Dr Ralph Holz, lecturer in Networks and Security at the University of Sydney’s School of Information Technologies and co-appointed researcher at Data61 a premier innovation network, says experts have suspected weaknesses in email cryptographic setups and authentication for some time but there has been no hard evidence to support these suspicions.
While email between users of major providers such as Gmail or Hotmail is relatively secure, this is not true in more general cases and several serious weaknesses exist
The research team conducted active scans of the entire Internet, testing the setups of mail and chat servers before analysing the passive Internet traffic of more than 50,000 users in the United States in more than 16 million encrypted connections.
Results of their study revealing how emails can be poorly protected when in transit will be presented at the Internet Society's Network and Distributed System Security Symposium in San Diego next week.
Dr Holz, a specialist in internet communication and co-appointed researcher at Data61, a premier innovation network, said:
“We investigated both the client-to-server interactions as well as server-to-server forwarding mechanisms. These can be configured in a number of ways, but these many combinations are leading to insecure deployments.
“We ran continuous scans of the Internet’s most important security protocols and applications to detect deployment patterns that open systems to attacks.
“While email between users of major providers such as Gmail or Hotmail is relatively secure, this is not true in more general cases and several serious weaknesses exist.
“One of the largest problems identified in the analysis is the lack of support for encryption - less than half of the mail servers supported even basic encrypted communication, and 17 percent used insecure cryptography.
“Only a third of mail servers can prove their identity securely; this means that a sending party often cannot determine whether an email is going to reach the right receiver or will be intercepted at some point,” Dr Holz says.
The researchers will offer several recommendations based on their analysis to help change the status quo, which include providing more measurements and urging software makers to use sane default configurations.
University of Sydney researchers worked with a group which included members from Data61 (Australia), ICSI (USA), and the Technical University of Munich (Germany).
A Sydney team was the first in the world to confirm radiowaves from the latest gravitational waves event, resulting from a spectacular neutron star merger that has produced light and radio waves as well as gravitational waves.
Access to food is a basic human right, vital for good health and ultimately for life itself. But how often do you wonder where your next meal is coming from, who’s growing it, and whether it’s actually good for you?
University of Sydney and NASA researchers have developed a revolutionary new technique to image plant photosynthesis using satellite-based remote-sensing, with potential applications in climate change monitoring.