Gwebs Cryptographer

Some changes ahead

I’m wrapping up my work here in Gwebs company and within China. It has been pleasant to work here and with nice atmosphere. So many new things learned and gained the idea of business in China. But like said, time flies and now it’s time for me to head back to Finland, finish up my studies and head for the new challenges. Anyway before that, I still have some ideas and things to share with you.

I mentioned earlier in my posts that I will test Google Wave, when it will come available for everyone. Well, I have to pass this job to my colleagues, ’cause the Google Wave for regular users hasn’t been released yet. Only the test version for selected persons is available so far. (Here is the post about Google Wave.)

Then some other things which I also mentioned earlier, is that I’m willing to try out the Windows Mobile 6.5 with some email encryption application and see how well it will work with our MailCloak encryption software. Well, guess what ? Windows Mobile 6.5 hasn’t been released yet for HTC Touch Diamond 2, so I have to wait until end of this or next month. So far, the estimated release date is “during October/November 2009″, so still some time to go. Maybe I’ll try it out back in Finland and then just send the results to my colleagues, ’cause I think that this topic is very interesting for mobile users like me. These mobile issues are getting more and more important, because the smart phone markets are increasing rapidly.  (Here is the post about email encryption mobile usage.)

What else ?
I guess, quite many people found out that Windows 7 is finally released and available for consumers. So we took a sneak peek for that to check how different it really is, and how are the security issues handled there. For me it has always been as a thought in my head that Microsoft Windows and security doesn’t really belong in to the same sentence, at least not in a positive way. But we will see, I’m open-minded with this one, so much good I have heard about Windows 7 during the beta-testing.

Gwebs, email, encryption, google, new, software email, Email Encryption, encryption, Google Wave, Gwebs, MailCloak, Mobile, Windows 7, Windows mobile 6.5

This guide will help you understand the basic facts about email security — what it is and why you need it.

What is Email Security?
On one level, email security is ensuring that your emails are secure: that is, it involves the maintenance of the basic information security concepts:

• Integrity - ensuring that your message has not had unauthorized alteration
• Confidentiality - ensuring that no unauthorized person (or process) has viewed the content
• Accountability - being able to prove who wrote the email
• Availability - ensuring that the email can be sent/received
• Non-repudiability - being able to prove that the recipient really did receive it

But more than the email itself is involved in email security. It also involves:

• Ensuring that you neither receive nor send malware hidden within the email or any attachments
• Minimizing the receipt of spam, scams, phishing expeditions and illegal content
• Ensuring that staff neither accidentally nor with malicious intent allow or send confidential, sensitive or illegal content within or outside of the company

Why do I need Email Security?

You need email security simply because failure to do so has both commercial and legal ramifications. An example that can illustrate both aspects would be infection with a highly destructive and virulent virus. Let us assume that your own systems are infected, and the virus payload is delayed but destructive: that is, you manage to infect, say, a competitor before this virus destroys your system.

The commercial implication is obvious: loss of your systems, data, records, etc. will be severely damaging if not fatal. But on the legal side, many lawyers believe that you could be held liable for any loss suffered by a third party that you infect, whether intentionally or even knowingly or not. If that third party were a competitor, then it would have little incentive not to sue the elbow off you.

And the history of internet litigation is already strewn with examples of both staff and competitors suing companies that have allowed compromising information to circulate within, or worse, to escape from, the company network.

It would be much safer to ensure your email is secure rather than risk the potential problems of insecure emails.

What do I need in Email Security?

