The Greatest Flaw on the Internet: Email!

What a terrible security infrastructure we have! After decades of email, it is still one of the most insecure mechanisms of all the…
Photo by Webaroo on Unsplash

The Greatest Flaw on the Internet: Email!

What a terrible security infrastructure we have! After decades of email, it is still one of the most insecure mechanisms of all the systems we use, and, by far, the most common attack vector. There’s no verification of the sender! There’s no verification that the email has not been tampered with! There’s no real checking of timestamps! It can hide whatever it wants in any part of the email! It can tell a sender when you read the email! And so on …

For me, I receive lots of emails that are obviously coming from infected computers, and which then use the university email system to spear phish:

And even from external addresses:

These look valid looking emails that have been sent in the past, and where a random domain is generated for a short time under the .bar domain. When you try each domain, they all lead back to the same place:

and:

The server itself is running web forms that aim to capture user logins, and runs both HTTP and HTTPS:

The domain owner is protected:

Conclusions

Email? It should be marked as depreciated, and bring in a new system which uses encryption for the protection of the message, and the verification of senders. In fact, just switch it off, and let’s all move to secrure messaging platforms.