SSL v3 and TLS v1 are subject to a serious exploit, according to a recently published attack mechanism (called BEAST).  This sounds foundation-shattering and kind of scary. When people see this, as when we did, the first panicky questions that arise are:

• What is really affected?
• How serious is it?
• What can I do to protect myself?
• How does the BEAST attack actually work?

After researching this issue, we have digested what we have found and produced this article to answer all of these questions for you.

Read the rest of this post »

When sending outbound email from an email program (like Outlook or Thunderbird) or from a mobile device (like iPhone or Blackberry) that is not using Premium MobileSync, your program or device connects to our outbound email servers using an Internet protocol called “SMTP” (The Simple Mail Transport Protocol).

An email server, however, does lots of different things in addition to sending outbound email.  It may allow checking of email via POP or IMAP, or checking your address book using LDAP, or other things. So, when your email program connects to the server it has to specify what it wants to do (i.e. send an email).  It does this by connecting to a numbered “port” on the server.  Port number “25″ is the Internet standard for “regular outbound email”.

However, because port 25 is standard for outbound email, many ISPs, wifi networks, hotels, airports, and other locations that provide Internet access will arbitrarily block any connections to servers (except perhaps their own) on port 25 in order to stop spammers from using their services for the sending of spam, viruses, or malware and to prevent their IP addresses from being black listed.

Read the rest of this post »

We are often approached by customers wanting to use their blackberry mobile devices to send and receive email that may contain electronic Protected Health Information (ePHI).  Such customers, when they must abide by the HIPAA and HITECH laws governing medical privacy, must comply with a long set of regulations that covers, among other things, how ePHI may be transmitted over the Internet.

This article deals with the security of sending and receiving email on a Blackberry configured for Internet email services (i.e. it does not apply to those connecting to an Blackberry Enterprise Server and Exchange).

Read the rest of this post »

LuxSci has implemented a number of enhancements which add to its already stringent security and high reliability of services.  These features cover areas such as login security, password resets, SecureLine encryption, Widget backups, and more. The enhancements are listed below, by service.

Read the rest of this post »

On January 30th, 2010, LuxSci will be releasing a set of software updates that add new security features and enhance existing security features.  Additionally, LuxSci is introducing a new Business Associate Agreement for HIPAA customers — one that complies with the new HITECH provisions of HIPAA.  These changes will impact some existing and future customers, as described in this notice.

Read the rest of this post »

Creating a web site that has “secure” components requires more than slapping together some web pages and adding an SSL Certificate.  All a certificate really does is create a thin veneer of security — one that does not go very far to protect whatever sensitive data necessitated security in the first place.  In fact, naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.

So, beyond paying big bucks to hire a developer with significant security expertise, what do you do? Start with this article — its purpose is to shed light on many of the most significant factors in secure web site programming/design and what you can do to address them.  At a minimum, reading this article will help you to intelligently discuss your web site security with the developers that you ultimately hire.

Read the rest of this post »

Standard SSL Certificates are issued by an Certificate Authority (CA) such as Thawte after the CA performs some basic standard validation on the identity of the certificate request to ensure that the certificate is not issued to “the wrong hands”.

The types of validation performed for standard SSL certificates vary by the type and cost of the certificate, but include:

• A confirmation email message sent to the domain administrator as specified in the domain’s entry in the WHOIS database
• A confirmation email message sent to a standard administrative email address at the domain itself, such as “admin@domain.com”.
• The name of the organization owning the domain name may be validated.

You should purchase SSL Certificates that use the above forms of validation in order to:

Read the rest of this post »

We are often asked by customers  why they should pay more for an SSL certificate from LuxSci/Thawte instead of purchasing from a third party provider like Go Daddy.  I.e., what justifies the added expense?

There are two key considerations in choosing Thawte SSL from LuxSci:

1. The recognition of an SSL certificate from Thawte.
2. The benefit of LuxSci managing the order process, installation and subsequent SSL renewals.

Read the rest of this post »

LuxSci has released its new “SecureForm” service. Quickly make your web site or PDF forms secure and HIPAA compliant. Receive the form data, including uploaded files, via secure email or download the data securely from LuxSci’s web interface.

What forms types are supported by SecureForm?

• Web site forms hosted anywhere
  • File uploads up to 50MB and 25 files per post
• PDF forms hosted anywhere

How can you receive the form data?

Read the rest of this post »

It used to be that to send an email, you had very few choices and even less control over what happened once the message was sent, how many emails you could send, or how you connected to the Internet to send email.  Well, times have changed, the Internet has evolved, users are more savvy, and expectations are much higher.

Today, LuxSci offers five different ways to send outbound email, each geared to particular uses and needs.  In this article, we will describe each method, examine the pros and cons, and end with a  feature chart.  Our goal is to make your outbound email shopping experience straightforward and to provide you with an email service appropriate for your needs.

Read the rest of this post »