Since so much is involved in email security, it is not surprising that you will be lucky to find everything you need in a single product. Just on the basis of the above discussion, you will need:

• Anti-virus software (to ward off viruses and worms)
• Anti-spyware software (to ward off trojans, adware and spyware)
• Anti-spam, -phishing, -scam software (to cut down on wasted staff time)
• Content security software (to make sure confidential, sensitive or illegal content is neither circulated within nor leaked from the company)
• A company email usage policy (to reduce staff misuse of the email, and give you some redress for when they do misuse it)
• And last but not least, a secure email (as opposed to email security) capability

The secure email system is possibly the hardest of all. The problem is that it inevitably involves encryption - and the only form of encryption that does not create administrative problems between the sender and the receiver is a Public Key Infrastructure (PKI). But PKI is expensive to run and administer - and gets you involved with even more requirements. For example, if you operate a PKI, then you need to consider identity management software and provisioning software. Nevertheless, if you are a large company with lots of sensitive data, then PKI is the obvious route. For single user RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) encryption method is a bit simplier and lighter to use. Quite many free encryption softwares are using RSA instead of PKI. The encryption is still “hack-proof”, which means that cracking it, it takes more than 100 years.

In particular, PKI and RSA can demonstrably provide four of the five security basics we noted at the outset of this article: integrity, confidentiality, accountability, availability, non-repudiability (availability is the one not specifically provided by PKI).

Where do I get Email Security?

If you are looking for email security software then you have a basic choice: you can look for best of breed point products in all of the above; you can look for an email security specialist that bundles different aspects within a single product or suite; or you can go for a hosted service. Or then you can just download our MailCloak-software from our company’s website (www.gwebs.com/mailcloak.html). Yes, it’s free!

Other related topics:

Encryption for Dummies
http://opsec.spaces.live.com/blog/cns!62F870188540FB1E!1097.entry

Public Key Infrastucture, PKI, encryption for dummies
http://www.networkworld.com/news/64452_05-17-1999.html

Public Key Infrastructure, PKI (Wikipedia)
http://en.wikipedia.org/wiki/Public_key_infrastructure

RSA encryption (Wikipedia)
http://en.wikipedia.org/wiki/RSA

Terminology and encryption algorithms
http://www.easeus.com/resource/encryption-algorithms.htm

Gwebs, PGP, Security, email, encryption, how to, personal, privacy email, encryption, guide, MailCloak, PKI, RSA, Security

I guess everyone who is using Gmail and/or other Google Apps have heard about this new Google Wave, which suppose to be mind blowing and transform the concept of email. Well, so far it’s a bit too early to say will this happen, because the release date of Google Wave will be at the end of this month, Sep 30th.

According several blog writings and articles Google Wave won’t put Gmail or Google Apps aside, at least not yet. It just seems to be Gmail with some extra features. So far, I have been using Gmail, G-talk (also with voice and video), Google Docs, calendar and other functions too as well. So when I’m watching the picture, it doesn’t seem to be SO different than Gmail. It just that all the functions and features are in a same box, inbox.

At the beginning this seems to be a bit confusing, but unfortunately the pictures or videos are not giving the whole truth. For me, I really want to experience it by myself before making any judgement.

Some other concerns, mostly about our business, is that will Gmail change too much when Google Wave is released, I mean that will our product MailCloak still work with this new concept of email. Like said, too early to say, because we didn’t get developers’ access to the Wave. Of course, we are going to test Wave immediately when it’s released so we can check the functionalities and see if our software is adaptable enough, or should we make some changes.

I guess, the biggest change will be the “waves”, that in what kind of concept they really are. And how easy it will be to secure all that data which is shared through those waves: Text, pictures, videos, links and other stuff.

Well, I go with the Google specialists’ comments “It’s very, very early to say..”. But we will see, in near future what’s gonna happen. I anyway assume that Gmail will still stand there for users at least for a while that the adaptation for the new system will be easy.

Thanks for Google’s official Blog and Gina Trapani about the pictures and all the information!

From the following links you’ll find more information about Google Wave:
http://googleblog.blogspot.com/2009/05/went-walkabout-brought-back-google-wave.html
http://smarterware.org/2021/google-wave-qa

Click the pictures to see them in full-size!

Gwebs, Security, email, google, privacy gmail, Google Apps, Google Docs, Google Wave, MailCloak, Security

Security issues have been at the news recently and all the time more and more things are coming up. So many people are interested about their own security, when spending time with online societies and communicating with others, but just so few people are really using any software which is offering better security. The most of these people are just waiting the easiest one to use and cheapest one to buy, the whole field of Internet security seems to be offering too many options and choices. “Do I really need this? Which one is best for me? It’s too difficult to use, isn’t it ?” These questions are common among people, who have interest but don’t know where to start.

