Gmail Says Use of Encrypted Emails Has Risen 25%

We use email every day, be it sending them for work or personal reasons or getting a thousand and one emails advertising everything from something you are interested in helping a foreign prince distribute their wealth. One way that you can be protected when sending emails is to send encrypted emails, something which has risen in use by 25% for Gmail users.

What caused this spur of encrypted emails? Google stated last year that they would start flagging up emails which were unencrypted, warning users which providers and emails were being sent from services that supported TLS encryption. This change came into effect in February this year, the end result of which was the 25% increase in encrypted emails that Gmail has reported in the last month.

Google isn’t acting alone on this, with Comcast, Microsoft, Yahoo and other companies in the industry looking to create SMTP, a new standard that could be used to help protect emails from man-in-the-middle attacks.

Combining all these with their recent push on security updates in Chrome and Android, including their use of two-factor authentication encryption and warning people about state-sponsored attacks on accounts, it’s becoming more and more clear that even in the digital world, companies want your private information to remain private.

Logjam Can Hijack Your HTTPS Connections

There are a lot of techniques involving malware, trojans or other sort of attacks, but this one seems to affect the common and widely used HTTPS protocol, making it more ‘nasty’ than the rest. Logjam is a cryptographic attack that targets the Diffie-Hellman key exchange in HTTPS, SSH, SMTPS and other sort of negotiation protocols used by the server and browser.

So why is it so important for us to know about? It’s simple. The technique uses a man-in-the-middle approach to break the 512-bit encryption and make it readable. An academic team said that it was even able to beat a 768-bit encryption, but word is that even a 1024-bit encryption can be taken down with enough effort. What this means is that hackers using the latter technique can easily spy on the top 1 million HTTPS domains and even 66% of VPN servers.

Security specialists say that users should upgrade their browsers to the latest version and server owners should disable support for external cypher suites that generate 2048-bit Diffie-Hellman group along with updating to the latest OpenSSH. They say that the technique at hand can even be used by government agencies to easily spy on your web traffic, so hackers aren’t your only concern.

So, are you keeping everything up to date?

Thank you macnn for providing us with this information
Image courtesy of PSDGraphics

Credentials May Become Compromised via Old Windows Vulnerability from the ’90s

Nobody wants their private information shared on the internet, but we live in an era where everything that’s connected to the internet may eventually become public. This is the case of an old Windows vulnerability from the ’90s, which still poses a security threat according to security specialists.

Brian Wallace, a security researcher from Cylance, has been reported to have found a new way to exploit a vulnerability that was previously found in 1997. He stated that the flaw can be used on any Windows OS-powered device, may it be a tablet, PC, server or laptop, and can be used to potentially exploit and compromise around 31 programs.

The vulnerability that goes by the name of Redirect to SMB is said to be exploited by intercepting communication with a Web server using the man-in-the-middle approach. This in turn redirects all traffic to the malicious SMB server, which supposedly collects sensitive information such as usernames, passwords, credit card information or other things users type in.

There are some limitations to the technique though, as Wallace pointed out. The attacker needs to be on the same network as his victims and the attack can easily be prevented by blocking outbound traffic to the 139 and 445 TCP ports. But let’s be honest, who is going to do that? I mean most people don’t even change their default router credentials, let alone go into its settings and block traffic to specific ports.

Microsoft is said to have not made an official statement regarding the matter, but Wallace’s findings have been revealed at the Computer Emergency Readiness Team at Carnegie Melon University. With all this snooping around that’s been going on lately, how secure do you feel? Or is that even a matter of concern at this point?

Thank you PCWorld for providing us with this information

Image courtesy of High Performance Laptops

Hackers Target E-Banking Users By Exploiting Router Vulnerabilities To Hijack the DNS

There have been reports about critical vulnerabilities in a variety of routers, including Cisco, TP-Link, ASUS, TENDA and Netgear among others, all of which can be found in a normal household.

According to Polish Computer Emergency Response Team (CERT Polska), they have noticed an increase in cyber attack, leading to a cyber attack campaign aimed at Polish e-banking users. The hackers apparently use known router vulnerability that allow attackers to change the router’s DNS configuration remotely. This allegedly is used to lure users to fake bank websites or can perform Man-in-the-Middle attacks.

“After DNS servers settings are changed on a router, all queries from inside the network are forwarded to rogue servers. Obviously the platform of a client device is not an issue, as there is no need for the attackers to install any malicious software at all.” CERT Polska researchers said.

The DNS can be changed and point to a malicious DNS server from the router’s settings, giving the hacker complete control to facilitate interception, inspection and modification to the traffic between the user and the online banking website.

It is said that most of the Banking and E-commerce sites are using HTTPS with SSL encryption, making it impossible to impersonate them without a valid digital certificate issued by a Certificate Authority (CA), but to bypass such limitation cyber criminals are also using the SSL strip technique to spoof digital certificates.

The recommended steps to take in case of such attacks are to change the default username and password for the router, update the router’s firmware to the latest version and disable Remote Administration features in the router’s settings. Another way to notice fake websites is to lay attention to the browser’s address bar and HTTPS indicators.

Thank you TheHackerNews for providing us with this information