Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] webmail password protection?

Ian Wells wrote:
> On 25/01/06, *Edward Middleton* <edward@example.com
> <mailto:edward@example.com>> wrote:
>
>     If the thief created a program/browser plugin that intercepted network
>     requests with password fields they could simply give you an error
>     message and login using your proxy and one time
>     password.  Obviously you
>     could change it but they have already had the opportunity to
>     access you
>     email.
>
>     Edward
>
>
> HTTPS prevents eavesdropping outside the browser.
I am aware that https protects the channel between the browser and the
serve.  The problem is that we are talking about an untrusted system
(i.e. including the browser) which means it would be possible for the
security of the https to be completely compromised.   I agree with your
first statement "he only way to have trustworthy end-to-end comms is to
have control of both ends."

Edward
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links