From: combee@sso-austin.sps.mot.com (Ben Combee)
Date: Tue, 1 Oct 1996 15:22:27 +0800
To: cypherpunks@toad.com
Subject: Secure POP Mail (was Mailmasher)
In-Reply-To: <v03007812ae75892bd1d9@[206.119.69.46]>
Message-ID: <9610010443.AA19348@sso-austin.sps.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Robert" == Robert Hettinga <rah@shipwright.com> writes:
    Robert> Take a look at:

    Robert> http://www.mailmasher.com/

    Robert> It's a way to get your mail through a web page. Pretty
    Robert> useful when you're at a braindead "cyber-cafe" machine and
    Robert> want to read your mail.  The problem is, mailmasher knows
    Robert> you POP password.

    Robert> Anyway to do this more securely?

Strick in SF (strick@yak.net) did a hack last year to put S/KEY into
yak.net's POP server.  If you had that setup on your account, you
could give Mailmasher the one time password, and it would be none the
wiser when you were finished.  Of course, it would still be able to
make copies of all the mail in your inbox folder plus it could field a
denial of service attack by keeping the connection open, but it
wouldn't be able to relogin.

Source might be on the Yak's web site... I'm not sure right now, I'm
just on a firewalled shell account, so I can't get to www.yak.net to
check.

-- 
Ben Combee, Software Developer (Will write assembly code for food)
Motorola > MIMS > MSPG > CTSD > Advanced ICs > Austin Design Center
E-mail: combee@sso-austin.sps.mot.com   Phone: (512) 891-7141