|
|
Edited by Erik Kangas, PhD, President of LuxSci
|
Bringing you news, solutions and insider insight on LuxSci and our digital life
Posts Tagged ‘ssl’
Friday, May 22nd, 2009
 It used to be that to send an email, you had very few choices and even less control over what happened once the message was sent, how many emails you could send, or how you connected to the Internet to send email. Well, times have changed, the Internet has evolved, users are more savvy, and expectations are much higher.
Today, LuxSci offers five different ways to send outbound email, each geared to particular uses and needs. In this article, we will describe each method, examine the pros and cons, and end with a feature chart. Our goal is to make your outbound email shopping experience straightforward and to provide you with an email service appropriate for your needs.
Read the rest of this post »
Tags: anonymous, authentication, bulk mailing, disclaimers, location, message, outbound email, ports, recipients, security, sending email, size, smarthost, smtp, ssl, taglines, tls
Posted in Business Solutions, LuxSci Library: The Technical Side of Email
1 Comment »
Tuesday, March 17th, 2009
 The situation: your organization needs to collect information from clients through from(s) on your web site, but that information is sensitive. So, you need to be absolutely sure that the information is transferred from the users of your web site to you in as secure a fashion as possible. This means that
- no one but you (or optionally your authorized staff) can intercept or read the information,
- the information is never stored insecurely anywhere
- the information cannot be modified without your knowledge
Why would this high level of security and privacy be necessary? There are many cases where they are essential; some of these include:
Read the rest of this post »
Tags: encryption, hipaa, pgp, phishing, s/mime, secure, secure email, secure web form, ssl, ssl certificate, web form, web site
Posted in AAA Featured Articles, LuxSci Library: HIPAA, TechNotes
No comments »
Saturday, March 14th, 2009
 You thought email was a simple concept, but you are at once confronted with a plethora of acronyms and jargon like POP, IMAP, WebMail, Aliases, Forwards, SMTP, IMAP, POP, Quota, SPAM, TLS, SSL, Archival, and more! This article describes the ins and outs of email, explains these terms, and helps you figure out what services and features you need from your personal or business email service provider.
Read the rest of this post »
Tags: autoresponder, catch-all alias, email, email alias, email archival, email clients, email provider, imap, imaps, Internet Mail Access Protocol, personality, pop, pop3, pops, Post Office Protocol, private labeling, secure imap, secure pop, secure SMTP, security, Simple Mail Transport Protocol, smtp, smtp authentication, SMTP relaying, smtp server, spam, ssl, tls, web-based email, webmail
Posted in AAA Featured Articles, LuxSci Library: The Technical Side of Email, TechNotes
1 Comment »
Friday, March 13th, 2009
Section 1: Introduction to Email Security
 You may already know that email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or that your messages can be read and modified in transit, even before they reach their destination? Or even that the username and password that you use to login to your email servers can be stolen and used by hackers?
This article is designed to teach you about how email really works, what the real security issues are, what solutions exist, and how you can avoid security risks.
Information Security and integrity are becoming more important as we use email for personal communication and business. While you are reading this article imagine how security problems can affect your business or personal life…. if they have not already.
Read the rest of this post »
Tags: asymmetric encryption, eavesdropping, email security, false messages, http, identity theft, imap, invasion of privacy, message modification, Message Replay, opportunistic TLS, pgp, pop, repudiation, s/mime, Simple Mail Transport Protocol, smtp, SMTP relaying, smtp server, ssl, ssl certificate, symmetric encryption, tls, Unprotected Backups
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy, TechNotes
1 Comment »
Thursday, March 12th, 2009
 The Secure Socket Layer, SSL for short, is a protocol by which many services that communicate over the Internet can do so in a secure fashion. Before we discuss how SSL works and what kinds of security it provides, let us first see what happens without SSL.
Life on the Internet without SSL
Let us make an analogy between communications between computers on the Internet and communications between people over the telephone. Without SSL, your computer-to-computer communications suffer from the same security problems from which your telephone communications suffer:
Read the rest of this post »
Tags: ciphers, decrypt, eavesdropping, encrypt, key length, private key, public key cryptography, secure port, secure socket layer, ssl, SSL in action, symmetric cryptography, Thawte, tls, trust
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy, TechNotes
7 Comments »
Thursday, February 19th, 2009
 It’s the classic problem of having “too many keys”. You have accounts on many different web sites. Some are small and relatively insignificant, from a security point of view, like blogs or shopping sites. Some are large and sensitive, like banking and PayPal accounts. Since unified login mechanisms like OpenID are not yet pervasive, you must remember the usernames and passwords for every single site. This is a truly daunting task.
