Firewall Wizards mailing list archives
Re: POP3 Security Issues
From: Jason Axley <jason.axley () attws com>
Date: Mon, 30 Nov 1998 14:04:28 -0800 (PST)
On 30 Nov, Rick Smith wrote:
At 11:43 AM 11/27/98 -0800, Jason Axley wrote:There isn't any security in POP3. Unless you are using POP3 over SSL to encrypt the data,I like the idea of using SSL, and I can see how it would be a pretty simple rearrangement of software already available in today's bloated browser/mail reader products. But is this something that's really out there as a product, or do people have to roll their own? Rick. smith () securecomputing com
Netscape and IE (outlook express) already support IMAP and POP over SSL. Both the windoze and UNIX versions can do this. M$ exchange 5 can support pop and imap, over SSL even (although I'm sure that most people don't use this functionality). As for Nicholas Brawn's question about other clients (including fetchmail), I don't know of any, but I haven't looked. Did you roll the SSL into qpopper yourself, or are patches readily available for that? Does it use SSLeay? I'm interested! For those who think that APOP solves the problem; it may solve the password in the clear problem, but it still allows your company's private emails to go across the public Internet in the clear and still allows for your TCP session to be hijacked--two problems solved by SSL. APOP isn't even supported by the Netscape messenger email client (don't think by outlook express either). Eudora may be the only widely-used client that does (although you can't get it for free like outlook express or Netscape messenger, can you?) -Jason -- AT&T Wireless Services IT UNIX Security Operations Specialist
Current thread:
- Re: POP3 Security Issues Rick Smith (Dec 01)
- Re: POP3 Security Issues Jason Axley (Dec 01)
- Re: POP3 Security Issues Joseph S D Yao (Dec 02)
- Re: POP3 Security Issues Doug Hughes (Dec 02)
- Re: POP3 Security Issues Nicholas Brawn (Dec 03)
- Re: POP3 Security Issues Adam Shostack (Dec 03)
- Re: POP3 Security Issues Dave Roberts (Dec 03)
- Re: POP3 Security Issues Pedro A M Vazquez (Dec 02)
- Re: POP3 Security Issues Crispin Cowan (Dec 03)
- Re: POP3 Security Issues Pedro A M Vazquez (Dec 04)
- Re: POP3 Security Issues Crispin Cowan (Dec 03)
- Re: POP3 Security Issues Markus Friedl (Dec 03)
- <Possible follow-ups>
- Re: POP3 Security Issues dreamwvr (Dec 01)
(Thread continues...)
- Re: POP3 Security Issues Jason Axley (Dec 01)