OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: POP3 Security Issues

Re: POP3 Security Issues

klynnsantacruz.org
Sun, 29 Nov 1998 23:19:26 -0800 (PST)

There is always APOP. I believe Marcus had something to do with its
implementation into the Gauntlet firewall (since he wrote it).

It's a standard for secure popmail and is supported in more than one email
client now. Eudora for PC's being the most well known I believe.

Kevin Lynn

On Fri, 27 Nov 1998, Jason Axley wrote:

> There isn't any security in POP3. Unless you are using POP3 over SSL to
> encrypt the data, you will be allowing people's unencrypted email, logins,
> passwords to traverse the Internet. You probably shouldn't do that. If
> you allow people to come across the Internet, connect to your proxy, log
> in to the POP3 proxy, to check their email, some attacker could grab the
> logins and passwords as they're typed in and use them to log in
> themselves--perhaps gaining access to other resources on your network that
> accept the same logins and passwords.
>
> -Jason
>
> On Mon, 16 Nov 1998 mreitergwillness.osd.mil wrote:
>
> > Date: Mon, 16 Nov 1998 08:55:46 -0500
> > From: mreitergwillness.osd.mil
> > To: firewall-wizardsnfr.net
> > Subject: POP3 Security Issues
> >
> >
> >
> >
> >
> > My users want to use POP3 over the internet to access their e-mail through
> > our firewall. There is a POP3 proxy built in to the firewall (not
> > currently on), but I am leery of ANY access through the firewall over the
> > internet. Does anyone know of security issues surrounding this?
> >
> >
> >
>
>
> AT&T Wireless Services
> IT UNIX Security Operations Specialist
>

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:12:04 CDT