Educause Security Discussion mailing list archives
Re: Blocking POP3 and IMAP
From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Thu, 11 Oct 2007 11:51:17 -0700
Pace, Guy wrote:
If you have anything on your network that sniffs in/outbound traffic, you can show your POP3 and IMAP die-hards the plain text username and password packets passed back and forth via these protocols (and, you know how easy it is to sniff traffic). If they still gripe, show them your institution's Acceptable Use Policy (you do have one, right?) that addresses the consequences of exposing or sharing passwords (it does include that, right?).
Sorry, in my response to Gary, I just assumed that those folks had already moved beyond plain-text POP and IMAP and were using the TLSified versions. michael
Current thread:
- Blocking POP3 and IMAP Hammon, Gary (Oct 11)
- <Possible follow-ups>
- Re: Blocking POP3 and IMAP Ken Connelly (Oct 11)
- Re: Blocking POP3 and IMAP Pace, Guy (Oct 11)
- Re: Blocking POP3 and IMAP Alex Everett (Oct 11)
- Re: Blocking POP3 and IMAP Michael Sinatra (Oct 11)
- Re: Blocking POP3 and IMAP Michael Sinatra (Oct 11)
- Re: Blocking POP3 and IMAP Valdis Kletnieks (Oct 11)
- Re: Blocking POP3 and IMAP Geoff Nathan (Oct 11)
- Re: Blocking POP3 and IMAP Harry E Flowers (flowers) (Oct 11)
- Re: Blocking POP3 and IMAP Shumon Huque (Oct 11)
- Re: Blocking POP3 and IMAP Paul Russell (Oct 11)
- Re: Blocking POP3 and IMAP Mike Iglesias (Oct 11)
- Re: Blocking POP3 and IMAP Geoff Nathan (Oct 11)
- Re: Blocking POP3 and IMAP Michael Sinatra (Oct 11)
- Re: Blocking POP3 and IMAP ssgsa (Oct 17)