Gwebs Cryptographer

Some changes ahead

I’m wrapping up my work here in Gwebs company and within China. It has been pleasant to work here and with nice atmosphere. So many new things learned and gained the idea of business in China. But like said, time flies and now it’s time for me to head back to Finland, finish up my studies and head for the new challenges. Anyway before that, I still have some ideas and things to share with you.

I mentioned earlier in my posts that I will test Google Wave, when it will come available for everyone. Well, I have to pass this job to my colleagues, ’cause the Google Wave for regular users hasn’t been released yet. Only the test version for selected persons is available so far. (Here is the post about Google Wave.)

Then some other things which I also mentioned earlier, is that I’m willing to try out the Windows Mobile 6.5 with some email encryption application and see how well it will work with our MailCloak encryption software. Well, guess what ? Windows Mobile 6.5 hasn’t been released yet for HTC Touch Diamond 2, so I have to wait until end of this or next month. So far, the estimated release date is “during October/November 2009″, so still some time to go. Maybe I’ll try it out back in Finland and then just send the results to my colleagues, ’cause I think that this topic is very interesting for mobile users like me. These mobile issues are getting more and more important, because the smart phone markets are increasing rapidly.  (Here is the post about email encryption mobile usage.)

What else ?
I guess, quite many people found out that Windows 7 is finally released and available for consumers. So we took a sneak peek for that to check how different it really is, and how are the security issues handled there. For me it has always been as a thought in my head that Microsoft Windows and security doesn’t really belong in to the same sentence, at least not in a positive way. But we will see, I’m open-minded with this one, so much good I have heard about Windows 7 during the beta-testing.

Gwebs, email, encryption, google, new, software email, Email Encryption, encryption, Google Wave, Gwebs, MailCloak, Mobile, Windows 7, Windows mobile 6.5

Social networking seems to be pop right now, how many people you know that they use / don’t use social network applications like Facebook, Twitter, MySpace, Orkut, XiaoNei (校内 in China), or other ones. Can you honestly say that you have never even heard of these applications ? Yeah, that’s what I thought.. These apps are integrating to our daily life, and eventually someone will ask “How we kept in touch with our friends before social networks?” Just like my friend’s kid asked me once that “What you were doing at work before internet?”. I think these questions will make people to think that how dependent they really are about technology and services.

But more interesting is that how many people really trusts into these open and free networks. Some time ago Facebook got so much publicity when they announced that all data what users have put in it will be theirs, so basically all the personal data, pictures, videos, etc. Then just a bit later, they told to users that there are no worries, that everything will be just fine. And now, hardly no-one even remembers that anymore.

It seems to be that internet is so full about different kinds of social networks and applications which are collecting users private data. And I think it will be only the matter of time when someone will steal all that data, ’cause normally these services are not having so strong security. One reason might be the money issue, although I guess nowadays quite many people will be interested to pay a bit for example the usage of Facebook, if they can be sure that all their data is secured. But on the other hand, there are plenty of users who think beforehand that what information they are willing to share and which information not. And just like Barack Obama advised kids, that be aware that once you post something into the internet, you can be sure that I will be digged up later, if it can be used against you. So maybe it will be nice to take a look for Facebook Etiquette as well, although most of these things are more or less self-evident, but I think still worth of reading through.

I read a couple of articles some days ago about privacy and security issues in social networks/webs, just like Facebook, MySpace, Twitter, and so on. (Links to the articles at the end.) These articles are mostly pointing out the same issues which I wrote above, that it’s really users own responsibility what to share and for whom to share it. So many instances are following social networks also like friends, colleagues and family, everybody you like but also quite many you maybe haven’t thought about. Like your boss, different organizations and companies, so basically if you’re planning to apply for a new job, it might be that your profile will be checked through before you will get invitation to the interview. And also talking about that in social network, might make your boss feel unease.

