[techtalk] POP mail
Samantha Jo Moore
sjmoore at TheTahoeGroup.com
Wed Dec 15 15:06:25 EST 1999
> okay, what's this i've heard about "Secure POP"? I'm assuming this is a
> modified POP that sets up a secure connection between the server and the
> client, to avoid sniffing?
Yes. The problem with regular POP servers is that they establish an
ASCII based conversation through stdio. You can check this by doing
a
telnet your_pop_server 110
which will reply with something like:
+OK QPOP (version x.xx) at your_pop_server starting.
You can continue this conversation by typing:
user your_account_name
and you'll see the prompt:
+OK Password required for your_account_name
to which you need to type:
pass your_password
which will log you in to the server. Now, if you notice, the password
you typed was visible to you. When your mail client establishes this
connection it does exactly the same, sending your account name and
password UNSCRAMBLED over the connection. Anybody sniffing your
line could catch your password and account name, and then who knows
what they might do?
I don't know exactly how it works, but secure pop provides for a secure
mechanism of transmitting these data items, and possibly the content of
the mail comming back to you.
Samantha Jo Moore
sjmoore at thetahoegroup.com
http://www.thetahoegroup.com
************
techtalk at linuxchix.org http://www.linuxchix.org
More information about the Techtalk
mailing list