Posts Tagged ‘ssl’
Friday, May 10th, 2013
 We are sometimes asked if there is any way to make SSL and TLS be compatible with each other. On the surface, this may seem almost nonsensical, but there are cases where such a question actually makes sense!
SSL (Secure Sockets Later) and TLS (Transport Layer Security) are fundamentally the same form of encryption – see SSL versus TLS – what’s the difference. But if that is the case, doesn’t that make them automatically compatible? Well, not really.
Read the rest of this post »
Tags: ssl, tls
Posted in LuxSci Library: Security and Privacy
No comments »
Friday, February 22nd, 2013
 A very common marketing ploy involves companies advertising “secure” services .. where that security consists of only SSL- or TLS-encrypted connection to their servers. While use of TLS and SSL is a critical part of web and email security, it is only one small aspect of security. Below, we will talk about some of the other aspects of what you should be looking for in terms of an actual secure solution so you can be more saavy of simplistic marketing claims in the future.
Read the rest of this post »
Tags: eavesdropping, email provider, encrypted zip, encryption, pgp, s/mime, secure email, security, smtp tls, ssl, ssl and tls, tls
Posted in LuxSci Library: Security and Privacy
No comments »
Tuesday, February 19th, 2013
Web site forms are ubiquitous. Every site needs them to engage their visitors, collect information, makes sales, etc. They are easy to add to your site, but not necessarily easy to do right.
Make a quick web form using some generic web site authoring software and put it up on your site and it may work, but you also may have serious issues:
- Incomplete Forms. Users submitting incomplete forms — e.g. not filling out all of the important fields
- Invalid Input. Users not entering the “right” information — e.g. not actually putting an email address in the email address field
- Form Spam Bots. Automated programs may fill out and submit your forms … sending you junk in the form of gibberish or web site URLs they hope you will visit and buy stuff from.
- Form Insecurity. If your from collects any kind of sensitive information … from passwords to medical data … it could easily be setup incorrectly and allow phishing attacks or data leakage.
- Stale Forms. You updated your form … but someone just somehow submitted the old version which is not even on the Internet anymore!
- Connectivity/Server Issues. You don’t want your users to give up because their network is down or your site is down for a few seconds.
All of these problems impact the success of your site — causing everything from annoyance to the inability to contact your sales leads to breaches of privacy. Fortunately, it is not really that hard to plug these gaps and have a solid, productive, and secure web form.
Read the rest of this post »
Tags: ajax, captcha, connectivity, cookies, form bot, form spam, html5, https, incomplete, input, javascript, no-cache, post failure, required, secureform, ssl, validation
Posted in Business Solutions, LuxSci Library: Web Design and Programming, SecureForm
No comments »
Tuesday, January 8th, 2013
 SSL certificates are pervasively used on the Internet for securing all the data sent between servers, devices, clouds, phones, computers, etc. SSL certificates are intrinsic in the encryption of communications using ”SSL and TLS” (how do these work? What is the difference?) — you can’t have secure communications without them!
In this article, we answer many common and not-so-common questions about SSL certificates.
Read the rest of this post »
Tags: email, ev ssl, http, https, secure, shtml, ssl, ssl certificates, tls, web site
Posted in LuxSci Library: The Technical Side of Email
No comments »
Tuesday, July 24th, 2012
 Customers of our High Volume bulk outbound email service often ask how they can “send faster”. They want to get their mailing out ASAP, no matter if it is to hundreds of recipients, or millions of recipients.
This post codifies all of the various types of advice we give for optimizing outbound email throughput. Much of it applies to outbound email sending over SMTP in general — i.e. its not limited to the LuxSci High Volume service.
Read the rest of this post »
Tags: cluster, concurrent connections, dedicated, high volume, multiple recipients, servers, shared, smtp, SMTP Pipelining, spam-like, ssl, tls
Posted in Bulk Email, Business Solutions, Dedicated & Cloud Servers, LuxSci Library: The Technical Side of Email
No comments »
Wednesday, July 18th, 2012
 Large companies seem to be losing user passwords to hackers at an ever increasing rate. Just recently:
- Formspring lost 420,000 passwords
- LinkedIn lost 6.5 million member passwords … and these were not even well protected.
