Posts Tagged ‘ssl certificate’
Tuesday, September 12th, 2023
Creating secure web forms starts with creating a secure website. This process is more complex than creating web pages and adding an SSL Certificate. A certificate is a solid first step, but it only goes so far as to protect whatever sensitive data necessitates security in the first place.
Naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.
So, what do you do beyond hiring a developer with significant security expertise? Start with this article. Its purpose is to shed light on many of the most significant factors in creating secure web forms and how to address them. At a minimum, reading this article will help you intelligently discuss website security with the developers you hire.
Read the rest of this post »
Tags: cross site scripting, eavesdropping, man-in-the-middle, pgp, phishing, s/mime, secure form, secureform, ssl, ssl certificate, trust, web security, website security
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy, LuxSci Library: Web Design and Programming, Popular Posts, Secure Form
No comments »
Tuesday, August 29th, 2023
Secure email sending is a priority for organizations that communicate sensitive data externally. One of the most common ways to send secure emails is with SMTP TLS. TLS stands for Transport Layer Security and is the successor of SSL (Secure Socket Layer). TLS is one of the standard ways that computers on the internet transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:
- Computer A connects to Computer B (no security)
- Computer B says “Hello” (no security)
- Computer A says, “Let’s talk securely over TLS” (no security)
- Computers A and B agree on how to do this (secure)
- The rest of the conversation is encrypted (secure)
In particular:
- The conversation is encrypted
- Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
- The conversation cannot be eavesdropped upon (without Computer A knowing)
- A third party cannot modify the conversation
- Third parties cannot inject other information into the conversation.
TLS and SSL help make the internet a more secure place. One popular way to use TLS is to secure SMTP to protect the transmission of email messages between servers.
Read the rest of this post »
Tags: AES256, email encryption, email security, opportunistic TLS, secure, secure email, smtp, smtp tls, ssl, ssl certificate, starttls, tls
Posted in AAA Featured Articles, LuxSci Library: HIPAA, LuxSci Library: Security and Privacy, Popular Posts
15 Comments »
Tuesday, March 31st, 2015
We all know that regular email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages you deleted years ago may be on servers halfway around the world? Or that your messages can sometimes be read and modified in transit, even before they reach their destination? Did you know that forging email is very, very easy? Can you trust what you read in an email? Email was not designed with security in mind, and as a result, many different solutions have evolved to plug the multitude of resulting issues.
This article will explain how email works, what the real email security issues are, what mitigations to these are generally in use, and what else you can do to protect your email.
Information security and integrity are essential as we use email to send confidential and sensitive information over this medium every day. While reading this article, imagine how these security problems could affect your business, your personal life, and your identity if they have not already.
Read the rest of this post »
Tags: asymmetric encryption, eavesdropping, email security, false messages, http, identity theft, imap, invasion of privacy, message modification, Message Replay, opportunistic TLS, pgp, pop, repudiation, s/mime, Simple Mail Transport Protocol, smtp, SMTP relaying, smtp server, ssl, ssl certificate, symmetric encryption, tls, Unprotected Backups
Posted in AAA Featured Articles, LuxSci Library: Security and Privacy
14 Comments »
Monday, September 23rd, 2013
Our sales staff have been asked this question countless times. It is a natural assumption that because SSL and TLS encryption of email (and web sites) requires use of an “SSL certificate“, that one must buy an SSL certificate in order to use such a service. Fortunately, the answer is always
You do not need to buy your own SSL certificate to use secure email.
We’ll explain why.
Read the rest of this post »
Tags: client certificate, email security, encryption, secure email, ssl, ssl certificate, ssl email, tls
Posted in LuxSci Library: Security and Privacy
1 Comment »
Wednesday, December 30th, 2009
Standard SSL Certificates are issued by an Certificate Authority (CA) such as Thawte after the CA performs some basic standard validation on the identity of the certificate request to ensure that the certificate is not issued to “the wrong hands”.
The types of validation performed for standard SSL certificates vary by the type and cost of the certificate, but include:
- A confirmation email message sent to the domain administrator as specified in the domain’s entry in the WHOIS database
- A confirmation email message sent to a standard administrative email address at the domain itself, such as “admin@domain.com”.
- The name of the organization owning the domain name may be validated.
You should purchase SSL Certificates that use the above forms of validation in order to:
Read the rest of this post »
Tags: certificate authority, ev, extended validation, extended validation SSL certificate, ssl, ssl certificate, Thawte
Posted in New Feature Announcements
1 Comment »
