Originally posted by uthfull@Sep 14 2005, 01:40 PM
Also one more thing, Tushar you said sending data in an encrypted format. I downloaded a sniffer myself today.... used it on myself.... when I logged in to my Yahoo account... the password remained encrypted but in others... it showed.
How shud I avoid this??
[snapback]25079[/snapback]
[/quote]I was aware of that
😉, I just didn't want to panick all users here
😛 (was gonna PM you earlier), all this f**kup is due to the lame coders at Sify, they could have atleast used a damn md5hash with secret key if they didn't want to encrypt the passwords, but sadly that didn't strike them and hasn't yet. Just remember not to use the same password for Sify that you use for other important stuff
😉, I never did
🙂
I wouldn't be surprised, really!!!, if they store passwords in their db in unhashed/ unencrypted form.
A good solution for all users would be to change their password to something other than what they use for everything else, and don't panick, its no big a deal
😉, majority of the times all people in your LAN are, well ..., not so enlightened.
Promiscuous sniffing can also take place on a network using switches, there are ways to fool the switch into sending your pc data that belongs to another LAN segment. One good thing though is that Promiscuous sniffing doesn't work very well on
Windows due to its limited support drivers.
Here is a pdf 'bout Detection of sniffing
http://www.securityfriday.com/promiscuous_detection_01.pdf
And heres a link to promiscan which can detect sniffing
http://www.securityfriday.com/products/promiscan.html