Comments on: Cracking portable e-mail clients http://www.literatecode.com/2007/05/16/hackemail/ Think it easy Fri, 16 May 2008 22:55:30 +0000 http://wordpress.org/?v=2.0.5 by: MoRbIdEsIrE http://www.literatecode.com/2007/05/16/hackemail/#comment-15361 Fri, 01 Feb 2008 01:23:43 +0000 http://www.literatecode.com/2007/05/16/hackemail/#comment-15361 Hi There. Nice post. And what you think about Dreammail, another portable email client. Hi There.
Nice post.
And what you think about Dreammail, another portable email client.

]]> by: Ilya http://www.literatecode.com/2007/05/16/hackemail/#comment-11984 Thu, 30 Aug 2007 13:05:15 +0000 http://www.literatecode.com/2007/05/16/hackemail/#comment-11984 Exactly the point. Exactly the point.

]]> by: Paeniteo http://www.literatecode.com/2007/05/16/hackemail/#comment-11977 Thu, 30 Aug 2007 09:31:49 +0000 http://www.literatecode.com/2007/05/16/hackemail/#comment-11977 Unless you have to specify some sort of master password which is used to actually encrypt the account data, the whole storage mechanism cannot be secure by definition. You might see various degrees of "obfuscation" but that's it. Unless you have to specify some sort of master password which is used to actually encrypt the account data, the whole storage mechanism cannot be secure by definition.
You might see various degrees of “obfuscation” but that’s it.

]]> by: Ilya http://www.literatecode.com/2007/05/16/hackemail/#comment-5430 Wed, 16 May 2007 09:34:52 +0000 http://www.literatecode.com/2007/05/16/hackemail/#comment-5430 Igor, Thunderbird: If it installed in about 22Mb then it is not something called small and lightweight exactly :) Truecrypt: Irrelevant from this point. Once it mounted, all files there are transparently available to any active malware. There are POP3S, bounce tunnels, etc to avoid plain text passwords to be sent. Lousy credential protection on a client side renders those close to useless. Such protection also increases attack likelihood and success ratio for an offline attack on collected credentials. Igor,

Thunderbird: If it installed in about 22Mb then it is not something called small and lightweight exactly :)

Truecrypt: Irrelevant from this point. Once it mounted, all files there are transparently available to any active malware.

There are POP3S, bounce tunnels, etc to avoid plain text passwords to be sent. Lousy credential protection on a client side renders those close to useless.

Such protection also increases attack likelihood and success ratio for an offline attack on collected credentials.

]]> by: igor http://www.literatecode.com/2007/05/16/hackemail/#comment-5422 Wed, 16 May 2007 07:48:27 +0000 http://www.literatecode.com/2007/05/16/hackemail/#comment-5422 I will not ask you about Thunderbird :) I will not ask why not use portable Truecrypt for security :) Instead, I will ask what is the reason to hide passwords, if it will be sent in pure text over POP3? I will not ask you about Thunderbird :)
I will not ask why not use portable Truecrypt for security :) Instead, I will ask what is the reason to hide passwords, if it will be sent in pure text over POP3?

]]>