Forgotten passwords

What do you do if you’re migrating a user from Outlook Express to Thunderbird, but they don’t know the password to their ISP mail account?

If you’re me, you might do:

sudo tcpflow -i en1 -c port 110

Fire up Outlook Express on the relevant desktop machine, hit the “Get New Mail” button, and watch the all-important details go flying by in the terminal of my laptop:

tcpflow[4477]: listening on en1

081.103.221.014.00110-192.168.001.100.01816: +OK POP3 server ready

192.168.001.100.01816-081.103.221.014.00110: AUTH

081.103.221.014.00110-192.168.001.100.01816: -ERR An authentication mechanism MUST be entered

192.168.001.100.01816-081.103.221.014.00110: CAPA

081.103.221.014.00110-192.168.001.100.01816: +OK Capability list follows

TOP

USER

RESP_CODES

PIPELINING

EXPIRE NEVER

UIDL

081.103.221.014.00110-192.168.001.100.01816: .

192.168.001.100.01816-081.103.221.014.00110: USER foo

081.103.221.014.00110-192.168.001.100.01816: +OK please send PASS command

192.168.001.100.01816-081.103.221.014.00110: PASS bar

081.103.221.014.00110-192.168.001.100.01816: +OK foo is welcome here

Extremely useful, and also a reminder of why you should put as much encryption as possible on your communications. This stuff is just too easy to get at if you don’t. It’s nice to see that Google are setting a good example by enforcing TLS on POP connections to their servers.

This entry was posted in Planet. Bookmark the permalink.