Gwebs Cryptographer

Last night I was at the Beijing Tweetup and had an interesting conversation with Rebecca MacKinnon and Andrew Lih about NGO and journalist security needs, which got me thinking this morning - NGO’s and Journalists really need an easy-to use-security tool designed to provide them with 100% fail-proof anonymity and security - and MailCloak - our new encryption tool, is perfectly positioned to help them out.

Why is MailCloak positioned to help? Because MailCloak allows you to send email from Yahoo, MSN and Gmail, and protect your messages with strong encryption. Yahoo, MSN and Gmail - are these known for anonymity? Well, maybe they aren’t known for it, but they are great tool because you can create disposable email accounts freely and easily.

Here are the steps, most of which I have previously documented:

1. Setup your proxy connection (and turn it on) to keep your IP address private when accessing services you wish to remain anonymous
2. Create a new free, disposable Gmail, Yahoo! Mail or MSN Live Hotmail account. Remember, don’t use any real personal information.
3. Download and install MailCloak on your computer, and have your contact do the same.
4. Exchange public keys and test MailCloak by sending trivial messages to make sure they go through encrypted. Only send important information after testing the encryption.

That’s it!

Security, email, email encryption, encryption, government Anonymous, email, NGO, proxy, Security

Identity theft can be a scary thought that lingers on the edge of your mind. As more of life’s interactions are digitized, the odds that a hacker can get your information is increasing.

As Chris Hooley, a professional blogger, will tell you, identity theft can make the life you worked so hard to build a jumbled mess.

“Having your identity stolen is far more damaging than just losing money. I never realized how much of a tangled web finances and real life obligations where until I had to rebuild that web from scratch. When a thief cleared out my checking account from 5 different Bank of America branches using a fake ID, it basically turned my life upside down.”

Hooley had nearly $40,000 wiped out from his checking account in the span of few short days this past July. It took him months of hard work and hundreds of hours on the phone, calling every credit agency, every bank, and every customer service hotline, just to piece most of it back together.

We live in a world where it’s nearly impossible for you to control all of your personal data. For example, a Money Magazine article from summer 2005 exposed that one of Citigroup’s vendors couldn’t locate the financial records of nearly 4 million clients. The same article also revealed Card Systems, a credit-processing firm, had 40 million customers who were at risk because a hacker had gained access to their database.

As Hooley learned from his experience, “A lot of people you don’t know have access to almost everything about you. There is no such thing as privacy.”

Another victim of identity theft, only identified by their online handle “trixare4kids”, details the steps to take if you are a victim of identity theft. In her case, a hacker (or an unscrupulous employee at her health insurance company) got a hold of her social security number and wreaked havoc on her stable financial life by purchasing expensive furniture, cars, and opening additional credit cards in her name. 

While you can’t control all of your personal info, you should protect what you can. One place you can start to protect yourself from leaks is your email. Even if you know better than to write an email containing the personal information needed to steal your identity, a motivated hacker can often piece together the necessary info be aggregating the contents of many email messages. But if the hacker can’t read your email, they can’t get any info at all.

Encrypting your email is a simple way to avoid prying eyes. There are several consumer products on the market today that works with many email programs to encrypt email messages for additional safety.

Here at Global Web Security, we saw a need for a simple encryption solution with an easy-to-navigate user interface that works for most webmail styems, so we built MailCloak. MailCloak is designed to work with both webmail (such as Gmail, Yahoo! Mail, and MSN Live Mail) and POP3 clients (such as Outlook, Thunderbird, and Foxmail).

For more information on what to do if a hacker has compromised your personal information, check out the government’s anti-identity theft website.

Security, email, encryption, privacy

I recently read an interesting article by “security guru” Bruce Schneier (with more interesting comments) discussing tourist scams.

Its’ not just tourists that get scammed though. Scammers and phishers are everywhere, in real life, and on the internet, trying to find a way to separate you from your money.

Recently I have noticed a wave of SMS (text) messages asking for money. The other day I got one claiming to be my girlfriend - the writer said they had lost their wallet and phone and could I please transfer $1000 to such and such a bank account.

Another day I was having dinner with a friend who’s father called. My friend’s dad was worried sick - he had gotten a text message from someone claiming to be his son, asking for money because he was in trouble with corrupt cops. My friend laughed, screaming over the din of the convivial hotpot restaurant, that he was perfectly ok.

Aside from SMS scams, there are lots of other kinds of scams. Check out the email above, which is an obvious part of a phishing scam. First of all, you should notice that the URL or Link doesn’t point to HSBC.com, but rather to “accountmaintenance.com” - and aside from that, you should know that no bank would ever send you an email like this. But, if for some reason you think they might be telling the truth, remember the golden rule: always login to the bank the same way - type their address into the location bar of your browser.

This could Watch out for SMS scams, email scams, phishing scams, and read more, more, and more.

Security, encryption Email Security

Don’t let the title scare you! It’s actually quite easy.

