email security » Secure Email Hosting Blog

Postini finally merges into Google

email authentication, email privacy, email security No Responses »

Aug 222012

Possibly a small era in the field of secure computing is giving way to a larger trend of consolidation under a common brand. Postini – the secure email service that Google acquired in 2007 for $625 million to provide a full range of security and compliance services to Google Apps is now finally going to be shut down – presumably its functionality has been fully integrated into Google Apps.

On August 21, 2012, Google announced that it was shutting down Postini and its security features have now been amalgamated into Google Apps for business and into Google Apps Vault which is a service that archives and help manage / search e-mail archives.

The transition will occur by 2013 and existing customers will be moved to Google Apps as shown in the table below –

As a result, Postini is now more closely integrated into Google Apps. This makes the overall service more robust since you work with a unified portal and not with different applications. Google Apps also works with non Gmail mail servers. So if you are using Lotus Notes or MS Exchange, you will continue to get Postini capabilities. Postini has nearly 26 million users, so the move is going to give a large user base to Google Apps. The size of the user base iself is indicative of the popularity of the application.

However, there is one issue that Google needs to look at. The Postini website is still appearing to accept new customers. Possibly at some stage of order acceptance, the system will stop accepting your card and maybe in a day or so the Postini website will be updated to indicate the new reality at Google. Till then, Postini seems to be going strong.

The Google Apps site does not mention the amalgamation explicitly, however, the service characteristics are clearly part of the capabilities of the mailing applications. Postini is merging into Google Apps and it is just a matter of time before this fine application also becomes a faded memory, amalgamated into this huge juggernaut called Google.

Google announces protection against state sponsored hacking

email privacy, email security, identity theft No Responses »

Aug 222012

If you are a Gmail user do not be surprised when you log in to find a message from Google saying that you could be the target of a ‘State sponsored attack’ and advising you on the methods to adopt to stay secure. A recent blog by Eric Grosse, VO Security Engineering at Google describes this.

In a number of well publicized attacks, governments have sought to pressurize Google into letting them see the mail of dissidents and other citizens that it is otherwise apprehensive about. Readers many recall that some time ago, Google had to shut down its servers in mainland China and move them to Hong Kong when Chinese hackers broke into its servers in China. Apparently this kind of hacking and espionage is on the rise. Google has created some kind of an algorithm that looks out for malicious activity on their systems, identifies the target account and warns the users. The exact parameters that are being monitored are not detailed (for

In the past, Google has detected attacks originating from China targeting US officials, Senators, South Korean officials and military personnel etc. These attacks aim to log into Gmail accounts and read mail.

Besides issuing warnings, Google says that it “put(s) in place extra roadblocks to thwart these bad actors”. The warning Google sends to you is displayed on your log-in page and a sample is shown below –

Google is careful to stress that the internal security structures at the company are secure and have not been broken into. It’s the email accounts that have been compromised primarily by the bad guys obtaining passwords, access to secondary email accounts and through phishing. Once they have access to the account they want, the government hackers are able to map the email contact network of the person and spread their net wider.

There are many ways to thwart such an attack. Google gives a number of useful techniques. These are –

Enable two step verification on your sensitive account, this will ensure that every time you attempt to log in, you will be sent a verification code to your cell phone you have registered. You will need to log in with code as well. If you find this cumbersome, you can make this code permanent to your PC for 30 days.

It is critical to use a strong password that is a mix of upper and lowercase letters, numbers and special characters. Never enter your password into a pop up box, no matter how authentic it appears.

Once in a while go to your Gmail account and check that your mail is not being automatically forwarded to other accounts. This is a great feature in Gmail, but it can be easily misused if someone can access your account.

Besides securing your account as discussed above, separate your account for critical and non critical use. Do not make these accounts secondary to each other so that the password reset link for one account goes to another.

923 bit encryption broken - a new world record

email privacy, email security, web email vulnerability No Responses »

Jun 222012

If you thought that 256 bit encryption used by web sites and online banking was good enough, here is food for thought.

A 923 bit encryption (278 digits) was broken by Fujitsu Labs, Kyushu University in Japan and National Institute of Information and Communications Technology worked together and over an effort lasting 148.2 days using 21 computers. This sets a new public record for cryptanalysis. The previous record was held by researchers from NICT and Hakodate Future University. While breaking this record, they had broken a 204 digit, 676 bit, encryption in 2009. Therefore the current cryptanalysis is a very significant improvement.

