We're in the middle of securing our webmail access, this is now just a connection over the internet towards a webserver, that webserver is then requesting username and password, however this is done over a non secure line (just http), we were wondering if it's possible to intercept the username and password while sniffering on that specific port of the webmail server? Everyone is talking about SSL and secure access trough vpn, or others. But as far as I know it's not possible to sniffer on a public webserver (eg webmail.xxx.xx) if your not on the LAN of the host or the server. So pretty secure I guess? I've seen some documents about man in the middle attacks, but again, this is when you're on the LAN of the host or server...
Does anyone has any ideas on how to test the security of that webmail provider?
or some great documents about that?