This article was posted to the Usenet group alt.hackers in
1995; any technical information is probably outdated.
gone
Re: POP2/POP3 holes?
Article: 4927 of alt.hackers Newsgroups: alt.2600,alt.hackers From: daemon9@netcom.com (Route) Subject: Re: POP2/POP3 holes? Message-ID: daemon9D9tIv5.CpJ@netcom.com Followup-To: alt.2600,alt.hackers Organization: NETCOM On-line Communication Services (408 261-4700 guest) X-Newsreader: TIN [version 1.2 PL1] Date: Wed, 7 Jun 1995 19:45:05 GMT Approved: Tick@Thecity.com Lines: 29 Sender: daemon9@netcom5.netcom.com Status: RO
On 7 Jun 1995 00:47:58 -0400 Captain Sarcastic (kkoller@nyx10.cs.du.edu) wrote: : Any insecure holes in POP2/POP3? I don't know about this being a serious security breach, but it is a trivial matter to read someone's mail from a pop2/pop3 server, if you have thier login and passwd. Normally, you would have to login to retrive the messages, possibly alerting the user or admin in one way or another. By telneting to the popd port (109,110) you can read and delete thier mail directly by entering: user username pass passwd retr mes # dele mes # This is only really useful if you needed to setup a an account as way-station to send mail to from some site that is too tightly secured to enter directly: ie: You setup a login trojan that captures usernames and passwds. Since you can not (for one reason or another) login directly anymore there after the initial setup of the trojan, you setup a script or a cron job that periodically mails the captured items to an account elsewhere that you can retireve via a popd telnet. -- [Route] founding member: *The Guild] | [finger for more info, including pgp key url ftp://ftp.netcom.com/pub/da/daemon9 for the pursuit of knowledge
gone