But that’s not everything about privacy issues, there’s also some other things to point out as well. Nowadays, it seems to be that mobile phones are getting closer to laptops and vice versa, so it’s quite normal to update social network profiles through mobile phone. And for up-to-date user it might be self-evident to have anti-virus software also in a mobile phone, but I can tell for sure that most of the users don’t have, any kind security software in their mobiles “I don’t need it, this is Just a phone”, but anyway the users are using all the same programs and applications as with computers. So, basically all the data what user is keeping in secret in his/hers computer, user will freely use in mobile, without thinking that the same “evil”-internet is waiting there as well.

The thing which I brought up the mobile phones into this also, is that what makes people think that if they use one secured system in one place, it won’t be useful, if they use same data with non-secured systems elsewhere. And this includes everything, not only social networks, but emails, contacts, files, pictures, etc.

A while ago there was news about new type of identity / private data phishing, basically there are some applications within social networks, which are collecting different kind of data from users. And then some identity thiefs have been using that data to create virtual-friends for users. So the main idea is that these virtual-friends are sharing something common with user, belonging to same groups or have same interests, then they’re sending friend requests to users. And if user will accept their request, then they will collect all data from that user, what they think is useful for them. Maybe email addresses, phone numbers, street addresses, photos, videos, etc.  So nowadays it’s really recommended for people to check what kind of information they are sharing from themselves and are they really willing to tell all their secrets or thoughts to everyone.

I personally like social networks a lot, and I like that there’s some place where I can enter almost from anywhere to check how my friends are doing and letting them know what’s up in my life as well. I haven’t paid much attention for security issues in social networks, but now after reading these articles, I might take another look for some apps properties and privacy options.

Some of you might think now, that what will be my result to solve these privacy issues, well frankly speaking there is no solution. I can only encourage everyone to think twice before posting anything to social networks,  text, comments, pictures, video, files, etc. what ever is on your mind. Sometimes you might think that with this post your friends appreciate you more or you will get publicity, but be aware that all that data will be saved somewhere and it might pop-up later, when you cannot expect it to happen.

Here are the links for the articles I mentioned earlier:
Fast Company’s article: Privacy and Security Issues in Social Networking
Computer World’s article: Protect your privacy on Facebook and Twitter

Some other articles related to this topic:
Google Warns of Privacy Issues on the Social Web
Exclusive: U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets

Security, email, personal, privacy, software application, email, Facebook, Mobile, myspace, orkut, privacy, Security, social network, software, twitter, xiaonei

Back at the old times, when I was a active student I used to use email a lot, for writing to my study-mates for setting up groupworks, to my professors to ask questions, for my family to keep in touch. Email started to be one of the main communication way. It was just so easy, fast and convenient. You don’t have to wait that the other person is available, you can write it a bit, save it and continue later, so you don’t have to bother someone many times to get all the information you really need. You can use email almost anywhere, especially if you’re using any kind of webmail, just have internet connection - log in and handle your mails.

Now when I’m looking back in time, it was really like that. But nowadays when all kinds of social networks and instant messengers (IM) are available, I can see that I’m not really using email so much anymore. It seems to be “too slow” way to contact people. I guess this technological awareness is really taking place in today’s daily life. People are getting so used to use different methods to keep in contact immediately. If one cannot reach you from any IM or social network, it might be that the person will give you a call or send a SMS. Just because they want to exchange the information now.

Sometimes I feel that it’s really distressing, that you have to be reachable always, because of projects, work, friends, family, etc. And if you are not reachable people will feel annoyed, it just seems that no-one is not allowed to have their own time anymore. And I’m not talking about vacations now, normally vacation time is sort of “holy-time” of course this depends pretty much that what kind of job you’re doing and what’s your responsibilities in the company. And who can say that after a couple of weeks vacation the email-inbox is empty ? I can tell you for sure, that mine is not. If there’s less than 100 emails I can be happy.

