Firewall Wizards mailing list archives
Re: POP3 Security Issues
From: ark () eltex ru
Date: Wed, 2 Dec 1998 14:11:28 +0300
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, Jason Axley <jason.axley () attws com> said :
For those who think that APOP solves the problem; it may solve the password in the clear problem, but it still allows your company's private emails to go across the public Internet in the clear
It does solve problem, somehow ;) (imho) You should use _internal_ mail server for private emails and pgp to run messages over the Internet. SSL does not solve the problem because messages go unencrypted SMTP until they get to SSL-enabled pop3 server.
and still allows for your TCP session to be hijacked--two problems solved by SSL.
Who needs that for email?
APOP isn't even supported by the Netscape messenger email client (don't think by outlook express either).
I wrote a proxy that does USER/PASS -> APOP protocol translation..
Eudora may be the only widely-used client that does (although you can't get it for free like outlook express or Netscape messenger, can you?)
AFAIR there are some free apop-aware pop3 clients for windows.. Or just use unix and forget your problems ;) _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNmUgXqH/mIJW9LeBAQFCHAP/Q8pSN57kPU4hz0TJ74vjrW3FHaqu0JkY pT/qYFZ+9A+AvKweqUKuLDCisUjw7qlQFAId60V9ek4BfsWhswxLFn+BZCcZ2fq3 oo2oYjNl3QtxtAC+k2jYHmKLzIza6UAiVrexrDVaZh7wfuMlKyxu15d3p0QDqHkm wkG3i4hidfM= =ngob -----END PGP SIGNATURE-----
Current thread:
- Re: POP3 Security Issues, (continued)
- Re: POP3 Security Issues Markus Friedl (Dec 03)
- Re: POP3 Security Issues dreamwvr (Dec 01)
- Re: POP3 Security Issues Frederick M Avolio (Dec 01)
- Re: POP3 Security Issues Mookie (Dec 02)
- Re: POP3 Security Issues David Lang (Dec 01)
- Re: POP3 Security Issues Rodney van den Oever (Dec 01)
- Re: POP3 Security Issues Christopher Nielsen (Dec 02)
- Re: POP3 Security Issues Bruce B. Platt (Dec 01)
- Re: POP3 Security Issues Lart (Dec 01)
- Re: POP3 Security Issues Rick Murphy (Dec 01)
- Re: POP3 Security Issues ark (Dec 02)
- Re: POP3 Security Issues Joe LoBianco (Dec 02)