Re: POP3 passwords

[Francisco Andrades <fandrades () nextj com>]

You can use POP3 over SSL/TLS

Tomas Wolf wrote:
> Hi,
> I was thinking about this problem myself though... Does POP3 protocol 
> support any kind of encryptiong - at least for AUTH process?
> What I was concerned about was public wireless access (no encryption, no 
> privacy, etc.), where one is just "sniffing" and gathering pop3 
> passwords / http passwords. Big waste of them (I would say majority) 
> could be use to AUTH with associated SMTP; therefore to use the 
> credentials to spam... Here near are three "coffee" hotspots and one 
> "metro" hotspot spawning several blocks.
>
>  I'll look at the RFC and try to find it...
> Tomas
>
> Zachary Mutrux wrote:
>
> > Why has it not been a bigger problem that POP3 passwords are unencrypted
> > when sent over the public Internet? Seems like they would be pretty 
> > easy for
> > a miscreant to steal.
> >
> > zm
> >
> > --
> > Zac Mutrux
> > Technology Consultant
> > CompuMentor
> > 415-633-9437

--
Francisco Andrades Grassi
www.nextj.com
Tlf: +58-414-125-7415


---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------