The scientists say that this level of encryption could not have been broken if the data had been encrypted using public key techniques. However since the data was encrypted by using pairing based cryptography they were able to break the encryption. While this test demonstrates some vulnerabilities in the pairing based encryption system, this technology is coming into widespread use in applications such as functional encryption, keyword searchable encryption and identity based encryption, all of which were not possible using public key cryptographic methods.

The press release by Fujitsu Labs is very balanced and low key. While it understandably takes the credit for the achievement, it also goes on to say that pairing based cryptography has not yet reached the level of sophistication as public key methods and that could be a possible reason for its being broken. Given more time and development, these vulnerabilities could be removed and the algorithm would be improved.

Breaking the encryption involved using advanced computer algebra, two dimensional search algorithms and efficient programming. The program ran over 21 computers and used parallel processing to maximize the power available to it.

Is the record merely statistics or does it help computer science evolve? It is obvious that this kind of evaluation will help in proper selection of encryption systems and will greatly help in the evolution of these systems. Governments and security agencies would be watching this development closely as well as would be the guys who plane to use such encryption.

Yet another issue that is worth discussing is what would have happened if a super computer was available to the team? Cycle Computers, running on the Amazon Web Service platform is offering the capability of a $20 million super computer having 51,000 cores for just $4,828.85 per hour. Cloud computing gives this kind of computing power to just anyone who can shell out this money. I am sure that if a program were written to use these 51,000 cores in parallel rather than just the 21 processors the experiment actually used, the attempt would have taken far fewer days to break the record.

Meanwhile, how about you and me? How are we affected? Unless you have some very special needs, 256 bits should be good enough. Should you need more, I would suggest that you stay with the more mature public key encryption methods rather than use the new pair based algorithm even if it does give you additional ease of usage.

Hackers attack Norway's oil, gas and defence businesses

email security No Responses »

Nov 182011

Oil, gas and defence firms in Norway have been hit by a series of sophisticated hack attacks.

Industrial secrets and information about contract negotiations had been stolen, said Norway’s National Security Agency (NSM).

It said 10 firms, and perhaps many more, had been targeted in the biggest wave of attacks to hit the country.

Norway is the latest in a growing list of nations that have lost secrets and intellectual property to cyber thieves.

The attackers won access to corpora
te networks using customised emails with viruses attached which did not trigger anti-malware detection systems. Continue reading »

email privacy, email security, web email vulnerability No Responses »

Jun 012011

By: Dan Kaplan

Google has identified and disrupted a campaign operating out of eastern China meant to hijack and monitor the Gmail accounts belonging to hundreds of users, the technology giant revealed Wednesday.

Victims included U.S. and Asian government officials — mostly from South Korea, military members, journalists and Chinese political activists, said Eric Grosse, engineering director of the Google’s security team, in a blog post.

The campaign appears to trace back to Jinan, China and involves the theft of users’ Gmail passwords, likely through phishing, he said. Google was able to disrupt the campaign, secure the affected accounts and notify the targeted individuals. Continue reading »

RIM president orders BBC interview to stop

email privacy, email security No Responses »

Apr 132011

Lesley Ciarula Taylor

RIM president and co-chief executive officer Mike Lazaridis, pictured in this September 27, 2010 file photo, ordered a BBC interview to end once talk turned to Middle Eastern countries and Indian security issues with BlackBerry.

The fuming Canadian founder of Research in Motion abruptly ordered a BBC journalist to stop their interview over questions about BlackBerrys in India and the Middle East.

“That’s just not fair,” Mike Lazaridis told BBC technology correspondent Rory Cellan-Jones in the recent interview. “We have no security problem. We’ve got the most secure platform. We’ve just been singled out because we’re so successful.”

Cellan-Jones had asked if the Waterloo, Ont.-based RIM had fixed the problems it was having with governments in India and the United Arab Emirates which were demanding the ability to monitor data over its secure corporate BlackBerry service. Continue reading »

Think Your IT Is Secure? Think Again

email authentication, email security, web email vulnerability No Responses »

Apr 062011

The data breach last week at email service provider Epsilon affecting large firms including Verizon, Capital One, Best Buy, Citigroup, and Target should have small-business owners reassessing their own strategies to keep customer information, employee records and other confidential information safe.

TheStreet interviewed Sarah Fender, vice president of marketing and product management at PhoneFactor, the Overland Park, Kan., company providing phone-based authentication solutions to small and large companies. Additional comments came via email from PhoneFactor co-founder and Chief Technology Officer Steve Dispensa. Continue reading »

May 2013
M	T	W	T	F	S	S
« Aug
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Suffusion theme by Sayontan Sinha

Secure Email Hosting Blog