" openssl Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘openssl’

Did You Know? S/MIME is like SSL for Email Encryption

Tuesday, March 24th, 2015

S/MIME is a popular technology for end-to-end email encryption and is analogous to PGP in the way that it works.  It is commonly available in most modern email programs and in many server-side email and WebMail encryption services like LuxSci SecureLine.

Folks are used to thinking about Internet security and encryption in terms of web site security. E.g. the “https://” that secures our everyday life working in our web browsers is the signal that SSL/TLS is being used to encrypt traffic between ourselves and the web server.  People are even becoming used to the fact that TLS (with SMTP) is also commonly used to secure the transport of email messages from server-to-server.

These are all good things!

S/MIME (like PGP) is different — it encrypts the email message before it is sent and the message stays encrypted until the recipient opens it.  It “doesn’t matter” how this message is transported to the recipient … its secure the whole way.[1]  But did you know that S/MIME is really just an application of the same SSL/TLS technology that secures your traffic to securing your messages?

[1] S/MIME (and PGP) do not secure your message headers (e.g. the subject, recipients, etc.), it only secures the message body and attachments.  So, the added security of SMTP over TLS does serve to protect those things that S/MIME does not protect.

Read the rest of this post »

HeartBleed Attack on OpenSSL and LuxSci: What you should know.

Tuesday, April 8th, 2014

If you don’t know yet, an incredibly serious security issue in software used by roughly 66% of all web sites on the Internet was discovered over the last few days.  This issue, which has been in existence since 2011, is one of the most serious issues facing the Internet in a long time.  Companies all over the world are scrambling to update their systems to protect themselves against Heartbleed attacks.

You can read about this issue here: The Heartbleed Bug

The take away is that this is not a weakness with SSL or TLS; but a bug in certain versions of the “openssl” open source SSL library used by very many sites.  If exploited, the attacker can get your secure web sites SSL private keys … thus allowing them to spoof your site and perform “man in the middle” attacks without any SSL errors or warnings.  This is really not good.

The homework for end users is to change passwords and to replace SSL certificates that they may have purchased themselves for secure email or web services.

Heartbleed and LuxSci

LuxSci’s servers have been fully updated so that they are no longer vulnerable to the Heartbleed attack.  We have also re-issued and re-installed our luxsci.com-related certificates and revoked the old ones.

Read the rest of this post »

Is SSL/TLS Really Broken by the BEAST attack? What is the Real Story? What Should I Do?

Wednesday, September 21st, 2011

Update – January, 2015.  SSL v3 should be turned off.  RC4 is now weak and should not be used anymore, even as a work around to the BEAST attack.  LuxSci recommends to use TLS v1.1+ and NIST-recommended ciphers.  The BEAST is not really considered a significant vector (even with TLS v1.0) compared to other things, anymore.

Update – April, 2012. openssl v1.0.1 is out and it supports TLS v1.1 and v1.2 which help mitigate this attack.  All web sites hosted by LuxSci now use this updated software and are safe from BEAST.  LuxSci recommends using a web host which supports TLS v1.1 and v1.2 for secure web connections.

—-

SSL v3 and TLS v1 are subject to a serious exploit, according to a recently published attack mechanism (called BEAST).  This sounds foundation-shattering and kind of scary. When people see this, as when we did, the first panicky questions that arise are:

  • What is really affected?
  • How serious is it?
  • What can I do to protect myself?
  • How does the BEAST attack actually work?

After researching this issue, we have digested what we have found and produced this article to answer all of these questions for you.

Read the rest of this post »