C
cryptogram
Any views?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Beauregard T. Shagnasty
cryptogram said:Any views?
Please place your question in the body of the post, as well as using a
suitable subject line. Thanks for your consideration.
Webmail: hacking (because you may have a weak password or fell for some
social engineering)
Dedicated email client: virus (or more accurately, a trojan...)
V
Virus Guy
cryptogram said:Any views?
Pop3 login attacks also happen. Just how common they are, and how
successful, I don't know.
pop3 login-attack stats:
http://groups.google.com/group/alt.spam/browse_thread/thread/5b4329642e467fed
pop3 login attack stats: Analysis of login-names used (2007 - 2010):
http://groups.google.com/group/alt.spam/browse_thread/thread/370eae8a2f00e5a4
F
FromTheRafters
Could you rephrase the question?cryptogram said:Any views?
Are you comparing Webmail to a dedicated program (I assume local client
software) or are you comparing a hack/crack to a virus?
C
cryptogram
Could you rephrase the question?
Are you comparing Webmail to a dedicated program (I assume local client
software) or are you comparing a hack/crack to a virus?
Both really. Each type of mail has its advantages and disadvantages, but I wondered about the relative security in all ways between the two.
S
Shadow
Both really. Each type of mail has its advantages and disadvantages, but I wondered about the relative security in all ways between the two.
There is the time factor. Email clients tend to log on and off
very quickly, webmail usually stays open and auto-refreshing for
hours, sometimes.
Sniffing would be harder with an email client. Less data
exchanged, less packets to examine.
[]'s
V
Virus Guy
cryptogram said:Both really. Each type of mail has its advantages and disadvantages,
but I wondered about the relative security in all ways between the
two.
If you are considering web-mail vs "client" mail, then I assume you
might have the ability (or are contimplating) running your own mail
server (because if not, then what are your choices for client-mail?
Your ISP? Hotmail / Gmail via pop or imap?)
If you're considering any form of client-mail where the server also
offers web-based mail access, then as far as server-side exploitation
and hacking goes you're no further ahead.
Something else to consider with large-scale e-mail providers
(client-based or web-based, ISP or free-mail) is that they are operating
under laws that might compel them to archive your mail and provide it to
law enforcement when requested. If you operate your own server then the
issue is less clear in that regard.
D
Dustin
Please place your question in the body of the post, as well as using
a suitable subject line. Thanks for your consideration.
Webmail: hacking (because you may have a weak password or fell for
some social engineering)
Dedicated email client: virus (or more accurately, a trojan...)
Social engineering is possible there as well. If the client renders html
and the user is click happy. Webmail is vulnerable not only from client
side hacking, but server side as well.
D
Dustin
Virus Guy said:Something else to consider with large-scale e-mail providers
(client-based or web-based, ISP or free-mail) is that they are
operating under laws that might compel them to archive your mail and
provide it to law enforcement when requested. If you operate your
own server then the issue is less clear in that regard.
Sadly, I think the new laws apply to individuals who run their own servers
as well. Nothing really stopping you from misconfiguring it so that it
doesn't archive or keep logs of it's activities. As really, you're running
a server from home. You aren't doing it professionally, so you could slide
once on this excuse.
Your ISP might not want you running local servers tho. That's a grey area
I think tho.
D
David H. Lipman
From: "Dustin said:Sadly, I think the new laws apply to individuals who run their own servers
as well. Nothing really stopping you from misconfiguring it so that it
doesn't archive or keep logs of it's activities. As really, you're running
a server from home. You aren't doing it professionally, so you could slide
once on this excuse.
Your ISP might not want you running local servers tho. That's a grey area
I think tho.
You have to have a "business" level account to run a server otherwise it would violate the
ToS/AUP of a residential account.
C
cryptogram
If you are considering web-mail vs "client" mail, then I assume you
might have the ability (or are contimplating) running your own mail
server (because if not, then what are your choices for client-mail?
Your ISP? Hotmail / Gmail via pop or imap?)
If you're considering any form of client-mail where the server also
offers web-based mail access, then as far as server-side exploitation
and hacking goes you're no further ahead.
Something else to consider with large-scale e-mail providers
(client-based or web-based, ISP or free-mail) is that they are operating
under laws that might compel them to archive your mail and provide it to
law enforcement when requested. If you operate your own server then the
issue is less clear in that regard.
No, I'm not contemplating this. I just wanted to know if using an email client like Thunderbird is more or less likely to suffer hacking or virus/malware attacks than webmail.
V
Virus Guy
cryptogram said:I just wanted to know if using an email client like Thunderbird
is more or less likely to suffer hacking or virus/malware attacks
than webmail.
If your machine is comprimized by some sort of back-door trojan or
botnet software, then most probably any username/password you enter for
*anything* will be leveraged by third parties.
If you're using a less-well-known client that performs auto-login (could
be for e-mail, could be some other program like a web-cam viewer) then
if your credentials are already stored (.ini file, registry) then a
trojan might not be looking for those credentials - or know how to find
them or even know how to scan your inbound/outbound data stream for
them. This is a weakness of keyboard input for credentials - a
keylogger is easy to deploy and capture that data.
F
FromTheRafters
cryptogram said:Both really. Each type of mail has its advantages and disadvantages, but I wondered about the relative security in all ways between the two.
Well as for viruses, true viruses can come to your computer in any of
the ways that any other program can (in this case attachments) so I
think it is about the same for both types of e-mail.
Aside from that, it probably depends upon the software being used in
each case and the capabilities of the user. A webmail password being
successfully guessed at gives the intruder the ability to create and
send mail as well as read and get your contact list.
I prefer a local client over having my information residing on a
computer I have no control over.
C
cryptogram
Well as for viruses, true viruses can come to your computer in any of
the ways that any other program can (in this case attachments) so I
think it is about the same for both types of e-mail.
Aside from that, it probably depends upon the software being used in
each case and the capabilities of the user. A webmail password being
successfully guessed at gives the intruder the ability to create and
send mail as well as read and get your contact list.
I prefer a local client over having my information residing on a
computer I have no control over.
Thanks for your help everyone. I can see that there's no simple answer.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.