Overblog Tous les blogs Top blogs Technologie & Science Tous les blogs Technologie & Science
Editer l'article Suivre ce blog Administration + Créer mon blog
MENU

Web blog d'un ingénieur en sécurité informatique. IT Security watcher's blog: news, threats analysis, AV issues, PoC, IT security, bugs... Contact: philippe.vialle@wanadoo.fr

Publicité

Thunderbird doesn't trust MS Live POP server?

Quite surprisingly, I was not even thinking about writing an article when I set up my Thunderbird for a MS Live mail account. 

One day, without any notice, I had the following warning:

Shredder_pop3.live.com_cert_280610.jpg

 

Because I use a 64 bits version (Shredder), there is no locale version of if, ie. in French. So I wonder what a lambda user is supposed to understand about this warning...

Let's have a look at the certificate by itself:

pop3.live.com_cert_sympatico.ca_280610.jpg

 

It appears that the POP3 Server of MS Live Mail tries to present a certificate for pophm.sympatico.ca. Where, yes, it seems to be a problem there... and Shredder is right warning me about it.

Once again, how a lambda user is supposed to handle that? How could he or she make the difference between that case (which could certainly be accepted as an exception), and a real fraud/phishing attempt?

 And the most surprising part could be that MS Live Mail client does not prompt any warning while retrieving the same MS Live Mail account... does it hide a security weakness?

Publicité
Retour à l'accueil
Partager cet article
Repost0
Pour être informé des derniers articles, inscrivez vous :
Commenter cet article