ISPs Removing Their Customers' Email Encryption.
Recently, Verizon was caught tampering with its customer's web requests
to inject a tracking super-cookie. Another network-tampering threat to
user safety has come to light from other providers: email encryption
downgrade attacks. In recent months, researchers have reported ISPs in
the U.S. and Thailand intercepting their customers' data to strip a
security flag --- called STARTTLS --- from email traffic. The STARTTLS
flag is an essential security and privacy protection used by an email
server to request encryption when talking to another server or client.
By stripping out this flag, these ISPs prevent the email servers from
successfully encrypting their conversation, and by default the servers
will proceed to send email unencrypted. Some firewalls, including
Cisco's PIX/ASA firewall do this in order to monitor for spam
originating from within their network and prevent it from being sent.
Unfortunately, this causes collateral damage: the sending server will
proceed to transmit plaintext email over the public Internet, where it
is subject to eavesdropping and interception.
http://it.slashdot.org/story/14/11/11/2349244/isps-removing-their-customers-email-encryption
--
--->
A living - breathing - thriving networked neighbourhood -
proud of free culture - claiming it with others ;)
Other reviews,articles,interviews
http://www.furtherfield.org/reviews.php
Furtherfield -- online arts community, platforms for creating, viewing,
discussing and learning about experimental practices at the
intersections of art, technology and social change.
http://www.furtherfield.org
Furtherfield Gallery -- Finsbury Park (London).
http://www.furtherfield.org/gallery
Netbehaviour - Networked Artists List Community.
http://www.netbehaviour.org
http://identi.ca/furtherfield
http://twitter.com/furtherfield
_______________________________________________
NetBehaviour mailing list
[email protected]
http://www.netbehaviour.org/mailman/listinfo/netbehaviour
