👥 2 conferences
🎤 2 talks
📅 Years active: 2014 to 2015
No biography available.
2 known conferences
Email carries some of our most sensitive communication, including private correspondence, financial details, and password recovery confirmations. We expect that messages are private and, in many cases, unforgeable. However, SMTP—the protocol responsible for relaying messages between mail servers—did not originally authenticate senders or encrypt mail in transit. Instead, servers support these features through SMTP extensions. Adopting these features is entirely voluntary and they have only been gradually adopted. As a consequence, mail servers still tolerate unprotected communication and will send messages in clear text if any problems occur when negotiating a secure connection.
Earlier this year, I worked with colleagues at the University of Michigan and Google to measure the global adoption of email security features and try to better understand how well email is secured in practice. Our study draws from two unique data sources: connection logs for Gmail spanning 16 months, plus a snapshot of SMTP server configurations from April 2015 for the Alexa Top Million domains. From Gmail’s perspective, incoming messages protected by TLS have increased 82% over the last year, peaking at 60% of all inbound mail. However, this improvement was largely because a small number of popular web mail providers deployed TLS—many organizations still haven't deployed these features correctly. I will discuss these results and many more that reveal several major weaknesses in the global deployment of mail transport security.
This security patchwork enables network attackers to intercept and surveil email. In one kind of attack, actors corrupt the TLS handshakes at the the start of an SMTP connection to downgrade the connection to cleartext—exposing messages to potential eavesdropping. Using Internet-wide scanning, we identified more than 41,000 SMTP servers in 193 countries that are routinely forced to deliver email as cleartext. We analyzed the mail sent to Gmail from these hosts and find that in seven countries, more than 20% of all messages are prevented from being encrypted by active network attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext, but even in Denmark, nearly 4% of messages are affected.
In a second class of attack, DNS servers provide fraudulent MX records for popular email providers. We searched for servers that provide fraudulent addresses for Gmail’s SMTP servers, and we find 14.6K publicly accessible DNS servers in 69 countries provide falsified responses. We investigate the messages that Gmail received from these hosts and find that in 193 countries more than 0.01% of messages from each country are transited through these impostor hosts. Six of the eight most-affected countries are in Europe.
In this talk, I will first introduce the security extensions for SMTP and the current state of mail security. Then, drawing on our measurements, I will discuss the weaknesses in these protocols and the attacks we see occurring in the wild. I'll discuss what mail server operators, developers, and even end users, can do to protect against these problems. Finally, I will present current proposals for securing mail transport and several weaknesses that we still need to address.
In March 2014, researchers found a catastrophic vulnerability in OpenSSL, the cryptographic library used to secure connections in popular servers including Apache and Nginx. The bug allowed attackers to extract cryptographic keys, login credentials, and other private data from an estimated 22-55% of HTTPS sites. Worsening its severity, the bug was both simple to understand and exploit.
We used ZMap to perform comprehensive scans of the IPv4 address space and popular web servers in the days and months following disclosure. We provide more extensive estimates on who was originally vulnerable, track who patched their sites, and replaced certificates. We will present exactly which server products and devices were vulnerable. We will further discuss how Heartbleed affected the HTTPS CA ecosystem. Worryingly, we find that only 10% of the known vulnerable sites replaced their certificates within the next month, and of those that did, 14% neglected to change the private key, gaining no protection from certificate replacement! We'll also present the shortcomings in the public key infrastructure that Heartbleed unearthed and problems our community needs to focus on moving forward.
We investigated widespread attempts to exploit Heartbleed post disclosure at four network sites. We will discuss the subsequent exploit attempts we observed from almost 700 sources and the Internet-wide scans that started post disclosure. We also investigated whether exploit attempts took place prior to Heartbleed's public disclosure, including examining suspicious network traces recorded months earlier. We will disclose new details of these traces and their implications in the talk.
Even with global publicity, Heartbleed patching plateaued after two weeks. To try to help, we notified network administrators responsible for more than 500,000 unpatched systems. While much of the security community (including us!) assumed that mass vulnerability notifications would be too difficult or ineffective, we found that it increased the Heartbleed patching rate by nearly 50%. We will discuss how we performed these notifications, the reactions of network operators, and prospects for performing automatic mass notifications based on Internet-wide scanning in future vulnerability events.
Throughout the talk, we will use real world data to frame what went well and what went poorly in the Internet's response to Heartbleed. The vulnerability's severe risks, widespread impact, and costly global cleanup qualify it as a security disaster. However, by understanding what went wrong and learning from it, the Internet security community can be better prepared to address major security failures in the future.