| Author |
Encrypted NNTP ???
|
|
| Jammin Jay 2005-05-31, 8:59 pm |
| I was wondering if any one know if Comcast allows for encrypted communications
from Outlook express to these news servers.
I just ran a sniffer on my internal network and captured the traffic between my
pc and the Giga news server when I updated the headers... Not to my surprise I
saw that when OE was connecting to Giganews, the main user account and password
were sent out on the wire as clear text..
I discovered this was also happening with outlook when I checked for email but I
was able to enable SSL for the email sessions. I would like to do the same for
these news servers..
J
| |
| Jammin Jay 2005-05-31, 8:59 pm |
| Sorry, wrong Thread.
My Bad...
J
"Jammin Jay" <jason.senf@snhu.edu> wrote in message
news:DZudnSIUNshvWAHfRVn-uA@comcast.com...
>I was wondering if any one know if Comcast allows for encrypted communications
>from Outlook express to these news servers.
> I just ran a sniffer on my internal network and captured the traffic between
> my pc and the Giga news server when I updated the headers... Not to my
> surprise I saw that when OE was connecting to Giganews, the main user account
> and password were sent out on the wire as clear text..
> I discovered this was also happening with outlook when I checked for email but
> I was able to enable SSL for the email sessions. I would like to do the same
> for these news servers..
>
> J
>
| |
| Ewald Horn 2005-05-31, 8:59 pm |
| Interesting. My ISP does not require a username or password to access the
newsgroups unless you are not on their network.
Still worrying enough to warrant investigation. I had the same worry when I
first found out my bank card's PIN is stored on the card itself and that
anyone with a card reader and some time can extract it with little effort.
Scary world we live in.
On the topic of security : Does anyone have any good experiences with
obfuscating some JAVA classes? I'm worried about local competitors because
our courts don't really care about software copyright that much and I have
to take some steps to prevent copying of my app becoming a walk in the park
procedure.
Regards
--
Ewald Horn
Business Manager
NoFuss Solutions
South Africa / Suid Afrika
Tel : +27 (0)83 305 3556
Web : http://www.nofusspos.com
Email / E-pos : ewald@nofusspos.com
| |
| Jan Peter Stotz 2005-06-01, 9:04 am |
| Jammin Jay schrieb:
> I just ran a sniffer on my internal network and captured the traffic between my
> pc and the Giga news server when I updated the headers... Not to my surprise I
> saw that when OE was connecting to Giganews, the main user account and password
> were sent out on the wire as clear text..
> I discovered this was also happening with outlook when I checked for email but I
> was able to enable SSL for the email sessions. I would like to do the same for
> these news servers..
If the newsserver and your client support NNTP over SSL (snntp or nntps)
you can use it. The default port is 563 for nntps instead of 119 for nntp.
Jan
| |
| Glenn Reynolds 2005-06-01, 9:04 am |
| Ewald
I tried retroguard, and that works fine on your own code. If you use
third-party libraries bundled with your JAR, this may become complicated.
Retroguard takes a JAR input, creates a JAR output.
rgds
Glenn
"Ewald Horn" <info@nofusspos.com> wrote in message
news:d7iir8$3qh$1@ctb-nnrp2.saix.net...
> Interesting. My ISP does not require a username or password to access the
> newsgroups unless you are not on their network.
>
> Still worrying enough to warrant investigation. I had the same worry when
I
> first found out my bank card's PIN is stored on the card itself and that
> anyone with a card reader and some time can extract it with little effort.
> Scary world we live in.
>
> On the topic of security : Does anyone have any good experiences with
> obfuscating some JAVA classes? I'm worried about local competitors because
> our courts don't really care about software copyright that much and I have
> to take some steps to prevent copying of my app becoming a walk in the
park
> procedure.
>
> Regards
>
> --
> Ewald Horn
> Business Manager
> NoFuss Solutions
> South Africa / Suid Afrika
> Tel : +27 (0)83 305 3556
> Web : http://www.nofusspos.com
> Email / E-pos : ewald@nofusspos.com
>
>
| |
| Ewald Horn 2005-06-01, 4:01 pm |
|
"Glenn Reynolds" <edrh@pd.jaring.my> wrote in message
news:d7k1tr$30it$1@news6.jaring.my...
> Ewald
>
> I tried retroguard, and that works fine on your own code. If you use
> third-party libraries bundled with your JAR, this may become complicated.
> Retroguard takes a JAR input, creates a JAR output.
>
>
> rgds
>
> Glenn
Thanks, it does get a little complicated with the libraries but nothing I
can't handle.
Regards
--
Ewald Horn
Business Manager
NoFuss Solutions
South Africa / Suid Afrika
Tel : +27 (0)83 305 3556
Web : http://www.nofusspos.com
Email / E-pos : ewald@nofusspos.com
| |
| Robert Maas, see http://tinyurl.com/uh3t 2005-06-11, 3:58 am |
| > From: "Ewald Horn" <info@nofusspos.com>
> Does anyone have any good experiences with obfuscating some JAVA
> classes? I'm worried about local competitors because our courts don't
> really care about software copyright that much and I have to take some
> steps to prevent copying of my app becoming a walk in the park
> procedure.
If you put your best software in an applet so that anybody on the net
can download it any time they want, you're a stupid fool and don't
deserve anybody's help.
If you keep your best software on the server, making it usable by
others via HTTP(JSP/Servlet/EJB) or RMI, but all that any remote user
can see is the interface and its i/o behaviour, not the
implementation, then what is the problem? Does your ISP lack proper
security or what? Or are you running the server on your own personal
Micro$uck Losedows system which is plagued with worm/trojan problems
from InterShit Exploiter etc. and you can't afford a firewall as a
separate box to protect your crappy server?
|
|
|
|