<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: Misleading sense of security in Netscape

Re: Misleading sense of security in Netscape

From: Steven M. Bellovin <smb_at_RESEARCH.ATT.COM>
Date: Fri, 14 Jan 2000 22:26:50 -0500

In message <387E245C.F279E367_at_digsigtrust.com>, Craig Ruefenacht writes:

>It is well known throughout the Internet that the two most common
>protocols for reading email, POP3 (port 110) and IMAP (port 143), are
>sent in the clear over the network.

It's worth noting that many POP3 servers and clients support APOP
authentication, which eliminates the problem of the plaintext password going
over the wire. As best I can tell, Netscape's mail client doesn't give you
that choice.

--Steve Bellovin
Received on Jan 17 2000

This message: [ Message body ]
Next message: Max Vision: "Re: Anyone can take over virtually any domain on the net..."
Previous message: Brian Mueller: "Re: Anyone can take over virtually any domain..."
Maybe in reply to: Craig Ruefenacht: "Misleading sense of security in Netscape"
Next in thread: Jefferson Ogata: "Re: Misleading sense of security in Netscape"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos