As much as we complain about email as an annoyance, a distraction, and a productivity killer, we depend on it for vital business and personal communications. We might hate email, but we’d probably be lost without it.
What many people don’t realize is that email is quite old as a technology, and it’s very insecure. Not only are spam and phishing rampant, email snooping is a problem, too.
Because email traverses the Internet in plaintext, it’s only as private as sending a postcard. If you’re not encrypting your email, what you might think is a private communication could be read by anyone – whether it be Google, the NSA, or perhaps one of your competitors.
On June 5th, 2014 a vulnerability (CVE-2014-0224) was found in OpenSSL that impacts our network security products. Fortunately, as of the publication of this article, there are no known in-the-wild attacks. Of course, as you’ve come to expect from Sophos, we’ve wasted no time in getting to work on patches to fix this vulnerability.
The vulnerability exists in OpenSSL and can allow an attacker using a man-in-the-middle attack to decrypt and modify traffic between a vulnerable client and server. Both client and server must be vulnerable for this exploit to work. OpenSSL versions 1.0.1 and 1.0.2-beta are affected.
Email is a common source of data loss. With governments across the globe increasing the penalties for breaches, encryption is the best way to secure data sent by email and comply with data security regulations.
Like everything else we do at Sophos, we’ve made protecting your email simple.
Sophos UTM Email Protection and our Sophos Email Appliances include our cutting-edge SPX technology that simplifies encryption without slowing down your business.