" firefox Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘firefox’

What is your browser telling you about SSL/TLS?

Monday, August 7th, 2017

Interpreting a browser’s visual clues about security

The continuous drumbeat of news about pervasive surveillance, security breaches, identity theft, malware, phishing and so forth has had at least one salutary effect on our interactions on the web. The general public is increasingly aware of the need for safe browsing habits, such as not clicking on unknown links in webmail, hovering your cursor over hyperlinks to see if you recognize the URL revealed, and, above all, to “Look for the Lock”.

Such mnemonics and visual aids are important ways to communicate security features to end users, allowing them to take informed decisions on what level of trust they should expect during a particular instance of communications on the web. This post will concentrate on these visual indicators, in particular how browsers represent the identity of the server/site with which an end user would like to interact. The SSL/TLS certificate that the server presents to the browser at the start of the communications is the information source which the browser uses to create the appropriate visual representation that guides the user. Readers would do well to brush up their knowledge on the different types of certificates that are available by reading our previous posts on the subject, as what follows will assume that the reader is aware (at least at a high level) of their basic properties and differences.

Most people are now aware of the need to look for the https://….. in the browser address bar as well as the lock symbol accompanying it. This is the part of the screen that is controlled purely by the browser, which populates it with the site URL and other security information gathered from the SSL/TLS certificate used to secure the connection.

For instance, look at the images below of the luxsci.com website as shown in the address bar of Google’s Chrome, Microsoft’s Internet Explorer (IE), Mozilla’s Firefox and Microsoft’s Edge browsers.

Chrome

Internet Explorer

Mozilla Firefox

Microsoft Edge

(The screen shots were taken using Chrome version 59.0.3071.115, IE version 11.0.9600, Firefox 10.0.2 and Edge 38.14393.1066.)

Read the rest of this post »

256-bit AES Encryption for SSL and TLS: Maximal Security

Wednesday, February 4th, 2015

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”.  The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”.  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

Read the rest of this post »

Simplicity is: logging in without a username or password

Monday, July 28th, 2014

“I really like what I can do in the web interface, but having to enter my username and password to login each time is extra work.”

We’ve seen the above comment many times.  Identity verification, as everyone who has not been lost on a desert island for 10 years knows, is really, really important these days.  But like many aspects of security, it can be rather annoying.

On the bright side, there are a number of ways to get around this step and make the login process simpler without necessarily making your account less secure.  Here is how we have helped many customers simplify their Internet life.

Read the rest of this post »

If you are using FTP, you should really stop!

Thursday, February 28th, 2013

FTP, the “File Transfer Protocol” has been around almost since the inception of the Internet.  As anyone with a web site knows, it permits files to be easily uploaded to and downloaded from servers.  It is built into every kind of web site authoring software and even into most web browsers.

Unfortunately, FTP suffers from the same design flaw that pervades the basic usage of email services like POP, IMAP, and SMTP.  If used in its default form, all data sent between your computer and the server is sent unencrypted, in “plain text”.  This includes your username, your password, and all file data.

Essentially, if you are in a wifi hotspot, anyone there can likely get your username and password and read your files.   Similar things can happen even though your direct or or office network connections …. connecting via FTP is like walking down the hall with your username and password taped to your forehead.  Any one (or any hidden camera) can see it and use it.

Read the rest of this post »

Google Apps Users Beware – Your Web Browser May Not Work!

Sunday, September 25th, 2011

Many of our customers use Google Apps in conjunction with LuxSci email and web services.  One relatively new policy of Google Apps has caused and will cause many problems for customers who are forced to use “legacy” web browsers — Google only supports the latest 2 major versions of each browser. It already does not support Internet Explorer v6 and v7 and will soon force Windows users to upgrade to Windows Vista or higher.

What does this mean?

If your web browser is not upgraded and recent, you may not be able to access Google Apps or it may not work properly for you.  Google has been and will continue to design their site so that it works properly only with the latest browsers, disregarding any compatibility issues with older versions.

For example, Internet Explorer is currently at Version 9.  This means that Google and its sites currently support only versions 8 and 9 of Internet Explorer.  If you use version 6 or 7, then you are out of luck unless you upgrade!  Their site may not work properly for you or may break without notice and the only recourse is to upgrade or use another, more recent, web browser.

Read the rest of this post »

LUXSCI