Friday, March 13th, 2009
Section 1: Introduction to Email Security
You may already know that email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or that your messages can be read and modified in transit, even before they reach their destination? Or even that the username and password that you use to login to your email servers can be stolen and used by hackers?
This article is designed to teach you about how email really works, what the real security issues are, what solutions exist, and how you can avoid security risks.
Information Security and integrity are becoming more important as we use email for personal communication and business. While you are reading this article imagine how security problems can affect your business or personal life…. if they have not already.
Read the rest of this post »
Tags: asymmetric encryption, eavesdropping, email security, false messages, http, identity theft, imap, invasion of privacy, message modification, Message Replay, opportunistic TLS, pgp, pop, repudiation, s/mime, Simple Mail Transport Protocol, smtp, SMTP relaying, smtp server, ssl, ssl certificate, symmetric encryption, tls, Unprotected Backups
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy, TechNotes
14 Comments »
Tuesday, January 20th, 2009
Updated 12/7/2011 with AES security data for the newest browsers and mobile devices.
SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”. The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”. There are a large number of different ciphers — some are very fast and very insecure. Some are slower and very secure. Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.
AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES. AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS). It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.
This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.
Read the rest of this post »
Tags: 128-bit rc4, 256-bit AES, aes, apache, chrome, cipher, encryption technique, fips, firefox, gpg, internet explorer, iphone, mail.app, opera, outlook, pgp, safari, secret, side channel attack, ssl, symmetric encryption, thunderbird, tls
Posted in LuxSci Library: Security and Privacy, TechNotes
16 Comments »
Email updates:
