Collaborate Disseminate
When I log in to hotmail or Google or posteo I can only log in using the 2FA that I have set up. However, each provider seems to have an alternative for apps that do not auth via a web client.
Hotmail/Google: 16-lowercase-c… Continue reading Does IMAP/POP3/ASP undermine Two-Factor Auth?
SMTPS (implicit SSL) has been deprecated/obsolete since SMTP+STARTTLS (explicit SSL) was defined in RFC2487. I’m not entirely clear on the reasoning behind that, but it was clearly considered a good idea at the time.
IceWarp (11.0.1.3 x64 IMAP4rev1) is accessible from my server to anybody. Is that risky? What kind of attacks can be applied?
icewarp: https://www.icewarp.com/
Terminal output after connect with netcat:
* OK IceWarp 11.0.1…. Continue reading Attacking IceWarp 11.0.1.3
IceWarp (11.0.1.3 x64 IMAP4rev1) is accessible from my server to anybody. Is that risky? What kind of attacks can be applied?
icewarp: https://www.icewarp.com/
Terminal output after connect with netcat:
* OK IceWarp 11.0.1…. Continue reading Attacking IceWarp 11.0.1.3
Which offers a higher level of safety: Webmail or using a POP3/IMAP client?
Assume the following for webmail:
Access via HTTPS
Rarely downloading any attachments, but in cases where it may be necessary, carefully verifying the integrity… Continue reading Better safety: Webmail or POP3/IMAP email client?
The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name. This can allow a remote,authenticated attacker to execute arbitrary code with the privileges of the Domino server Continue reading VU#676632: IBM Lotus Domino server mailbox name stack buffer overflow
I am looking to finish a relatively secure infrastructure using only OSS tools. On the Linux side, I have the very capable RedHat IPA that provides Kerberos and manages host and service registrations. On the client side, ther… Continue reading Securing infrastructure with IMAP, SMTP, GSSAPI, OTP, FreeIPA
While adding a Mediacom email account into Apple Mail I referenced their page on IMAP settings https://supportstage.mediacomcable.com/print/1446, I noticed that authentication type for incoming email is set to none. Does tha… Continue reading IMAP with authentication set to none
Opportunistic TLS refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted comm… Continue reading What is the purpose of opportunistic TLS (like STARTTLS)?
The abundance of small networked boards running Linux — like the Raspberry Pi — is a boon for developers. It is easy enough to put a small cheap computer on the network. The fact that Linux has a lot of software is a double-edged sword. On the one hand, it is a good bet that anything you want to do has been done. On the other hand, some of the solutions are a bit large for a tiny embedded system.
Take, for example, e-mail. Historically, Linux hosts operate as mail transfer agents that can send and receive mail for all …read more
