email privacy » Secure Email Hosting Blog

Postini finally merges into Google

email authentication, email privacy, email security No Responses »

Aug 222012

Possibly a small era in the field of secure computing is giving way to a larger trend of consolidation under a common brand. Postini – the secure email service that Google acquired in 2007 for $625 million to provide a full range of security and compliance services to Google Apps is now finally going to be shut down – presumably its functionality has been fully integrated into Google Apps.

On August 21, 2012, Google announced that it was shutting down Postini and its security features have now been amalgamated into Google Apps for business and into Google Apps Vault which is a service that archives and help manage / search e-mail archives.

The transition will occur by 2013 and existing customers will be moved to Google Apps as shown in the table below –

As a result, Postini is now more closely integrated into Google Apps. This makes the overall service more robust since you work with a unified portal and not with different applications. Google Apps also works with non Gmail mail servers. So if you are using Lotus Notes or MS Exchange, you will continue to get Postini capabilities. Postini has nearly 26 million users, so the move is going to give a large user base to Google Apps. The size of the user base iself is indicative of the popularity of the application.

However, there is one issue that Google needs to look at. The Postini website is still appearing to accept new customers. Possibly at some stage of order acceptance, the system will stop accepting your card and maybe in a day or so the Postini website will be updated to indicate the new reality at Google. Till then, Postini seems to be going strong.

The Google Apps site does not mention the amalgamation explicitly, however, the service characteristics are clearly part of the capabilities of the mailing applications. Postini is merging into Google Apps and it is just a matter of time before this fine application also becomes a faded memory, amalgamated into this huge juggernaut called Google.

Google announces protection against state sponsored hacking

email privacy, email security, identity theft No Responses »

Aug 222012

If you are a Gmail user do not be surprised when you log in to find a message from Google saying that you could be the target of a ‘State sponsored attack’ and advising you on the methods to adopt to stay secure. A recent blog by Eric Grosse, VO Security Engineering at Google describes this.

In a number of well publicized attacks, governments have sought to pressurize Google into letting them see the mail of dissidents and other citizens that it is otherwise apprehensive about. Readers many recall that some time ago, Google had to shut down its servers in mainland China and move them to Hong Kong when Chinese hackers broke into its servers in China. Apparently this kind of hacking and espionage is on the rise. Google has created some kind of an algorithm that looks out for malicious activity on their systems, identifies the target account and warns the users. The exact parameters that are being monitored are not detailed (for

In the past, Google has detected attacks originating from China targeting US officials, Senators, South Korean officials and military personnel etc. These attacks aim to log into Gmail accounts and read mail.

Besides issuing warnings, Google says that it “put(s) in place extra roadblocks to thwart these bad actors”. The warning Google sends to you is displayed on your log-in page and a sample is shown below –

Google is careful to stress that the internal security structures at the company are secure and have not been broken into. It’s the email accounts that have been compromised primarily by the bad guys obtaining passwords, access to secondary email accounts and through phishing. Once they have access to the account they want, the government hackers are able to map the email contact network of the person and spread their net wider.

There are many ways to thwart such an attack. Google gives a number of useful techniques. These are –

Enable two step verification on your sensitive account, this will ensure that every time you attempt to log in, you will be sent a verification code to your cell phone you have registered. You will need to log in with code as well. If you find this cumbersome, you can make this code permanent to your PC for 30 days.

It is critical to use a strong password that is a mix of upper and lowercase letters, numbers and special characters. Never enter your password into a pop up box, no matter how authentic it appears.

Once in a while go to your Gmail account and check that your mail is not being automatically forwarded to other accounts. This is a great feature in Gmail, but it can be easily misused if someone can access your account.

Besides securing your account as discussed above, separate your account for critical and non critical use. Do not make these accounts secondary to each other so that the password reset link for one account goes to another.

923 bit encryption broken - a new world record

email privacy, email security, web email vulnerability No Responses »

Jun 222012

If you thought that 256 bit encryption used by web sites and online banking was good enough, here is food for thought.

A 923 bit encryption (278 digits) was broken by Fujitsu Labs, Kyushu University in Japan and National Institute of Information and Communications Technology worked together and over an effort lasting 148.2 days using 21 computers. This sets a new public record for cryptanalysis. The previous record was held by researchers from NICT and Hakodate Future University. While breaking this record, they had broken a 204 digit, 676 bit, encryption in 2009. Therefore the current cryptanalysis is a very significant improvement.

The scientists say that this level of encryption could not have been broken if the data had been encrypted using public key techniques. However since the data was encrypted by using pairing based cryptography they were able to break the encryption. While this test demonstrates some vulnerabilities in the pairing based encryption system, this technology is coming into widespread use in applications such as functional encryption, keyword searchable encryption and identity based encryption, all of which were not possible using public key cryptographic methods.

The press release by Fujitsu Labs is very balanced and low key. While it understandably takes the credit for the achievement, it also goes on to say that pairing based cryptography has not yet reached the level of sophistication as public key methods and that could be a possible reason for its being broken. Given more time and development, these vulnerabilities could be removed and the algorithm would be improved.

Breaking the encryption involved using advanced computer algebra, two dimensional search algorithms and efficient programming. The program ran over 21 computers and used parallel processing to maximize the power available to it.

Is the record merely statistics or does it help computer science evolve? It is obvious that this kind of evaluation will help in proper selection of encryption systems and will greatly help in the evolution of these systems. Governments and security agencies would be watching this development closely as well as would be the guys who plane to use such encryption.

