Re: Misleading sense of security in Netscape

From: Steven M. Bellovin (smbat_private)
Date: Fri Jan 14 2000 - 19:26:50 PST

Next message: Bryan Fullerton: "Re: Anyone can take over virtually any domain on the net..."

Previous message: root: "Re: Anyone can take over virtually any domain on the net..."
Maybe in reply to: Craig Ruefenacht: "Misleading sense of security in Netscape"
Next in thread: Jefferson Ogata: "Re: Misleading sense of security in Netscape"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <387E245C.F279E367at_private>, Craig Ruefenacht writes:

>It is well known throughout the Internet that the two most common
>protocols for reading email, POP3 (port 110) and IMAP (port 143), are
>sent in the clear over the network.

It's worth noting that many POP3 servers and clients support APOP
authentication, which eliminates the problem of the plaintext password going
over the wire.  As best I can tell, Netscape's mail client doesn't give you
that choice.

		--Steve Bellovin

Next message: Bryan Fullerton: "Re: Anyone can take over virtually any domain on the net..."
Previous message: root: "Re: Anyone can take over virtually any domain on the net..."
Maybe in reply to: Craig Ruefenacht: "Misleading sense of security in Netscape"
Next in thread: Jefferson Ogata: "Re: Misleading sense of security in Netscape"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:25 PDT