Re: POP3 Security Issues

[ark () eltex ru]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Jason Axley <jason.axley () attws com> said :

> For those who think that APOP solves the problem; it may solve the
> password in the clear problem, but it still allows your company's
> private emails to go across the public Internet in the clear

It does solve problem, somehow ;) (imho)
You should use _internal_ mail server for private emails and pgp to
run messages over the Internet. SSL does not solve the problem because
messages go unencrypted SMTP until they get to SSL-enabled pop3 server.

> and still
> allows for your TCP session to be hijacked--two problems solved by SSL.

Who needs that for email?

> APOP isn't even supported by the Netscape messenger email client
> (don't think by outlook express either). 

I wrote a proxy that does USER/PASS -> APOP protocol translation..

> Eudora may be the only
> widely-used client that does (although you can't get it for free like
> outlook express or Netscape messenger, can you?)

AFAIR there are some free apop-aware pop3 clients for windows.. Or
just use unix and forget your problems ;) 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNmUgXqH/mIJW9LeBAQFCHAP/Q8pSN57kPU4hz0TJ74vjrW3FHaqu0JkY
pT/qYFZ+9A+AvKweqUKuLDCisUjw7qlQFAId60V9ek4BfsWhswxLFn+BZCcZ2fq3
oo2oYjNl3QtxtAC+k2jYHmKLzIza6UAiVrexrDVaZh7wfuMlKyxu15d3p0QDqHkm
wkG3i4hidfM=
=ngob
-----END PGP SIGNATURE-----