Category Archives: Email

Email Encryption End-to-End: How to Prevent the NSA from Reading Your Confidential Email Messages

Anyone who has not spent the last two weeks meditating in a cave will have heard about PRISM, the program of the National Security Agency (NSA) to spy on anyone they wish using the internet services provided by Microsoft (beginning in September 2007), Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple. These are all mentioned in one of the slides of a 41-slide top-secret Power Point presentation (an overview apparently intended to train intelligence operatives on the capabilities of the program) which was leaked by NSA whistleblower Edward Snowden to the Guardian (UK), which newspaper revealed the astonishing details on June 6. The document claims “collection directly from the servers” of major US ISPs.

The existence of PRISM was confirmed by the U.S. Director of National Intelligence (James Clapper) in a press release on the same day, stating that the program was authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA), and claiming that it is intended only to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States.

However, according to the Guardian, “The program facilitates extensive, in-depth surveillance on live communications and stored information. The [FISA] law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US. It also opens the possibility of communications made entirely within the US being collected without warrants.” Section 702 of FISA says that senior officials of the U.S. administration can authorize the surveillance of any American provided that the request officially targets a foreigner. This allows “legal” access to all private information concerning anyone (whether or not they reside in the US) “associated with” the “foreign suspect”.

Private information, of course, includes the content of email messages, and those that the NSA sucks up are stored for years (forever?) in the huge NSA data banks. The standard claim of government defenders of invasive surveillence is: “If you have nothing to hide then you have nothing to worry about.” There are several answers to this.

Firstly, if you work with proprietary or confidential information, such as business plans, software code, financial statements, etc., then you may very well wish to hide this from others who might make use of it to your disadvantage (and if you work for a company which owns this information then your failure to hide it from your company’s competitors may lead to your dismissal).

Secondly, as Edward Snowden said in an interview with the Guardian: “… you don’t have to have done anything wrong. You simply have to eventually fall under suspicion from somebody even by a wrong [phone] call. And then they can use this [PRISM] system to go back in time and scrutinize every decision you’ve ever made, every friend you’ve ever discussed something with. And attack you on that basis to sort of derive suspicion from an innocent life and paint anyone in the context of a wrongdoer.”

So can you do anything about this? It’s just possible that massive public outrage at the development of a total surveillance state might cause PRISM to be shut down. But don’t hold your breath. You can, however, do something to prevent the NSA from reading your confidential email messages. You could use public key cryptography in some form. This requires the creation of a ‘private’ key and a ‘public’ key, and anyone who wishes to send you an encrypted message has to know your public key (and you then decrypt the message using your private key). This is fine, but it’s a bit complicated and requires considerable attention to detail, so is really only suitable for the tech-savvy. There is an easier way to keep your messages and data from the NSA’s prying eyes (just in case you are a person of interest to them).

Hermetic Systems publishes Windows software called “Email Encryption End-to-End” which, in brief, allows you to create an encrypted file containing both a text message and a separate file of any type (such as a ZIP file). You can then attach this encrypted file to an ordinary email message, send it, and the recipient can recover your text message and the file using the same software. Your message and file remain encrypted from start to finish, frustrating any attempt by the NSA to read them.

This software is easy to use and no technical knowledge (beyond the ordinary ability to run a Windows program and to send and receive email) is needed, and you can still use the same email client as you do now (provided that it allows attachments to messages).

Suppose your company wishes to send you somewhere to negotiate a business deal with some other company. They will want to know the details of the deal you make with that company as soon as you have concluded the negotiation, so you are to write it up on your laptop as a Word document (and maybe a few Excel spreadsheets) and send it by email. But your company’s competitors would dearly like to know the details of the deal you make, so you are instructed to send the document (and spreadsheets) in encrypted form. Before leaving, you are given a phrase to use as the encryption key. After several days negotiation you reach a deal, and prepare your report.

Now suppose also that a year ago someone who works at a shady payment processing service phoned you by mistake; this service was subsequently shut down for alleged money-laundering, but in the meantime that phone call got you placed on a list of “known associates of suspected money-launderer”, and subject to surveillance under the PRISM program. Of course, you were not informed. But since you and your company know that transmission of unencrypted data across the internet allows “sniffers” to pick out selected messages, and that certain competitors would dearly like to know the details of the deal you just negotiated (and, unknown to you, certain people who work for NSA might also profit from knowing those details) you are about to send your report by means of encrypted email. Here’s how to do it:

You take all the confidential material (Word documents, Excel files, graphics images, etc.), and put them into a ZIP file. Without being online, you run the “Email Encryption End-to-End” (EEE) software and this allows you to (a) compose a text message which summarizes the outcome of the negotiation and mentions what’s in the ZIP file, (b) tell EEE the location of the ZIP file, (c) enter the phrase which your company gave you to use as the encryption key, and (d) tell EEE the location and name of a file in which it will write its output — the ‘ciphertext file. The ciphertext file can have any name, but let’s say ‘chess.pcx’. You then hit the ‘Encrypt’ button and EEE encrypts your text message together with the ZIP file and writes the encrypted data to the ciphertext file. Now you go online and bring up your usual webmail client. You compose some pedestrian message, such as, “Chess tournament went well; got 2nd prize; here’s a picture of the prize winners.” You then attach the ciphertext file to the message and send it off to your company.

