Re: What is the likelihood of password sniffing ?

From: Rowdy Yates (rowdy.yates_at_no-spam-please.com)
Date: 10/28/03 

Date: Tue, 28 Oct 2003 00:41:30 GMT

don't know if anyone is following this thread anymore, but i might as
well add.

- there are logs kept on the mail server as to which ip address accessed
the mail account last. if the host is on one of you subnets, it's really
easy to track it back.
- clear text is very easy to sniff. passwords & usr names MUST be sent
encrypted and stored reversable.
- i am not too familiar with the pop flagging process, but i know from
personal experiece on imap, that after you download the messages, it is
marked as read. but, if you have usr name & passwrd, you can mark it as
unread again.

hope it helps.

"Superbo Barnetta" <superbo@barnetta.not> wrote in
news:ZdOdneNF9t8vfQuiRVn-sw@giganews.com:

> Hello,
>
> When a lot of us send and receive email, we use 'clear text'
> passwords. Not all do this, but a great many I suspect do. Who has the
> means to capture this un-encrypted information ?
>
> I would guess at ISPs first, or maybe someone's PC that has been
> compromised with a trojan. Is that the extent of the problem ?
>
> I would like to hear of any scenarios that show how easily this can be
> done, and if anyone has any history of their passwords being stolen,
> and then some account or other becoming unavailable to them.
>
> At the moment, I use SSL (port 995) to connect to my mail server,
> using a self-signed certificate, basically because I'm skint. But say
> I switched back to an ISP, and used clear-text pop3 passwords, how
> likely is it that I could get my password stolen ?
>
> My 'threat model', if that applies to what I'm saying here, is only
> that of embarrassment if someone were to monitor and later disclose
> information gleaned from my inbox. It could be worse in some cases,
> where I have to receive un-encrypted financial information, as the
> sender refuses to 'embrace' PGP or similar.
>
> Thanks for your time.
>
> SB.

Relevant Pages

  • Re: Mail program is malfunctioning
    ... any problem it has talking to your mail server. ... The chance that it's forgotten folks passwords is rather ...
    (comp.sys.mac.apps)
  • Re: The myths of SBS
    ... >just a SYMPTOM of the failure of IT to SIMPLIFY their computer experience. ... >over smaller installations than strong passwords which are most always ... can authenticate against the mail server with the stolen credentials. ...
    (microsoft.public.windows.server.sbs)
  • Re: The myths of SBS
    ... >>failure short of a gadget. ... >>just a SYMPTOM of the failure of IT to SIMPLIFY their computer experience. ... >>over smaller installations than strong passwords which are most always ... > can authenticate against the mail server with the stolen credentials. ...
    (microsoft.public.windows.server.sbs)
  • password file recovery question
    ... I've had to rebuild a mail server from scratch, ... passwords are scrambled for most users. ... I did notice that if I already have passwords set before I copy the ...
    (freebsd-stable)
  • What is the likelihood of password sniffing ?
    ... When a lot of us send and receive email, we use 'clear text' passwords. ... but a great many I suspect do. ... I would guess at ISPs first, or maybe someone's PC that has been compromised ... receive un-encrypted financial information, ...
    (alt.computer.security)