l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Nov 25 11:04

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Email Password Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Email Password Security

On Tue, 25 Nov 2003, Robert G. Scofield wrote:

> I've been having unbelievably horrible security problems on both my family's 
> computer (Win98SE) and the Windows partition of this dual boot system.  Two 
> weeks ago someone was stealing my email from my ISP's server.

Then they know your email password... which may be the same as your dialin

>  I then got 
> Norton Personal Firewall for both computers, and for the last three days the 
> dial up connection kept repeatedly starting on my computer  both when the 
> computer booted up and when it shutdown.  In fact I couldn't even shut it 
> down, all I could do is reboot into Linux and then shutdown.  Also 
> interesting is that Norton Firewall was knocked out.

Norton can be aggressive about staying in contact with its update
site(s)... that could be the connection thing.

>  (And I wonder if the 
> hacker or worm got in through Linux because I wasn't online in Windows very 
> much.  The Windows partition automatically mounts when Linux boots.)

Possible.  Depends what services you were running, and how often you
update them to maintain security.

> I've reformatted both computers in the last week.   On both computers I have 
> disabled the automatic use of passwords to both log onto the ISP, and then to 
> get email.  So now you have to type the password in at least twice to get 
> email.  This is inconvenient, and so my question is, am I being too paranoid?  
> Is it really necessary to disable the feature that retains the password?

If you haven't changed the password at the ISP end, you haven't
accomplished anything.  If you have, make sure you don't use that password
for anything else. In particular, use a different password to log into
Linux or Windows.

Investigate secure email download options with your ISP... POP3 sends the
password in the clear, so if they have compromised a machine between you
and your mail server they can sniff it off the network.  Most people don't
have these problems... so the POP password is not usually a critical one.

As to whether it is a good idea to disable the feature that retains the
password... I use different passwords for different things.  This prevents
discovery of one password (such as the POP password) from affecting any
other security.  Thus, I don't feel too bad about having my email passowrd
stored under the security of another password (say, my Linux login
password) in order to automate my email downloads.

Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.