Firewall Wizards mailing list archives
Re: POP3 Security Issues
From: klynn () santacruz org
Date: Sun, 29 Nov 1998 23:19:26 -0800 (PST)
There is always APOP. I believe Marcus had something to do with its implementation into the Gauntlet firewall (since he wrote it). It's a standard for secure popmail and is supported in more than one email client now. Eudora for PC's being the most well known I believe. Kevin Lynn On Fri, 27 Nov 1998, Jason Axley wrote:
There isn't any security in POP3. Unless you are using POP3 over SSL to encrypt the data, you will be allowing people's unencrypted email, logins, passwords to traverse the Internet. You probably shouldn't do that. If you allow people to come across the Internet, connect to your proxy, log in to the POP3 proxy, to check their email, some attacker could grab the logins and passwords as they're typed in and use them to log in themselves--perhaps gaining access to other resources on your network that accept the same logins and passwords. -Jason On Mon, 16 Nov 1998 mreiter () gwillness osd mil wrote:Date: Mon, 16 Nov 1998 08:55:46 -0500 From: mreiter () gwillness osd mil To: firewall-wizards () nfr net Subject: POP3 Security Issues My users want to use POP3 over the internet to access their e-mail through our firewall. There is a POP3 proxy built in to the firewall (not currently on), but I am leery of ANY access through the firewall over the internet. Does anyone know of security issues surrounding this?AT&T Wireless Services IT UNIX Security Operations Specialist
Current thread:
- POP3 Security Issues mreiter (Nov 27)
- Re: POP3 Security Issues Jason Axley (Nov 29)
- Re: POP3 Security Issues Nicholas Brawn (Nov 30)
- Re: POP3 Security Issues klynn (Nov 30)
- Re: POP3 Security Issues Frederick M Avolio (Nov 29)
- Re: POP3 Security Issues Jan B. Koum (Nov 30)
- Re: POP3 Security Issues Ian Poynter (Nov 29)
- <Possible follow-ups>
- Re: POP3 Security Issues Steven M. Bellovin (Nov 29)
- Re: POP3 Security Issues reynhout (Nov 29)
- Re: POP3 Security Issues Jason Axley (Nov 29)