Google Preps New Service after Global Email Encryption Warning. Security is improving, but messages are still sent in plain text
In a report published by www.infosecurity-magazine.com Papua New Guinea is listed to be one of 7 countries in which over 20% of emails are delivered without encryption. This is because computers force incoming communication in plain text. And in Tunisia the figure is above 96%.
These statistics are a result of a study by the University of Michigan and the University of Illinois and the general conclusion is that email security is better than it was two years. Probably not so for countries like Papua New Guinea.
A Google report noted that although email encryption is getting better, certain countries are “deliberately preventing SSL requests from initiating, undermining industry efforts“.
If you have a Gmail account or send regular emails to a Gmail account, the number of encrypted emails received by Gmail from non-Gmail senders during the period increased from 33% to 61%.
Further, the percentage of messages encrypted with TLS sent from Gmail to non-Gmail addresses increased from 60% to 80%.
And Gmail users will be pleased to know that over “94% of inbound messages to Gmail were said to have carried some form of authentication”.
But it’s not all rosy for Gmail users as Google wrote in a supporting blog.
“First, we found regions of the internet actively preventing message encryption by tampering with requests to initiate SSL connections. To mitigate this attack, we are working closely with partners through the industry association M3AAWG to strengthen ‘opportunistic TLS’ using technologies that we pioneered with Chrome to protect websites against interception.
Second, we uncovered malicious DNS servers publishing bogus routing information to email servers looking for Gmail. These nefarious servers are like telephone directories that intentionally list misleading phone numbers for a given name. While this type of attack is rare, it’s very concerning as it could allow attackers to censor or alter messages before they are relayed to the email recipient.”
So how safe are our emails in Papua New Guinea? Should this be an issue addressed by Nicta or is it the responsibility of the internet service providers?
Read the full article as provided on the link below.