I made a little enquiry within our staff, that how they feel and use their email, encryption software and other software. This research was quite interesting, because the most of our staff is Chinese and I was quite amazed about some of the answers.

According this enquiry, I think usage of email is culture related, more or less. With this amount of data it would be close to impossible to hand out any inclusive report. I think that peoples’ opininions are anyhow quite different here in East that they are at West, I mean opinions among tech-related people. I won’t analyze the results themselves, just take a look and make your own judgement.

Well, here are the questions what we asked and also the results what we got. The results are in blue, that it will be easier to follow.

Enquiry -  We asked for short answers with arguments and here’s the conclusion.

Habits of e-mail usage ?
For what kind of communication you are using e-mail ?
For most of repliers e-mail is mostly used for work or business purposes, sending data, files, documents and pictures when the receiver is not reachable with instant messenger (IM).

How fast you’ll expect that the recipient will answer you  ?
The most of the people wish to get a reply within a same day, some even within one hour. Only a couple of answerer were satisfied if they will get reply within 2 or 3 days.

Do you check your email daily ? hourly ? weekly ? sometimes ?
Almost everyone is checking their email daily or several times per day.

How important e-mail is for you ? Can you live one week / one month without e-mail easily ? If you’re not able to check your emails will you go crazy ?
Here the answers were basically divided into two, approx. half of the repliers told that they use email only for work or business, so they can live easily without it, and they won’t go crazy if they cannot check their email (of course depending if they will work that time or not). Then the other half seems to be more dependable about email, and they will go crazy if they cannot check their email even once within 3 days.

What did you expect when you first time used any kind of e-mail encryption software ?
Did you think that it will make your life more secured ? (From what?)
Almost everyone told that they feel more secured when they use email encryption, and the most common reason was privacy. They don’t like the idea that someone is snooping and reading their emails.

Did you thought that what might happen if you lose your encryption/decryption keys ?
Here also the answers were basically divided into two, the first group admitted that they didn’t thought that what might happen if they lose their keys. The other group seemed to have some experiences about this already and it seemed to be that someones are getting angry for the software for losing those keys, even if the fault was their own. And this normally led for changing the encryption software.

How did you felt when you used one (software) ? Did it effect immediately, giving you the emotion of security ? Or all the worries, “What if ?”
For everybody the first feeling was very positive, strong feeling that “now I’m secured”, but some of the repliers admitted that later they start to wonder with “what if?”-questions and also feeling annoyed of all inconveniences with the software, like reading email in many places, all the time feeling worried about the keys and so on.

When you tried some encryption software, did you think that “this is it!” I’ll use this forever or did you tried to find a better one, more secured one ?
The most of the answerers have been searching better ones after trying the first one. A Few told that they don’t mind to change their software but the current one is just fine too.

How do you feel about Free and Not-free software will it cause you feeling of trust/mistrust ?
All repliers think that free software is basically just for testing it and seeing the main features. And that the not-free ones are better, more reliable than free ones.

When you see free software, will you think how nice, there are still some kind people to offer this kind of tool free ? Or will you think that is there something behind “hidden” ? Will this company use my data for something else ? Maybe illegal activities ?
Quite many replier thought that there has to be something “hidden”, but still most of these repliers were not so interested if the company uses their data for something or not. Someones thought that the software can be free, ’cause the company will get funding from advertisements or from some foundations.

By which criteria you choose the software which you are using ? Free ? Well known ? Easy to use ?
Every single replier told that the most important things for their software is that it’s well-known and easy to use. If it is free of charge, even better, but someones said also that if the software is good enough, they will gladly pay for that it makes their life easier and more secured.

