Articles with tag “confidentiality”

A review of ProtonMail

Update (2018-07-25)

Shortly after publishing this original post, many of my concerns were addressed. ProtonMail now supports sending mail that is signed and/or encrypted using OpenPGP. This is a huge benefit to the secure-email community. It is also possible to use your own key which allows me to use …

Continue reading…

A response to 'Strong Encryption and Death'

I recently read an article on the TriLUG blog mirror discussing access to data after the death of the owner. I've also given this a lot of thought as well and had previously come to the same conclusion as the original author of the article has:

"I created a file …

Continue reading…

Securing email to Gmail

I've been working on securing my postfix configuration to enforce certificate validation and encryption on some known, higher-volume, or more sensitive connections between SMTP servers (port 25).

On many of the connections I've setup for secure transport there have been no problems (assuming proper TLS certificates are used). Unfortunately Gmail …

Continue reading…

Encryption you don't control is not a security feature

Catching up on my blog reading, this morning, led me to an article discussing Apple's iMessage program and, specifically, the encryption it uses and how it's implemented.  Go ahead and read the article; I'll wait.

The TL;DR of that article is this: encryption you don't control is not a …

Continue reading…

Postfix Encryption

I've been tinkering with the encryption options in Postfix for a while.  Encryption between clients and their SMTP server and between SMTP servers is necessary to protect the to, from, and subject fields, along with the rest of the header, of an email.  The body of the message is also …

Continue reading…

CERN cares about information security... what about you?

As a security engineer it's usually difficult for me to endure many of dumb things companies do.  It's quite sad when a company that prides itself on creating solutions for building internal solutions to protect customer data actually starts pushing its own data out to Google and other "solution" providers …

Continue reading…

Securing Secure Shell

I was passed an interesting article, this morning, regarding hardening secure shell (SSH) against poor crypto that can be a victim of cracking by the NSA and other entities.  The article is well written and discusses why the changes are necessary in light of recent Snowden file releases.

Continue reading…

How to really screw up TLS

I've noticed a few of my favorite websites failing with some odd error from Firefox.

Firefox's Unable to connect securely error messageThe Firefox error message is a bit misleading.  It actually has nothing to do with the website supporting SSL 3.0 but the advanced info is spot on.  The error "ssl_error_no_cypher_overlap" means that the client …

Continue reading…

Automated configuration analysis for Mozilla's TLS guidelines

My friend Hubert has been doing a lot of work to make better the world a little safer.  Glad he's getting some recognition.  Here's a great article on testing your server for proper SSL/TLS configurations.

Continue reading…

Generating a PGP key using GnuPG

Generating a PGP using GnuPG (GPG) is quite simple.  The following shows my recommendations for generating a PGP key today.

$ gpg --gen-key
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY …

Continue reading…