- eHarmoney lost 1.5 million passwords
- Yahoo! lost 400,000 passwords … all in plain text!
The list goes on and on – it’s likely that you or someone you know was affected by one or more of these issues. So, what can you do to protect yourself?
Read the rest of this post »
Tags: linkedin, password, security, ssl, tls, two-factor, yahoo!
Posted in Business Solutions
No comments »
Monday, April 9th, 2012
The limitations imposed upon hospitals and medical practices in order to meet HIPAA standards often make it easier and more cost-effective to outsource your email to an outside provider such as LuxSci. However, we understand that this can sometimes feel like you’re completely giving up the reins to your email, as it were. LuxSci’s HIPAA Compliant solution safeguards your account to minimize any potential breaches, lapses in security, or other HIPAA violations, but this doesn’t mean that you have no control over your account at all.
Read the rest of this post »
Tags: branded, compliant, hipaa, mobile sync, private labeling, reseller, secure, ssl
Posted in Business Solutions, LuxSci Library: HIPAA
No comments »
Wednesday, March 7th, 2012
 I recently applied for a new insurance policy with fairly well known insurance agency (who shall remain nameless). When all the preliminaries were done, the representative emailed me copies of the new policies. They were “secure” emails. I was very impressed … they thought enough of my privacy and identity to ensure that sensitive documents would be sent securely. And, working in an email security company, I actually know and appreciate the ramifications of that perhaps more than most.
So, once I finally got around to accessing the message, I discovered that it was really not secure at all! Even though the subject said “secured”, the representative said it was secure, and the PDFs of the policy documents were not physically in the message, it was really completely insecure! My faith in the company is now somewhat tarnished (though they might not even know about the issue) … and I have serious doubts about whatever provider they are using to facilitate these “secure messages”.
How do I know it was insecure?
Read the rest of this post »
Tags: email security, escrow, insecure, secureline, ssl, tls
Posted in LuxSci Library: Security and Privacy, LuxSci Library: The Technical Side of Email
No comments »
Wednesday, September 21st, 2011
Update – April, 2012. openssl v1.0.1 is out and it supports TLS v1.1 and v1.2 which help mitigate this attack. All web sites hosted by LuxSci now use this updated software and are safer. LuxSci recommends using a web host which supports TLS v1.1 and v1.2 for secure web connections.
—-
SSL v3 and TLS v1 are subject to a serious exploit, according to a recently published attack mechanism (called BEAST). This sounds foundation-shattering and kind of scary. When people see this, as when we did, the first panicky questions that arise are:
- What is really affected?
- How serious is it?
- What can I do to protect myself?
- How does the BEAST attack actually work?
After researching this issue, we have digested what we have found and produced this article to answer all of these questions for you.
Read the rest of this post »
Tags: beast, breach, compromised, gmail, https, initialization vector, internet explorer, isp, javascript, openssl, opera, ssl, ssl v3.0, tls, tls v1.0, tls v1.1, tls v1.2
Posted in LuxSci Library: Security and Privacy, LuxSci Library: The Technical Side of Email
4 Comments »
Monday, May 9th, 2011
 When sending outbound email from an email program (like Outlook or Thunderbird) or from a mobile device (like iPhone or Blackberry) that is not using Premium MobileSync, your program or device connects to our outbound email servers using an Internet protocol called “SMTP” (The Simple Mail Transport Protocol).
An email server, however, does lots of different things in addition to sending outbound email. It may allow checking of email via POP or IMAP, or checking your address book using LDAP, or other things. So, when your email program connects to the server it has to specify what it wants to do (i.e. send an email). It does this by connecting to a numbered “port” on the server. Port number “25″ is the Internet standard for “regular outbound email”.
However, because port 25 is standard for outbound email, many ISPs, wifi networks, hotels, airports, and other locations that provide Internet access will arbitrarily block any connections to servers (except perhaps their own) on port 25 in order to stop spammers from using their services for the sending of spam, viruses, or malware and to prevent their IP addresses from being black listed.
Read the rest of this post »
Tags: 25, 465, 587, alternate port, anonymization, block, firewall, ip addreess, smtp, smtp port, ssl, tls
Posted in LuxSci Library: Email Programs and Devices, LuxSci Library: The Technical Side of Email
No comments »
|
 |
|