How you can trust that free software is really free ? or how you can trust that the software (what was SO expensive) is more trustworthy than the free one? Can you?
This question was made in purpose to be familiar with the earlier one. This question raised up the idea what I was willing to see.
If the company offers only   software which is free of charge the most of people don’t trust for it, but if they have for example products for individual use for free and for business use chargeable ones, then it’s fine. Then it’s the interesting part, the most of the repliers also thought that if the software is free of charge and open-source then it must be trustworthy, because basically anyone can check and modify the source code. Although, within security softwares this rarely happens, ’cause otherwise the hackers can see it too and then it’s not safe anymore.

Does the cost of software give you any kind of idea how good it might be or how trustworthy it is ?
The most of the repliers thought that the amount of money or cost is not really related for that how good it is. Quite often the most expensive one is having already so many features that it won’t be easy to use anymore.

Will you use any software which is delivered by government or other authority ? Why ?
Only one of the repliers is using software delivered by government and only because it’s required by the other business partner. Other ones thought that they won’t use any software which is delivered by government, because the software might include some spy-ware.

Gwebs, Security, email, encryption, privacy, software email, encryption, enquiry, Gwebs, IM, privacy, Security, social network, software

MailCloak Pro is now in Public Beta!

MailCloak for Pro is a combination of all of Global Web Security Systems’ breakthrough encryption programs, and a little more. Download MailCloak Pro here!

MailCloak Pro = MailCloak for Firefox + MailCloak for Mail Clients + MailCloak for Internet Explorer (only available in MailCloak Pro)!

MailCloak was designed from the ground up to be the first encryption program for browser-based email, and POP3/SMTP email. MailCloak Pro supports ALL mail clients, while making GnuPG public-key encryption so simple anyone can use it! And everyone using it is the goal, That’s why MailCloak works with today’s most popular webmail systems as well.

Now you and your contacts can easily exchange encrypted email, and it doesnt matter what they use - Gmail on Firefox? Hotmail in Internet Explorer? YourCustomDomain.Com with Outlook (custom domains are only supported in Outlook and our upcoming SMB version)? They’re all supported! And MailCloak works with cross platform systems too -  that’s because we use the Gnu Privacy Guard MailCloak compatible with tons of other GPG programs on any platform you can think of. Mac, Linux, even legacy DOS users can exchange email with MailCloak users.

Key features include:

Automatic Key Exchange: MailCloak’s automatic key exchange feature automatically attached your public keys to outgoing emails, and automatically imports your contact’s public keys from incoming emails.

Automatic Encryption: Just turn MailCloak on and send email as usual - if you have already done a key exchange, your email will be encrypted.

Respect for Privacy: MailCloak stores your keys on your computer, not ours. So you can be confident that only you and your recipients can read MailCloak encrypted emails

End-to-End Encryption: MailCloak encrypts your email on your computer, and decrypts it on the recipient’s computer. Absolutely no one else will ever be able to read your email. See my previous post to understand the difference between HTTP/S encryption and End-to-End encryption.

Here’s an animation of MailCloak working in Mozilla Thunderbird:

MailCloak Pro is tested and works with the following email clients:

• Outlook 2002
• Outlook 2003
• Outlook2007
• Foxmail 5
• Foxmail 6
• Outlook Express 6
• Koomail 5.32
• Thunderbird 2.0.0.21
• DreamMail 4.4

If you don’t see your email client on the list, don’t fret, MailCloak for Mail Clients  works with most (all that we’ve tested) Windows XP POP3/SMTP Mail clients- so go ahead, download MailCloak and give it a spin.

MailCloak has also been tested on following web browsers:

Mozilla Firefox 3.0 - 3.1b (not included in our current beta, but can be added seperately with a free download and will be included in future releases.)

Microsoft Internet Explorer 6， 7

And all Trident based browsers, including (but not limited to):

• Avant Browser  11.0
• gisoon 1.0
• GreenBrowser 5.0
• maxthon 2.0
• MyIE 3
• Tencent Treveler 4
• The World Browser 2

Download MailCloak Pro here!

If you would like to report that MailCloak works with your email client or browser, or if you experience any problems installing or using MailCloak, please let us know!

