Security Basics mailing list archives
RE: POP3 passwords
From: Chris Merkel <chrism () geo-synthetics com>
Date: Mon, 20 Oct 2003 11:09:48 -0500
Why has it not been a bigger problem that POP3 passwords are unencrypted when sent over the public Internet? Seems like they would be pretty easy for a miscreant to steal.
In order to sniff traffic, an attacker would have to locate themselves on the segment where the traffic is. With the prevalence of switched networking, the attacker would have to compromise the machine or device over which the traffic passes. Essentially, for this to work, an attacker would have to compromise the POP3 server or client. Given the fact that most POP3 clients are Windows-based, this would be the logical point of attack. The attack would most likely be a virus or worm. Finally, the real reason, IMHO, is because reading people's email is painfully boring and time consuming. Wading through all the spam, chain letters and inane chatter in one's own inbox is bad enough. :-) Chris Merkel Sysadmin Geo-Synthetics, Inc. --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- Re: POP3 passwords, (continued)
- Re: POP3 passwords Francisco Andrades (Oct 20)
- Re: POP3 passwords Todd Troxell (Oct 20)
- Re: POP3 passwords JGrimshaw (Oct 20)
- Re: POP3 passwords Hendra Santosa (Oct 21)
- RE: POP3 passwords Dave Killion (Oct 20)
- Re: POP3 passwords Meritt James (Oct 20)
- RE: POP3 passwords Steve McLaughlin (Oct 21)
- Re: POP3 passwords Francisco Andrades (Oct 21)
- Re: POP3 passwords Simon Garner (Oct 21)
- RE: POP3 passwords Golden_Eternity (Oct 22)
- RE: POP3 passwords Chris Merkel (Oct 20)
- RE: POP3 passwords Keller, Tim (Oct 20)
- Re: FW: POP3 passwords Sec1 (Oct 20)
- RE: POP3 passwords Dave Killion (Oct 21)
- Re: POP3 passwords Phillip McCollum (Oct 22)