" firefox Archives - LuxSci

Posts Tagged ‘firefox’

256-bit AES Encryption for SSL and TLS: Maximal Security

Wednesday, February 4th, 2015

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”.  The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”.  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

Read the rest of this post »

If you are using FTP, you should really stop!

Thursday, February 28th, 2013

FTP, the “File Transfer Protocol” has been around almost since the inception of the Internet.  As anyone with a web site knows, it permits files to be easily uploaded to and downloaded from servers.  It is built into every kind of web site authoring software and even into most web browsers.

Unfortunately, FTP suffers from the same design flaw that pervades the basic usage of email services like POP, IMAP, and SMTP.  If used in its default form, all data sent between your computer and the server is sent unencrypted, in “plain text”.  This includes your username, your password, and all file data.

Essentially, if you are in a wifi hotspot, anyone there can likely get your username and password and read your files.   Similar things can happen even though your direct or or office network connections …. connecting via FTP is like walking down the hall with your username and password taped to your forehead.  Any one (or any hidden camera) can see it and use it.

Read the rest of this post »

Master Password Encryption in FireFox and Thunderbird

Friday, February 27th, 2009

firefox-logoIf you are allowing Mozilla FireFox or Thunderbird to remember passwords to web sites and/or email accounts in their Password Manager tool, you should know that these passwords are all stored in a plain text file (base64 encoded) on your computer’s disk drive.  This file is accessible to anyone with administrative access to your computer.  If you have any concerns about the possibility of other people accessing your computer and this gaining easy access to copies of the passwords that you are using, you really need to employ the “Master Password” feature of these programs.

Read the rest of this post »

LUXSCI