[13378] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Misleading sense of security in Netscape

daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Jan 17 15:30:32 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <20000115032655.60186ACAE2@smb.research.att.com>
Date:         Fri, 14 Jan 2000 22:26:50 -0500
Reply-To: smb@RESEARCH.ATT.COM
From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
X-To:         Craig Ruefenacht <ruefenac@digsigtrust.com>
To: BUGTRAQ@SECURITYFOCUS.COM

In message <387E245C.F279E367@digsigtrust.com>, Craig Ruefenacht writes:

>It is well known throughout the Internet that the two most common
>protocols for reading email, POP3 (port 110) and IMAP (port 143), are
>sent in the clear over the network.

It's worth noting that many POP3 servers and clients support APOP
authentication, which eliminates the problem of the plaintext password going
over the wire.  As best I can tell, Netscape's mail client doesn't give you
that choice.

		--Steve Bellovin


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13378] in bugtraq

Re: Misleading sense of security in Netscape

daemon@ATHENA.MIT.EDU (Steven M. Bellovin)Mon Jan 17 15:30:32 2000

daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Jan 17 15:30:32 2000