jump to navigation

“This Message Will Self-Destruct” February 14, 2012

Posted by Ian in Uncategorized.
add a comment

Ever wonder if the private emails you send to trusted friends and acquaintances are deleted or if that information lingers in their inboxes? OneShar.es has a smart solution to safeguard sensitive information that’s very Mission Impossible.

The web tool allows people to easily share private information, whether its via your mobile device (apps for iOS and Android) or your browser window. The recipient has one chance to view the information and when he or she closes out, it self destructs.

“There’s a lot of trust placed with people with whom we share private information,” says Jerry Thompson, co-founder and CTO. “Over time, this information is collected in people’s inboxes and with the amount of free space offered by Gmail and other services, there’s little reason or incentive to actually delete these emails.”

Thompson give this example of how your email could easily be accessed: “On a desktop web browser, you’ll need to enter your email address and password to access your Gmail,” he says. “With the vast majority of people having smartphones, most email apps do not require authorization once it’s been configured. If you lose your phone, whomever finds it can now check your email without any logins at all. If a bad guy were to find your phone, they have your email and everything in it.”

The lesson here: No one deletes email, so protect your information.

Here’s how it works: “The data you enter is encrypted from your browser to our servers and stored encrypted. Your private URL holds part of the key to unlock the content. This URL is sent to whoever needs access to it. Once its viewed, its permanently deleted. So while you may have the OneShar.es URL in your outbox and the recipient may have it in their inbox, it can never be retrieved again after being viewed.”

Security concerns about the protection of private and personal data have propelled sites like Dropbox and other file encryption tools into popularity. In 2009, computer scientists were working on software called Vanish that would make sensitive files self-destruct, but the project has since gone kaput.

 

From: ‘This Message Will Self-Destruct’: One Shar.es Erases Data After Transmission

Passwords to be Replaced by Heartbeat February 14, 2012

Posted by Ian in Uncategorized.
Tags: ,
add a comment

Soon, your computers and personal data may no longer need an overly complicated or easily deciphered password to protect, only your beating heart.

User-created passwords could one day become obsolete, if research led by Chun-Liang Lin at the National Chung Hsing University in Taichung, Taiwan, proves successful.

The industrious team behind this groundbreaking new technology, which creates a fully-encrypted password out of a user’s heartbeat, could forever change the way we access our protected and valuable personal information. Email passwords, bank account passwords, and more could all be accessed with the touch of your finger and verified with the beat of your heart.

How does it work, though? According to a recent article in New Scientist, the team over at the National Chung Hsing University has successfully tested the concept of translating a human heartbeat into an encryption key by using and electrocardiograph (ECG) reading from a person’s palm and capturing the unique signature a person’s heart makes. Once extracted, a secret key is generated as part of an encryption scheme.

Because a person’s heartbeat is completely unique, and also has an irregular pattern that never repeats, the encryption scheme is based on the mathematics of the chaos theory, whereby small changes to initial conditions lead to different outcomes. In other words, you won’t ever get the same key twice.

Lin and his colleagues hope to build this system into external hard drives and other devices that can be also be encrypted, decrypted, and accessed, all by simply touching them.

Of course, their research brings about some very interesting possibilities regarding the security of information and files. This new technology could alleviate the headache suffered when your personal accounts are attacked, as anyone who has ever had the misfortune of getting their Twitter or Facebook account hacked know all too well.

User-generated passwords would no longer be easily hacked through malicious programs. The need to physically write down a password or store it on your computer would practically be eliminated. If implemented by various institutions like banks or credit card companies, access to your financial information would be secured even further and accessible via a biologically unique password only available via your touch. And those are merely a sample of potential benefits to Lin’s research.

As we recently highlighted in an article on picking strong passwords and keeping them that way, no password is every truly safe, but if the research being conducted by Lin’s team can make it harder for intruders to access our data while making it easier on us, then that will definitely put all our hearts and minds at ease.

The work conducted by Chun-Liang Lin and his research team will appear in the journalInformation Sciences.

 

From: Passwords in the future could be replaced by your heartbeat

Keep your personal data safe by taking the time to encrypt your emails. February 14, 2012

Posted by Ian in Internet.
Tags:
add a comment

With the government threatening to do all kinds of things to the internet, and stories about email and phone hacking surfacing all over the world, there’s never been a better time to start protecting your online privacy. Email encryption is one way of keeping your personal data safe.

