Network sniffing: Check if our password is secure?

Network sniffing: Check if our password is secure?

Author: Vic

I read a meager article yesterday: Is your password secure? This article describes the various traps and insecure factors faced by the accounts and passwords of websites that require personal information.
Today, we will use a sniffing test to simulate the real environment to check whether data transmission is secure for several commonly used portal websites and some application clients.

Test environment:
1 2 pcs, XP operating system
2. Wireless route connection
3. log on to PC1 and run CAIN in PC2 for sniffing.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0324253-0.jpg "/>

Test object:
Register and log on to Netease www.126.com free email.
Registration and login of free email addresses for Yahoo www.yahoo.com.cn
Sina www.sina.com.cn Member registration, meager login on the home page, AIR Client Login, meager desktop login.

1. Open www.126.com to register a new email address, fill in the information, and press "register now" to submit the email address. CAIN immediately intercepts the account test_xuitan and password testxiutan in plaintext.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0324109-1.jpg "/>

Log on to the 126 mailbox and the account password is intercepted. The password is displayed in plaintext.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0324944-2.jpg "/>

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q032C44-3.jpg "/>

2 YAHOO Mail registration. The registration information CAIN intercepts the password of the backup mailbox account and the new mailbox. Why? I didn't understand. Tell me the reason.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0324N0-4.jpg "/>

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0325208-5.jpg "/>

In YAHOO Mail login interface login mailbox, new account and password was intercepted, account: vic_v@yahoo.cn password: vic123 plaintext display

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q032H17-6.jpg "/>

For YAHOO POP3, the account and password are clear at a glance.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0325309-7.jpg "/>

3 Sina Member registration, fill in the registration information, after submitting, CAIN intercepts the plaintext account password

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q032B11-8.jpg "/>

Switch to the Sina homepage. There is a logon entry in the upper left corner of the window.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0324438-9.jpg "/>

Login respectively mailbox and meager, account: test_xinweibo@sina.com password: weibo123456 results are displayed in plaintext.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q03210S-10.jpg "/>

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0324240-11.jpg "/>

Let's take a look at the situation of two meager application clients,
Meager AIR

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0323219-12.jpg "/>

After login, the results were disappointing, because I tested it a month ago, and I still did not encrypt it after several updates.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q03244T-13.jpg "/>

Finally, the meager Desktop client

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q0321348-14.jpg "/>

After login, the result is displayed in plain text.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Q03220X-15.jpg "/>

Through this test, we should pay attention to the use of security certificates and take data transmission encryption measures. Pay attention to anti-virus and anti-Trojan in the home computer, and access the Internet in public places. Do not log on to sites involving important information. Do not use a single password for your personal account. You must prepare two passwords for the lazy password, you know.

Personal blind test. If there are any mistakes or omissions, please forgive me.