Current time: 04-18-2014, 06:50 AM Hello There, Guest! (LoginRegister)

Post Reply 
password recovery: is anyone happy?
05-08-2011, 05:34 AM
Post: #15
RE: password recovery: is anyone happy?
No response? I guess people aren't taking the prankster brother-in-law scenario very seriously. Let me try another.

There may well be flaws in the following (actually, I hope there are!) and I hope someone will point them out.

Numerous articles in reputable magazines explain how it is possible for malfeasants to snoop unencrypted internet traffic; for example, http://www.wired.com/threatlevel/2008/08...ed-the-in/

Quote:Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

Two posters in this thread have explained how it is good practice to keep one's dreamhost account email address effectively secret; however, this address is likely to be used also for receiving dreamhost monthly newsletters and (if dreamhost is also one's domain name registrar) annual ICANN-mandated whois reminders.

So,

(1) Malfeasant (M) snoops internet traffic looking for text which occurs in dreamhost newsletters or in whois reminders sent by dreamhost, and thereby harvests email addresses used for dreamhost accounts;

(2) M triggers the sending of the password recovery email to such addresses;

(3) M catches some of those emails and reads the passwords.

Please can someone explain why that wouldn't work?

~Tom
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: password recovery: is anyone happy? - tomtavoy - 05-08-2011 05:34 AM

Forum Jump: