New research reveals millions of host sites are without TLS encryption
TLS encryption allows end-to-end encryption for safer communications and browsing
New research from ShadowServer has revealed 3.3 million POP3 (Post Office Protocol) and IMAP (Internet Message Access Protocol) mail servers are currently exposed to network sniffing attacks, due to being without TLS encryption.
TLS, or Transport Layer Security, is a security protocol which provides end-to-end security between applications over the Internet. It is used for secure web browsing, and encrypts communications through email, file transfer, and messaging.
ShadowServer scanned the internet for hosts running a POP3 service on port 110/TCP or 995/TCP without TLS support – finding 3.3 million hosts without the security layer.
Without TLS, passwords for mail access could be intercepted, and that exposed services could allow password guessing attacks on the server. Without the encryption, credentials and message content is sent in clear text, which exposes hosts to eavesdropping network sniffing attacks.
Almost 900,000 of these sites were in the US, with over 500,000 and 380,000 in Germany and Poland, but the researchers note, ‘regardless whether TLS is enabled or not service exposure may enable password guessing attacks against the server’.
“We have started notifying about hosts running POP3/IMAP services without TLS enabled, meaning usernames/passwords are not encrypted when transmitted,” the ShadowServer Foundation said in a tweet.
“We see around 3.3M such cases with POP3 & a similar amount with IMAP (most overlap). It’s time to retire those!”
Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
In August 2018, TLS 1.2 was updated with TLS 1.3 brought in, with 1.3 offering significant improvements in both performance and security. Whilst TLS is very common, ImmuniWeb reports that from Q1 2024 to date, there were 1,421,781 SSL/TLS events – so even with the encryption, there are dangers for users.
Via SecurityAffairs
Original Author: Ellen Jennings-Trace | Source: TechRadar
The deal allows the U.S. to take more equity in Intel if the company doesn't…
We're expecting two new models alongside the all-new Apple Watch Series 11. | Original Author:…
Japan’s FugakuNEXT supercomputer will combine Fujitsu CPUs and Nvidia GPUs to deliver 600EFLOPS AI performance…
Microsoft has fired two more employees who participated in recent protests against the company’s contracts…
Microsoft announced its first homegrown AI models on Thursday: MAI-Voice-1 AI and MAI-1-preview. The company…
A comprehensive review of Max Tegmark's Life 3.0, exploring the future of artificial intelligence and…