Security Basics mailing list archives
Re: POP3 passwords
From: Francisco Andrades <fandrades () nextj com>
Date: Mon, 20 Oct 2003 16:04:09 -0400
You can use POP3 over SSL/TLS Tomas Wolf wrote:
Hi,I was thinking about this problem myself though... Does POP3 protocol support any kind of encryptiong - at least for AUTH process? What I was concerned about was public wireless access (no encryption, no privacy, etc.), where one is just "sniffing" and gathering pop3 passwords / http passwords. Big waste of them (I would say majority) could be use to AUTH with associated SMTP; therefore to use the credentials to spam... Here near are three "coffee" hotspots and one "metro" hotspot spawning several blocks.I'll look at the RFC and try to find it... Tomas Zachary Mutrux wrote:Why has it not been a bigger problem that POP3 passwords are unencryptedwhen sent over the public Internet? Seems like they would be pretty easy fora miscreant to steal. zm -- Zac Mutrux Technology Consultant CompuMentor 415-633-9437
-- Francisco Andrades Grassi www.nextj.com Tlf: +58-414-125-7415 --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- POP3 passwords Zachary Mutrux (Oct 20)
- RE: POP3 passwords Damian Lennon (Oct 20)
- Re: POP3 passwords Tomas Wolf (Oct 20)
- Re: POP3 passwords Francisco Andrades (Oct 20)
- Re: POP3 passwords Simon Gray (Oct 20)
- Re: POP3 passwords Francisco Andrades (Oct 20)
- Re: POP3 passwords Todd Troxell (Oct 20)
- Re: POP3 passwords JGrimshaw (Oct 20)
- Re: POP3 passwords Hendra Santosa (Oct 21)
- <Possible follow-ups>
- RE: POP3 passwords Dave Killion (Oct 20)
- Re: POP3 passwords Meritt James (Oct 20)
- RE: POP3 passwords Steve McLaughlin (Oct 21)
- Re: POP3 passwords Francisco Andrades (Oct 21)
- Re: POP3 passwords Simon Garner (Oct 21)