The person at your company meant to receive it then saves the attached file someplace, then runs EEE and (a) enters the agreed-upon phrase for the encryption key and (b) tells EEE where to find the ciphertext file. They then hit the ‘Decrypt’ button and EEE (a) displays your text message mentioning what’s in the ZIP file and (b) asks for the location of a folder in which to write it. After it does this, the recipient can then unzip the ZIP file to recover the documents that you sent.

NSA may have sucked up and stored your ‘outer’ email message in its data bank, but this will appear to be just some message about a chess tournament with an attached ‘pcx’ file referred to in the message as a picture. No graphics software will be able to display it (because it is not a graphics file), and no ZIP program will be able to unzip it (because it is not a ZIP file), and in fact it can’t be read at all, except by someone using the EEE software and knowing the phrase used to encrypt the data. Your confidential data has been transmitted securely in encrypted form from ‘end to end’.

Finally, if there is some chance that your laptop might fall into the wrong hands before your return, you can (after your company has confirmed receipt of your report) delete (or better, securely delete) the ciphertext file which was created by EEE (and perhaps even uninstall the EEE software itself), since the details of your negotiation are now safely in the hands of your company.

Further information about the “Email Encryption End-to-End” software (which is bilingual, English/German) including prices for a single-user license and for a multiple-user license, plus a link to download a trial version, is on the Hermetic Systems website at:http://www.hermetic.ch/eee/eee.htm

Via EPR Network
More Software press releases

Hermetic Systems releases a program for secure end-to-end email encryption

Despite substantiated reports that at least one major US telephone service provider gave the National Security Agency full access to its customers’ phone calls, and shunted its customers’ internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, most Americans still transmit their email in plaintext, allowing it to be scanned by data-sniffers. (The NSA was ordered by a court to stop, but who knows if they complied?) This may be because most Americans don’t give much thought to the possibility that their email could be the subject of eavesdropping, or it could be because for some reason it doesn’t worry them, or it could be because encrypting email has in the past been a somewhat tricky practice to get right (so was deemed not worth the effort).

There are several reasons why email encryption can be difficult, or insecure: Some systems are quite secure but require an elaborate procedure before email can be sent to (and read by) another person. Messages scanned in transit can in the case of some systems reveal that encrypted information is present, thus alerting an eavesdropper to something to look for. Some systems encrypt a message only after it is uploaded to a server, with the message (in plaintext) being vulnerable to interception between the user’s PC and the server.

Hermetic Systems has release software for email encryption which involves none of these difficulties. But why would you want to use it? For correspondence with your family you probably don’t need to. But, for example, suppose you are collaborating with others in a project which requires an exchange of confidential information, which competitors might like to get their hands on. You might be wanting to transmit Excel files containing sensitive financial data, or images with blueprints for a new design.

The new software, entitled ‘Email Encryption End-to-End’, uses an encryption method in which the key used for encryption is the same as the key used for decryption, so your correspondent(s) must know the key you used to encrypt a message. This can be transmitted more-or-less securely, especially if you can meet your correspondent(s) in person. Assuming this can be accomplished, the actual sending and receiving of encrypted messages is quite simple. You run the program (on your PC), compose a message of up to 60 KB in size (or upload it to the program from a file) and specify an encryption key, then hit the ‘Encrypt’ button. This creates a ciphertext file (which you can name as anything you want), and to send it to a correspondent you simply attach it to an ordinary email message. The ciphertext can masquerade as an image file or as a file using some obscure file format, so there’s no indication that encryption is being used.

You correspondent receives the ordinary email, saves the attached (ciphertext) file, runs the software, tells it where to find the file, specifies the encryption (now decryption) key, and hits the ‘Decrypt’ button, whereupon the message appears.

Moreover, ‘Email Encryption End-to-End’ allows you to send, in addition to a text message, a file of any type and up to 1 MB in size. The text message and the file are then combined and encrypted together to produce the ciphertext file. This allows you to send an MS Word file, an Excel file, an image file, etc., in addition to the text message.

