Security Basics mailing list archives

Re: Web Mail Vulnerabilities

From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Thu, 17 Oct 2002 11:18:25 -0600

On Tue, Oct 15, 2002 at 04:01:42PM -0400, Link, Jennifer wrote:

We are looking at provided mail access via internet connection (home,
internet cafe, library etc.) and I'm trying to research what vulnerabilities
exist for such access.  Any websites, books or personal experience you could
provide would be VERY VERY helpful.  I'm just getting started so all
tid-bits are welcome!!


Well, I haven't seen a webmail client that didn't have its share of
security issues.  Maybe some of the less used ones, but they are less
used for a reason; they are new, they are hard to setup, or the GUI
sucks.

Squirrelmail is pretty good.  Open source, written entirely in PHP,
supports plugins so minimal code alteration is required for "extras",
and it works fine with HTTP/SSL.  Best of all its super easy to setup
(not counting the 20+plugins or download time) it took me about 5
minutes.

http://www.squirrelmail.org

-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science

Current thread:

Web Mail Vulnerabilities Link, Jennifer (Oct 16)
- Re: Web Mail Vulnerabilities Leo Security (Oct 17)
- Re: Web Mail Vulnerabilities Devdas Bhagat (Oct 17)
- Re: Web Mail Vulnerabilities Jeremiah Grossman (Oct 17)
- Re: Web Mail Vulnerabilities Brad Arlt (Oct 17)
- Re: Web Mail Vulnerabilities Nick Warr (Oct 18)
  - RE: Web Mail Vulnerabilities Ben Corman (Oct 18)
- <Possible follow-ups>
- RE: Web Mail Vulnerabilities John Canty (Oct 21)