What Is A Secure Server
posted in web on 5 May 2013
Not every server is secure. If you provide a meaningful service for your customers online you'll need a reliable server environment. No business can afford to host their online services on a server that can easily be hacked or is insecure in some way.
The problem is, though, you cannot buy a secure server. There is no such thing on the market. What makes a server secure, is not a single property, but a process of constant, vigilant monitoring and proactive minimizing of possible risks. Something that cannot come with the cheapest option.
Some businesses tend to believe they can operate on shared hosting. For a brochure-like website, this option may be adequate, but once you offer any service that requires - or is meant to build - trust, you'll run into problems. Today, it's a common misconception that people think they may use encryption and miraculously everything is going to get secure.
Encryption For Your ownCloud
posted in web on 18 April 2013
ownCloud has been around for a while, offering a file-sharing solution to users who insist on regaining control over their data in the cloud. As an enterprise-controlled web application the user's files are stored inside the organisation and not "somewhere in the cloud". But the most important benefit for users is the ability to sync these files to all kinds of devices, from smartphones to laptops and home computers. Files are easy to access and stored securely, that's the promise.
Now with the new version of the Web Encryption Extension you can take a great step forward by locking files in the cloud using the standard encryption tool GPG with the push of a button.
You Won't Find The Key Under The
posted in web on 2 March 2012
Using the internet we all surrender our information (both sensitive and unimportant) to online applications that eventually dump them in a database.
If you think your information is safe in the database, think again.
Obviously there is a general problem with access to these databases that can render information resting there insecure. The problem arising with most online applications is that most of them use passwords to access the database that are stored unencrypted on the server.
Even for commercial online applications it is quite common to store the crucial password that grants access to all data resting in a database in a simple configuration file, in clear text. For example, Magento, the well known online shop software, stores the database password in the file "app/etc/local.xml" where it shines in all its glaring plain text glory.
Of course you can start to secure these files. It's the most natural thing to do. And you have to do it, fast. Because under normal circumstances, these config files are readable for everyone on the server when the default installation has finished. Most online applications seem to rely on the fact that the administrator knows that there is work left to be done. Following the principle of least privilege is a good guide to make those sensitive files as secure as possible on the server. But let's be honest, relying on the assumption that no unauthorized person will ever see the content of such a file may not be prudent.
It's a little bit like putting the key under the doormat.
Upgrade Your Webmail With Encryption
posted in web on 14 Feb. 2012
What has prevented you from using encryption with your webmail by now?
I guess, there was no easy way to use it. The "Encrypt message" button simply wasn't there. This has changed now, as the web encryption extension can be used with webmail. The webmail application you are using may not provide you with this upgrade today, but integrating the encrypt button into your webmail application is possible, and may become a standard, soon.
We've prepared detailed tutorials to make encryption available for Roundcube, AtmailOpen and VTigerCRM.
Adding Confidentiality to Your Website
posted in web on 30 Jan. 2012
Contact forms are omnipresent. They often substitute an email message and as such it's hard to imagine a business website without it.
Being nothing more than unprotected emails, contact forms lose one important quality that would make them even more useful on a website, confidentiality. For customers there is no way to convey a message to a business owner securely by using the contact form, because eventually it'll end up as an ordinary email, unprotected.
With the Web Encryption Extension there is an alternative available now.
Revealing the Secrets of Email Encryption
posted in encryption on 19 Dec. 2011
Do you know how modern email protection works?
Not really? You are not alone.
For a simple picture of email encryption most people think of a box in which they place their message that can be locked with a single key. Once the message is in the box and the box is locked, it can safely be handed over to someone (the mailserver) taking care of the transport to the intended recipient. This simple picture is not too bad because, in a way, that's what happens. But on the other hand this picture is fundamentally misleading to understand how email encryption really works. In other words, the reality is different.
Codesigning by Kerry Linux
posted in encryption on 15 Nov. 2011
Some software has been carefully coded and has been tested thoroughly to meet certain standards of reliability and security. To make sure that these efforts are not destroyed by careless alteration of the code, Kerry Linux sometimes signs the code that is being released for use. This does not imply that you cannot distribute the code without limitations, nor does it mean that using the code is restricted to any particular purpose. Signing the code serves only one purpose, to make sure you have received the authorized version of the code, made by Kerry Linux Solution without any unauthorized changes.
Can Online Services Be Secure?
posted in web on 15 June 2011
Certainly not, if you store credit card information or passwords in clear text on the servers. Recent data theft disasters have shown, that it is not enough to operate a "secure server" and leave all customer's information unencrypted on this server.
Because if you think your secure server is invincible, all your customer's data is at risk, the moment it turns out that the secure server is not as secure as you thought.
What's even worse, your customers have entrusted you with their data believing that operating a secure data center will be sufficient to protect their personal data from falling into the wrong hands. It's time to destroy this false belief.