Google, Microsoft, and Yahoo want to make email immune to man-in-the-middle attacks Read more: http

　　GET OUR

　　TOP STORIES

　　AND MORE

　　Delivered to your

　　inbox for free!

　　10 Weirdest Things Ever Found At The Bottom Of The Ocean

　　Your Daily Dish

　　27 Unrecognizable Celebrities That Will Blow Your Mind

　　Daily Bananas

　　by Taboola Promoted Links

　　In the era of Apple vs. FBI, and large scale hacks on a regular basis, most of us are slowly becoming aware that our data isn’t as protected as it could be. Google, Amazon, Facebook, Microsoft, and a number of other tech giants, however, are banding together to improve the security of email traffic around the Internet.

　　ADVERTISINGSkip ►

　　Software engineers from these companies are working together to create a new system called SMTP Strict Transport Security, which is a mechanism that essentially allows email providers to define new rules for creating encrypted email connections.

　　Related: If the FBI wins, Apple’s engineers may quit rather than break iPhone encryption

　　The new technology is necessary, especially because of the fact that security standards for emails have largely remained the same for years, leaving most emails un-encrypted and open to “man-in-the-middle” hacks, which intercept the email, or change its contents, en route to its destination. When email was first introduced, it used the Simple Mail Transfer Protocol, or SMPT, which did not have any encryption built in at all. Because of this, in 2002 an extension called STARTTLS was added to offer TLS, or Transport Layer Security, encryption with SMTP connections.

　　According to research by the firms behind the new protocol, one of the main problems with this standard, apart from the fact that it took a long time to be widely adopted, is the fact that if anything goes wrong with the sending of the email along the way, it will be sent unencrypted by default. Not only that, but STARTTLS also uses what’s called opportunistic encryption, which means that it doesn’t validate a server’s digital certificate, and if it cannot verify a server’s identity, it assumes that sending the email is still better than nothing.

　　This leads to the man-in-the-middle vulnerability, where a hacker can be put in position to intercept traffic by presenting any certificate, even if it is self-signed. That lets the hacker decrypt the email, and thus defeating the purpose of having encrypted emails in the first place.

　　Read more:backless wedding dresses

　　Follow us: mermaid wedding dresses