Hi, I am not sure as if the login is in clear-text/SSL. For slower systems and those that do not-uncheck the Notify when switching to SSL. You will actually see that is switches between Secure and non-secure pages.
BTW, can anyone verify how true is this issue on .NET passport being compromised ? http://briansbuzz.com/w/030522/ Cheers Mel ========== http://www.falqon.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, May 23, 2003 12:27 AM To: [EMAIL PROTECTED] Subject: Hotmail sign-in through Outlook Express -- clear-text? Hello All: I am wondering if the hotmail authentication through outlook express is encrypted in any way? It doesn't appear to be, as the server (in Account properties) is listed as HTTP. However, keep in mind that the hotmail web login is also an HTTP page which is run through HTTPS for the login. Is the OE sign-in similar? Also, on the Security tab of account properties, it does have 3DES selected for the encryption type...? I know I could just install a sniffer on my network to check it out for myself and see if the credentials are passed in cleartext, but I'm hoping someone here with knowledge on this matter can just give me a definitive answer, instead. I have done several searches on this and other sites (including Microsoft) without locating a definite answer, as of yet... Thanks a lot for your responses! Bob --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
