On Thu, Aug 6, 2009 at 9:50 AM, Peter van Houten<peter...@gmail.com> wrote: > As I read it, the POP3 weakness is just used to reveal the passwords, > once you have those, you can obviously access any Gmail account via HTTP > or POP3.
Right, but if the targeted account has POP3 disabled, then the initial brute forcing won't work, I presume. Attempting to brute force via the web UI quickly leads to automated countermeasures, such as CAPTCHAs, IP blocking, etc. But this report claims the POP3 interface only blocks after 100 failed attempts, and only for two hours. So the POP3 interface is less guarded than the web UI. Strong passwords will also help. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~