1. Reverse Engineering >
  2. Video >
  3. New Research: Encouraging trends and emerging threats in email security


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

New Research: Encouraging trends and emerging threats in email security

RSS Kategorie Pfeil Video vom | Quelle: feedproxy.google.com Direktlink öffnen

Posted by Elie Bursztein, Anti-Fraud and Abuse Research and Nicolas Lidzborski, Gmail Security Engineering Lead

We’re constantly working to help make email more secure for everyone. These efforts are reflected in security protections like default HTTPS in Gmail as well as our Safer Email Transparency report, which includes information about email security beyond just Gmail.

To that end, in partnership with the University of Michigan and the University of Illinois, we’re publishing the results of a multi-year study that measured how email security has evolved since 2013. While Gmail was the foundation of this research, the study’s insights apply to email more broadly, not unlike our Safer Email Transparency report. It’s our hope that these findings not only help make Gmail more secure, but will also be used to help protect email users everywhere as well.

Email security strengthens, industry-wide

The study showed that email is more secure today than it was two years ago.

Here are some specific findings:
Newer security challenges and how we can address them

Our study identified several new security challenges as well.

First, we found regions of the Internet actively preventing message encryption by tampering with requests to initiate SSL connections. To mitigate this attack, we are working closely with partners through the industry association M3AAWG to strengthen “opportunistic TLS” using technologies that we pioneered with Chrome to protect websites against interception.

Second, we uncovered malicious DNS servers publishing bogus routing information to email servers looking for Gmail. These nefarious servers are like telephone directories that intentionally list misleading phone numbers for a given name. While this type of attack is rare, it’s very concerning as it could allow attackers to censor or alter messages before they are relayed to the email recipient.

While these threats do not affect Gmail to Gmail communication, they may affect messaging between providers. To notify our users of potential dangers, we are developing in-product warnings for Gmail users that will display when they receive a message through a non-encrypted connection. These warnings will begin to roll-out in the coming months.

All email services—Gmail included—depend on the trust of their users. Partnering with top researchers helps us make the email ecosystem as a whole safer and more secure for everyone. Security threats won’t disappear, but studies like these enable providers across the industry to fight them with better, more powerful protections today and going forward.

[This work was made possible thanks to the contribution of many Googlers including Vijay Eranti, Kurt Thomas, John Rae-Grant, and Mark Risher.]

...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu New Research: Encouraging trends and emerging threats in email security






Ähnliche Beiträge

  • 1. HPR2828: Writing Web Game in Haskell - Science, part 2 vom 175.42 Punkte ic_school_black_18dp
    Intro Last time we looked how to model technology and research. This time we’ll do some actual research. I’m skipping over some of the details as the episode is long enough as it is. Hopefully it’s still possible to follow with the show notes.
  • 2. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide vom 130.34 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly a
  • 3. Businesses Grow More Vulnerable to Email Attacks, Even with Improved Defenses vom 127.86 Punkte ic_school_black_18dp
    Editor's Note: This post can originally be found on the Agari Email Security blog. ​ https://i.redd.it/lwn4jicgn3b31.png By Patrick Peterson ​ Cybercriminals increasingly use new forms of identity deception to launch an email attack to target yo
  • 4. Azure.Source – Volume 58 vom 122.21 Punkte ic_school_black_18dp
    Now in preview Update 18.11 for Azure Sphere in public preview This is an update to the Azure Sphere Operating System, Azure Sphere Security Service, and Visual Studio development environment. This release includes substantial investments in our se
  • 5. Azure.Source – Volume 60 vom 119.13 Punkte ic_school_black_18dp
    Now in preview Simplifying security for serverless and web apps with Azure Functions and App Service New security features for Azure App Service and Azure Functions reduce the amount of code you need to work with identities and secrets under management. Key Vault re
  • 6. The Malicious Use of Artificial Intelligence in Cybersecurity vom 117.73 Punkte ic_school_black_18dp
    Criminals and Nation-state Actors Will Use Machine Learning Capabilities to Increase the Speed and Accuracy of Attacks Scientists from leading universities, including Stanford and Yale in the U.S. and Oxford and Cambridge in the UK, together with civil societ
  • 7. 5 Emerging Cybersecurity Threats in 2019 vom 116.58 Punkte ic_school_black_18dp
    5 Emerging Cybersecurity Threats in 2019 And How to Deal With Them With the increased integration of internet in our daily lives, criminals are... The post 5 Emerging Cybersecurity Threats in 2019 appeared first on HackersOnlineClub.
  • 8. USN-3415-2: tcpdump vulnerabilities vom 111.61 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump
  • 9. USN-3415-1: tcpdump vulnerabilities vom 111.34 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed
  • 10. The Security Spending Paradox vom 109.23 Punkte ic_school_black_18dp
    A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches t
  • 11. The Security Spending Paradox vom 109.23 Punkte ic_school_black_18dp
    A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches t
  • 12. TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors vom 106.66 Punkte ic_school_black_18dp
    Original release date: March 15, 2018Systems Affected Domain ControllersFile ServersEmail ServersOverview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bur