Technologies to defend from MITM attacks on POP3/SMTP email access?

Discussion in 'privacy technology' started by Ulysses_, Dec 15, 2014.

  1. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Getting emails using POP and SMTP with SSL/TLS, and the authentication method supported by the server is "Normal password".

    Does this involve certificate authorities, making MITM for eavesdropping possible? So a local adversary who has hacked my ISP can eavesdrop?

    If yes, is there anything that can be done to prevent this eavesdropping? It is illegal but you cannot prove you are a victim, so what can be done technically to prevent it?

    Is there anything like Perspectives for Thunderbird or other addon to prevent MITM attacks, given the limitations of the server above?
     
    Last edited: Dec 15, 2014
  2. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    You can secure email using SSL certificates but it requires the co-operation of everyone you communicate with, most people are not used to using email encryption so they don't understand how it works. You can't encrypt email unless you have the public key of the person you are sending to, getting them to learn about it, get a certificate and send the public key to you is the big problem.
    Then even if you send them your public key, getting them to actually use it to encrypt email they send to you is the 2nd big problem.
     
    Last edited: Dec 15, 2014
  3. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    In that case, common security measure such as SMTP Auth or DKIM won't help, and while you can encrypt emails via S/MIME or PGP, it has usability problem as RockLobster explained.
    Another option is use password-zip (of course not limited to zip, you can use 7z or other format you want) with strong encryption and share the passphrase via other secure way, then put sensitive info into it.
     
  4. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I wonder why more people don't think of this solution a 7z has AES 256 bit encryption
     
  5. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Yes usability is the issue in my opinion the whole thing is a mess, one time I tried to get a free Comodo certificate for my email the damn thing installed automatically into my browser certificate store and not in my email client so I tried to find out how to fix that after jumping through all the hoops and joining Comodo's support I eventually get a generic response with a link to their faq which doesn't say anything about that problem. I don't think they really want people to have secure email so they make it as problematic and convoluted as possible it sure worked with me after spending 3 hours on it I said to hell with it and deleted it out of my browser.
    Later on I learned to export it from the browser using the backup option and then import it into the email client.
    Also worth mentioning when you digitally sign an email it also means your public key is sent to the recipient which means they can encrypt their reply if they know how to use it.
     
    Last edited: Dec 16, 2014
  6. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    If emails have to be plaintext, can't the SSL connection between me and the email server be made any more secure against mitm with notaries, given local adversaries in a rogue state are an issue but global adversaries are not?
     
    Last edited: Dec 16, 2014
  7. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Make sure you use a very long password, I remember running 5 million keys per second against a zip file decades ago there is no telling how many billions per second can be achieved today.
    I think the answer would be to change the way passwords are accepted, instead of a correct/incorrect response to the password, the encryption should let you in no matter what password you enter and decrypt with it. Obviously the wrong password would result in garbage but it would foil brute force attacks because the resulting decrypted contents would have to be inspected each time to figure out if it was decrypted correctly or not.
    Something like that might be the way to go with other forms of encryption too.
     
    Last edited: Dec 16, 2014
  8. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    I also encrypted my email by S/MIME with VeriSign cert as my ISP provide this as a service with 1 or 2$/mon. But removed, as I rarely use it. Non of my contacts have such strong interest to security or privacy. I am in similar situation too on TextSecure, SMS encryption program which I use on Android.
    Make sure you FW only accept your mail server's IP address. I recommend to make separate rule set for SMTP and POP.
    SSL only encrypt traffic btwn you and your server, so ask if your ISP that they encrypt server-to-server communication, of course there's no guarantee they actually follow this though.
    Or delete the key if e.g. 100+ trial are done:D
     
  9. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    I had a brainwave. Change email provider and go to one that is also a vpn provider. Then thunderbird can download emails through their vpn tunnel. Then the issue becomes how do you protect openvpn from mitm attacks?

    Someone must have thought of something like notaries for openvpn certificates. Anyone aware of such a thing?
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's an interesting idea. I don't recall ever seeing VPN+email services with the mailserver on the VPN tunnel network. But I don't see any reason why it wouldn't work. OpenVPN is very hard to MitM, as long as the provider keeps their private keys secured. With VPN services, it's providers that we need to trust. I don't see the advantage of trusting some third party, who then vouches for VPN services.
     
  11. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    IMO that won't change situation drastically, but if you can trust that VPN provider (I also don't know such provider who provides email service.), then it's okay, but anyway that only protects traffic btwn mail server and you, so if there's flaw in other communication path (server to server, and server to receiver if you're sender) eavesdropping can happen.
    As to MITM, I don't know such notary service, but many MITM attacks involves some kinds of modification on domain name to address translation including but not limited to DNS cache poisoning, so make sure your email client can access to only exact IP address of your mail server for each of SMTP and POP. IP spoofing on TCP is not trivial.

    BTW, though it's off topic, how do you use Perspective? I also use it on firefox, but even in High Availability profile, it causes many of false positive, i.e. show big red X on completely legitimate https sites. I can see exact notary result from Perspective icon and can tell it's legitimate server unless it just has changed their cert, but I'm wondering I should even loosen my Perspective policy manually to make icon warning more relevant.
     
  12. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
  13. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    From google.co.jp to many online services I registered.
    I think if what you often browse are mainly English sites, you won't come across much red X, but if your mother tongue was minor language you will.

    Thanks for informing us about Unseen.
     
Loading...