Category Archives: Cloud Hosting

How to set up end-to-end email encryption using Thunderbird

In today’s world, privacy is a major concern. You can’t go anywhere online without seeing “security this” and “hacker that.” Our world has become corrupt with unwarranted spying and data collection in one of the last free-speech areas there is – the Internet. We can’t stop targeted attacks, but we can stop mass surveillance, by building proven security into the everyday Internet. This blog article intends to show you just one way how to take your privacy back. Below, we will show you just how easy it can be, by providing instructions and details on how to set up a fully secured, end-to-end email encryption solution.

Prince Charles Visits GCHQ In Scarborough

Image from Getty Images via Christopher Furlong – The Enigma Machine, arguably one of the most famous encryption mechanisms ever created (and defeated).

 

Setting up Email Encryption with Thunderbird, Gpg4win and Enigmail

Email has one major security flaw, which is that by default, when email is relayed (going from point A to point B) across the internet, it is almost always transmitted from server to server in an unencrypted format; it is also stored in “plain text” on those mail servers. Even if you use SSL to connect to your email server, the chances are, that your email server does not use SSL encryption to transmit your email to the recipient’s email server. This means that the content inside of your emails can be easily “sniffed” (read by an unintended third party) during transit from point A to point B. Also, when the emails are stored in a mail server’s queue, they are stored unencrypted. The mail queue is where your emails sit, while they are waiting to be delivered. They do not get delivered to you until you decide to log in and check for new emails. Since they are stored in plain text, any unintended 3rd party can read your emails. This could be a government official or a server administrator at your email hosting provider.  That’s kind of scary, right?

This is where end-to-end email encryption comes into play.

End-to-end email encryption will keep email text and attachments out of prying hands. To use it, first, you will need a mail program.

Continue reading

Heartbleed Vulnerability and You – A Patch Guide

Recently, the Heartbleed Bug (CVE-2014-0160), a serious vulnerability in the popular OpenSSL cryptographic software library was discovered. This is a very serious vulnerability which captures all SSL/TLS encrypted information, such as login details, email correspondence, instant messages, etc. It affected servers all over the world including huge international companies. More information about it can be found using the links below:

https://www.openssl.org/news/secadv_20140407.txt
Heartbleed Bug
You can also Test your server for Heartbleed (CVE-2014-0160).

Status of different versions:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

Continue reading