Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Strategies & Market Trends : Anthony @ Equity Investigations, Dear Anthony, -- Ignore unavailable to you. Want to Upgrade?

To: knows_picker who wrote (71669)	6/3/2001 1:41:40 AM
From: caly	Respond to of 122087

Yes, it does logon to your POP server just the way your DSL connection does. Whether coming in from your DSL account or your mobile device though, your logon credentials are most likely in the clear. Mechanisms do exist for securing the logon, but they're not widely implemented. And even if your credentials are secured, I doubt your e-mails are. You can play around with your security settings in your e-mail client to see if your POP server supports the security mechanisms. See the blurb I'm including at the bottom for how to do this in Outlook. My POP server for my home account doesn't support this security, and that being the case, I operate on the assumption that every e-mail I send and receive, and every transmission I make on the Internet is being viewed by the world. Exceptions to that are of course the web transactions that are encrypted with SSL. I ensure that I do absolutely nothing from my home account that would be of interest to anybody. (And since I have a cable modem, that anybody includes neighbors that might be snooping on the local segment.) I have PGP encryption for e-mail should I ever need it, but I haven't to date. At work it's a different story though. Security policy dictates that corporate e-mail cannot leave the corporate network without being encrypted. You can only externally access your e-mail account via a VPN tunnel or a Blackberry (or Blackberry equivalent). Here's the little blurb that explains POP3 security. The sections in bold tell you how to change your security options to try to force security. If they're already checked when you go in there, then you're good to go. If you can no longer retrieve your e-mail after checking them, then your POP server doesn't support it. Exchange Client and POP3/IMAP POP3 is a non-proprietary messaging protocol, which has become the de-facto standard for downloading email messages over the Internet. While IMAP4 has been tagged as its successor, POP3 shows no signs of giving way. You can enable POP3 support in Outlook by installing the Internet Mail Information Service. When authenticating, there are basically two options available to the Outlook user. The most common is that defined by RFC 1939. This is the original POP3 specification and it dictates the user id and password be sent in clear text to the server. This method is extremely popular on the Internet in spite of its obvious weakness. Additionally, there is RFC 2222, which puts forth Simple Authentication and Security Layer (SASL). SASL defines a challenge/response mechanism where the client and server negotiate which challenge/response protocol to use. This provides an added measure of security, but ISP's have been slow to adopt it. At writing, only about 10% of Service Providers support SASL.1 When configuring an Exchange server for POP3 support, the administrator can choose Basic (clear text) or NTLM (for SASL) authentication [you can also configure authentication using the MCIS Membership System, which negotiates SASL using Distributed Password Authentication. However, this requires installation of the MCIS Membership Broker]. In the Outlook client, when configuring your incoming mail server, you also enter an ID and password. Although this password is covered in asterisks, if you do not enable SASL it is sent as clear text. To enable SASL (assuming your POP server supports it), check the box marked Log on Using Secure Password Authentication. If you are connecting to an Exchange Server, the SASL negotiation will result in NTLM authentication. Even if you implement SASL for your client authentication, the actual process of downloading messages from your POP server is still in clear text. Additionally, odds are you will use SMTP to upload your messages, which - by default - also uses clear text. To protect the integrity of our message we must implement some encryption for the message transfer. You can use SSL (Secure Sockets Layer) at the Transport Layer to encrypt your message transfer. To enable support at the client level, select the Advanced tab under the Internet Mail Information Service and check the box marked This Server Requires a Secure Connection. The client will use TCP port 995 for future communications instead of the standard TCP port of 110. securityfocus.com