[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Gmail and SSL

Subject: Gmail and SSL
From: kmedcalf at dessus.com (Keith Medcalf)
Date: Tue, 01 Jan 2013 19:53:42 -0700

Non prime number store certificates are acceptd for SMTP (25) both to and from google.

Perhaps this is CYA to prevent compromised gmail accounts from giving credentials from hijacked accounts to unknown servers.

I have no idea how credentials for gmails pop pickup work but perhaps having hijacked a gmail account the hijacker can just change the target pop server address without needing to know the target crefentials. ?Changing to a malicious pop server would allow the credentials for that account to be compromised.

Of course if this were the case I should think fixing the underlying brokedness in the UI might be a good idea as well.


Sent from Samsung Mobile

-------- Original message --------
From: Scott Howard <scott at doc.net.au> 
Date:  
To: "John R. Levine" <johnl at iecc.com> 
Cc: nanog at nanog.org 
Subject: Re: Gmail and SSL

Prev by Date: Gmail and SSL
Next by Date: Gmail and SSL
Previous by thread: Gmail and SSL
Next by thread: Gmail and SSL
Index(es):
- Date
- Thread