Posts Tagged ‘eavesdropping’
Tuesday, September 12th, 2023
Creating secure web forms starts with creating a secure website. This process is more complex than creating web pages and adding an SSL Certificate. A certificate is a solid first step, but it only goes so far as to protect whatever sensitive data necessitates security in the first place.
Naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.
So, what do you do beyond hiring a developer with significant security expertise? Start with this article. Its purpose is to shed light on many of the most significant factors in creating secure web forms and how to address them. At a minimum, reading this article will help you intelligently discuss website security with the developers you hire.
Read the rest of this post »
Tags: cross site scripting, eavesdropping, man-in-the-middle, pgp, phishing, s/mime, secure form, secureform, ssl, ssl certificate, trust, web security, website security
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy, LuxSci Library: Web Design and Programming, Popular Posts, Secure Form
No comments »
Tuesday, March 31st, 2015
We all know that regular email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages you deleted years ago may be on servers halfway around the world? Or that your messages can sometimes be read and modified in transit, even before they reach their destination? Did you know that forging email is very, very easy? Can you trust what you read in an email? Email was not designed with security in mind, and as a result, many different solutions have evolved to plug the multitude of resulting issues.
This article will explain how email works, what the real email security issues are, what mitigations to these are generally in use, and what else you can do to protect your email.
Information security and integrity are essential as we use email to send confidential and sensitive information over this medium every day. While reading this article, imagine how these security problems could affect your business, your personal life, and your identity if they have not already.
Read the rest of this post »
Tags: asymmetric encryption, eavesdropping, email security, false messages, http, identity theft, imap, invasion of privacy, message modification, Message Replay, opportunistic TLS, pgp, pop, repudiation, s/mime, Simple Mail Transport Protocol, smtp, SMTP relaying, smtp server, ssl, ssl certificate, symmetric encryption, tls, Unprotected Backups
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy
14 Comments »
Tuesday, January 28th, 2014
LuxSci has been approached by many people asking for VPN (Virtual Private Network) services. When we ask them why, they indicate that they use wireless hotspots (like at Starbucks and other public places) that are insecure and untrusted and they want to be sure that their email is secure and encrypted there.*
Note that even if the hotspot is password protected and “secure”, that does not mean that it is “trusted”. The hot stop administrators or other users of that hotspot could still try to intercept your Internet traffic. So, just because it is a “secure” hotspot with the little lock next to it and a password that you must enter, do not assume you are safe at all.
Read the rest of this post »
Tags: eavesdropping, email security, hotspot, imap, pop, secure email, smtp, ssl, tls, vpn, webmail, wireless
Posted in LuxSci Library: Security and Privacy
7 Comments »
Monday, July 22nd, 2013
The Secure Socket Layer, SSL for short, is a protocol by which enables services that communicate over the Internet to do so securely.
SSL has recently been replaced by TLS (Transport Layer Security). TLS is newer and more secure than SSL (See TLS vs SSL: What is the difference?); however, from a lay-person’s perspective of “how does it work,” they are functionally the same. We use the term “SSL” to refer to both TLS and SSL in this article for simplicity.
Before we discuss how SSL works and what kinds of security it provides, let us first see what happens without SSL.
Life on the Internet without SSL
This is, for example, what happens when you go to any web page whose address begins with “http://” (and not “https://”).
Let us compare communications on the Internet and communications between people over the telephone. Without SSL, your computer-to-computer communications suffer from the same security problems from which your telephone communications suffer:
Read the rest of this post »
Tags: ciphers, decrypt, eavesdropping, encrypt, key length, private key, public key cryptography, secure port, secure socket layer, ssl, SSL in action, symmetric cryptography, Thawte, tls, trust
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy, LuxSci Library: The Technical Side of Email, Popular Posts
31 Comments »
Sunday, March 8th, 2009
Email security issues and technologies are extremely complicated; however, here we intend to make the salient issues and solutions clearly understandable to all readers.
You may already know that email is not a perfectly secure communication medium; however, it might surprise you to learn just how inherently insecure email can be. Messages thought deleted can still exist in backup folders on remote servers years after being sent. Hackers can read and modify messages in transit, use your usernames and passwords to login to your online services, and steal your identity and critical information!
As the amount of crucial business conducted via email increases, so does the amount of Spam, viruses, hacking, fraud, and other malicious activity. Unless precautions are taken, email can leave you and your business open to escalating security and privacy risks. What are these risks?
Read the rest of this post »
Tags: anonymous, eavesdropping, email bombs, email security, email threats, privacy, spam, viruses, worms
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy
1 Comment »