Re: POP3 Security Issues

Nicholas Brawn (ncbokugi.com)
Sun, 29 Nov 1998 20:32:18 -0600 (CST)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Previous message: Jan B. Koum: "Re: POP3 Security Issues"
• In reply to: Frederick M Avolio: "Re: POP3 Security Issues"
• Next in thread: Steven M. Bellovin: "Re: POP3 Security Issues"

On Fri, 27 Nov 1998, Jason Axley wrote:

> There isn't any security in POP3. Unless you are using POP3 over SSL to
> encrypt the data, you will be allowing people's unencrypted email, logins,
> passwords to traverse the Internet. You probably shouldn't do that. If
> you allow people to come across the Internet, connect to your proxy, log
> in to the POP3 proxy, to check their email, some attacker could grab the
> logins and passwords as they're typed in and use them to log in
> themselves--perhaps gaining access to other resources on your network that
> accept the same logins and passwords.
>
> -Jason

Speaking of pop3 over SSL, is anyone aware of mail clients or pop3
retrievers (Unix and/or Windows) that support it? The reason I'm asking
is that i've recently plugged SSL into qpopper (2.53), and want to know
whether I need to patch something like fetchmail, or whether there's
something out there already that will do the job.

Cheers,
Nick

• Previous message: Jan B. Koum: "Re: POP3 Security Issues"
• In reply to: Frederick M Avolio: "Re: POP3 Security Issues"
• Next in thread: Steven M. Bellovin: "Re: POP3 Security Issues"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:12:04 CDT