Any views?

cryptogram wrote:

> Any views?

Please place your question in the body of the post, as well as using a
suitable subject line. Thanks for your consideration.

Webmail: hacking (because you may have a weak password or fell for some
social engineering)

Dedicated email client: virus (or more accurately, a trojan...)

--
-bts
-This space for rent, but the price is high

cryptogram wrote:

> Any views?

Pop3 login attacks also happen. Just how common they are, and how
successful, I don't know.

pop3 login-attack stats:
http://groups.google.com/group/alt.s...4329642e467fed

pop3 login attack stats: Analysis of login-names used (2007 - 2010):
http://groups.google.com/group/alt.s...0eae8a2f00e5a4

cryptogram wrote:
> Any views?
Could you rephrase the question?

Are you comparing Webmail to a dedicated program (I assume local client
software) or are you comparing a hack/crack to a virus?

On Sunday, 20 May 2012 02:33:55 UTC+1, FromTheRafters wrote:
> cryptogram wrote:
> > Any views?
> Could you rephrase the question?
>
> Are you comparing Webmail to a dedicated program (I assume local client
> software) or are you comparing a hack/crack to a virus?

Both really. Each type of mail has its advantages and disadvantages, but I wondered about the relative security in all ways between the two.

On Sat, 19 May 2012 22:28:10 -0700 (PDT), cryptogram
<(E-Mail Removed)> wrote:

>On Sunday, 20 May 2012 02:33:55 UTC+1, FromTheRafters wrote:
>> cryptogram wrote:
>> > Any views?
>> Could you rephrase the question?
>>
>> Are you comparing Webmail to a dedicated program (I assume local client
>> software) or are you comparing a hack/crack to a virus?
>
>Both really. Each type of mail has its advantages and disadvantages, but I wondered about the relative security in all ways between the two.

There is the time factor. Email clients tend to log on and off
very quickly, webmail usually stays open and auto-refreshing for
hours, sometimes.
Sniffing would be harder with an email client. Less data
exchanged, less packets to examine.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

cryptogram wrote:

> > > Any views?

> > Are you comparing Webmail to a dedicated program (I assume local
> > client software) or are you comparing a hack/crack to a virus?
>
> Both really. Each type of mail has its advantages and disadvantages,
> but I wondered about the relative security in all ways between the
> two.

If you are considering web-mail vs "client" mail, then I assume you
might have the ability (or are contimplating) running your own mail
server (because if not, then what are your choices for client-mail?
Your ISP? Hotmail / Gmail via pop or imap?)

If you're considering any form of client-mail where the server also
offers web-based mail access, then as far as server-side exploitation
and hacking goes you're no further ahead.

Something else to consider with large-scale e-mail providers
(client-based or web-based, ISP or free-mail) is that they are operating
under laws that might compel them to archive your mail and provide it to
law enforcement when requested. If you operate your own server then the
issue is less clear in that regard.

"Beauregard T. Shagnasty" <(E-Mail Removed)> wrote in
news:jp8og4$2lv$(E-Mail Removed):

> cryptogram wrote:
>
>> Any views?
>
> Please place your question in the body of the post, as well as using
> a suitable subject line. Thanks for your consideration.
>
> Webmail: hacking (because you may have a weak password or fell for
> some social engineering)
>
> Dedicated email client: virus (or more accurately, a trojan...)

Social engineering is possible there as well. If the client renders html
and the user is click happy. Webmail is vulnerable not only from client
side hacking, but server side as well.




--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Virus Guy <(E-Mail Removed)> wrote in news:(E-Mail Removed):

> Something else to consider with large-scale e-mail providers
> (client-based or web-based, ISP or free-mail) is that they are
> operating under laws that might compel them to archive your mail and
> provide it to law enforcement when requested. If you operate your
> own server then the issue is less clear in that regard.

Sadly, I think the new laws apply to individuals who run their own servers
as well. Nothing really stopping you from misconfiguring it so that it
doesn't archive or keep logs of it's activities. As really, you're running
a server from home. You aren't doing it professionally, so you could slide
once on this excuse.

Your ISP might not want you running local servers tho. That's a grey area
I think tho.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by,
and the only thing that's wrong is to get caught. - J.C. Watts

From: "Dustin" <(E-Mail Removed)>

> Virus Guy <(E-Mail Removed)> wrote in news:(E-Mail Removed):
>
>> Something else to consider with large-scale e-mail providers
>> (client-based or web-based, ISP or free-mail) is that they are
>> operating under laws that might compel them to archive your mail and
>> provide it to law enforcement when requested. If you operate your
>> own server then the issue is less clear in that regard.
>
> Sadly, I think the new laws apply to individuals who run their own servers
> as well. Nothing really stopping you from misconfiguring it so that it
> doesn't archive or keep logs of it's activities. As really, you're running
> a server from home. You aren't doing it professionally, so you could slide
> once on this excuse.
>
> Your ISP might not want you running local servers tho. That's a grey area
> I think tho.
>
>

You have to have a "business" level account to run a server otherwise it would violate the
ToS/AUP of a residential account.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp