Posts Tagged ‘ssl’
Friday, March 21st, 2025
We all know that regular email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages you deleted years ago may be on servers halfway around the world? Or that your messages can sometimes be read and modified in transit, even before they reach their destination? Did you know that forging email is very, very easy? Can you trust what you read in an email? Email was not designed with security in mind, and as a result, many different solutions have evolved to plug the multitude of resulting issues.
This article will explain how email works, what the real email security issues are, what mitigations to these are generally in use, and what else you can do to protect your email. This is especially important in healthcare marketing where you need to have HIPAA compliant email.
Information security and integrity are essential as we use email to send confidential and sensitive information over this medium every day. While reading this article, imagine how these security problems could affect your business, your personal life, and your identity if they have not already.
Read the rest of this post »
Tags: asymmetric encryption, eavesdropping, email security, false messages, http, identity theft, imap, invasion of privacy, message modification, Message Replay, opportunistic TLS, pgp, pop, repudiation, s/mime, Simple Mail Transport Protocol, smtp, SMTP relaying, smtp server, ssl, ssl certificate, symmetric encryption, tls, Unprotected Backups
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy
14 Comments »
Saturday, March 8th, 2025
In this article, we review the requirements for what makes a website HIPAA secure and what you need to do to ensure your website is compliant. The recent focus on tracking pixels and analytics codes by enforcement agencies has many healthcare organizations reassessing their website security and compliance. As technology has evolved over the past thirty years, HIPAA rules have adapted to secure sensitive data. 
Read the rest of this post »
Tags: backup, disposal, encryption, form, hipaa, hipaa website, online tracking, patient, pixels, protected health information, ssl, web form, web site
Posted in Business Solutions, HIPAA Compliant Forms, LuxSci Library: HIPAA, Popular Posts
2 Comments »
Sunday, November 24th, 2024
S/MIME is a popular technology for end-to-end email encryption and is analogous to PGP in the way that it works. It is commonly available in most modern email programs and in many server-side email and WebMail encryption services like LuxSci SecureLine.
Folks are used to thinking about Internet security and encryption in terms of web site security. E.g. the “https://” that secures our everyday life working in our web browsers is the signal that SSL/TLS is being used to encrypt traffic between ourselves and the web server. People are even becoming used to the fact that TLS (with SMTP) is also commonly used to secure the transport of email messages from server-to-server.
These are all good things!
S/MIME (like PGP) is different — it encrypts the email message before it is sent and the message stays encrypted until the recipient opens it. It “doesn’t matter” how this message is transported to the recipient … its secure the whole way.[1] But did you know that S/MIME is really just an application of the same SSL/TLS technology that secures your traffic to securing your messages? This makes it useful for HIPAA compliant email.
[1] S/MIME (and PGP) do not secure your message headers (e.g. the subject, recipients, etc.), it only secures the message body and attachments. So, the added security of SMTP over TLS does serve to protect those things that S/MIME does not protect.
Read the rest of this post »
Tags: openssl, s/mime, ssl, tls
Posted in LuxSci Library: The Technical Side of Email
No comments »
Tuesday, January 9th, 2024
SMTP TLS encryption is popular because it provides adequate data protection without creating a complicated user experience for email recipients. Sometimes, though, the experience is too seamless, and recipients may wonder if the message was protected at all.
Luckily, there is a way to tell if an email was encrypted using TLS. To see if a message was sent securely, we can look at the raw headers of the email. However, it requires some knowledge and experience to understand the text. It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.
To analyze a message for transmission security, we will look at an example email message sent from Hotmail to LuxSci. We will explain what to look for when decoding the message headers and how to tell if the email was transmitted using TLS encryption.
Read the rest of this post »
Tags: email encryption, email headers, email security, hotmail, secureline, smtp, ssl, tls, tls encryption, transmission
Posted in LuxSci Library: Security and Privacy, Popular Posts
3 Comments »
Tuesday, September 12th, 2023
Creating HIPAA Compliant forms starts with creating a secure website. This process is more complex than creating web pages and adding an SSL Certificate. A certificate is a solid first step, but it only goes so far as to protect whatever sensitive data necessitates security in the first place.
Naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.
So, what do you do beyond hiring a developer with significant security expertise? Start with this article. Its purpose is to shed light on many of the most significant factors in creating secure web forms and how to address them. At a minimum, reading this article will help you intelligently discuss website security with the developers you hire.
Read the rest of this post »
Tags: cross site scripting, eavesdropping, man-in-the-middle, pgp, phishing, s/mime, secure form, secureform, ssl, ssl certificate, trust, web security, website security
Posted in AAA Featured Articles, HIPAA Compliant Forms, LuxSci Library: Security and Privacy, LuxSci Library: Web Design and Programming, Popular Posts
No comments »
