Tuesday, 17 November 2015

Gmail to Warn When Messages Take Unencrypted Routes


Security of User’s Data Vulnerable

Google has observed that the security of its user’s data has become more vulnerable when they received message sent through a different email provider. There is a possibility that most of the users would now begin to see the alerts coming, in a few months.

Google has plans of ramping up security at its free email service by enabling users to be aware when messages arrive through unencrypted connection which could be susceptible to snooping or tampering. These threats have urged Gmail to work on warning system which could alert users when they tend to receive unencrypted mail.

Elie Bursztein and Nicolas Lidzborski of Gmail security team had mentioned in a blog post this week that these warning would begin to roll out in the coming months and while these threats does not seem to affect Gmail to Gmail communication, they could affect messaging between providers.

This statement came with the result of the study indicating that email encryption has been increasing together with measures to prevent spam and fraud by improved authenticating messages. The good news is that more email providers have been offered email encryption along the board with the majority of them utilising a few type of authentication in order to decrease phishing.

Google/Yahoo/Others – Improve Encryption of Websites/Email

But Google has said that it discovered regions of the Internet wherein email encryption had been secretly thwarted as well as exposed malicious servers that were programmed to hijack Gmail message by providing them false routing information.

Bursztein and Lidzborski had indicated in the post that though this kind of attack seems rare, it was a matter of concern as it would enable attackers to censor or alter messages before they are relayed to the email recipient.

In an attempt to enhance privacy in the midst of concerns with regards to hacking and surveillance, Google, Yahoo together with other online firms has been moving to improve encryption of websites and email. Bloggers have confirmed that, to notify users of possible dangers, they have been developing in-product warnings for Gmail users which would display whenever they receive a message through a non-encrypted connection. The good news is that more email providers are providing email encryption on the board and most of them are using some types of authentication to lessen impersonation and phishing.

Most Providers do not Support STARTTLS

Though Gmail-to-Gmail messages are always encrypted, the company has revealed that around 57% of email that are sent from providers to Gmail is encrypted while 81% of outgoing Gmail to the other provider also. This would be great since unencrypted emails are good targets for the criminals.

Moreover the groups also found malicious DNS servers broadcasting false routing information to email servers on the lookout for Gmail. However simultaneously, these researchers also discovered that there were certain areas of the internet which were preventing message encryption by tampering with requests to start SSL connection.

 Most of providers do not support STARTTLS, which means that any email encrypted by the sender cannot be read when it is received on the other end. The focus of Google in warning Gmail users with regards to unencrypted connection is to caution them to such type of dangers.


No comments:

Post a Comment

Note: only a member of this blog may post a comment.