It seems to be that the most of the people have a belief that “e-mail is pretty secured service”, and “anyway no-one is interested about my e-mails”, but in fact there are so many people who have interest for normal users’ accounts, and information. And e-mail itself, is not secured at all. Even if the user’s own computer is having anti-virus software and firewall doesn’t guarantee that outgoing or incoming messages are secured. The following table (Table 1.) shows a little comparison between postcard, e-mail, registered letter and encrypted e-mail. This kind of comparison is quite common while talking about security issues among delivering messages from person to another. In my humble opinion I think this comparison is pretty close to truth, and gives you the idea, how messages are really going “out-there”.

The following picture (Pic.1.) shows how message can change on the way and how come neither sender or receiver cannot be sure that if the message has been tampered or not, if any kind of encryption is not used. This case represents also the postcard. Posting a letter or encrypted e-mail, then the possibility that message changes on the way is decreasing significantly, it’s represented in a picture (Pic.2.).

Pic 1. Postcard / E-mail without encryption

Pic 2. Letter / E-mail with encryption

The animations above are representing the situations of sending a message via postcard and letter / or e-mail with and without encryption. In both cases sender and receiver are not aware which kind of picture the other one is seeing. They can just believe that “This is the picture the receiver will see. / This is the picture the sender wanted me to see.” So it is very difficult to prove afterwards that was the message changing on the way or not. Well, common sense says: “How about I give him/her a call and ask about this?” But are people really willing to do it after every single message? I am not. Then the whole idea about sending an email is basically useless, if it’s not sure whether the message is going through without changing on the way.

Whenever people are sending their personal information, job applications, contracts, what ever that contains any piece of personal information, like name, social security number, address, phone number, etc. Why not using encryption ? Well, at least I’m not willing to put those pieces of information to the postcard, are You ?

There was earlier a bit similar post in our blog: “The Difference Between A Stolen Mailbox and a Steel Envelope: An interview with gWebs CTO Anderson Jin.” Please check it through also!

MailCloak, Security, email, email encryption, encryption, personal comparison, email, Email Encryption, email encryption software, Email Security, encryption, letter, MailCloak, postcard

No Surprise: MailCloak earns Softpedia “100% CLEAN” AWARD

While it doesn’t come as a surprise to us that MailCloak has no Spyware, Adware or Viruses, we are proud to announce that MailCloak for Firefox has been awarded Softpedia’s 100% Clean” Award.

Softpedia says:

Softpedia guarantees that MailCloak Firefox 1.0 is 100% Clean, which means it does not contain any form of malware, including but not limited to: spyware, viruses, trojans and backdoors.

We knew we wrote good software using secure programming techniques and respecting user rights in every way possible, and this award simply affirms that we are not malware, however, it is nice to have get an award from a third party.

awards MailCloak

Sometimes you send and receive important email.

Do you know who is watching?

Your email can be viewed by anyone with access to the systems it passes through.

Check out this new video, and then start protecting your email!

MailCloak is compatable with dozens of email services. To learn more, check out Global Web Security’s Offical Website!

PGP, Security, email, encryption, privacy Email Encryption, global web security, gmail, gmail encryption, google, hackers, MailCloak, msn, protection, safety, Security, Video, yahoo

Well, we’ve had a working beta for several weeks now… but just working isn’t enough, so we have been adding features for the last few weeks. MailCloak now supports 11 email providers: Gmail, Hotmail, Live, MSN, Yahoo!, tom.com Sina, Sohu, 163, and more. We have updated our configuration page, got draft and attachment and message encryption working and stable, and whole lot more. We are now in the last phases of internal beta testing and, if all goes well, we will open our beta to the public some time next week.

Gwebs, Security, email, email encryption, encryption, software email encryption software, MailCloak, Update