Gwebs Cryptographer

When I started my work at Gwebs, this was one of my first questions. I mean, so far that our own products don’t support mobiles, smartphones, pdas, etc.  Anyhow, our product co-operates nicely with all software that use GnuPG (GPG), it’s tested with quite wide scale of applications.

I wanted to know how I can access my encrypted messages whenever and wherever. I just got so dependent on mobile usage of email from my previous job at one telecommunications company, sometimes you just have to be there 24/7 available, for your colleagues all around the world, your customers and clients. This is it what’s going on right now within IT-industry. Although, no-one is paying me 24/7 salary, but it just integrated for me as a habit. And now, sometimes I found myself at the bus stop reading my email, thanks for the reasonable price of data transfer.

I made some research about this topic and found out that encryption with GPG in smartphones is not so common than I thought. Although, nowadays, when smartphones are having Windows Mobile, Linux, Android, Apple, Symbian and maybe some other operating systems too. It seems to be easier to find a solution for encryption from PGP (Pretty Good Privacy).

I found out that Symbian used to have one component, made by Nokia, but no-one really knows is it still usable or not. About Apple and Android I really cannot say so clearly, ’cause both systems are pretty unfamiliar to me. So far Apple seems to have quite much research and development around iPhone, so I’m pretty sure that there are some encryption software as well.

Windows Mobile then, there seems to be a huge gap between versions (5.0/6.0/6.1/6.5) while searching supported applications, anyhow there are some software for encryption available. I haven’t tested these yet by myself, but will do later. At first I’d like to have the official update for WM 6.5.

Well, Linux is another chapter of it’s own. There are so many free, open-source encryption software available that it will be more difficult to find the one which suits the best for your needs, than just find one.

The other solution for encryption in mobile devices is PGP (Pretty Good Privacy), it’s not open-source and normally these applications are not free. But this also makes the difference to availability. There are so many PGP applications available for all these operating systems that I mentioned earlier. And of course, while the software is not freeware, you can expect some support for troubleshooting and equivalent for your money.

Anyway, I think that this is one of the main things nowadays while talking about email security and privacy. Because so big share of today’s business emails are sent by mobile devices, it’s really needed to have some software to obtain privacy within this communication way too. And for covering usability issues, it’s nice to have a software which co-operates with the same encryption method as while using a PC.

I’ll let you know later about my testing, WM 6.5 + PGP or GPG encryption software + MailCloak in PC. Having my own key in every single device (work, laptop and smartphone). And then testing it out, how it works and how easy it is really to use. But that’s going to happen after the Windows Mobile 6.5 release, which suppose to be soon.

Gwebs, PGP, Security, email, encryption Android, Apple, email, Email Encryption, Email Security, encryption, GPG, Gwebs, linux, Mobile, PGP, privacy, Symbian, windows

MailCloak Personal Edition, Email Encryption for Firefox is finally open for Beta Testers!

MailCloak is the new GPG based email encryption add-on for today’s top webmail services. MailCloak encrypts Google Gmail, Yahoo! Mail and MSN Live Hotmail with super strong 4096-bit key GPG encryption.

After you have installed MailCloak, you will be prompted to create a key pair, once that’s done you’re ready to go.

Check out our detailed quick-start guide if you want some hand-holding, otherwise go ahead and login to your web-based email account (This version supports Google’s Gmail, Yahoo! Mail and MSN Live Mail) and send someone an email. If MailCloak is turned on, your public key and an invitation to MailCloak will automatically be attached to this email. If the recipient is using GPG, PGP, or MailCloak, They will be able to send you encrypted email. When you get their key, you will be able to send them encrypted email. We’ve also created Cryptobot to make this easy to test.

Open Source Encryption, closed source connectivity.
We chose to build MailCloak on top of the industry standard, open source GNU Privacy Guard (GPG/GnuPG). GPG uses the OpenPGP standard, first written by Phil Zimmerman in 1982, OpenPGP-standard compliant encryption is used by 96 of the top fortune 100 companies, the Department of Defense, and millions of home and business users around the world.

