
turning off POP3, turning on APOP, and sending a mass e-mail to
all CSUA members informing them of this and pine|elm|etc. and
.forward.
Turning off POP3
\_ no, ED IS!
ED! ED! ED IS THE STANDARD! answer
would piss enough people off of anything I can imagine. POP3
cleartext is THE way to sniff pw's. S/Key and ssh are a)
steps in the right direction, and b) get the userbase accustomed
to security annoyances. The reasoning is suspect, but for me
it's not something to put up a fight about since I believe I
understand the pros and cons. I look forward to non-availability
of POP3 script-kiddie port sniffers. -non-Politburo sodan
\_ Tough shit for the whining pop3 masses. Let them forward their
mail or read it locally. I don't want to see soda broken into
because some pop twits are too lazy to do the right thing.
\_ then get off YOUR lazy ass and find an alternative. Oh,
and PINE is not the answer.
\_ *I* don't have a security problem reading my mail. If
you're one of those whining security clueless pop users,
the problem is yours, not mine. *You* need to find an
answer, not me. Go look at APOP if you simply *must*
use soda as your mail server. I'm not lazy at all. I
already solved this problem for myself years ago, thanks.
\_ Then when i crack your account by sniffing your passwd
and then bring down the internet with my elite hacking
and the blame all falls on you, ! H0P3 U $+!lL (@N Sl33P
@ |\|!6H+...
\_ D00d, th@t p05t3r uz3z 55H! U l00z3!
\_ ED ED IS THE STANDARD!
\_ install unix it will cure cancer and bring you the
magical mystical gold at the end of the rainbow
\_ No, idiot. You can't sniff my password. My pw
never goes out in clear text. You won't be cracking
my pw anytime soon. It's *your* password I don't
want cracked. |
http://csua.com/feed/