Emails sent via browser, encrypted?

19. Mai 2010

Selam everybody,

I would like to draw your attention to the fact that some well known free-mail service provider do not encrypt emails sent via web browser.
What have I done? I have logged onto my free-mail account and sniffed my own outgoing network traffic while sending test-mails.
I didn’t know that any free-mail provider exchange data in plain text, although they make a lot of advertising 😉
Investigated free-mail provider: Web.de Freemail, GMX Freemail, Yahoo Mail.
You can check your free-mail provider with a traffic analyzer (e.g. wireshark).

Yahoo Mail:

mail.yahoo.de

Yahoo mail sent via browser


Amongst others, you can see that following information were sent in plaintext to its destination at port http\80:
Sender: „defFromAdress=*****@yahoo.de“
Receiver: „to=****@gmx.de“
Subject: „Subj=SecretSubject“
Message: „Content=SecretMessageSecretMessageSecretMessage…“

GMX Freemail:
GMX Freemail 1
Here, at frame 8 you can also see sender (name=“from“) and receiver(name=“to“) in plaintext. Further on, reassembled in frame 9…
GMX Freemail 2
… you can have a look at its subject „SecretSubjectGMX“ and its content „SecretMessageGMXSecretMessageGMXSecretMessageGMX…“.
Protocols: TCP and HTTP.

Web.de Freemail:
Freemail Web.de
As expected, the whole transmission is encrypted; used protocols TLSv1 and SSLv3.

Maybe there are some settings, were I can enable encryption, if disabled?
Usually, labels like „SSL Login“, „Secured Login“, etc. applies to the login process; and in very few cases to the transmission process also.

Be aware that everybody could read those „plain texted“ transmissions.

Advertisements

Linux Debian / Pardus: UMTS / 3G connection via Bluetooth / USB

10. April 2010

Hey folks,

I started this blog as a tutorial, first and foremost for me 😉
Nevertheless, please feel free to use this for your own purpose.

Subject: I have a UMTS/3G mobile phone (Nokia E71) and I want to connect my laptop (USB or bluetooth) via mobile phone to the internet.

Requirements: Linux Kernel 2.6.##, depends on your distribution. wvdial (tested with 1.60)

Step 1 – Determine mobile phones bluetooth MAC (for USB, jump Step 4):

alf@melmac:~$hcitool scan
Scanning…
00:22:33:44:55:66 alf_mobile

Step 2 – Determine channel for Dialup Networking :

sdptool browse 00:22:33:44:55:66

Sevice Name: Dial-Up Networking
Service RecHandle: 0x1001f
Service Class ID List:
„Dialup Networking“ (0x1103)
Protocol Descriptor List:
„L2CAP“ (0x0100)
„RFCOMM“ (0x0003)
Channel: 4
Language Based Attr List:
code_ISO0639: 0x454e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
„Dialup Networking“ (0x1103)
Version: 0x0100

Here we can see, amongst others that the service “Dialup Networking” uses channel 4.

Step 3 – Bluetooth connection laptop mobile phone :
Edit the RFComm configuration file

vim /etc/bluetooth/rfcomm.conf
#
# RFCOMM configuration file.
#
rfcomm0{
#Automatically bind the device at startup
bind yes;
#Bluetooth MAC adress of the device
device 00:22:33:44:55:66
# mobile bluetooth MAC, see Step 1
#RFCOMM channel for the connection
channel 4; #see Step 2
# Description of the connection
comment „E71 NOK“;
}

Step 4 – Configure wvdial.conf as root:

alf@melmac:~# vim /etc/wvdial.conf
[Dialer Defaults]
Phone =
Username =
Password =
New PPPD = yes

[Dialer nokia-usb]
Modem = /dev/ttyACM0
Baud = 3600000
Init1 = ATZ
Init2 = AT+CGDCONT=1, „IP“, „internet.eplus.de“
Init3 =
Modem Type = USB Modem
Area Code =
Phone = *99#
Username = ppp
Password = ppp
Ask Password = 0
Dial Command = ATDT
Stupid Mode = 1
Compuserve = 0
Force Address =
Idle Seconds = 0
DialMessage1 =
DialMessage2 =
ISDN = 0
Auto DNS = 1
New PPPD = yes

[Dialer nokia-bluetooth]
Modem = /dev/rfcomm0
Baud = 3600000
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Init3 = AT+CGDCONT=1, „IP“, „internet.eplus.de“, „0.0.0.0“
Moem Type = Analog Modem
Area Code =
Phone = *99#
Username = ppp
Password = ppp
Ask Password = 0
Dial Command = ATDT
Stupid Mode = 1
Compuserve = 0
Force Address =
Idle Seconds = 0
DialMessage1 =
DialMessage2 =
ISDN = 0
Auto DNS = 1
New PPPD = yes

Here, we have three sections: Default, USB and bluetooth connection setup. You can replace „internet.eplus.de“ with your mobile carriers acces point name. If applicable, modify that config-file with corresponding values.
If necessary, suit /dev/ttyACM0 to its corresponding mountpoint.

Step 5a – Connect via USB:

Well, for USB connections, you onyl have to setup the wvdial.conf at Step 4 and type..

alf@melmac:~# su -c „wvdial nokia-usb“

…then you should get something like..

–> WvDial: Internet dialer version 1.60
–> Cannot get information for serial port.
–> Initializing modem.
–> Sending: ATZ
ATZ
OK
–> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
–> Sending: AT+CGDCONT=1, „IP“, „internet.eplus.de“, „0.0.0.0“
AT+CGDCONT=1, „IP“, „internet.eplus.de“, „0.0.0.0“
OK
–> Modem initialized.
–> Sending: ATDT*99#
–> Waiting for carrier.
ATDT*99#
CONNECT
~[7f]}#@!!}$}%}“}&} }*} } g}%~
–> Carrier detected. Starting PPP immediately.
–> Starting pppd at Mon Feb 15 19:19:17 2010
–> Pid of pppd: 4442
–> pppd:
#……..and so on

Step 5b – Connect via Bluetooth, type (MAC see Step 1, channel see Step 2)…

alf@melmac:~# rfcomm connect rfcomm0 00:22:33:44:55:66 4

…then you should get something like..

Connected /dev/rfcomm0 to 00:22:33:44:55:66 on channel 4
Press CTRL-C for hangup

…open a new root-shell and enter…

alf@melmac:~# su -c „wvdial nokia-bluetooth“

…then you should get something like..

–> WvDial: Internet dialer version 1.60
–> Cannot get information for serial port.
–> Initializing modem.
–> Sending: ATZ
ATZ
OK
–> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
–> Sending: AT+CGDCONT=1, „IP“, „internet.eplus.de“, „0.0.0.0“
AT+CGDCONT=1, „IP“, „internet.eplus.de“, „0.0.0.0“
OK
–> Modem initialized.
–> Sending: ATDT*99#
–> Waiting for carrier.
ATDT*99#
CONNECT
~[7f]}#@!!}$}%}“}&} }*} } g}%~
–> Carrier detected. Starting PPP immediately.
–> Starting pppd at Mon Feb 15 19:19:17 2010
–> Pid of pppd: 4442
–> pppd:
#……..and so on

Step 6 – Most important… Enjoy! Thats it 😉