Gwebs, MailCloak, Release, Security, email, encryption, new, software Email Encryption, email encryption software, Release

MailCloak Personal Edition, Email Encryption for Firefox is finally open for Beta Testers!

MailCloak is the new GPG based email encryption add-on for today’s top webmail services. MailCloak encrypts Google Gmail, Yahoo! Mail and MSN Live Hotmail with super strong 4096-bit key GPG encryption.

After you have installed MailCloak, you will be prompted to create a key pair, once that’s done you’re ready to go.

Check out our detailed quick-start guide if you want some hand-holding, otherwise go ahead and login to your web-based email account (This version supports Google’s Gmail, Yahoo! Mail and MSN Live Mail) and send someone an email. If MailCloak is turned on, your public key and an invitation to MailCloak will automatically be attached to this email. If the recipient is using GPG, PGP, or MailCloak, They will be able to send you encrypted email. When you get their key, you will be able to send them encrypted email. We’ve also created Cryptobot to make this easy to test.

Open Source Encryption, closed source connectivity.
We chose to build MailCloak on top of the industry standard, open source GNU Privacy Guard (GPG/GnuPG). GPG uses the OpenPGP standard, first written by Phil Zimmerman in 1982, OpenPGP-standard compliant encryption is used by 96 of the top fortune 100 companies, the Department of Defense, and millions of home and business users around the world.

Gwebs, Security, email, email encryption, encryption, software encryption, firefox add-on, GPG, PGP, Release

Recently, all of the big email providers in the consumer arena, including Yahoo! Mail, Gmail, and MSN Live Mail have begun to offer “security solutions”.  Google Apps, Microsoft’s Live Admin Mail, Bluetie and Rackspace also offer business security solutions for both small and large enterprises.
But what are these solutions, and how does our new product, MailCloak, differ from them?  In this blog post Sarah Yu, Global Web Security Systems’ (gWebs) marketing executive, interviews gWebs CTO and lead programmer Jin Anderson to discuss what’s happening in the email security space and how MailCloak differs from the security solutions already offered by these providers. I have translated this post from the original Chinese.

“Let’s take the metaphor of snail-mail. The username and password authentication system is a lot like the key to a mailbox. If this key is copied or stolen, all the mail inside can be stolen and read. But MailCloak is like a steel envelope. It will protect the message even if an intruder guesses or steals your login credentials.”

Read more…

Security, email encryption, encryption, interview, software Email Encryption, Email Security, gWebs Team

Well, we’ve had a working beta for several weeks now… but just working isn’t enough, so we have been adding features for the last few weeks. MailCloak now supports 11 email providers: Gmail, Hotmail, Live, MSN, Yahoo!, tom.com Sina, Sohu, 163, and more. We have updated our configuration page, got draft and attachment and message encryption working and stable, and whole lot more. We are now in the last phases of internal beta testing and, if all goes well, we will open our beta to the public some time next week.

Gwebs, Security, email, email encryption, encryption, software email encryption software, MailCloak, Update

Here at Global Web Security we have been working round the clock to bring our users a new, brighter, better, more functional and more interesting website. Our homepage has undergone a complete rewrite and redesign.

We’ve added a forum and tons of information about our MailCloak software (which provides strong encryption for webmail), as well as brief introductions for products that are in development: PassDancer our biometric authentication software, DriveCloak and DocCloak. In-depth documentation is coming soon!

Also MailCloak is now “open” for beta testing. Sign up here!

About MailCloak: MailCloak is Strong encryption software for Webmail. MailCloak utilizes GnuPG to encrypt email on Gmail, Yahoo! Mail, Hotmail and re em

Security, email, email encryption, encryption, software Email Encryption, email encryption software, Email Security, Gwebs, MailCloak 3.0, MSN Live!, Webmail Encryption, Yahoo! Mail

The WebmailSafety Tour!

