Date: Wed, 15 Aug 2001 14:29:50 -0400 From: "Andrew C. Hornback" <achornback@worldnet.att.net> To: "Ted Mittelstaedt" <tedm@toybox.placo.com>, "Greg Lehey" <grog@FreeBSD.org> Cc: <freebsd-questions@FreeBSD.org> Subject: RE: Remotely Exploitable telnetd bug Message-ID: <009101c125b8$450d6340$0e00000a@tomcat> In-Reply-To: <001101c12567$0d51ac00$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Ted > Mittelstaedt > Sent: Wednesday, August 15, 2001 4:48 AM > To: Greg Lehey > Cc: Ryan Thompson; William Nunn; freebsd-questions@FreeBSD.org > Subject: RE: Remotely Exploitable telnetd bug > > Actually, if you think about it, POP3 is not as much a problem. > Look at it > this way. What is transferred over POP3? E-mail. How does that E-mail > get there to be transferred? SMTP mostly. > > Now, if an attacker wanted to sniff your e-mail, all he needs to > do is sniff > the incoming SMTP he doesen't need to bother looking at the POP3 session > at all. Sure, POP3 does pass the password in the clear - but all the POP3 > password gets the attacker is access to your mailbox, and that just lets > him steal your mail. If your frequently checking e-mail then > it's unlikely > he could make off with the bulk of your incoming e-mail without causing > noticeable trouble, since POP servers don't permit concurrent access to > the mailbox. Ted, et. al... I think what might be a "hang up" about this with someone just sniffing your POP3 and then trying to steal your mail is would be in situations similar to some of the ISPs that I've used in this area. In those instances, your login password for your dial-up connection and shell account is the same as the password that you have to send to retrieve your e-mail. In that instance, having someone sniff your password out could be very detrimental to your account's longevity. Especially when said password is then used to gain access to and hack the host machine. --- Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009101c125b8$450d6340$0e00000a>