Postini finally merges into Google

email authentication, email privacy, email security No Responses »
Aug 222012

Possibly a small era in the field of secure computing is giving way to a larger trend of consolidation under a common brand. Postini – the secure email service that Google acquired in 2007 for $625 million to provide a full range of security and compliance services to Google Apps is now finally going to be shut down – presumably its functionality has been fully integrated into Google Apps.

On August 21, 2012, Google announced that it was shutting down Postini and its security features have now been amalgamated into Google Apps for business and into Google Apps Vault which is a service that archives and help manage  / search  e-mail  archives.

The transition will occur by 2013 and existing customers will be moved to Google Apps as shown in the table below –

As a result, Postini is now more closely integrated into Google Apps. This makes the overall service more robust since you work with a unified portal and not with different applications. Google Apps also works with non Gmail mail servers. So if you are using Lotus Notes or MS Exchange, you will continue to get Postini capabilities.  Postini has nearly 26 million users, so the move is going to give a large user base to Google Apps. The size of the user base iself is indicative of the popularity of the application.

However, there is one issue that Google needs to look at. The Postini website is still appearing to accept new customers. Possibly at some stage of order acceptance, the system will stop accepting your card and maybe in a day or so the Postini website will be updated to indicate the new reality at Google. Till then, Postini seems to be going strong.

The Google Apps site does not mention the amalgamation explicitly, however, the service characteristics are clearly part of the capabilities of the mailing applications. Postini is merging into Google Apps and it is just a matter of time before this fine application also becomes a faded memory, amalgamated into this huge juggernaut called Google.

Posted by sanjay at 1:40 pm Tagged with: , , ,

Google announces protection against state sponsored hacking

email privacy, email security, identity theft No Responses »
Aug 222012

 

If you are a Gmail user do not be surprised when you log in to find a message from Google saying that you could be the target of a ‘State sponsored attack’ and advising you on the methods to adopt to stay secure.  A recent blog by Eric Grosse, VO Security Engineering at Google describes this.

In a number of well publicized attacks, governments have sought to pressurize Google into letting them see the mail of dissidents and other citizens that it is otherwise apprehensive about. Readers many recall that some time ago, Google had to shut down its servers in mainland China and move them to Hong Kong when Chinese hackers broke into its servers in China.  Apparently this kind of hacking and espionage is on the rise. Google has created some kind of an algorithm that looks out for malicious activity on their systems, identifies the target account and warns the users. The exact parameters that are being monitored are not detailed (for

In the past, Google has detected attacks originating from China targeting US officials, Senators, South Korean officials and military personnel etc. These attacks aim to log into Gmail accounts and read mail.

Besides issuing warnings, Google says that it “put(s) in place extra roadblocks to thwart these bad actors”.  The warning Google sends to you is displayed on your log-in page and a sample is shown below –

 

Google is careful to stress that the internal security structures at the company are secure and have not been broken into. It’s the email accounts that have been compromised primarily by the bad guys obtaining passwords, access to secondary email accounts and through phishing. Once they have access to the account they want, the government hackers are able to map the email contact network of the person and spread their net wider.

There are many ways to thwart such an attack. Google gives a number of useful techniques. These are –

Enable two step verification on your sensitive account, this will ensure that every time you attempt to log in, you will be sent a verification code to your cell phone you have registered. You will need to log in with code as well. If you find this cumbersome, you can make this code permanent to your PC for 30 days.

It is critical to use a strong password that is a mix of upper and lowercase letters, numbers and special characters. Never enter your password into a pop up box, no matter how authentic it appears.

Once in a while go to your Gmail account and check that your mail is not being automatically forwarded to other accounts. This is a great feature in Gmail, but it can be easily misused if someone can access your account.

Besides securing your account as discussed above, separate your account for critical and non critical use.  Do not make these accounts secondary to each other so that the password reset link for one account goes to another.

