The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: SMTP Hacking

What is SMTP STS? How It improves Email Security for StartTLS?

What is SMTP STS? How It improves Email Security for StartTLS?

March 24, 2016Swati Khandelwal
Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age. But are your Emails secure? We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely. However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades. But worry not. A new security feature is on its way!!! SMTP STS: An Effort to Make Email More Secure Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed. Dubbed SMT
New Cridex Banking Trojan variant Surfaces with Self-Spreading Functionality

New Cridex Banking Trojan variant Surfaces with Self-Spreading Functionality

July 02, 2014Wang Wei
In an effort to infect large number of people, cybercriminals have developed a new malicious software program that contains functionality to spread itself quickly. Geodo , a new version of the infamous Cridex (also known as Feodo or Bugat ) banking information stealing Trojan works in conjunction with a worm that sends out emails automatically to continue its self-spreading infection method, effectively turning each infected Windows system in the botnet for infecting new targets, Seculert warned . The Infected Windows systems in the botnet network download and install an additional piece of malware (i.e. an email worm) from the Botnet 's command and control servers, provided with approximately 50,000 stolen SMTP account credentials including those of the associated SMTP servers. The stolen SMTP credentials appeared to come from Cridex victims and with the help of those credentials, the malware then sends out emails from legitimate accounts to other potential victim
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.