dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
29

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA

Napsterbater to dave

MVM

to dave

Re: Beware Hotel WiFi

IMAP and POP use SSL or TLS
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

said by Napsterbater:

IMAP and POP use SSL or TLS

I was assuming (incorrectly) that the access was via a web browser.

POP and SMTP *can* use secured connections but it's not mandatory in the protocol and for all I know, gmail doesn't insist. I myself use Verizon, and they offer but do not require the use of secured connections (you configure your client for a different port number).

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

said by dave:

POP and SMTP *can* use secured connections but it's not mandatory in the protocol...

Yup. POP/SMTP are plain-text (including passwords) protocols. Many providers now allow it over SSL/TLS (encrypted) connections but some don't.

Most hotel/hotspot Wi-Fi is unencrypted so users using POP/SMTP over that show everything to anyone looking.

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA

Napsterbater to dave

MVM

to dave
I was talking about IMAP and POP connections to google/gmail, they require SSL or TLS
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

Ah, ok. So we're left with not really knowing how the exposure happened - since IMAP and POP require SSL/TLS, and HTTPS is at least possible....

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

Well if a Chinese hacker had access to hotel Wi-Fi and the user was using an encrypted connection to get their email (SSL/TLS/HTTPS/VPN etc) they'd have seen nothing but gibberish. The email address would be unknown by the hacker. If standard (unencrypted) POP/SMTP was used they'd have seen the email addy and the password (as clear text). With the latter no "hacking attempts" would've been required--they'd simply log in.

In short it's probably coincidence.