Gmail is now more secure.

Comments Off
January 13th, 2010
Viktor Petersson

Yesterday Google made a pretty small announcement in regards to a big change (at least from my point-of-view).

The news is that they are going from non-SSL to SSL as the default option in Gmail. For those non-techies reading this, this means that instead of sending the traffic from Google’s servers to your local computer in an unencrypted form, which is vulnerable for other people to eavesdrop on your communication (eg. reading your emails as you are reading them), they are now encrypting the traffic. By doing this, it becomes fairly difficult for someone to eavesdrop on your communication (although not impossible).

For the security conscious people out there, this option have been available for quite some time (since 2008 to be precise), but it has not been enabled by default.

Read the rest of this entry »

Tags: , , , Posted in News Comments Off

White House IT department finds 22 million emails from the Bush-era

1 Comment »
December 15th, 2009
Viktor Petersson

failureThis is pretty amazing. It must take some seriously incompetent IT people to lose 22 million emails (or perhaps an organized cover-up). But now we at least know that it’s possible.

Yesterday, the White House issued a press release letting the public know about the email that have been found. In the press release, Meredith Fuchs, general counsel to the National Security Archive, said “many poor choices were made during the Bush administration and there was little concern about the availability of e-mail records despite the fact that they were contending with regular subpoenas for records and had a legal obligation to preserve their records.”

While the current administration has a lot of incentive blow this up as much as possible, it is still a very serious issue. What makes it even more interesting is that the Bush administration passed the Sarbanes-Oxley Act, which requires public companies to archive emails. If they fail to comply with these requirements, the management team might have to spend time in prison. Apparently, the White House does not have to comply with these requirements.

Tags: , , , Posted in News 1 Comment »

French military turns Thunderbird into Trustedbird

1 Comment »
December 14th, 2009
Viktor Petersson

Trustedbird-logoA while back we reported that certain branches of the French government were switching their desktop email clients to Thunderbird.

One of these branches who switched to Thunderbird was the French military. However, in order for Thunderbird to fit their particular requirements, quite a few modifications were required.

Thanks to the openness of Thunderbird, the French military were able to develop extensions to address some of their needs and modified the source code to address core changes. But they didn’t stop there. Instead of just keeping their changes to themselves, they open sourced them. Then, together with Mozilla they bundled the add-ons with a Thunderbird and created their own fork, named Trustedbird. Kudos to the French military!

Read the rest of this entry »

Tags: , , , Posted in News 1 Comment »

Hushmail: Top-Notch Security But Not Much Else

5 Comments »
December 11th, 2009
Chris Hoke

hushmail_logoEmail is not the secure communication medium that most people take it for. Even if you’re using HTTPS or SSL to access your email account, after your message leaves your mail server it travels across the internet as relatively plain text until it reaches the intended recipient. During that journey, your message can be read or tampered with by cyber-criminals, government agencies, your ISP, unscrupulous network administrators, or anybody with some network knowledge and packet-sniffing software. Think of it more as sending a postcard through the mail, rather than a sealed envelope.

Read the rest of this entry »

Tags: , Posted in Reviews 5 Comments »

PayPal is Phishing themselves

Comments Off
December 4th, 2009
Viktor Petersson

PayPal_logoA funny and pretty embarrassing scenario has just been revealed over at PayPal. After a receiving a complaint to their anti-phishing department, PayPal took action on the threat. Seams like the right thing to do, right? Yes, assuming that it was a threat. In this case, it was an actual email sent out from one of their departments. That’s pretty embarrassing.

Read the rest of this entry »

Tags: , , Posted in News Comments Off

Zimbra Collaboration Suite 6.0.3 is Out

Comments Off
November 26th, 2009
Viktor Petersson

zimbra_logo_newZCS just released version 6.0.3. Contrary to normal minor releases like this, we strongly urge you to update to this release, as it includes a fix against the recently discovered SSL vulnerability. In addition to this SSL fix, there’s also a security update for Nginx and Jetty.

Read the rest of this entry »

Tags: , Posted in News Comments Off

Djigzo – Innovative Open Source Email Encryption

1 Comment »
November 23rd, 2009
Viktor Petersson

djigzo_logoA few weeks back I wrote an article named ‘How Can We Keep Email Safe In The Cloud?.’ After I published the article I was contacted by a guy named Martijn Brinkers. Martijn told me that he’s working on a similar project to what I discussed in my theoretical article. The product he was referring to is named Djigzo.

After looking into the product I was surprised why I had never heard about the project before. It’s very innovative and also fairly easy to deploy. I was impressed by the product and reached out to Martijn to ask him a few questions about Djigzo.

Read the rest of this entry »

Tags: , , , , Posted in Interviews, News 1 Comment »

FastMail Takes Action on SSL Vulnerability

1 Comment »
November 18th, 2009
Viktor Petersson

FastMail.FMA few days ago Slashdot covered a new SSL vulnerability. While I’m not going to go into too much depth, the new vulnerability open new doors for man-in-the-middle attacks. Since this vulnerability affects both web (HTTPS) as well as email (IMAPS/POP3S) it affects email providers too.

Today Rob Mueller over at FastMail posted on their blog that they’ve resolved this issue on their IMAP/POP3 proxy. Kudos to Rob and FastMail for taking security seriously. I just wish more email providers were this serious when it comes to security.
Read the rest of this entry »

Tags: , , Posted in News 1 Comment »

How Can We Keep Email Safe In The Cloud?

4 Comments »
November 4th, 2009
Viktor Petersson

safe_dataSlashdot recently posted an interesting article titled An Inbox Is Not a Glove Compartment. The article covers legal rights and the government’s right to your data. It’s an interesting read, but it’s not what this article is about.

While reading the article I started thinking about cloud email solutions and the fact that you give all your data to them. The bottom line is that it doesn’t matter what their terms of service says, they’ve still got all your data. Given that you do want to throw away your in-house email solution (and there are a lot of reasons why), how can you still keep your data safe?

The obvious option is to use PGP or GnuPG. In a perfect world this would be enough. If people were smart about their privacy, they’d know that it’s in their best interest to encrypt their emails. Unfortunately that’s not the case. So if we assume that a PGP/PGP approach unrealistic for wide-spread adoption, what’s left?

Read the rest of this entry »

Tags: , Posted in Analysis 4 Comments »

Avoid The Hook: Protect Yourself Against Phishing

1 Comment »
November 1st, 2009
Chris Hoke

phishing_loginThe technology news headlines have lately been buzzing with news of recent widespread phishing attacks. One report from earlier this month states that a phishing scheme aimed at email users took in more than 20,000 email addresses and passwords. The FBI director even admits to a brush with such a scam, which prompted his wife to take over the responsibility of their online banking.

When it comes to phishing scams, a compromised email account can be the least of your problems. Many people use the same password on several websites, including their online bank accounts. Information gathered through various online accounts can be used to steal not only your money, but your identity. Criminals can then use your stolen identity to obtain medical care, loans, or commit crimes in your name.

Read the rest of this entry »

Tags: , , , Posted in Tips 1 Comment »
« Older Entries