What Email Servers Can Tell to Johnny: An Empirical Study of Provider-to-Provider Email Security

Kambourakis, Georgios; Gil, Gerard Draper; Sánchez, Inmaculada

doi:10.1109/access.2020.3009122

Cited by 15 publications

(4 citation statements)

References 34 publications

(44 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Interestingly, one app supports password-less user authentication via a one-time code sent over email. This option may seem more secure, but it again relies on the security of the email service, which naturally cannot be guaranteed [121]. Furthermore, the user will be unable to login to the app in absence of an internet connection or if their email service is down.…”

Section: Discussionmentioning

confidence: 99%

A Multi-Tier Security Analysis of Official Car Management Apps for Android

2021

Self Cite

View full text Add to dashboard Cite

Using automotive smartphone applications (apps) provided by car manufacturers may offer numerous advantages to the vehicle owner, including improved safety, fuel efficiency, anytime monitoring of vehicle data, and timely over-the-air delivery of software updates. On the other hand, the continuous tracking of the vehicle data by such apps may also pose a risk to the car owner, if, say, sensitive pieces of information are leaked to third parties or the app is vulnerable to attacks. This work contributes the first to our knowledge full-fledged security assessment of all the official single-vehicle management apps offered by major car manufacturers who operate in Europe. The apps are scrutinised statically with the purpose of not only identifying surfeits, say, in terms of the permissions requested, but also from a vulnerability assessment viewpoint. On top of that, we run each app to identify possible weak security practices in the owner-to-app registration process. The results reveal a multitude of issues, ranging from an over-claim of sensitive permissions and the use of possibly privacy-invasive API calls, to numerous potentially exploitable CWE and CVE-identified weaknesses and vulnerabilities, the, in some cases, excessive employment of third-party trackers, and a number of other flaws related to the use of third-party software libraries, unsanitised input, and weak user password policies, to mention just a few.

show abstract

Section: Discussionmentioning

confidence: 99%

A Multi-Tier Security Analysis of Official Car Management Apps for Android

2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…The Simple Mail Transfer Protocol (SMTP) functions as a Message Transfer Agent (MTA) and operates on port number 25 [97]. In the email communication process, a sender or client requires a client MTA to send emails, while the recipient or server needs a server MTA to receive the mail.…”

Section: Smtpmentioning

confidence: 99%

Performance, privacy, and security issues of TCP/IP at the application layer: A comprehensive survey

Timothy Murkomen

2024

GSC Adv. Res. Rev.

View full text Add to dashboard Cite

TCP/IP is the backbone of modern network communication, connecting devices across the world. TCP/IP at its core is a suite of protocols that enables the transmission of data between computers, facilitating the foundation of the interconnected global network. At the Application Layer of TCP/IP is where the interaction between software applications and the network occurs. The user-centric protocols such as HTTP, SMTP, FTP, POP3, IMAP and DNS facilitate various tasks at this layer such as web browsing, email communication, and file transfer. This comprehensive survey conducted an exploration of the performance, security and privacy issues at the application layer of the TCP/IP. It initiated by providing a background of TCP/IP model, it’s architecture and the core characteristics, with major focus on the application layer. This paper aimed to discuss the state-of-the-art of performance, privacy and security concerns in TCP/IP application layer. It also proposed future research areas to equip researchers, practitioners, policy makers and the decision makers with tangible knowledge, offering guidance in navigating the performance, privacy and security concerns in TCP/IP Application Layer. It aimed to discuss the current performance, privacy and security research gaps at the Application Layer of the TCP/IP Model. The findings of this research sheds light on the performance, privacy and security issues while suggesting the countermeasures to strengthen and optimize the overall performance, security and privacy of TCP/IP model at the application layer. The paper finally suggests future directions and research areas at the TCP/IP application layer.

show abstract

“…Email software needs to be protected using Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) [52][53][54]. Security should also include IMAP and POP3 connecting over TLS and Cryptographic Key Management System (CKMS) [52].…”

Section: Secure Email Protocolsmentioning

confidence: 99%

An Approach to Guide Users Towards Less Revealing Internet Browsers

Mohsen

Shtayyeh²,

Struijk³

et al. 2022

Emerging Trends in Cybersecurity Applications

View full text Add to dashboard Cite

translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

show abstract

What Email Servers Can Tell to Johnny: An Empirical Study of Provider-to-Provider Email Security

Cited by 15 publications

References 34 publications

A Multi-Tier Security Analysis of Official Car Management Apps for Android

A Multi-Tier Security Analysis of Official Car Management Apps for Android

Performance, privacy, and security issues of TCP/IP at the application layer: A comprehensive survey

An Approach to Guide Users Towards Less Revealing Internet Browsers

Contact Info

Product

Resources

About