Gwebs, Security, email, email encryption, encryption, software encryption, firefox add-on, GPG, PGP, Release

Today I was helping my mom setup new Gmail and AIM accounts, (now that gmail chat and AIM are linked, its essential to have an account on AIM and gmail, and to link them) and I was horrified to discover that she keeps all of her passwords, including her bank, email, credit card, web and domain hosting, and other crucial sites, in a word doc on the root of her laptop’s hard drive. AHHHHHA! What a recipe for disaster! “But what should I do?” she asked me. Her passwords are myriad, and all different (good), but she can remember none of them (bad!).

Here are several ways to keep your passwords safe (and the pitfalls):

1) Do like my mom, and keep all your passwords different, and in one “password file”, but encrypt that file with PGP, GWEBS WebmailSafety, or some other asymmetric encryption.

Pitfalls: A) You could forget your PGP password. B) You could lose your private key or your password file. C) Someone could steal your private key and your password file and guess your password. D) Someone could steal your password file and crack your private key.

Avoiding Pitfalls: A) Write down your pgp password somewhere, but don’t label it “PGP password” and keep it safe and long. B) Keep both a copy of your private key and your password file backed up and offsite, but not on someone else’s systems. C) Not likely, but again, you have to keep your password long and secure. D) Even less likely. Use a high bit rate algorithm. WebmailSafety, for example, uses 2048 bit RSA, and you would need to string together several of today’s most powerful supercomputers to crack that within your grandchildren’s life time.

2) Use a commercial password keeper, like Apple’s keychain or similar.

Pitfalls: these password keepers are only as secure as their implementations – and the user must decide which software to trust. Apparently Apple’s keychain is pretty secure, but you should always find out as much as you can about critical security software.

3) Use several passwords that you can remember, but different passwords on important or often-used sites. And never write any passwords down. For example Password A for email, password b for your online bank and password C for everything non-mission critical.

Pitfalls: The more you use a password, the less secure it is, and the more places you use, the less secure it is.

Avoiding pitfalls: For daily use and important passwords, choose long, strong, and hard to guess passwords, enter them manually and change them often. Daily use passwords are easy to remember because you are entering them all the time, and repetition breeds memories. Your non-mission critical passwords may be guessed, and if the intruder guesses one, they know them all, but again, these passwords are non mission critical, so this isn’t such a big problem.

Well, there are three solutions that I recommend. This is a big topic, so I look forward to user comments. Tell me what you do. How you keep your passwords secure, and if I missed some pitfalls, help me fill those in too!

PGP, passwords, personal, privacy encryption, IT, PGP, Security

MailCloak Personal Edition, Email Encryption for Firefox is finally open for Beta Testers!

MailCloak is the new GPG based email encryption add-on for today’s top webmail services. MailCloak encrypts Google Gmail, Yahoo! Mail and MSN Live Hotmail with super strong 4096-bit key GPG encryption.

You can download the Firefox add-on directly from us, or from addons.mozilla.com! POP3 versions will be available soon, and the SMB (Small & Medium Business) version will be ready soon after that.

After you have installed MailCloak, you will be prompted to create a key pair, once that’s done you’re ready to go. Check out our detailed quick-start guide if you want some hand-holding, otherwise go ahead and login to your web-based email account (This version supports Google’s Gmail, Yahoo! Mail and MSN Live Mail) and send someone an email. If MailCloak is turned on, your public key and an invitation to MailCloak will automatically be attached to this email. If the recipient is using GPG, PGP, or MailCloak, They will be able to send you encrypted email. When you get their key, you will be able to send them encrypted email. We’ve also created Cryptobot to make this easy to test.

Open Source Encryption, closed source connectivity.
We chose to build MailCloak on top of the industry standard open source GNU Privacy Guard (GPG/GnuPG). GPG uses the OpenPGP standard, first implemented by Phil Zimmerman in 1991, OpenPGP-standard compliant encryption is used by 96 of the top fortune 100 companies, the Department of Defense, and millions of home and business users around the world.

Security, email, email encryption, encryption, software Email Encryption, email encryption software, encryption, GPG, PGP, Release, webmail