After TELNET has been replaced by SSH in many cases and serious admins have started to replace FTP with SFTP/SCP the most common insecure protocols are IMAP and POP3.
Although most Emailprograms support a secure Emailprotocol the insecure variants are still much more common. I have installed the dovecot IMAP/POP3-server on my mailserver, but unfortunately at the moment it does not support SSL because the gnutls version in the FreeBSD ports collection is incompatible, so i read mail via SSH/mutt which is probably a lot faster than waiting until Mail.app has synced my 70MB mailbox over my ADSL line.
At university i always wonder that even computer science students don't think when they start their MUA while connected to the university WLAN.
And I wonder even more when I read their passwords, more than 15% of my small sample (a 45 minutes course) use their surname as password.
The most common insecure protocol
0 TrackBacks
Listed below are links to blogs that reference this entry: The most common insecure protocol.
TrackBack URL for this entry: http://arved.priv.at/cgi-bin/mt/mt-tb.cgi/314
I always use POP3/IMAP/SMTP over SSH tunneling so it ought to be safe (enough).
For the passwords, there's always APOP and SMTP-AUTH. For the e-mail messages themselves flying about in plaintext, though - I dunno... I mean, I dunno why people are still doing it, too. That's why at the Network Security course at the Sofia University's Faculty of Mathematics and Informatics we always make a point of mentioning dsniff in several lectures - it's amazing, the things you can do with it :) Throw in EtherPEG or Driftnet, and you're all set :)
Unfortunately Sofia is a bit too far away to point offenders to your lectures :-).
At least the Security course I attended this term was a joke. We learned about things like radiation from cathode-ray tubes, although nearly everyone today (at least in companies) uses TFT screens.
This was probably related to the fact that the Professor was nearly 70 years old.