LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-24-2004, 08:17 PM   #1
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Rep: Reputation: 30
Question POP mail and security


I've been using Yahoo mail and POP3 for quite a while but I recently began realizing that nothing is encrypted that way unless the web interface is used. I also have an email for my school that allows POP retrieval. I know there are secure options (so your password isn't transmitted in plain text), but, to my knowledge, neither provider supports it. Are there any other options I have? How big of a risk is using POP mail with a password? I understand that I probably don't want to check my mail on a wireless network, but is it fine on a wired LAN? Thanks in advance.
 
Old 08-25-2004, 02:45 PM   #2
lone_nut
Member
 
Registered: Dec 2003
Location: Denmark
Distribution: Mandrake
Posts: 179

Rep: Reputation: 30
www.nerdshack.com allows encryption (password and mail)
 
Old 08-25-2004, 06:24 PM   #3
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
That looks like a great site, thanks for letting me know about that. It will be some time before I can, but I wanted to eventually get a new email account on a service with APOP that I can use for a long time. The nerdshack looks rather new, but looks like it at least has the potential to have some longevity. Does anyone know of any other major providers of APOP that are reliable and will probably be around for a while?

Also, I'm still curious about the answer to my other question. How worried should I be about checking my email via POP on a campus LAN, and how easy is it for someone to jump in and take the password? Thanks again.
 
Old 08-25-2004, 07:33 PM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
If traffic is transmitted unencrypted, anyone connected to any of the networks it travels through can read the data via use of a packet sniffer. Packet sniffers are availavle for Unix and Windows (I use them myself for testing on my LAN) and they require root priviliges to run. So anyone with root/administrator access on any network your unencrypted data passes through can read it. It's not totally trivial, since the person reading the sniffed packets needs to know where to look to find the daya, but it's not that hard, either.
 
Old 08-26-2004, 04:57 PM   #5
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
So basically, if I don't have an email service that offers APOP, there's no way to prevent anyone with a packet sniffer from seeing everything transmitted to/from the mail client? Is this something that most knowledgeable people are wary of (i.e. does everyone on this forum use encrypted mail) or is it not a huge issue if I'm not sending personal information over email?
 
Old 08-28-2004, 07:40 AM   #6
lone_nut
Member
 
Registered: Dec 2003
Location: Denmark
Distribution: Mandrake
Posts: 179

Rep: Reputation: 30
Well, i know it can be done, but i don't send encrypted mail, because the stuff in the mails are not that personal (eg, how are you, today we did this and that, computer advices) if i am going to transfer something personal i would use a phone or snail mail.

However if you are talking to a bf/gf you should either use encrypted mail or Gnupg.
If you send finacial info, use should use encryption.
If the mail password is something you share to other services, you should send it encrypted.
 
Old 08-28-2004, 02:07 PM   #7
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
Those are good points. I do have a unique mail password (not used anywhere else), but it still gives access to whatever settings the mail service allows you to change. I'll think about it and see what I need to do. Thanks again.
 
Old 08-28-2004, 02:48 PM   #8
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
Just some extra info about the whole encryption thing so you know what you're getting into.

Ok, if you're worried about people eavesdropping, then there are some things you should consider. First, I don't know the specifics of APOP. So I assume it only encrypts user id and password for authentication. Someone please correct me if I'm wrong. If I'm right, then that means the transmission/reception of your email is plaintext after authentication. In other words, anyone with a packet sniffer could piece together and read the email. If that's a concern, then you need to augment APOP.

You can do that with an encrypted connection (if that service is provided). For example, ssh port-forwarding to your mail server. In this case, user id and pass are doubly-encrypted (the APOP encryption is encrypted again by the ssh tunnel), and the message(s) are encrypted when sent through the tunnel. However, if you are sending email and the mail server has to relay the message, then the message will be retransmitted. Unless the mail server has an encrypted link between itself and the next stop, then the email will be plain text again.

Lastly, you can encrypt the message content itself. In this manner, the email itself is encrypted, and doesn't require a persistent chain of encrypted links from your computer to the receiver's computer. You receive the user id and password protection from APOP, and the message content is transmitted verbatim, and must be manually decrypted by the receiving user.
 
Old 08-28-2004, 05:04 PM   #9
jrdioko
Member
 
Registered: Oct 2002
Distribution: Debian 6.0.2 (squeeze)
Posts: 944

Original Poster
Rep: Reputation: 30
Yeah, the password is the only thing I was really concerned about. I don't ever see a need to transmit confidential information over email. Thanks though.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
POP Mail Problems Taggard Linux - General 2 01-20-2005 12:55 PM
POP mail and deleting guild Linux - Software 3 11-08-2004 09:39 PM
Problems with POP 3 Mail LinuxKimmy Linux - Newbie 1 09-01-2004 11:32 AM
Setup POP Mail Accounts richhoward Linux - General 5 12-10-2003 02:58 PM
pop-3 mail server? sephiroth111 Linux - Software 4 03-03-2003 04:36 PM


All times are GMT -5. The time now is 01:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration