" eavesdropping Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘eavesdropping’

Creating Secure Web Pages and Forms: What You Need to Know

Monday, September 25th, 2017

Fred is a busy small business CEO.  He hired a cheap developer online to setup his secure medical web site for him.  The developer got an SSL certificate and setup pages where patients can make appointments and the doctor can receive patient requests and notices, “securely”.  However, the developer didn’t have any real training in security, none in HIPAA, and as a result, PHI was being sent in the clear, there were no audit trails or logs, SSL security was not enforced, and may other serious issues plagued the site.  The worst part — No one knew.

Luckily, Fred was made aware of the situation before a serious security breach happened (that he knew of); however, he had to re-do the site from scratch, more than doubling his time and money costs.

Creating secure web pages and forms

Creating a web site that has “secure” components requires more than slapping together some web pages and adding an SSL Certificate.  All such a certificate really does is create a thin veneer of security — one that does not go very far to protect whatever sensitive data necessitated security in the first place.  In fact, naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.

So, beyond paying big bucks to hire a developer with significant security expertise, what do you do? Start with this article — its purpose is to shed light on many of the most significant factors in secure web site programming/design and what you can do to address them.  At a minimum, reading this article will help you to intelligently discuss your web site security with the developers that you ultimately hire.

Read the rest of this post »

The Case For Email Security

Tuesday, March 31st, 2015

Section 1: Introduction to Email Security

You may already know that email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or that your messages can be read and modified in transit, even before they reach their destination? Or even that the username and password that you use to login to your email servers can be stolen and used by hackers?

This article is designed to teach you about how email really works, what the real security issues are, what solutions exist, and how you can avoid security risks.

Information security and integrity are centrally important  as we use email for personal and business communication: sending confidential and sensitive information over this medium every day. While you are reading this article, imagine how these security problems could affect your business or personal life and your identity…. if they have not already.

Read the rest of this post »

Do you need a VPN for Secure Email in a Wireless Hotspot?

Tuesday, January 28th, 2014

LuxSci has been approached by many people asking for VPN (Virtual Private Network) services.  When we ask them why, they indicate that they use wireless hotspots (like at Starbucks and other public places) that are insecure and untrusted and they want to be sure that their email is secure and encrypted there.*

Note that even if the hotspot is password protected and “secure”, that does not mean that it is “trusted”.  The hot stop administrators or other users of that hotspot could still try to intercept your Internet traffic.  So, just because it is a “secure” hotspot with the little lock next to it and a password that you must enter, do not assume you are safe at all.

Read the rest of this post »

How Does Secure Socket Layer (SSL or TLS) Work?

Monday, July 22nd, 2013

The Secure Socket Layer, SSL for short, is a protocol by which enables services that communicate over the Internet to do so securely.

SSL has recently been replaced by TLS (Transport Layer Security).  TLS is newer and more secure than SSL (See TLS vs SSL: What is the difference?); however, from a lay-person’s perspective of “how does it work,” they are functionally the same.  We use the term “SSL” to refer to both TLS and SSL in this article for simplicity.

Before we discuss how SSL works and what kinds of security it provides, let us first see what happens without SSL.

Life on the Internet without SSL

This is, for example, what happens when you go to any web page whose address begins with “http://” (and not “https://”).

Let us compare communications on the Internet and communications between people over the telephone. Without SSL, your computer-to-computer communications suffer from the same security problems from which your telephone communications suffer:

Read the rest of this post »

SSL and TLS are not enough to secure your email

Friday, February 22nd, 2013

A very common marketing ploy involves companies advertising “secure” services .. where that security consists of only SSL- or TLS-encrypted connection to their servers.  While use of TLS and SSL is a critical part of web and email security, it is only one small aspect of security.  Below, we will talk about some of the other aspects of what you should be looking for in terms of an actual secure solution so you can be more saavy of simplistic marketing claims in the future.

Read the rest of this post »

LUXSCI