[FFmpeg-devel] piP4mOiMeOc0CijE

Michael Niedermayer michaelni
Wed Mar 18 13:55:42 CET 2009


On Wed, Mar 18, 2009 at 09:09:01AM +0100, Reimar D?ffinger wrote:
> On Wed, Mar 18, 2009 at 01:28:59AM +0100, Michael Niedermayer wrote:
> > On Mon, Mar 16, 2009 at 08:11:19PM -0700, Mike Melanson wrote:
> > > Hey, is this thing on?
> > > 
> > > (Sorry, have been having lots of email problems probably due to 
> > > switching providers so often.)
> > 
> > And i had some because f*cking gmx disabled all but plain text passwords
> > no more APOP and no more CRAM-MD5 and the rest never worked anyway
> > calling that a Sicherheitsupdate aka security update.
> 
> Oh, you only noticed now? I had issues due to it days before they
> changed, with email sending failing randomly. 

I noticed it before and complained to them explaining them that they are
incompetent idiots, didnt help though as you see.


> You have to grant them
> that (if I am right) they disabled non-TLS/SSL connections, so it does
> improve security...

It does certainly not improve security for SSL/TLS connections, before it
was 2 layers now its one. You may argue that SSL/TLS is much stronger then
CRAM-MD5 but this is debateable. SSL/TLS is much more complex, failure
can happen at many points, like bugs in various pieces of software ...
Even if there where some unpublished holes in CRAM-MD5 it cant be worse
than sending passwords in clear.

Also, ive not tried (dont want to have to change my pw ATM) but i dont
think they disabled non SSL/TLS connections

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090318/525434e0/attachment.pgp>



More information about the ffmpeg-devel mailing list