Yet another issue that is worth discussing is what would have happened if a super computer was available to the team? Cycle Computers, running on the Amazon Web Service platform is offering the capability of a $20 million super computer having 51,000 cores for just $4,828.85 per hour. Cloud computing gives this kind of computing power to just anyone who can shell out this money. I am sure that if a program were written to use these 51,000 cores in parallel rather than just the 21 processors the experiment actually used, the attempt would have taken far fewer days to break the record.

Meanwhile, how about you and me? How are we affected? Unless you have some very special needs, 256 bits should be good enough. Should you need more, I would suggest that you stay with the more mature public key encryption methods rather than use the new pair based algorithm even if it does give you additional ease of usage.

Emails of Computer and Technology Crime High Tech Response team hacked!

email privacy, identity theft No Responses »

May 162012

The San Diego Reader reported in a news item dated May 14, 2012 that Anonymous, the world (in)famous group of hackers and activists had hacked into the email of a retired agent of the California Justice Department. What makes the exploit particularly dangerous is the fact the agent (whose name has not been disclosed) is also a member of a high powered law enforcement committee on computer security.

Anonymous has stated that they were able to obtain the social security numbers and other personal details of many individuals. The exploit had occurred sometime in November 2011 but details were put online by California Attorney General’s office on May 11, 2012. Presumably the breach was detected somewhere during this month.

The AG’s office said that the email of a member of the Computer and Technology Crime High Tech Response team (CATCH) was hacked and the data compromised included (but not restricted to) names, addresses, dates of birth and social security numbers. Individuals were urged to take steps to protect themselves from possible identity theft.

In November 2010, CATCH had been awarded the 1st Annual Cyber Security Award as a recognition of their outstanding work towards improving cyber security in the public domain. The CATCH steering committee comprises experts from CISCO, Cox Communication, Qualcomm, Intuit and others.

Recently, Chris Doyon, a suspected member of Anonymous told reporters in Canada that “Right now we have access to every classified database in the US government. It’s a matter of when we leak the contents of those databases, not if”

Anonymous has also been active against Russia and China besides many other countries. On May 09, 2012, they had shut down Russian President Vladimir Putin’s website as a support to protests against his election. In a Reuters report dated April 09, Anonymous was reported to be attacking the pillars of Chinese censorship and had vowed to breakdown the ‘Great Firewall of China’.

Google faces more government demands for user info

email privacy, web email vulnerability No Responses »

Oct 252011

Michael Liedtke, AP Technology Writer

SAN FRANCISCO (AP) — Google is dealing with more government demands to turn over information about its users as more people immerse themselves online.

The mounting pressure on the Internet search leader emerged in a statistical snapshot that Google Inc. released Tuesday of its dealings with authorities around the world. Google provided a country-by-country capsule of its legal sparring with authorities during the first six months of the year. Continue reading »

email privacy, email security, web email vulnerability No Responses »

Jun 012011

By: Dan Kaplan

Google has identified and disrupted a campaign operating out of eastern China meant to hijack and monitor the Gmail accounts belonging to hundreds of users, the technology giant revealed Wednesday.

Victims included U.S. and Asian government officials — mostly from South Korea, military members, journalists and Chinese political activists, said Eric Grosse, engineering director of the Google’s security team, in a blog post.

The campaign appears to trace back to Jinan, China and involves the theft of users’ Gmail passwords, likely through phishing, he said. Google was able to disrupt the campaign, secure the affected accounts and notify the targeted individuals. Continue reading »

RIM president orders BBC interview to stop

email privacy, email security No Responses »

Apr 132011

Lesley Ciarula Taylor

RIM president and co-chief executive officer Mike Lazaridis, pictured in this September 27, 2010 file photo, ordered a BBC interview to end once talk turned to Middle Eastern countries and Indian security issues with BlackBerry.

The fuming Canadian founder of Research in Motion abruptly ordered a BBC journalist to stop their interview over questions about BlackBerrys in India and the Middle East.

“That’s just not fair,” Mike Lazaridis told BBC technology correspondent Rory Cellan-Jones in the recent interview. “We have no security problem. We’ve got the most secure platform. We’ve just been singled out because we’re so successful.”

Cellan-Jones had asked if the Waterloo, Ont.-based RIM had fixed the problems it was having with governments in India and the United Arab Emirates which were demanding the ability to monitor data over its secure corporate BlackBerry service. Continue reading »

4chan Hackers Leak Internal Bank of America

email privacy No Responses »

Mar 182011

By MATTHEW LYNLEY

Anonymous, a group of online hackers that frequently takes up politically charged causes such as bringing down the websites for Visa and other credit card companies, has released a massive batch of internal Bankof America emails.

It looks like the hacker group, which frequents online message board 4chan, made good on a promise Wikileaks founder Julian Assange made several months ago. Assange and Wikileaks indicated that they planned to publish the documents in December. But that was before Assange was arrested on suspicion of sexual offenses in December. Continue reading »

Councillors' email privacy questioned

email privacy No Responses »

Mar 092011

Councillors' email privacy questioned

At least part of the opposition on Montreal city council says it will disconnect from the computer server and telephone system at city hall if it doesn’t get an assurance that the city comptroller’s office isn’t spying on them, Projet Montréal says.

The declaration came shortly before city council was to meet last night to discuss the email surveillance of the city auditor-general that sparked a scandal at city hall a week ago – and just after Vision Montreal charged that city comptroller Pierre Reid has had access to the emails of elected officials for almost a year. Continue reading »

Categories