Articles about email

SecurEnvoy SecurMail, you say? Only after this patch is applied, though

Recently resolved vulnerabilities in SecurEnvoy's encrypted email transfer SecurMail created a way for encrypted emails in users' inboxes to be read, overwritten and deleted by others. The flaws – uncovered by Austrian security firm SEC Consult during a crash test – included cross-site scripting, cross-site request forgery, …
John Leyden, 13 Mar 2018
Utah bar topless

Will the defendant please rise? Utah State Bar hunts for sender of topless email

The Utah State Bar in America is investigating how a picture of a topless woman appeared in an email sent to all its members earlier this week. There was little to alert lawyers about what they were about to see when the email, titled "2018 Spring Convention Walk-Ins Welcome! Learn How!", popped up in inboxes. Those who did …

Who wants dynamic dancing animations and code in their emails? Everyone! says Google

Having last year axed its scanning of Gmail messages after years of withering privacy criticism, Google has decided to court controversy again in this area. Now it is extending its much-loved Accelerated Mobile Pages (AMP) technology to email inboxes. In a blog post on Tuesday, Gmail product manager Aakash Sahney announced …
Thomas Claburn, 13 Feb 2018
Riven Media http://www.shutterstock.com/gallery-1141187p1.html

Who can save us? It's 2018 and some email is still sent as cleartext

The Internet Engineering Task Force (IETF) has emitted another small advance in its program to protect as much of the Internet as it can, with a request that email systems finish encrypting all their connections. In RFC 8314, Windrock's Keith Moore and Oracle's Chris Newman explain that there some interactions between email …

You had one job, Outlook! Security bug fix stops mail app from forwarding attachments

Outlook will strip attachments from some forwarded emails once you've applied a security update from this month's Patch Tuesday, Microsoft has admitted. Once the buggy patch, released January 9, is installed, Outlook 2016 will drop attachments from forwarded plain-text messages. This affects the Microsoft Installer (MSI) …
Shaun Nichols, 26 Jan 2018

Perv raided college girls' online accounts for nude snaps – by cracking their security questions

Jonathan C. Powell, who hacked into over 1,000 email accounts in search of sexually explicit images and videos of college-aged women, was jailed for six months for computer fraud, the US Department of Justice said on Thursday. Arrested in November, 2016, Powell, a resident of Phoenix, Arizona, pleaded guilty last August in a …
Thomas Claburn, 25 Jan 2018

HMRC dev support team cc blurtfest: Over 1,400 email addresses blabbed

Almost 1,500 software developers registered to use the UK taxman's sandbox or API platform have had their email addresses blabbed in a mass mailing. The snafu happened on Friday afternoon, when an email about the HMRC Developer Hub was accidentally sent with users' addresses visible in the CC field. The email, with the …
Rebecca Hill, 22 Jan 2018

Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes

Microsoft should not be able to “shield evidence” held on Irish servers from US prosecutors, a group of 35 US state attorneys general has argued. The group – which represents Vermont, New Jersey, Illinois, Florida among other states – submitted an amicus brief to the US Supreme Court backing the US Department of Justice’s …
Rebecca Hill, 15 Dec 2017

Archive of 1.4 billion credentials in clear text found in dark web archive

A data dump containing over 1.4 billion email addresses, passwords, and other credentials, all in clear text, has been found online by security shop @4iQ. The 41-gigabyte file was discovered on December 5 and had been updated at the end of last month, indicating the data is both current and being used by third parties. The …
Iain Thomson, 12 Dec 2017
Finger touches email icons floating away into space

Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

Penetration tester Sabri Haddouche has reintroduced the world to email source spoofing, bypassing spam filters and protections like Domain-based Message Authentication, Reporting and Conformance (DMARC), thereby posing a risk to anyone running a vulnerable and unpatched mail client. What he's found is that more than 30 mail …
email

Uni staffer's health info blabbed in email list snafu

The University of East Anglia has been involved in a personal data breach for the second time in five months. Around 300 postgraduate students in the received an email on Sunday 5 November which contained "personal information about the health of a member of staff", due to the accidental use of an email distribution list. UEA …

OpenSSL patches, Apple bug fixes, Hilton's $700k hack bill, Kim Dotcom raid settlement, Signal desktop app, and more

Happy weekend, everyone, except those of you on call, of course. Let us catch you up on all the IT security bits and pieces besides what's been reported this week. Down in New Zealand, Kim Dotcom, the bête noire of Hollywood, reached a settlement with the New Zealand authorities over a rather dramatic raid in 2012 on his home …
Iain Thomson, 4 Nov 2017

Let's dig into how open source could KO the Silicon Valley chat silos

Interview There's never been a better opportunity for the world to start untangling itself from the giant Silicon Valley data harvesters than now. Last week, we revealed a plan to embed open-source chat into three quarters of the world's IMAP servers. And this may be an important development. Maybe. Google, Yahoo!, Apple and Microsoft …
Andrew Orlowski, 19 Oct 2017

Brit intel fingers Iran for brute-force attacks on UK.gov email accounts

Iran has been blamed for the brute-force attack on UK Parliament earlier this year. An unpublished assessment by British intelligence obtained by The Times fingers Iran for the high-profile hack. The revelation comes as the US president has refused to continue signing off the 2015 Iran nuclear deal, to which the UK is a party …
John Leyden, 16 Oct 2017

Sensitive client emails, usernames, passwords exposed in Deloitte hack

Deloitte, one of the world's "big four" accountancy firms, has fallen victim to a cyberattack that exposed sensitive emails to hackers. The IT security breach dates back to November 2016 but was only discovered in March this year, according to The Guardian, which broke the news in an exclusive on Monday. Deloitte has …
John Leyden, 25 Sep 2017

Outlook.com looking more like an outage outbreak for Europe

Microsoft's email services got hit with not one but two bugs today: in addition to an earlier blip with Exchange Online, Microsoft confirmed it is now probing "issues" with "some" Outlook.com users in Europe. According to downdetector.com, more than a thousand users have reported problems such as trouble receiving messages and …
Andrew Silver, 18 Sep 2017
Email. Pic: Shutterstock

Dude who claimed he invented email is told by judge: It's safe to say you didn't invent email

A US district judge has dismissed the libel lawsuit entrepreneur Shiva Ayyadurai filed against bloggers who rubbished his claims he invented email. Judge Dennis Saylor ruled [PDF] on Wednesday that Techdirt posts that trashed Ayyadurai's claims of inventing an electronic message system we know today as email were covered by …
Shaun Nichols, 7 Sep 2017
panic

Did ROPEMAKER just unravel email security? Nah, it's likely a feature

A new attack, dubbed ROPEMAKER, changes the content of emails after their delivery to add malicious URLs and corrupt records. The assault undermines the comforting notion that email is immutable once delivered, according to email security firm Mimecast. Microsoft reckons the issue doesn't represent a vulnerability, a stance a …
John Leyden, 23 Aug 2017

Create a news alert about email, or find more stories about email.

Biting the hand that feeds IT © 1998–2018