Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 14 of 14
The web mail like gmail and hotmail etc use IMAP protocol to retrieve your email. Your authenication is somewhere different than your mail. The only thing you need to worry ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058

    The web mail like gmail and hotmail etc use IMAP protocol to retrieve your email. Your authenication is somewhere different than your mail. The only thing you need to worry about is if someone figures out your username and password. But that is really the reality of any email
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

  2. #12
    Linux Enthusiast puntmuts's Avatar
    Join Date
    Dec 2004
    Location
    Republic Banana
    Posts
    562
    Maybe this buddie of yours is pointing to the fact that emails are sent in clear text using the pop3 protocol. And encrypted connection could be the answer to that, but the email provider still receives the mail unencrypted from the sender/ other mail server, so it could be read at that fase. So encryption is not a 100% solution to this problem.

    But the amount of data sent on the Internet is that big that this will be very difficult to do.

    Hacking (or cracking) POP3 servers could be done when the owners of these servers don't update their software when security problems are found. I do not know how up to date most providers are, but my provider updates their software when security problems occur.
    I\'m so tired .....
    #200472

  3. #13
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    Quote Originally Posted by puntmuts
    Maybe this buddie of yours is pointing to the fact that emails are sent in clear text using the pop3 protocol. And encrypted connection could be the answer to that, but the email provider still receives the mail unencrypted from the sender/ other mail server, so it could be read at that fase. So encryption is not a 100% solution to this problem.
    I am an email provider and the mail doesn't go through the logs. All I see is the logs of whats being sent or denied (Spam) there is no usernames and passwords that go through the logs either. I believe the only way they can get your usernames and passords are on with a packet sniffer or keylogger. outside of that the provider can't even see them. The email doesn't scroll through the logs either. they go to a spool but it is devided up by who owns it and I could get to the mail that way, but for someone esle to do it they would have to hack my box. Mail itself isn't an issue as stated earlier it is a poorly managed server. But if the server was to get comprimised they wouldn't only get to your mail they would have anybody that is a user on the box. This rarely happens in fact I personally have never seen it happen.
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

  4. $spacer_open
    $spacer_close
  5. #14
    Just Joined!
    Join Date
    Sep 2005
    Posts
    1

    POP3 "Easy" to hack

    Hi new2linux4now, forgive my impertinence...but I wish to correct a certain misunderstanding here. Here's 4 "easy" ways as to how u can go about cracking a POP3 password. 2 of which require u to have local access to the target machine(means u gotta be physically seated there) & 1 which requires u to be on the same LAN segment of the target ur planning to attack.

    1) Using netcat & listening on port 110, changing the mail server IP inside
    the mail client to point back to localhost(127.0.0.1) or the assigned IP
    to the machine. Afterwhich when u run ur mail client, netcat
    will capture the plain-text password being sent for authentication.

    2) Using software like Snadboy Revelation to uncover the asteriks ***
    that mask the password within the mail client software.

    3) Using a bruteforce tool like Brutus, but requires u to load lists of
    commonly used usernames/passwords. *Can be wordlists put
    together urself, or taken from dictionaries. This method is pretty
    much a long shot, unless u have prior-knowledge like u know
    the length of passwds used, commonly used passwords by users..etc

    4) Using ARP poisoning method(eg.Use Cain&Abel) to poison your target's
    ARP cache, thereby forwarding all packets to your PC. All plain-text
    passwords like telnet,pop3...etc can be captured & viewed immediately.
    This method however, requires u to be on the same LAN segment as
    the target.

    For method 1, you could edit/modify the registry entry that tells the mail client software which POP3 server IP to use, thereby allowing u to point it to a remote computer running netcat. This can be accomplished via the use of scripts or a simple self-written application.


    I would say the "easy" would still require some knowledge.
    And the possibility of ur POP3 account getting hacked is quite unlikely,
    unless maybe u offended a colleague or friend.
    But the possibilities are endless

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •