Results 11 to 14 of 14
The web mail like gmail and hotmail etc use IMAP protocol to retrieve your email. Your authenication is somewhere different than your mail. The only thing you need to worry ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-03-2005 #11
Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
-- Linus Torvalds
- 02-03-2005 #12
Maybe this buddie of yours is pointing to the fact that emails are sent in clear text using the pop3 protocol. And encrypted connection could be the answer to that, but the email provider still receives the mail unencrypted from the sender/ other mail server, so it could be read at that fase. So encryption is not a 100% solution to this problem.
But the amount of data sent on the Internet is that big that this will be very difficult to do.
Hacking (or cracking) POP3 servers could be done when the owners of these servers don't update their software when security problems are found. I do not know how up to date most providers are, but my provider updates their software when security problems occur.I\'m so tired .....
- 02-05-2005 #13Originally Posted by puntmutsSome people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
-- Linus Torvalds
- 09-28-2005 #14
- Join Date
- Sep 2005
POP3 "Easy" to hack
Hi new2linux4now, forgive my impertinence...but I wish to correct a certain misunderstanding here. Here's 4 "easy" ways as to how u can go about cracking a POP3 password. 2 of which require u to have local access to the target machine(means u gotta be physically seated there) & 1 which requires u to be on the same LAN segment of the target ur planning to attack.
1) Using netcat & listening on port 110, changing the mail server IP inside
the mail client to point back to localhost(127.0.0.1) or the assigned IP
to the machine. Afterwhich when u run ur mail client, netcat
will capture the plain-text password being sent for authentication.
2) Using software like Snadboy Revelation to uncover the asteriks ***
that mask the password within the mail client software.
3) Using a bruteforce tool like Brutus, but requires u to load lists of
commonly used usernames/passwords. *Can be wordlists put
together urself, or taken from dictionaries. This method is pretty
much a long shot, unless u have prior-knowledge like u know
the length of passwds used, commonly used passwords by users..etc
4) Using ARP poisoning method(eg.Use Cain&Abel) to poison your target's
ARP cache, thereby forwarding all packets to your PC. All plain-text
passwords like telnet,pop3...etc can be captured & viewed immediately.
This method however, requires u to be on the same LAN segment as
For method 1, you could edit/modify the registry entry that tells the mail client software which POP3 server IP to use, thereby allowing u to point it to a remote computer running netcat. This can be accomplished via the use of scripts or a simple self-written application.
I would say the "easy" would still require some knowledge.
And the possibility of ur POP3 account getting hacked is quite unlikely,
unless maybe u offended a colleague or friend.
But the possibilities are endless