So, you have an SSH account somewhere (you may not even know it, but if you have a web page or a blog, most likely your host provides you with an SSH account) and you want to browse the web through a proxy… Well it took me a while to figure it out, but I have a quick solution for Windows, Mac and Linux.

Basically, here’s what happens:

Read more…

encryption, how to, privacy, walkthrough how to, life hack, linux, mac, proxy, quick tricks, ssh tunnel, tutorial, Walk Through, windows

My computer is every hacker’s dream: chock-full of personal information that can be used in deliciously evil ways. Stored on my hard drive are electronic copies of my passport, previous tax returns, and a plethora of other files that contain sensitive information. If accessed, this information would allow someone to easily steal my identity or worse.

Thankfully, I encrypt those files (meaning the only person who has access to them is me). I am the only person that knows the encryption password (sometimes called a passphrase) used to decrypt my files for viewing. Without the password, the files cannot be accessed.

Hackers and personal information aside, let’s pretend the files I encrypted contain incriminating information. Hypothetically speaking, could someone use the law to force me to divulge my encryption password so they could access my files?

Read more…

email, encryption, government, law, passphrases, privacy 5th amendment, encryption, law, password

Recently, all of the big email providers in the consumer arena, including Yahoo! Mail, Gmail, and MSN Live Mail have begun to offer “security solutions”.  Google Apps, Microsoft’s Live Admin Mail, Bluetie and Rackspace also offer business security solutions for both small and large enterprises.
But what are these solutions, and how does our new product, MailCloak, differ from them?  In this blog post Sarah Yu, Global Web Security Systems’ (gWebs) marketing executive, interviews gWebs CTO and lead programmer Jin Anderson to discuss what’s happening in the email security space and how MailCloak differs from the security solutions already offered by these providers. I have translated this post from the original Chinese.

“Let’s take the metaphor of snail-mail. The username and password authentication system is a lot like the key to a mailbox. If this key is copied or stolen, all the mail inside can be stolen and read. But MailCloak is like a steel envelope. It will protect the message even if an intruder guesses or steals your login credentials.”

Read more…

Security, email encryption, encryption, interview, software Email Encryption, Email Security, gWebs Team

Sometimes you send and receive important email.

Do you know who is watching?

Your email can be viewed by anyone with access to the systems it passes through.

Check out this new video, and then start protecting your email!

MailCloak is compatable with dozens of email services. To learn more, check out Global Web Security’s Offical Website!

PGP, Security, email, encryption, privacy Email Encryption, global web security, gmail, gmail encryption, google, hackers, MailCloak, msn, protection, safety, Security, Video, yahoo

Well, we’ve had a working beta for several weeks now… but just working isn’t enough, so we have been adding features for the last few weeks. MailCloak now supports 11 email providers: Gmail, Hotmail, Live, MSN, Yahoo!, tom.com Sina, Sohu, 163, and more. We have updated our configuration page, got draft and attachment and message encryption working and stable, and whole lot more. We are now in the last phases of internal beta testing and, if all goes well, we will open our beta to the public some time next week.

Gwebs, Security, email, email encryption, encryption, software email encryption software, MailCloak, Update

Here at Global Web Security we have been working round the clock to bring our users a new, brighter, better, more functional and more interesting website. Our homepage has undergone a complete rewrite and redesign.

We’ve added a forum and tons of information about our MailCloak software (which provides strong encryption for webmail), as well as brief introductions for products that are in development: PassDancer our biometric authentication software, DriveCloak and DocCloak. In-depth documentation is coming soon!

Also MailCloak is now “open” for beta testing. Sign up here!

About MailCloak: MailCloak is Strong encryption software for Webmail. MailCloak utilizes GnuPG to encrypt email on Gmail, Yahoo! Mail, Hotmail and re em

Security, email, email encryption, encryption, software Email Encryption, email encryption software, Email Security, Gwebs, MailCloak 3.0, MSN Live!, Webmail Encryption, Yahoo! Mail

Here at Gwebs, the makers of the world’s easiest encryption software, we’ve been hard at work on a new, completely re-written and altogether better version of WebmailSafety. So much about this product has changed that we’re even changing the name!

Gwebs WebmailSafety, which offers email encryption for Webmail and desktop clients, is now called MailCloak, and with version 3.0 on the way webmail users are in for some great surprises.

Like what?

The world’s easiest encryption software just got even easier!

Here are the basic features:

• Free!
• Automatic protection for emails and attachments.
• Supports Internet Explorer、Firefox and Outlook.
• Supports Gmail, Hotmail, Live mail, AOL Mail, Yahoo mail, 126 mail, QQ mail and 163 mail.
• Auto-update keeps you secure with the latest features and bug-fixes installed as soon as they are available.
• Simplified backup.
• Automatic Key Management.
• No Adware, Spyware, or Malware.
• Easy invitations.
• Automatic draft encryption.
• Enable/Disable with a single click.
• Supports English, Simplified Chinese, Traditional Chinese and French.

Read more…

Security, email, email encryption, encryption, google, personal Email Encryption, Email Security