Dr Ralph Holz, lecturer in Networks and Security at the University of Sydney’s School of Information Technologies and co-appointed researcher at Data61 a premier innovation network, says experts have suspected weaknesses in email cryptographic setups and authentication for some time but there has been no hard evidence to support these suspicions.
While email between users of major providers such as Gmail or Hotmail is relatively secure, this is not true in more general cases and several serious weaknesses exist
The research team conducted active scans of the entire Internet, testing the setups of mail and chat servers before analysing the passive Internet traffic of more than 50,000 users in the United States in more than 16 million encrypted connections.
Results of their study revealing how emails can be poorly protected when in transit will be presented at the Internet Society's Network and Distributed System Security Symposium in San Diego next week.
Dr Holz, a specialist in internet communication and co-appointed researcher at Data61, a premier innovation network, said:
“We investigated both the client-to-server interactions as well as server-to-server forwarding mechanisms. These can be configured in a number of ways, but these many combinations are leading to insecure deployments.
“We ran continuous scans of the Internet’s most important security protocols and applications to detect deployment patterns that open systems to attacks.
“While email between users of major providers such as Gmail or Hotmail is relatively secure, this is not true in more general cases and several serious weaknesses exist.
“One of the largest problems identified in the analysis is the lack of support for encryption - less than half of the mail servers supported even basic encrypted communication, and 17 percent used insecure cryptography.
“Only a third of mail servers can prove their identity securely; this means that a sending party often cannot determine whether an email is going to reach the right receiver or will be intercepted at some point,” Dr Holz says.
The researchers will offer several recommendations based on their analysis to help change the status quo, which include providing more measurements and urging software makers to use sane default configurations.
University of Sydney researchers worked with a group which included members from Data61 (Australia), ICSI (USA), and the Technical University of Munich (Germany).
A world-first study testing new underwater cameras on wild dolphins has given researchers the best view yet into their hidden marine world.
Problem gambling is set to get worse because of social media, writes Sally Gainsbury from the Gambling Treatment Clinic. Research shows gaming and gambling are converging and are being embraced by the smartphone generation.
Sydney researchers including from the Not Guilty project have confirmed direct eye contact may increase the perceived familiarity of a face and therefore the chances of a wrongful conviction.