Posts Tagged ‘ssl’
Tuesday, January 20th, 2009
Updated 12/7/2011 with AES security data for the newest browsers and mobile devices.
SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”. The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”. There are a large number of different ciphers — some are very fast and very insecure. Some are slower and very secure. Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.
AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES. AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS). It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.
This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.
Read the rest of this post »
Tags: 128-bit rc4, 256-bit AES, aes, apache, chrome, cipher, encryption technique, fips, firefox, gpg, internet explorer, iphone, mail.app, opera, outlook, pgp, safari, secret, side channel attack, ssl, symmetric encryption, thunderbird, tls
Posted in LuxSci Library: Security and Privacy, TechNotes
16 Comments »
Monday, January 19th, 2009
 Our sales staff has been asked this question countless times. It is a natural assumption that because SSL and TLS encryption of email (and web sites) requires use of an "SSL certificate", that one must buy an SSL certificate in order to use such a service. Fortunately, the answer is always
You do not need to buy your own SSL certificate to use secure email.
We’ll explain why.
Read the rest of this post »
Tags: client certificate, email security, encryption, secure email, ssl, ssl certificate, ssl email, tls
Posted in LuxSci Library: Security and Privacy, TechNotes
1 Comment »
Thursday, January 15th, 2009
Notice: the services discussed in this posting have been replaced by our new SecureForm Service.gif) Situation:
You collect private information on your website. Whether it’s health information that needs to be HIPAA-compliant, credit card numbers, or other confidential data, you need an easy and transparent way to protect the privacy of your visitors, from start to finish.
Solution:
LuxSci provides a secure web form for your website. Information is encrypted and emailed to you directly, so that you can access everything in your own email, but know that the data was secure from input to delivery.
Read the rest of this post »
Tags: decrypted, encrypted, end-to-end, hipaa, secure, secure email, secure web form, secure web site, secureline, ssl, web form
Posted in Business Solutions
1 Comment »
Wednesday, December 24th, 2008
 Now that LuxSci supports OpenID as an option for logging into WebMail, it raises the questions: “Just how secure is OpenID?” and “Does this new technology allow for more secure logins?” In short, the security of OpenID can vary from very poor to extremely iron-clad. OpenID does allow you to make your logins to WebMail “bullet-proof”, if you set things up appropriately.
Read the rest of this post »
Tags: biometrics, fob, openid, openid providers, personal identity portal, rsa, rsa securid, rsa token, security, security token, single sign on, smart card, ssl, strong authentication, trustbearer, usb token, webmail
Posted in LuxSci Library: Security and Privacy, TechNotes
6 Comments »
Wednesday, December 10th, 2008
LuxSci supports a plethora of modern email programs like Microsoft Outlook and Eudora (our blog posting “Head To Head Battle of Email Clients” discuss several of these) and works with any email program and device that properly supports POP, IMAP, or SMTP. However, we do recommend Mozilla Thunderbird in the absence of any personal preferences or specific requirements for things that may only be supported in Outlook or other specific programs. LuxSci’s staff uses Thunderbird with IMAP (or WebMail) uniformly for all email sending and receiving. We discuss the reasons why in the “Battle” blog article. Here, we will give some configuration tips and tricks and recommended add-ons.
Read the rest of this post »
Tags: caldav, configuration, enigmail, imap, imap keywords, iPod, mozilla, optimize, secure authentication, setup, signatures, ssl, tags, thunderbird, tls, webdav
Posted in LuxSci Library: Email Programs and Devices, TechNotes
5 Comments »
Saturday, November 15th, 2008
The short answer is “no” … unless you need to support web browsers 8+ years old on computers that cannot be patched or upgraded and which are not in the USA or Canada.
Read the rest of this post »
Tags: cipher, export, export grade, pci, security, ssl, tls
Posted in LuxSci Library: Security and Privacy, TechNotes
2 Comments »
Monday, November 10th, 2008
Security researches will be outlining attacks that can break the WPA wirless security protection of wireless networks this week at the PacSec conference in Tokyo. Erik Tews and Martin Beck will discuss how networks protected by TKIP (Temporal Key Integrity Protocol — originally called WEP2) are vulnerable to attackers being able to inject small amounts of traffic into the encrypted data stream. This can allow attackers to:
Read the rest of this post »
Tags: aes, email security, hotspot, secure email, ssl, tls, wep, wireless, wpa
Posted in LuxSci Library: Security and Privacy, TechNotes
2 Comments »
Monday, November 10th, 2008
SSL versus TLS
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a difference between the two?
Read the rest of this post »
Tags: email security, secure email, secure socket layer, security, ssl, ssl vs tls, tls, tls vs ssl, transport layer
Posted in LuxSci Library: Security and Privacy, TechNotes
9 Comments »
Wednesday, November 5th, 2008
LuxSci has been approached by many people asking for VPN (Virtual Private Network) services. When we ask them why, they indicate that they use wireless hotspots (like at Starbucks and other public places) that are insecure and untrusted and they want to be sure that their email is secure and encrypted there.
This is a very legitimate concern. Wireless hotspots are serious danger zones; we have seen many cases of people who have carelessly used insecure connections to email and had their login usernames and passwords stolen in such places. This can lead to identity theft, the leaking of sensitive company or personal information, and other serious problems. Anyone using public wireless hotspots or other untrusted networks for email and other activities that involve personal information need to take care that the information sent to and from their computers is protected. If the transmission of your sensitive information is protected, then you have nothing to worry about and hotspots can be great places to work.
Read the rest of this post »
Tags: eavesdropping, email security, hotspot, imap, pop, secure email, smtp, ssl, tls, vpn, webmail, wireless
Posted in LuxSci Library: Security and Privacy, TechNotes
7 Comments »
Monday, November 3rd, 2008
LuxSci has had many requests from clients who have to communicate with various banks and other security-conscious organizations asking that LuxSci “enforce the encryption of email when sent to those organizations’ email servers via TLS”. This is such a common request, that I wanted to explain what it means, why it is good, how LuxSci does this by default, and the extra step that LuxSci can take to lock down things even more for you.
Read the rest of this post »
Tags: encryption, pgp, s/mime, secure email, secureline, security, smtp, ssl, tls
Posted in Business Solutions, LuxSci Library: Security and Privacy
7 Comments »
|
 |
|
Email updates:
