" eavesdropping Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘eavesdropping’

Creating Secure Web Pages and Forms: What You Need to Know

Monday, September 25th, 2017

Fred is a busy small business CEO.  He hired a cheap developer online to setup his secure medical web site for him.  The developer got an SSL certificate and setup pages where patients can make appointments and the doctor can receive patient requests and notices, “securely”.  However, the developer didn’t have any real training in security, none in HIPAA, and as a result, PHI was being sent in the clear, there were no audit trails or logs, SSL security was not enforced, and may other serious issues plagued the site.  The worst part — No one knew.

Luckily, Fred was made aware of the situation before a serious security breach happened (that he knew of); however, he had to re-do the site from scratch, more than doubling his time and money costs.

Creating secure web pages and forms

Creating a web site that has “secure” components requires more than slapping together some web pages and adding an SSL Certificate.  All such a certificate really does is create a thin veneer of security — one that does not go very far to protect whatever sensitive data necessitated security in the first place.  In fact, naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.

So, beyond paying big bucks to hire a developer with significant security expertise, what do you do? Start with this article — its purpose is to shed light on many of the most significant factors in secure web site programming/design and what you can do to address them.  At a minimum, reading this article will help you to intelligently discuss your web site security with the developers that you ultimately hire.

Read the rest of this post »

The Case For Email Security

Tuesday, March 31st, 2015

Section 1: Introduction to Email Security

You may already know that email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or that your messages can be read and modified in transit, even before they reach their destination? Or even that the username and password that you use to login to your email servers can be stolen and used by hackers?

This article is designed to teach you about how email really works, what the real security issues are, what solutions exist, and how you can avoid security risks.

Information security and integrity are centrally important  as we use email for personal and business communication: sending confidential and sensitive information over this medium every day. While you are reading this article, imagine how these security problems could affect your business or personal life and your identity…. if they have not already.

Read the rest of this post »

Do you need a VPN for Secure Email in a Wireless Hotspot?

Tuesday, January 28th, 2014

LuxSci has been approached by many people asking for VPN (Virtual Private Network) services.  When we ask them why, they indicate that they use wireless hotspots (like at Starbucks and other public places) that are insecure and untrusted and they want to be sure that their email is secure and encrypted there.*

Note that even if the hotspot is password protected and “secure”, that does not mean that it is “trusted”.  The hot stop administrators or other users of that hotspot could still try to intercept your Internet traffic.  So, just because it is a “secure” hotspot with the little lock next to it and a password that you must enter, do not assume you are safe at all.

Read the rest of this post »

How Does Secure Socket Layer (SSL or TLS) Work?

Monday, July 22nd, 2013

The Secure Socket Layer, SSL for short, is a protocol by which enables services that communicate over the Internet to do so securely.

SSL has recently been replaced by TLS (Transport Layer Security).  TLS is newer and more secure than SSL (See TLS vs SSL: What is the difference?); however, from a lay-person’s perspective of “how does it work,” they are functionally the same.  We use the term “SSL” to refer to both TLS and SSL in this article for simplicity.

Before we discuss how SSL works and what kinds of security it provides, let us first see what happens without SSL.

Life on the Internet without SSL

This is, for example, what happens when you go to any web page whose address begins with “http://” (and not “https://”).

Let us compare communications on the Internet and communications between people over the telephone. Without SSL, your computer-to-computer communications suffer from the same security problems from which your telephone communications suffer:

Read the rest of this post »

SSL and TLS are not enough to secure your email

Friday, February 22nd, 2013

A very common marketing ploy involves companies advertising “secure” services .. where that security consists of only SSL- or TLS-encrypted connection to their servers.  While use of TLS and SSL is a critical part of web and email security, it is only one small aspect of security.  Below, we will talk about some of the other aspects of what you should be looking for in terms of an actual secure solution so you can be more saavy of simplistic marketing claims in the future.

Read the rest of this post »

iPhone Security Apps and Configuration Tips

Wednesday, May 18th, 2011

There are several great iPhone Security Apps and a handful of good and simple configuration changes that you can make to your iPhone to greatly enhance you iPhone security and protect your sensitive information and identity.  We have seen security vulnerabilities in iPhone including flaws in pass code access (since fixed), so it makes sense to take proactive measures — especially as attacks on mobile devices are growing rapidly.

Easy Configuration Changes for Security and Privacy

There are several iPhone configuration settings that you should make to start protecting your iPhone.  The first thing to do is “Don’t Jailbreak Your iPhone“.  Jailbreaking removes much of the security inherent in the iPhone and makes it much easier for malicious software or users to gain access.  Furthermore, Apps that you can install on a Jailbroken phone may have not gone though any kind of screening process — you have to “trust” that they are OK.

Read the rest of this post »

Mitigating Threats To Your Email Security and Privacy

Sunday, March 8th, 2009

Email security issues and technologies are extremely complicated; however, here we intend to make the salient issues and solutions clearly understandable to all readers.

You may already know that email is not a perfectly secure communication medium; however, it might surprise you to learn just how inherently insecure email can be. Messages thought deleted can still exist in backup folders on remote servers years after being sent. Hackers can read and modify messages in transit, use your usernames and passwords to login to your online services, and steal your identity and critical information!

As the amount of crucial business conducted via email increases, so does the amount of Spam, viruses, hacking, fraud, and other malicious activity. Unless precautions are taken, email can leave you and your business open to escalating security and privacy risks. What are these risks?

Read the rest of this post »

Big Brother: Being Watched at Work and the Truth about Email Security at the Office

Wednesday, March 4th, 2009

Do you feel secure? If so, you must be a good corporate citizen. You are on time every day, contribute effectively and courteously in meetings, and your appearance is impeccable. You could be a contender as Trump’s next Apprentice. Of course, no one knows that you’re more like Andrew Dice Clay when you email your co-workers and friends. Or do they???

Read the rest of this post »

Inbound Email Encryption with TLS

Saturday, May 20th, 2006

LuxSci now supports encryption of inbound email messages during their transport to and from LuxSci and other email servers. This ensures that your messages are protected from eavesdropping during transport even if the messages themselves are not encrypted using SecureLine. Note that the messages will only be encrypted during transport when sent from an email server that supports TLS (like LuxSci’s servers do).

Read the rest of this post »