[NTLUG:Discuss] Strange iptables problem on CentOS 4.4

[Chris Cox]

Leroy Tennison wrote:
....
> 
> We don't hear people going on a tirade over non-secure SMTP nor HTTP

Insecure HTTP is fine.... for public data.  I know I had my credit
card stolen in the early internet days by buying from a non-SSL'd
site though.  More people are watching your data than you can
ever realize.

POP and SMTP are big issues.  I try to use secure POP and SMTP
wherever possible.  But it is very true that most people are sending
those passwords in the clear (so make sure NOT to use your most
secret password for those... people already know it!).

> 
> Can't speak to SMTP but you hear a lot about making sure you have
> switched to secure HTTP (the padlock, the https, lots of warnings with
> the newer browsers) before sending any kind of sensitive information
> over the Internet. You will also hear the howls about plain ftp because
> it has the same problem. This is why there are Internet standards for
> secure ftp (ftps - not to be confused with sftp, this is an additional
> story in itself).


Again, if you are using insecure POP, SMTP, FTP, telnet, I can
guarantee you that somebody has your data (username/password, etc).
So make sure (if you use any of those protocols with a specific
non-anonymous userid), that you DO NOT use a password that is
used anywhere else... not a bad idea to not use your ultra-secure
username either if possible.