Security Basics mailing list archives
RE: pop3 over telnet and clear text passwords
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 1 Apr 2004 12:47:03 -0500
Actually, POP3 by itself, without telnet being involved transmits logon name and password in clear text...and like Telnet, it's kind enough to precede the password with the PASS keyword (helps packet sniffing crackers out). If you've got Outlook/Outlook Express and Exchange, you can choose Secure Password Authentication and it will not transmit the password in cleartext. Roger ************************************************************************ *** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), A+ *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) ************************************************************************ **** -----Original Message----- From: Murad Talukdar [mailto:talukdar_m () subway com] Sent: Wednesday, March 31, 2004 10:47 PM To: security-basics () lists securityfocus com Subject: pop3 over telnet and clear text passwords I often use pop3 over telnet to check on email boxes some users have.(ie that they've been setup properly) How do I mask the fact that the username/password is transmitted as clear text?(If I can?) Thanks Murad Talukdar ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- pop3 over telnet and clear text passwords Murad Talukdar (Apr 01)
- RE: pop3 over telnet and clear text passwords David Gillett (Apr 02)
- Re: pop3 over telnet and clear text passwords Cerberus (Apr 02)
- Re: pop3 over telnet and clear text passwords Murad Talukdar (Apr 06)
- Online Universitties with Information Security Programs Security (Apr 02)
- Re: Online Universitties with Information Security Programs AgfTech Lists (Apr 05)
- Re: pop3 over telnet and clear text passwords Phil Brammer (Apr 02)
- <Possible follow-ups>
- RE: pop3 over telnet and clear text passwords Roger A. Grimes (Apr 02)