Encrypted NNTP ???

I was wondering if any one know if Comcast allows for encrypted communicatio
ns
from Outlook express to these news servers.
I just ran a sniffer on my internal network and captured the traffic between
 my
pc and the Giga news server when I updated the headers...  Not to my surpris
e I
saw that when OE was connecting to Giganews, the main user account and passw
ord
were sent out on the wire as clear text..
I discovered this was also happening with outlook when I checked for email b
ut I
was able to enable SSL for the email sessions.  I would like to do the same 
for
these news servers..

J

Sorry, wrong Thread.

My Bad...


J



"Jammin Jay" <jason.senf@snhu.edu> wrote in message
news:DZudnSIUNshvWAHfRVn-uA@comcast.com...
>I was wondering if any one know if Comcast allows for encrypted communicati
ons
>from Outlook express to these news servers.
> I just ran a sniffer on my internal network and captured the traffic betwe
en
> my pc and the Giga news server when I updated the headers...  Not to my
> surprise I saw that when OE was connecting to Giganews, the main user acco
unt
> and password were sent out on the wire as clear text..
> I discovered this was also happening with outlook when I checked for email
 but
> I was able to enable SSL for the email sessions.  I would like to do the s
ame
> for these news servers..
>
> J
>

Interesting. My ISP does not require a username or password to access the
newsgroups unless you are not on their network.

Still worrying enough to warrant investigation. I had the same worry when I
first found out my bank card's PIN is stored on the card itself and that
anyone with a card reader and some time can extract it with little effort.
Scary world we live in.

On the topic of security : Does anyone have any good experiences with
obfuscating some JAVA classes? I'm worried about local competitors because
our courts don't really care about software copyright that much and I have
to take some steps to prevent copying of my app becoming a walk in the park
procedure.

Regards

--
Ewald Horn
Business Manager
NoFuss Solutions
South Africa / Suid Afrika
Tel : +27 (0)83 305 3556
Web : http://www.nofusspos.com
Email / E-pos : ewald@nofusspos.com

Jammin Jay schrieb:

> I just ran a sniffer on my internal network and captured the traffic betwe
en my
> pc and the Giga news server when I updated the headers...  Not to my surpr
ise I
> saw that when OE was connecting to Giganews, the main user account and pas
sword
> were sent out on the wire as clear text..
> I discovered this was also happening with outlook when I checked for email
 but I
> was able to enable SSL for the email sessions.  I would like to do the sam
e for
> these news servers..

If the newsserver and your client support NNTP over SSL (snntp or nntps)
you can use it. The default port is 563 for nntps instead of 119 for nntp.

Jan

Ewald

I tried retroguard, and that works fine on your own code. If you use
third-party libraries bundled with your JAR, this may become complicated.
Retroguard takes a JAR input, creates a JAR output.


rgds

Glenn





"Ewald Horn" <info@nofusspos.com> wrote in message
news:d7iir8$3qh$1@ctb-nnrp2.saix.net...
> Interesting. My ISP does not require a username or password to access the
> newsgroups unless you are not on their network.
>
> Still worrying enough to warrant investigation. I had the same worry when
I
> first found out my bank card's PIN is stored on the card itself and that
> anyone with a card reader and some time can extract it with little effort.
> Scary world we live in.
>
> On the topic of security : Does anyone have any good experiences with
> obfuscating some JAVA classes? I'm worried about local competitors because
> our courts don't really care about software copyright that much and I have
> to take some steps to prevent copying of my app becoming a walk in the
park
> procedure.
>
> Regards
>
> --
> Ewald Horn
> Business Manager
> NoFuss Solutions
> South Africa / Suid Afrika
> Tel : +27 (0)83 305 3556
> Web : http://www.nofusspos.com
> Email / E-pos : ewald@nofusspos.com
>
>

"Glenn Reynolds" <edrh@pd.jaring.my> wrote in message
news:d7k1tr$30it$1@news6.jaring.my...
> Ewald
>
> I tried retroguard, and that works fine on your own code. If you use
> third-party libraries bundled with your JAR, this may become complicated.
> Retroguard takes a JAR input, creates a JAR output.
>
>
> rgds
>
> Glenn

Thanks, it does get a little complicated with the libraries but nothing I
can't handle.

Regards

--
Ewald Horn
Business Manager
NoFuss Solutions
South Africa / Suid Afrika
Tel : +27 (0)83 305 3556
Web : http://www.nofusspos.com
Email / E-pos : ewald@nofusspos.com

> From: "Ewald Horn" <info@nofusspos.com>
> Does anyone have any good experiences with obfuscating some JAVA
> classes? I'm worried about local competitors because our courts don't
> really care about software copyright that much and I have to take some
> steps to prevent copying of my app becoming a walk in the park
> procedure.

If you put your best software in an applet so that anybody on the net
can download it any time they want, you're a stupid fool and don't
deserve anybody's help.

If you keep your best software on the server, making it usable by
others via HTTP(JSP/Servlet/EJB) or RMI, but all that any remote user
can see is the interface and its i/o behaviour, not the
implementation, then what is the problem? Does your ISP lack proper
security or what? Or are you running the server on your own personal
Micro$uck Losedows system which is plagued with worm/trojan problems
from InterShit Exploiter etc. and you can't afford a firewall as a
separate box to protect your crappy server?