Gmail to Warn When Messages Take Unencrypted Routes

[Batu69]

Google plans to ramp up security at its free email service by letting users know when messages arrive via unencrypted connections that could be prone to snooping or tampering.

"These warnings will begin to roll out in the coming months," Elie Bursztein and Nicolas Lidzborski of the Gmail security team said in a blog post this week.

"While these threats do not affect Gmail to Gmail communication, they may affect messaging between providers."

The announcement came with study results indicating that email encryption is on the rise, along with measures to thwart spam and fraud by better authenticating messages.

However, Google said that it found regions of the Internet where email encryption was being covertly thwarted and also uncovered malicious servers programmed to essentially hijack Gmail messages by giving them bogus routing information.

"While this type of attack is rare, it's very concerning as it could allow attackers to censor or alter messages before they are relayed to the email recipient," Bursztein and Lidzborski said in the post.

Google, Yahoo and other online firms have been moving to boost encryption of websites and email in an effort to boost privacy amid growing concerns about hacking and surveillance.

News source

[straycat19]

No security software can make up for the loose nut on the keyboard. Those that can remember back to 1998 may remember the Anna Kournikova virus that purported to be a jpg attachment of a nude photo of her but was actually an exe file that infected the computer. I had one senior administration person who clicked on it, got infected, called to have it fixed, fixed it, and 20 minutes after leaving his office got a call that he was infected again, because he pulled the email out of the trash and clicked on the 'jpg' attachment because he "didn't get to see the picture" the first time. We even tried removing all active links from emails and replacing them with a warning and instructions on how to get it back if it was valid and that didn't help one bit. I wanted to run our own email phishing system to catch these users so we could train the ones that click on the links but organizational politics would not allow that since senior members would be embarrassed.