TLS stands for “Transport Layer Security” and is closely related to “SSL” (Secure Socket Layer). TLS is one of the standard ways that computers transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:

1. Computer A connects to Computer B (no security)
2. Computer B says “Hello” (no security)
3. Computer A says “Lets talk securely over TLS” (no security)
4. Computer A and B agree on how to do this (secure)
5. The rest of the conversation is encrypted (secure)

In particular:

• The meat of the conversation is encrypted
• Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
• The conversation cannot be eavesdropped upon (without Computer A knowing)
• The conversation cannot be modified by a third party
• Other information cannot be injected into the conversation by third parties.

TLS (and SSL) is used for many different reasons on the Internet and helps make the Internet a more secure place, when used. One of the popular uses of TLS is with SMTP.  See also:

• How Does Secure Socket Layer (SSL or TLS) Work?
• The Case for Email Security (Why normal email is insecure)

Read the rest of this post »

LuxSci’s SecureLine end-to-end email filtering solution has been augmented with a new, optional, outbound email encryption option: “TLS Only”.

SecureLine accounts that enable “TLS Only” can have their outbound email delivered over an SMTP TLS encrypted channel to recipients whose email services support it.  This mitigates the need for using PGP, S/MIME, or SecureLine Escrow message pickup service for many secure outbound email messages — if TLS message transport encryption is “good enough” for your organization (i.e. it is for HIPAA compliance and it is for most bank-to-bank communications).

SecureLine TLS-Only Outbound Encryption:

Read the rest of this post »

LuxSci has added two new features to help administrators manage the forwarding of email in their accounts so that they can meet HIPAA and other regulatory requirements and at the same time easily control the actions of their users:

• Globally restricting email forwarding to only recipients whose email servers support SMTP TLS for message transport encryption, and
• Globally restricting users from managing their own email forwarding settings.

Read the rest of this post »

This article is Part 5 of our series on Internet Programming. See the Introduction and Part 1, Introduction to HTML. This article covers the Perl "list" data type.

Read the rest of this post »

LuxSci customers who require HIPAA Compliance to safeguard electronic protected health information (ePHI) that is stored in or transmitted through their accounts can now display a “HIPAA Compliance Seal” on their web sites or in their email signatures/tag lines/disclaimers.

For example, your compliance seal may look like (click on it to see an example verification page):

Read the rest of this post »

Administrators of LuxSci accounts now have the ability to specify exactly from what locations their users are permitted to login to WebMail.  I.e. administrators can choose to allow WebMail access only from the Office or certain other places.  This is good for general account and information security.

Read the rest of this post »