Re:Aargh, again with the confusion. (Score 1)

Strong passwords *are* required at Oxford (I forget exactly what the policy is, but it's at least letters and digits and is checked against a dictionary) but under the previous web-based email system, anybody could log in to their email account across an unencrypted HTTP connection. Things have changed somewhat now (not related to the newspaper article in question), and Oxford's webmail system only accepts SSL logins. However, I expect that 99% of people who use M$ Outlook etc to read their email don't use the SSL connection facilities that Oxford already offers. In short, all these guys did was run a simple packet sniffer on a few College networks and sniffed a few plaintext passwords. While Oxford allows people to use systems which send plaintext passwords across the network, the facilities for encrypted connections are also available. It's just that they aren't publicised or used nearly enough.