RE: POP3 passwords

[Chris Merkel <chrism () geo-synthetics com>]

> Why has it not been a bigger problem that POP3 passwords are 
> unencrypted when sent over the public Internet? Seems like 
> they would be pretty easy for a miscreant to steal.

In order to sniff traffic, an attacker would have to locate themselves on
the segment where the traffic is. With the prevalence of switched
networking, the attacker would have to compromise the machine or device over
which the traffic passes.

Essentially, for this to work, an attacker would have to compromise the POP3
server or client. Given the fact that most POP3 clients are Windows-based,
this would be the logical point of attack. The attack would most likely be a
virus or worm.

Finally, the real reason, IMHO, is because reading people's email is
painfully boring and time consuming. Wading through all the spam, chain
letters and inane chatter in one's own inbox is bad enough.

:-)


Chris Merkel
Sysadmin
Geo-Synthetics, Inc.

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------