WebmailSafety is Gwebs new encryption product for Gmail, Hotmail, Yahoo! Mail and AOL Mail and with WebmailSafety’s new 2.0 release out yesterday, it’s high time for a walkthrough!

But first, be sure to download WebmailSafety 2.0 at www.gwebs.com!

1. The First Time You Run Gwebs WebmailSafety
2. Logging into Webmail With A Secure Browser
3. Receiving Normal Email
4. Receiving Encrypted Email
5. Sending Normal Email
6. Sending Encrypted Email
7. The Invitation Process

1. The First Time You Run Gwebs WebmailSafety.
   1. Follow the wizard to create a WebmailSafety account and bind one or more email addresses to it.
   2. When you create an account, WebmailSafety automatically generates a key pair
      (a public key and a private key,)
      and binds it to your new account.
2. Logging into Webmail With A Secure Browser.
   1. Run WebmailSafety and click on a bound email address.

   

   2. WebmailSafety launches a safe version of Microsoft Internet Explorer (The plug-in is only installed when you
      launch MSIE from within WebmailSafety) and directs it to the correct domain.

   

   3. Manually login.
3. Receiving Normal Email: It Just Works!
4. Receiving Encrypted Email: It Just Works!
5. Sending Normal Email.
   1. Go to the Gwebs icon in the Windows Task Bar and select “Disable Temporarily” so that it becomes checked.*
   2. Send email as usual.

*The WebmailSafety Tray Icon should appear inside a circle with a line through it. (like this: )

6. Sending Encrypted Email.
   1. If WebmailSafety is disabled, go to the Gwebs icon in the Windows Task Bar and select “Disable Temporarily” so that it becomes unchecked.*
   2. If attaching files be sure to enter your recipient before selecting the files, so that WebmailSafety
      knows who’s key to use when encrypting the attachments.
   3. Send email as usual.**

*The WebmailSafety Tray Icon should appear normal. (like this: )

7. The Invitation Process: If you don’t have a person’s public key.
   1. WebmailSafety will notify you that you don’t have their public key.
   2. Enter a Passphrase.

   

   3. WebmailSafety uses AES-256 Symmetrical Encryption to encrypt your email with this passphrase.
   4. WebmailSafety automatically attaches your public key and a WebmailSafety download link to this email so the recipient can easily install WebmailSafety, read, and reply to this email.
   5. Call, SMS, IM, or use some other method to tell your contact this passphrase.
   6. When the recipient replies to this email, their public key will be attached to their reply
   7. Now that you have their public key, simply send them email from the safe browser and it will be encrypted.

Well, that’s it for the walk through! Hope you enjoyed it, and don’t forget to check out www.gwebs.com for more info and new downloads!

Gwebs, Security, WebmailSafety, email, email encryption, encryption, help, how to, software, walkthrough decryption, Easy To use, encryption, Gwebs, how to, Instructions, tour, Walk Through, webmail, WebmailSafety

WebmailSafety 2.0 Released!

WebmailSafety v1.0 was the world’s first public key encryption product designed for webmail from the ground up. Version 2.0 adds a host of new features designed to make webmail encryption even easier.  Download WebmailSafety 2.0 here!

New Features:

• RSA 2048 bit public key encryption for Webmail.
• Supports Gmail.com, Hotmail.com, Live.com and Yahoo.com.
• New Multi-User Interface with Avitars.
• Auto-Update.
• Tray Icon Now Provides Total Control.
• Improved Key Management.
• Improved Invitation Process.
• Improved English Language Support.
• New French Language Support.
• New Hot-Key and Desktop Integration.
• Multiple Recipient Support.
• And Many More!

And now for some screen shots!

Here is the Login screen:

Encryption From Gmail:

The Windows Tray:

File Encryption:

Auto-Update:

Now what are you waiting for? Download WebmailSafety 2.0 at www.gwebs.com!

Release, new, software encryption, Features, Gwebs, new, Release, software