" Ssl | LuxSci FYI
LuxSci — secure, premium email & web services
 
login

LuxSci FYI

Edited by Erik Kangas, PhD, President of LuxSci
Bringing you news, solutions and insider insight on LuxSci and our digital life

Posts Tagged ‘ssl’

LuxSci Outbound Email: 5 Sending Options Compared!

Friday, May 22nd, 2009

It used to be that to send an email, you had very few choices and even less control over what happened once the message was sent, how many emails you could send, or how you connected to the Internet to send email.  Well, times have changed, the Internet has evolved, users are more savvy, and expectations are much higher.

Today, LuxSci offers five different ways to send outbound email, each geared to particular uses and needs.  In this article, we will describe each method, examine the pros and cons, and end with a  feature chart.  Our goal is to make your outbound email shopping experience straightforward and to provide you with an email service appropriate for your needs.

Read the rest of this post »

Recipe: Completely Secure Collection of Web Form Data using SSL and PGP or S/MIME

Tuesday, March 17th, 2009

The situation: your organization needs to collect information from clients through from(s) on your web site, but that information is sensitive. So, you need to be absolutely sure that the information is transferred from the users of your web site to you in as secure a fashion as possible. This means that

  1. no one but you (or optionally your authorized staff) can intercept or read the information,
  2. the information is never stored insecurely anywhere
  3. the information cannot be modified without your knowledge

Why would this high level of security and privacy be necessary? There are many cases where they are essential; some of these include:

Read the rest of this post »

Understanding Email Services: What are they and what do you need?

Saturday, March 14th, 2009

You thought email was a simple concept, but you are at once confronted with a plethora of acronyms and jargon like POP, IMAP, WebMail, Aliases, Forwards, SMTP, IMAP, POP, Quota, SPAM, TLS, SSL, Archival, and more! This article describes the ins and outs of email, explains these terms, and helps you figure out what services and features you need from your personal or business email service provider.

Read the rest of this post »

The Case For Email Security

Friday, March 13th, 2009

Section 1: Introduction to Email Security

You may already know that email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or that your messages can be read and modified in transit, even before they reach their destination? Or even that the username and password that you use to login to your email servers can be stolen and used by hackers?

This article is designed to teach you about how email really works, what the real security issues are, what solutions exist, and how you can avoid security risks.

Information Security and integrity are becoming more important as we use email for personal communication and business. While you are reading this article imagine how security problems can affect your business or personal life…. if they have not already.

Read the rest of this post »

How Does Secure Socket Layer (SSL or TLS) Work?

Thursday, March 12th, 2009

The Secure Socket Layer, SSL for short, is a protocol by which many services that communicate over the Internet can do so in a secure fashion. Before we discuss how SSL works and what kinds of security it provides, let us first see what happens without SSL.

Life on the Internet without SSL

Let us make an analogy between communications between computers on the Internet and communications between people over the telephone. Without SSL, your computer-to-computer communications suffer from the same security problems from which your telephone communications suffer:

Read the rest of this post »

Security Simplified: The Base+Suffix Method for Memorable Strong Passwords

Thursday, February 19th, 2009

keysIt’s the classic problem of having “too many keys”.  You have accounts on many different web sites.  Some are small and relatively insignificant, from a security point of view, like blogs or shopping sites.  Some are large and sensitive, like banking and PayPal accounts.  Since unified login mechanisms like OpenID are not yet pervasive, you must remember the usernames and passwords for every single site.  This is a truly daunting task.

Ideally, you would like to use passwords that are “strong” (i.e. very good, not easily guessable) and different for every site.  However, how can you remember each secure and unique password without resorting to a “cheat sheet”?

Read the rest of this post »

How Secure are Password-Protected Files?

Saturday, February 14th, 2009

We recently discussed email security for accountants and mentioned that the use of password-protected files is not usually a very good solution for meeting data privacy needs.  After writing this and getting some feed back, we thought that the issue of password-protected files really deserves some further discussion.  Many people are under the assumption that if they use the “password protection” features of whatever software they are using, that their data is safe and secure.  However, this is not necessarily the case.  Why?

Using password-protected files to secure data is fast and easy and built into many applications.  Why not use it?  Certainly, password protecting files is much better than not doing so.  However, there are several things that determine how secure these “protected” files really are.

Read the rest of this post »

How Can You Tell if an Email Was Transmitted Using TLS Encryption?

Tuesday, February 3rd, 2009

Frequently, we are asked to verify if an email that someone sent or received was encrypted using TLS while being transmitted over the Internet.  For example, banks, health care organizations under HIPAA, and other security-aware institutions have a requirement that email be secured at least by TLS encryption from sender to recipient.  This can and should be locked down to ensure that the email message content cannot be eavesdropped upon.  This check, to see if a message was sent securely, is fairly easy to do by looking the the raw headers of the email message in question.  However, it requires some knowledge and experience.  It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.

To see how to analyze a message for its transmission security, we will look at an example email message sent from Gmail to LuxSci, and see that Gmail does not use TLS when sending messages, even when it can.  This indicates that Gmail is probably not a service to be used when you have any kind of encryption requirements.

Read the rest of this post »

What Makes a Web Site HIPAA-Secure?

Thursday, January 29th, 2009

HIPAA EmailDoctors and medical professionals are feeling a growing pressure to get their business online (i.e. even use of electronic prescriptions is being pushed).  This includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients. If doctors can show that they are using digital systems with their health care practices in a meaningful way by 2011, they may be eligible for some serious money (part of the proposed stimulus package — the Health Information Technology for Economic and Clinical Health Act (HITECH)).

However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document.  So, what do these requirements mean and how can HIPAA be followed in the context of a website?

Read the rest of this post »

256-bit AES Encryption for SSL and TLS: Maximal Security

Tuesday, January 20th, 2009

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a "secure" connection of this sort can vary from "almost none" to "really really good … good enough for US government TOP SECRET data".  The piece which varies and thus provides the variable level of security is the "cipher" or "encryption technique".  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the "gold standard" encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

Read the rest of this post »

get a quotefree trial

about us | services | quotes & orders | privacy | contact us | site map | login | xpress
Copyright © 2004-2008 Lux Scientiae®, Incorporated

Copyright © 2004-2008 Lux Scientiae®, Incorporated
Page loaded from site: http://www.luxsci.com — Contact sales@luxsci.com or 1-800-441-6612