Dr Ralph Holz, lecturer in Networks and Security at the University of Sydney’s School of Information Technologies and co-appointed researcher at Data61 a premier innovation network, says experts have suspected weaknesses in email cryptographic setups and authentication for some time but there has been no hard evidence to support these suspicions.
While email between users of major providers such as Gmail or Hotmail is relatively secure, this is not true in more general cases and several serious weaknesses exist
The research team conducted active scans of the entire Internet, testing the setups of mail and chat servers before analysing the passive Internet traffic of more than 50,000 users in the United States in more than 16 million encrypted connections.
Results of their study revealing how emails can be poorly protected when in transit will be presented at the Internet Society's Network and Distributed System Security Symposium in San Diego next week.
Dr Holz, a specialist in internet communication and co-appointed researcher at Data61, a premier innovation network, said:
“We investigated both the client-to-server interactions as well as server-to-server forwarding mechanisms. These can be configured in a number of ways, but these many combinations are leading to insecure deployments.
“We ran continuous scans of the Internet’s most important security protocols and applications to detect deployment patterns that open systems to attacks.
“While email between users of major providers such as Gmail or Hotmail is relatively secure, this is not true in more general cases and several serious weaknesses exist.
“One of the largest problems identified in the analysis is the lack of support for encryption - less than half of the mail servers supported even basic encrypted communication, and 17 percent used insecure cryptography.
“Only a third of mail servers can prove their identity securely; this means that a sending party often cannot determine whether an email is going to reach the right receiver or will be intercepted at some point,” Dr Holz says.
The researchers will offer several recommendations based on their analysis to help change the status quo, which include providing more measurements and urging software makers to use sane default configurations.
University of Sydney researchers worked with a group which included members from Data61 (Australia), ICSI (USA), and the Technical University of Munich (Germany).
Just when you thought you’d seen it all, Dr Camilla Whittington takes us on a journey of discovery through some weird and wonderful reports of reproduction of our feathered, furred and finned friends.
Ahead of National Cat Day on 8 August we delved deep into some feline facts to reveal the prevalence of cats in Australia and worldwide as well as the characteristics of their owners.
Young people from across Australia will take part in activities run by the University of Sydney’s Conservatorium of Music, Sydney College of the Arts, Faculty of Science and Sydney University Law Society students in Arnhem Land.