Ideally, you would like to use passwords that are “strong” (i.e. very good, not easily guessable) and different for every site. However, how can you remember each secure and unique password without resorting to a “cheat sheet”?
Read the rest of this post »
Tags: attack, change password, cheat sheet, crack, dictionary attack, encrypted, guess, hacker, key logger, obama, openid, password, remember password, secure, security, ssl, strong password, twitter, username, webaides
Posted in LuxSci Library: Security and Privacy, TechNotes
1 Comment »
Saturday, February 14th, 2009
 We recently discussed email security for accountants and mentioned that the use of password-protected files is not usually a very good solution for meeting data privacy needs. After writing this and getting some feed back, we thought that the issue of password-protected files really deserves some further discussion. Many people are under the assumption that if they use the “password protection” features of whatever software they are using, that their data is safe and secure. However, this is not necessarily the case. Why?
Using password-protected files to secure data is fast and easy and built into many applications. Why not use it? Certainly, password protecting files is much better than not doing so. However, there are several things that determine how secure these “protected” files really are.
Read the rest of this post »
Tags: aes, brute force, dictionary, digital signature, encrypted, excel, insecure, microsoft word, office 2007, one note, password, password protected, password recovery, password-protected files, Password-Protected PDF, password-to-modify, pdf, pgp, powerpoint, s/mime, secureline, ssl, strong encryption, winzip, zip
Posted in LuxSci Library: Security and Privacy, TechNotes
3 Comments »
Tuesday, February 3rd, 2009
 Frequently, we are asked to verify if an email that someone sent or received was encrypted using TLS while being transmitted over the Internet. For example, banks, health care organizations under HIPAA, and other security-aware institutions have a requirement that email be secured at least by TLS encryption from sender to recipient. This can and should be locked down to ensure that the email message content cannot be eavesdropped upon. This check, to see if a message was sent securely, is fairly easy to do by looking the the raw headers of the email message in question. However, it requires some knowledge and experience. It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.
To see how to analyze a message for its transmission security, we will look at an example email message sent from Gmail to LuxSci, and see that Gmail does not use TLS when sending messages, even when it can. This indicates that Gmail is probably not a service to be used when you have any kind of encryption requirements.
Read the rest of this post »
Tags: bank, gmail, google, headers, hipaa, mx logic, private, received, secure, security, smtp, ssl, tls, transmission
Posted in LuxSci Library: Security and Privacy, TechNotes
No comments »
Thursday, January 29th, 2009
 Doctors and medical professionals are feeling a growing pressure to get their business online (i.e. even use of electronic prescriptions is being pushed). This includes making available protected health information to patients via a web site and collecting similar private information from patients or would-be patients. If doctors can show that they are using digital systems with their health care practices in a meaningful way by 2011, they may be eligible for some serious money (part of the proposed stimulus package — the Health Information Technology for Economic and Clinical Health Act (HITECH)).
However, where the health information of an identifiable individual is involved, the Health Insurance Portability and Accountability Act (HIPAA) is the official compliance document. So, what do these requirements mean and how can HIPAA be followed in the context of a website?
Read the rest of this post »
Tags: backup, disposal, electronic prescription, encrypted, escrow, form, Health Insurance Portability and Accountability Act, hipaa, hipaa-secure, patient, pgp, privacy agreement, protected health information, s/mime, secure ftp, secureline, ssl, web form, web site
Posted in Business Solutions, LuxSci Library: HIPAA
1 Comment »
Tuesday, January 20th, 2009
 SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a "secure" connection of this sort can vary from "almost none" to "really really good … good enough for US government TOP SECRET data". The piece which varies and thus provides the variable level of security is the "cipher" or "encryption technique". There are a large number of different ciphers — some are very fast and very insecure. Some are slower and very secure. Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.
AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES. AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS). It is also the "gold standard" encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.
This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.
Read the rest of this post »
Tags: 128-bit rc4, 256-bit AES, aes, apache, chrome, cipher, encryption technique, fips, firefox, gpg, internet explorer, iphone, mail.app, opera, outlook, pgp, safari, secret, side channel attack, ssl, symmetric encryption, thunderbird, tls
Posted in LuxSci Library: Security and Privacy, TechNotes
7 Comments »
|
|
Receive automatic updates via email:
