MailCloak Pro is now in Public Beta!

MailCloak for Pro is a combination of all of Global Web Security Systems’ breakthrough encryption programs, and a little more. Download MailCloak Pro here!

MailCloak Pro = MailCloak for Firefox + MailCloak for Mail Clients + MailCloak for Internet Explorer (only available in MailCloak Pro)!

MailCloak was designed from the ground up to be the first encryption program for browser-based email, and POP3/SMTP email. MailCloak Pro supports ALL mail clients, while making GnuPG public-key encryption so simple anyone can use it! And everyone using it is the goal, That’s why MailCloak works with today’s most popular webmail systems as well.

Now you and your contacts can easily exchange encrypted email, and it doesnt matter what they use - Gmail on Firefox? Hotmail in Internet Explorer? YourCustomDomain.Com with Outlook (custom domains are only supported in Outlook and our upcoming SMB version)? They’re all supported! And MailCloak works with cross platform systems too -  that’s because we use the Gnu Privacy Guard MailCloak compatible with tons of other GPG programs on any platform you can think of. Mac, Linux, even legacy DOS users can exchange email with MailCloak users.

Key features include:

Automatic Key Exchange: MailCloak’s automatic key exchange feature automatically attached your public keys to outgoing emails, and automatically imports your contact’s public keys from incoming emails.

Automatic Encryption: Just turn MailCloak on and send email as usual - if you have already done a key exchange, your email will be encrypted.

Respect for Privacy: MailCloak stores your keys on your computer, not ours. So you can be confident that only you and your recipients can read MailCloak encrypted emails

End-to-End Encryption: MailCloak encrypts your email on your computer, and decrypts it on the recipient’s computer. Absolutely no one else will ever be able to read your email. See my previous post to understand the difference between HTTP/S encryption and End-to-End encryption.

Here’s an animation of MailCloak working in Mozilla Thunderbird:

MailCloak Pro is tested and works with the following email clients:

• Outlook 2002
• Outlook 2003
• Outlook2007
• Foxmail 5
• Foxmail 6
• Outlook Express 6
• Koomail 5.32
• Thunderbird 2.0.0.21
• DreamMail 4.4

If you don’t see your email client on the list, don’t fret, MailCloak for Mail Clients  works with most (all that we’ve tested) Windows XP POP3/SMTP Mail clients- so go ahead, download MailCloak and give it a spin.

MailCloak has also been tested on following web browsers:

Mozilla Firefox 3.0 - 3.1b (not included in our current beta, but can be added seperately with a free download and will be included in future releases.)

Microsoft Internet Explorer 6， 7

And all Trident based browsers, including (but not limited to):

• Avant Browser  11.0
• gisoon 1.0
• GreenBrowser 5.0
• maxthon 2.0
• MyIE 3
• Tencent Treveler 4
• The World Browser 2

Download MailCloak Pro here!

If you would like to report that MailCloak works with your email client or browser, or if you experience any problems installing or using MailCloak, please let us know!

MailCloak for Mail Clients now in public beta!

MailCloak for Mail Clients, a cross-compatible cousin of MailCloak for Firefox, is the first GnuPG encryption plug-in which works in any email program, and it’s super easy to use too! You just install it on your Windows XP or Vista computer and then continue sending email with your current email client.

MailCloak supports: Outlook, Outlook Express, Thunderbird, Foxmail, Eudora, Pegasus Mail, Lotus Notes, and more (we haven’t tested all email clients, but it works with everything we’ve tested).

To start using MailCloak for Mail Clients, you don’t have change a thing, just download, install, do a key exchange, and start sending strong GnuPG encrypted emails! MailCloak even works with your existing PGP keys.

Click here to go to the MailCloak for MailClients download page.

MailCloak for Mail Clients allows users of any POP3 or SMTP email service to use MailCloak’s GnuPG email encryption. GnuPG is strong PGP encryption with up to 4096 bit public keys, and MailCloak is compatible with all other GnuPG encryption programs, so with MailCloak you can send secure email to anyone on just about any platform.

MailCloak supports Outlook, Thunderbird, Eudora, and more (we think it supports all POP3/SMTP mail clients, but we can’t test them all).  If you use webmail, like Yahoo! mail or Gmail, try MailCloak for Firefox!

We worked really hard to ensure using MailCloak for Mail Clients is easy as pie.

To use MailCloak for Mail Clients install it and fire up your mail client – which ever it may be.

At this point you should notice the MailCloak floating menu. Right click it to turn it on, and send an email. MailCloak will automatically attach your public key to this message if you don’t have the recipients public key, or encrypt the message if you do. When you are done sending encrypted messages, simply turn MailCloak off and write emails as usual.

To make MailCloak even easier, we’ve created an automated testing program called Cryptobot. Turn MailCloak on to attach your public key to all outgoing email, send Cryptobot an email, and wait for a reply to see what happens!

After you give MailCloak for Mail Clients a whirl, please tell us what you think on the MailCloak Encryption Forum. You can also use the forum to ask us your questions. We’ll do our best to answer your questions and help you through any problems you might have.

You also can find documentation on our email encryption wiki.

gWebs Website Updated!

Just a quick note to say that we have updated our home page and some of our product pages.

Please check out the new design and comment to let us know what you think!

No Surprise: MailCloak earns Softpedia “100% CLEAN” AWARD

While it doesn’t come as a surprise to us that MailCloak has no Spyware, Adware or Viruses, we are proud to announce that MailCloak for Firefox has been awarded Softpedia’s 100% Clean” Award.

Softpedia says:

Softpedia guarantees that MailCloak Firefox 1.0 is 100% Clean, which means it does not contain any form of malware, including but not limited to: spyware, viruses, trojans and backdoors.

We knew we wrote good software using secure programming techniques and respecting user rights in every way possible, and this award simply affirms that we are not malware, however, it is nice to have get an award from a third party.

Misguided Impressions.
A majority of the people I talk to mistakenly think that email is safe. The slightly more tech savvy among us – people who read about things like email security in Wired or Cnet or Lifehacker, believe, incorrectly, that HTTP/S encryption will protect their email from eavesdroppers. Yet only the true security aware understand that it takes “end-to-end” and “data-at-rest” encryption to truly protect an email message across its entire life cycle. These individuals also understand that whole accounts are practically impossible to protect – so they concentrate on protecting the important messages.

While it is true that “data-in-motion” encryption like SSL and HTTP/S will protect emails from internet-café wireless eavesdroppers; we should be cognizant of the fact that that’s about all they protect us from. As the notorious Sarah Palin incident so poignantly illustrates, it doesn’t matter how you connect to your webmail, using just data-in-motion encryption is not enough.

So let’s get things straight. HTTP/S, SSL and TSL protect your messages as they travel from you to your email service provider or vice versa – usually the first fraction of a second in an email’s online life. During the rest of the email life cycle, HTTP/S encrypted emails exist in plain text. Only true end-to-end encryption, encryption like MailCloak, FireGPG, Enigmail and PGP provide, can protect an important email for it’s entire life cycle.

The Email Life Cycle:
Below as an outlined the life cycle of a typical email. As you’ll see, an email passes through a lot of hands (routers) between sender and recipient – and there’s no way to tell how clean these hands are. We will use the example of you, a gmail user, sending email to your friend Alice, a Yahoo! Mail user, to make things more concrete.

1.    You write an email and click send.

2.    The email travels from your computer over your LAN to your router, it then “hops” to your ISP, and then over the Internet to Google’s nearest gmail data center. The connection between your computer and Gmail may be encrypted with HTTP/S. If so, your message will be protected across these hops (I usually count 12-15 hops on a traceroute to gmail). If you didn’t use HTTP/S, each of these routers could (and many of them do) copy and index your message – you have no way to know.

3.    The message arrives at Google, and is indexed and saved on redundantly backed up servers. You can now see your message in your “sent” mailbox.

4.    Google now sends your message across the Internet to Yahoo’s datacenter. You can’t do a traceroute from Google to Yahoo, but you can assume that the route takes at least a few hops. At this point your message is traveling in plain text, so each router between Google and Yahoo can copy and index your message. And of these routers may be located in a government surveillance center.

5.    Yahoo! receives and indexes your message, then transfers it to Alice’s inbox.

6.    Alice now connects to Yahoo! and downloads the message. Again, the message hops over a dozen or more routers or computers before reaching Alice.

7.    Alice reads the message.

8.    The message and attachment resides indefinitely on Google’s and Yahoo’s servers. Anyone who logs into either your or Alice’s account can search the account, and if they search the right keywords, they will find your message.

Protecting an Email Message Throughout its Life Cycle.
It turns out that with minimal changes to this life cycle and the user experience, a message can be permanently protected from any and all eavesdroppers. All one has to do is encrypt (cloak/scramble) the message between steps one and two (after clicking send, but before the message goes out over the network), and decrypt the message between steps six and seven (after downloading, but before reading) and the message will always be safe, because it will never be exposed to the internet in plain text. This is called end-to-end encryption because your message is only in plain text at the endpoints. It’s also called data-at-rest encryption, because the email is only stored as an encrypted message.

MailCloak and Standards-Based Encryption
MailCloak, along with a host of other OpenPGP based programs, will all help you to encrypt your messages with end-to-end encryption. When we wrote MailCloak, we chose to use GnuPG OpenPGP encryption because all OpenPGP programs can talk to each other – and there’s an OpenPGP program for just about every computing platform out there. If you have Windows XP and you use Gmail, Hotmail or Yahoo! Mail, or a standard POP3 Email Client, you can use MailCloak – MailCloak will be available for Vista and Windows 7 soon. If you have Mac or Linux we recommend FireGPG for Gmail on Firefox, Enigmail from your POP Mail.

These great tricks will have you using Gmail with multiple accounts. And doing it in style: faster, easier, safer, and with less trouble then ever before. Check ‘em out and let us know your favorite tricks.

1. (Automatically) Reply from the same address the message was sent to.

2. Check your POP Mail NOW!

3. Label Mail by account.

4. Use Colorful Labels to make them stand out!

5. Choose the right email address when sending mail.

6. Add Email Encryption

And: Reader Tricks (in comments)

Read the rest of this entry »

MailCloak Personal Edition, Email Encryption for Firefox is finally open for Beta Testers!

MailCloak is the new GPG based email encryption add-on for today’s top webmail services. MailCloak encrypts Google Gmail, Yahoo! Mail and MSN Live Hotmail with super strong 4096-bit key GPG encryption.

After you have installed MailCloak, you will be prompted to create a key pair, once that’s done you’re ready to go.

Check out our detailed quick-start guide if you want some hand-holding, otherwise go ahead and login to your web-based email account (This version supports Google’s Gmail, Yahoo! Mail and MSN Live Mail) and send someone an email. If MailCloak is turned on, your public key and an invitation to MailCloak will automatically be attached to this email. If the recipient is using GPG, PGP, or MailCloak, They will be able to send you encrypted email. When you get their key, you will be able to send them encrypted email. We’ve also created Cryptobot to make this easy to test.

Open Source Encryption, closed source connectivity.
We chose to build MailCloak on top of the industry standard, open source GNU Privacy Guard (GPG/GnuPG). GPG uses the OpenPGP standard, first written by Phil Zimmerman in 1982, OpenPGP-standard compliant encryption is used by 96 of the top fortune 100 companies, the Department of Defense, and millions of home and business users around the world.

Last night I was at the Beijing Tweetup and had an interesting conversation with Rebecca MacKinnon and Andrew Lih about NGO and journalist security needs, which got me thinking this morning - NGO’s and Journalists really need an easy-to use-security tool designed to provide them with 100% fail-proof anonymity and security - and MailCloak - our new encryption tool, is perfectly positioned to help them out.

Why is MailCloak positioned to help? Because MailCloak allows you to send email from Yahoo, MSN and Gmail, and protect your messages with strong encryption. Yahoo, MSN and Gmail - are these known for anonymity? Well, maybe they aren’t known for it, but they are great tool because you can create disposable email accounts freely and easily.

Here are the steps, most of which I have previously documented:

1. Setup your proxy connection (and turn it on) to keep your IP address private when accessing services you wish to remain anonymous
2. Create a new free, disposable Gmail, Yahoo! Mail or MSN Live Hotmail account. Remember, don’t use any real personal information.
3. Download and install MailCloak on your computer, and have your contact do the same.
4. Exchange public keys and test MailCloak by sending trivial messages to make sure they go through encrypted. Only send important information after testing the encryption.

That’s it!

Identity theft can be a scary thought that lingers on the edge of your mind. As more of life’s interactions are digitized, the odds that a hacker can get your information is increasing.

As Chris Hooley, a professional blogger, will tell you, identity theft can make the life you worked so hard to build a jumbled mess.

“Having your identity stolen is far more damaging than just losing money. I never realized how much of a tangled web finances and real life obligations where until I had to rebuild that web from scratch. When a thief cleared out my checking account from 5 different Bank of America branches using a fake ID, it basically turned my life upside down.”

Hooley had nearly $40,000 wiped out from his checking account in the span of few short days this past July. It took him months of hard work and hundreds of hours on the phone, calling every credit agency, every bank, and every customer service hotline, just to piece most of it back together.

We live in a world where it’s nearly impossible for you to control all of your personal data. For example, a Money Magazine article from summer 2005 exposed that one of Citigroup’s vendors couldn’t locate the financial records of nearly 4 million clients. The same article also revealed Card Systems, a credit-processing firm, had 40 million customers who were at risk because a hacker had gained access to their database.

As Hooley learned from his experience, “A lot of people you don’t know have access to almost everything about you. There is no such thing as privacy.”

Another victim of identity theft, only identified by their online handle “trixare4kids”, details the steps to take if you are a victim of identity theft. In her case, a hacker (or an unscrupulous employee at her health insurance company) got a hold of her social security number and wreaked havoc on her stable financial life by purchasing expensive furniture, cars, and opening additional credit cards in her name. 

While you can’t control all of your personal info, you should protect what you can. One place you can start to protect yourself from leaks is your email. Even if you know better than to write an email containing the personal information needed to steal your identity, a motivated hacker can often piece together the necessary info be aggregating the contents of many email messages. But if the hacker can’t read your email, they can’t get any info at all.

Encrypting your email is a simple way to avoid prying eyes. There are several consumer products on the market today that works with many email programs to encrypt email messages for additional safety.

Here at Global Web Security, we saw a need for a simple encryption solution with an easy-to-navigate user interface that works for most webmail styems, so we built MailCloak. MailCloak is designed to work with both webmail (such as Gmail, Yahoo! Mail, and MSN Live Mail) and POP3 clients (such as Outlook, Thunderbird, and Foxmail).

For more information on what to do if a hacker has compromised your personal information, check out the government’s anti-identity theft website.

Just because you typed in a password before accessing Gmail doesn’t mean you are the only one who reads your email.

It is a well-known fact that Gmail reads the contents of your email messages in order to determine which AdSense ads should be displayed.

Don’t believe me? Check this out.

Read the rest of this entry »