<meta charset="utf-8"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; font-size: medium; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">
Andreas said: </pre><pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">Which is something that I'm
absolutely not fond of because it's transmitting your password pretty
much in plain text, obfuscated as base64. Ouch.</pre><pre style="font-family: monospace; margin-left: 3em; font-size: 12px; "><rant></pre><pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">This won't answer your question, but I'd like to play the Devil's Advocate and as how this is a problem? </pre>
<pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">I hear a lot of people tout SSL and other things and get antsy about exactly what you're describing, but how do you exploit it? Are there any crackers here? </pre>
<pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">I went to a local meeting of the 2600 (from the magazine of the same name) and I said I was concerned about security and I'd like to know how to exploit something so I can protect against it. They said, basically, that if you were trying to exploit somebody on another network then it was only really possible by blasting endless password combinations. It seems sitting on a LAN, you can watch the traffic go in and out. On the Internets plural, it's harder or impossible to do. </pre>
<pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">I've got Fyodor's "NMAP Network Scanning" on my desk right now. OK, you can port scan. You can see what ports are open. Then what? Security seems to me to be a real area of cargo cult programming. Get SSL, or else. </pre>
<pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">Maybe you want to ignore this, as it, again, doesn't really do anything for your question. But just once I wish somebody would convince me about efforts taken to create security from first principles and not just because Bruce Schneier raised his eyebrow. </pre>
<pre style="font-family: monospace; margin-left: 3em; font-size: 12px; "></rant></pre><pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">Chris </pre><pre style="font-family: monospace; margin-left: 3em; font-size: 12px; ">
<br></pre><pre style="font-family: monospace; margin-left: 3em; font-size: 12px; "><br></pre></span>