Plusnet Security - My Rude Awakening
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Re: Plusnet Security - My Rude Awakening
Plusnet Security - My Rude Awakening
13-01-2019 2:33 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have known for a long time that Plusnet do not use an encrypted link for connections to IMAP or POP3 email clients but have just had a light bulb moment regarding this shortcoming. Being bored I have had a play with Wireshark. This has brought home to me the implications of a third party getting access to my wireless network. This could be leaked by various ways, for example a quick look (or snap from a camera phone) at the rear of the router is all that's required.
Anyway, what I have suddenly realised is that if some-one can connect to your wireless network, every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account, every time emails are checked, in my case Outlook is set to do this every 30 minutes, your account user name and password is being transmitted in plain text for a snooper to pick up. This of course gives them full access to account details, telephone records, any security bolt settings, etc.
My solution is to change my wireless password from that on the router label and use my other secure non-Plusnet email account. I have forwarded any emails addressed to my Plusnet mailbox to the other account and deleted the Plusnet settings from my Email client.
I note that webmail can be accessed via a secure https link and hence is not exposed to this security flaw.
Moderator and Customer
If this helped - select the Thumb
If it fixed it, help others - select 'This Fixed My Problem'
Re: Plusnet Security - My Rude Awakening
13-01-2019 3:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's not quite that bad - wifi is moderately well encrypted.
If you want proper end-to-end encryption I'd consider signing up at https://protonmail.com/signup - you can get a single email account for free without any adverts etc.
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: Plusnet Security - My Rude Awakening
13-01-2019 3:39 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Were you running wireshark on the computer accessing the email, or on a different device?
It is possible to view such traffic from another device, but perhaps not quite as easy as you suggest.
Re: Plusnet Security - My Rude Awakening
13-01-2019 3:46 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account
That's only true for the default mailbox. You can mitigate the problem by using additional mailboxes instead with their own passwords. When/if you need to access the default one, do it from webmail, that's what I do.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page