Posted by sanjay at 11:42 am Tagged with: , , , ,

923 bit encryption broken - a new world record

email privacy, email security, web email vulnerability No Responses »
Jun 222012

If you thought that 256 bit encryption used by web sites and online banking was good enough, here is food for thought.

A 923 bit encryption (278 digits) was broken by Fujitsu Labs, Kyushu University in Japan and National Institute of Information and Communications Technology worked together and over an effort lasting 148.2 days using 21 computers. This sets a new public record for cryptanalysis.  The previous record was held by researchers from NICT and Hakodate Future University. While breaking this record, they had broken a 204 digit, 676 bit, encryption in 2009. Therefore the current cryptanalysis is a very significant improvement.

The scientists say that this level of encryption could not have been broken if the data had been encrypted using public key techniques. However since the data was encrypted by using pairing based cryptography they were able to break the encryption.  While this test demonstrates some vulnerabilities in the pairing based encryption system, this technology is coming into widespread use in applications such as functional encryption, keyword searchable encryption and identity based encryption, all of which were not possible using public key cryptographic methods.

The press release by Fujitsu Labs is very balanced and low key. While it understandably takes the credit for the achievement, it also goes on to say that pairing based cryptography has not yet reached the level of sophistication as public key methods and that could be a possible reason for its being broken. Given more time and development, these vulnerabilities could be removed and the algorithm would be improved.

Breaking the encryption involved using advanced computer algebra, two dimensional search algorithms and efficient programming. The program ran over 21 computers and used parallel processing to maximize the power available to it.

Is the record merely statistics or does it help computer science evolve? It is obvious that this kind of evaluation will help in proper selection of encryption systems and will greatly help in the evolution of these systems. Governments and security agencies would be watching this development closely as well as would be the guys who plane to use such encryption.

Yet another issue that is worth discussing is what would have happened if a super computer was available to the team?  Cycle Computers, running on the Amazon Web Service platform is offering the capability of a $20 million super computer having 51,000 cores for just $4,828.85 per hour. Cloud computing gives this kind of computing power to just anyone who can shell out this money. I am sure that if a program were written to use these 51,000 cores in parallel rather than just the 21 processors the experiment actually used, the attempt would have taken far fewer days to break the record.

Meanwhile, how about you and me? How are we affected? Unless you have some very special needs, 256 bits should be good enough. Should you need more, I would suggest that you stay with the more mature public key encryption methods rather than use the new pair based algorithm even if it does give you additional ease of usage.

Posted by sanjay at 9:09 am Tagged with: , , ,

Emails of Computer and Technology Crime High Tech Response team hacked!

email privacy, identity theft No Responses »
May 162012

The San Diego Reader reported in a news item dated May 14, 2012 that Anonymous, the world (in)famous  group of hackers and activists had hacked into the email of a retired agent of the California Justice Department. What makes the exploit particularly dangerous is the fact the agent (whose name has not been disclosed) is also a member of a high powered law enforcement committee on computer security.

Anonymous has stated that they were able to obtain the social security numbers and other personal details of many individuals. The exploit had occurred sometime in November 2011 but details were put online by California Attorney General’s office on May 11, 2012. Presumably the breach was detected somewhere during this month.

The AG’s office said that the email of a member of the Computer and Technology Crime High Tech Response team (CATCH) was hacked and the data compromised included (but not restricted to) names, addresses, dates of birth and social security numbers. Individuals were urged to take steps to protect themselves from possible identity theft.

In November 2010, CATCH had been awarded the 1st Annual Cyber Security Award as a recognition of their outstanding work towards improving cyber security in the public domain. The CATCH steering committee comprises experts from CISCO, Cox Communication, Qualcomm, Intuit and others.

Recently, Chris Doyon, a suspected member of Anonymous told reporters in Canada that “Right now we have access to every classified database in the US government. It’s a matter of when we leak the contents of those databases, not if

Anonymous has also been active against Russia and China besides many other countries. On May 09, 2012, they had shut down Russian President Vladimir Putin’s website as a support to protests against his election.  In a Reuters report dated April 09, Anonymous was reported to be attacking the pillars of Chinese censorship and had vowed to breakdown the ‘Great Firewall of China’.

