-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi John,
Here are my thoughts in the order that you wrote your questions. 1) Yes I see a lot of problems. Not so much with yahoo specifically but the idea of sending sensitive information in clear text. This allows anyone on the same segment (network that is) that is running a sniffer to see the traffic. Obviously this a big problem due to the sensitive of the information being sent. 2) Sure. What if he is running a sniffer (if it is a local attacker)? 3) I would send them to a pop3 account and write a script to have them encrypted before they are sent using some kind of PKI solution. I wish I had a website or link for you but I don't. I have a sneaky suspicion that someone probably has had this problem before and hasn't written a script for it. Best of luck, Leon - -----Original Message----- From: John Christopher [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 1:32 PM To: [EMAIL PROTECTED] Subject: security tools with email notification Hi - Many security tools (logcheck, for example) provide a facility for sending warnings, etc. to an email address. 1. Can anyone see any security problems with sending such info to a yahoo.com email address (in other words, how secure is yahoo mail)? 2. Is it possible for an attacker to intercept email messages sent from a host he has targeted? 3. Should such emails be encrypted before being sent? Thanks - JC __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPAlwgdqAgf0xoaEuEQLUIgCgkx5AVL4FUqEGSmICPD+IEd+LaXcAn2F9 K5RFxIIIQa+GturKmQ6Qnewj =j2kB -----END PGP SIGNATURE-----
