[Spambayes] Password visible in SB Proxy V 1.1b2
Peter Liepmann
PeterL at hvc.RR.com
Mon May 9 14:23:49 CEST 2011
It's on the "configure...advanced configuration....Interface Options
about 2/3 down, just above the "Allowed remote POP3 connections: " entry.
My guess is, no one ever thought about this particular security
threat. How does T-bird protect the password? Maybe (we) could just
steal that piece.
(You know this already, I'm just thinking out loud-) Really securing
the password would mean not just concealing it on the web page, but
"Steve Gibson then provides excellent advice to server administrators,
in how to secure people's password. What the server administrator
needs to do, is to take your password, encrypt it using a long and
complex salt value, and then store the hashed value (of the salted
password) in the database."
Thanks.
On 5/9/2011 5:39 AM, skip at pobox.com wrote:
> Peter> Can I just replace my current spambayes files/reinstall with the
> Peter> 1.1a6 files? Does 1.1a6 hide the email password better?
>
> That's the rub. Nothing related to the user interface has changed in a long
> while. I'd be surprised if any older version behaved differently.
>
> I'm not the author of the POP3 proxy application, so it will probably take
> me awhile to figure out where it's even generating the password entry.
>
> Skip
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 10.0.1325 / Virus Database: 1500/3625 - Release Date: 05/08/11
>
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 10.0.1325 / Virus Database: 1500/3625 - Release Date: 05/08/11
>
> .
>
More information about the SpamBayes
mailing list