Encryption services or third-party software encrypt emails by making them unreadable to anyone other than the intended recipient. When you encrypt your email, you have a public key (usually a mixture of numbers and letters) that others can use to send you encrypted email, and a private key, which you then use to decode the email.

When sending encrypted email to someone else, you need to know their public key in order to keep the email secure. You can either get this from them personally, or find it by searching the online key servers.

Encrypted email isn’t widely used outside of sensitive situations – such as political or business dealings – however, it can help protect your personal and financial information from prying eyes. Below are some of the tools you can use to encrypt your email and protect your personal privacy.

Hushmail

Hushmail is a stand-alone email service that enables users to send and receive encrypted emails through their Hushmail address. If you are new to the concept of encryption or aren’t very tech-savvy, Hushmail does all the leg work for you: once you’ve set up a Hushmail account, all you have to do is remember your passphrase.

Enigmail (Thunderbird)

Enigmail is a plug-in for Mozilla’s Thunderbird email application. Once you’ve downloaded the extension, create your public and private keys, and a passphrase. You can also generate a revocation certificate, which invalidates your public key in the event that your private key is compromised.

Gmail Encrypt (Firefox)

The Gmail Encrypt extension for Firefox only works with Gmail accounts, and you need to install Greasemonkey before you can use it. Once installed, the extension works in a similar way to Enigmail: you create public and private keys, as well as your own passphrase to access the Gmail Encrypt service.

GPG (Apple Mail)

This open-source plugin for Apple Mail encrypts, signs and verifies emails sent and received through the Apple Mail client. The plugin is compatible with Lion and has an integrated update mechanism, which means you automatically receive GPG updates using Apple’s software update system.

GnuPG and PGP

GnuPG and PGP are two types of software you can download onto your hard drive. After installing the software on your computer, you can use it to create keys and encrypt messages sent through certain email clients.

Email encryption only works with the computer on which you have installed the encryption software, add-on or plug-in. If someone sends you an encrypted message through Gmail and you try to read it on your phone or another device, you won’t be able to decode it.

Although it’s not impossible to decode an encrypted email, using this service will help secure your personal information. To make your email encryption as fool-proof as possible, always check the recipient’s public key before sending – if you get the key wrong, the information inside the email could end up in the wrong hands. Some encryption services don’t encrypt the subject line so include sensitive information only in the body of the email.

 

 

From : How to Master Email Encryption

Is Email Encryption Right for Your Business? February 8, 2012

Posted by Ian in Internet, Tech.
Tags:
add a comment

The Privacy Rights Clearing house currently tallies 542,608,451 records breached in the past 5 years. Unsecure email certainly contributes to the problem. Small business email (or any email) starts off on a secure or unsecure wired or wireless network then travels over numerous networks through secure or unsecure email servers often vulnerable to people who are in control of those servers.

There is also plenty of hacking and cracking tools bad guys (and good guys) use to sniff out that data in plain text.

With criminal hackers, government funded hackers and the various other snoops, email encryption today is essential.

In a recent study by Ponemon Institute, the latest U.S. Cost of a Data Breach report, which was just released today, shows that costs continue to rise. This year, they reached $214 per compromised record and averaged $7.2 million per data breach event. The fact is that individuals still care deeply about their personal information and they lose trust in companies that fail to protect it.

If your business operates under some form of regulation whether it is finance, healthcare, or any other regulation where fines are imposed in the event of a data breach, then email security should be a fundamental layer of your company’s information security protection plan.  Plain and simple if you are concerned about compliance with regulations like HIPAA and the HITECH Act and the numerous state data breach notification laws look to email encryption.

At its basic level PGP encryption is one way to provide email encryption.

2012 Already? February 2, 2012

Posted by Ian in Uncategorized.
1 comment so far

Wow, it has been a long time since I have posted anything on this blog. 2011 has been another crazy year. Spent a whole lot of time at work and not much else. But things changed towards the end of the year. No more spending 15-hour a day at the office, almost 7 days a week. Quite frankly, I wasn’t sure how I did it.

So far, 2012 has required me to turn around and completely do the opposite. No office, out socialising (well, more like networking actually) and make a lot of noise. Stay tuned …