Posted by sanjay at 9:18 am

Hackers attack Norway's oil, gas and defence businesses

email security No Responses »
Nov 182011

Oil, gas and defence firms in Norway have been hit by a series of sophisticated hack attacks.

 

Industrial secrets and information about contract negotiations had been stolen, said Norway’s National Security Agency (NSM).

It said 10 firms, and perhaps many more, had been targeted in the biggest wave of attacks to hit the country.

Norway is the latest in a growing list of nations that have lost secrets and intellectual property to cyber thieves.

The attackers won access to corpora
te networks using customised emails with viruses attached which did not trigger anti-malware detection systems. Continue reading »

Posted by gebels at 7:03 pm

16,000 Finns' details shared online

identity theft No Responses »
Nov 052011

Keys spell "murto," Finnish for break-in.

Finland’s communications watchdog, Ficora, says people whose data was leaked through a file-sharing website should not try to take matters into their own hands. The events cannot be undone, says the organisation.

Several copies of the leaked files are now circulating on the internet.

Ficora’s head of networks and security, Erka Koivunen, says people whose personal details were published online should wait for the responsible party to contact them. Continue reading »

Posted by gebels at 5:25 pm

Google faces more government demands for user info

email privacy, web email vulnerability No Responses »
Oct 252011

Michael Liedtke, AP Technology Writer

SAN FRANCISCO (AP) — Google is dealing with more government demands to turn over information about its users as more people immerse themselves online.

The mounting pressure on the Internet search leader emerged in a statistical snapshot that Google Inc. released Tuesday of its dealings with authorities around the world. Google provided a country-by-country capsule of its legal sparring with authorities during the first six months of the year. Continue reading »

Posted by gebels at 7:10 am

Bad spelling opens up security loophole

web email vulnerability No Responses »
Sep 122011

By: Mark Stockley

A missing dot in an email address might mean messages end up in the hands of cyber thieves, researchers have found.

By creating web domains that contained commonly mistyped names, the investigators received emails that would otherwise not be delivered.

Over six months they grabbed 20GB of data made up of 120,000 wrongly sent messages.

Some of the intercepted correspondence contained user names, passwords, and details of corporate networks.

About 30% of the top 500 companies in the US were vulnerable to this security shortcoming according to researchers Peter Kim and Garret Gee of the Godai Group. Continue reading »

Posted by gebels at 11:50 pm

UK phone hacking

Uncategorized No Responses »
Jul 062011

By: THE FINANCIAL TIMES LTD

Recent days have prompted a positive tsunami of fresh claims in the phone-hacking scandal that has engulfed Rupert Murdoch’s UK newspaper operations. There have been allegations of illegal behaviour involving senior newspaper executives, police officers and even the prime minister’s own former media adviser.

In the face of this wave of accusations David Cameron, the prime minister, probably had no choice but to concede the establishment of public inquiries to examine both the conduct of the media in illegally intercepting mobile phone messages and also that of the police in investigating this activity. While the precise remit and timing of the inquiries has yet to be fully determined, this is surely the correct decision. Continue reading »

Posted by gebels at 10:57 pm

email privacy, email security, web email vulnerability No Responses »
Jun 012011

By: Dan Kaplan

Google has identified and disrupted a campaign operating out of eastern China meant to hijack and monitor the Gmail accounts belonging to hundreds of users, the technology giant revealed Wednesday.

Victims included U.S. and Asian government officials — mostly from South Korea, military members, journalists and Chinese political activists, said Eric Grosse, engineering director of the Google’s security team, in a blog post.

The campaign appears to trace back to Jinan, China and involves the theft of users’ Gmail passwords, likely through phishing, he said. Google was able to disrupt the campaign, secure the affected accounts and notify the targeted individuals. Continue reading »

Posted by gebels at 6:07 pm
Older Entries
© 2012 Secure Email Hosting Blog Suffusion theme by Sayontan Sinha