The program has an introductory price of US$29.75. A multi-user license is also available (at a discount) for up to 10 users. Such a license is useful for a group of colleagues working together on a single project. A multi-user license requires only a single email address, that of the purchaser of the license, and the email addresses of the purchaser’s email correspondent(s) are not needed.

A trial version can be freely downloaded from the user manual page athttp://www.hermetic.ch/eee/eee.htm. This is a 14-day trial with which only one key (‘abcd efgh ijkl mnop’) can be used for encryption, so it allows testing but (since the key is public knowledge) cannot be used for secure email encryption.

Via EPR Network
More Software press releases

TrustTone Communications Appliances – BEST BUY for Email Encryption

TrustTone Communications, Inc., the leader in Email Encryption technology, today announced it has been rated Best Buy by SC Magazine. The Best Buy designation reflects the coveted Five Star rating for every aspect of the product – Features, Ease of Use, Performance, Documentation, Support and Value for Money. TrustTone continues to provide the most comprehensive feature set at the lowest cost.

“Simple, effective, secure. This is just what this doctor ordered.” notes SC Magazine.

“TrustTone is the perfect solution for email privacy compliance for organization large and small. The product offers depth of functionality and configuration flexibility with very low total cost of ownership,” said Hemant Thakkar, CEO of TrustTone Communications. “We are thrilled to earn the Best Buy designation by SC Magazinne. It validates our approach to creating value for our customers.”

About TrustTone Communications, Inc.
TrustTone Communications is a premier provider of highly secure, easy to use, email encryption appliances, email encryption servers, email encryption desktop products and hosted service for email encryption. The products are based on the foundation technology of Identity Based Encryption on PKI. TrustTone is privately-owned and headquartered in Silicon Valley, California.

Via EPR Network
More Software press releases

Email Archiving System Designer Highlights FSA Mobile Recording Solutions

Every business from international banks to single trading desks are working on finding a solution that will comply with the new FSA mobile communications recording mandate.

The new regulations will require all companies that participate in the country’s capital markets to record the mobile communications of all their employees who are involved in trading. This regulation includes voice calls, SMS and Instant Messages.

“In the marketplace, variations in cost, capability and deployability exist,” said Robin Bingeman of Cryoserver, an email archiving system specializing in email storage and email servers. “Companies should evaluate suppliers carefully to ensure the technology they implement is compliant and user-friendly.”

SIM-based
Older solutions that complied with the 2008 FSA landline recording mandate required huge upfront costs and high per call charges. With the SIM-based solution companies simply replace the SIM in their phones and transfer their contacts – thats it, for one price.

Calls do not lag in connection time and there is no obtrusive third-party listening in. All inbound and outbound calls are recorded over the wireless network and archives in real-time. Like an email archiving solution, the SIM allows users to access archived recordings quickly.

Software-based
Software application is placed on each mobile device and then routed to an existing server used for landline calls. Or, another option is to deliver the solution as a service, whereby a third party is “conferenced” into the call for recording.

Both options in this solution rely on the mobile client to be constantly updated. As the updates on the operating systems progress, users may be required to update or change their mobile client.

While it is important for businesses understand the drawbacks of each solution, it is more important that they be prepared to show how the service is tamper proof. With CryoSIM, from the developers of Cryoserver, there is a tamper resistant assurance, adds Bingeman.

Learn More
To learn more about Cryoserver, visit www.cryoserver.com or call toll-free (866) 311-1652 in the U.S. or 44(0)800 280 0525 in Europe.

Via EPR Network
More Software press releases

MailList Controller Version 8 Released

Arclab Software Technologies, a software development company creating and marketing windows applications for home and business users, announced today the release of the newest version of the professional email newsletter software “MailList Controller” version 8.

MailList Controller Version 8 Released

Arclab MailList Controller is an email mailing list management, bulk mail, email marketing and email newsletter software solution for windows designed to send out personalized email messages, manage multiple mailing lists, email newsletter services, campaigns, e-zines, announcements, support and group mails.

MailList Controller works with Microsoft® Windows® 7/Vista/XP/2000

Features of the latest version:

* Send out Newsletter and Bulk Email Messages
* Fast SMTP Email Software Engine
* Works with any Mailaccount (SMTP/POP3)
* Supports SMTP/ESMTP Authentication
* Support for SSL and StartTLS (Secure Socket Layer)
* Partial and delayed Send Mode for limited Mailaccounts
* Directory Pickup Mode for direct mailing without SMTP
* Forward Replies to a different Email Address
* Customizable Returned Mail (Bounce) Detection
* Manage and Host multiple Distribution Lists
* Supports 15 custom Fields for Personalization
* Supports Filters and Subsets (Queries) for partial Mailing
* Linked Lists (List linked to an external Data Source)
* Single and Double Opt-in Subscriptions
* Process Email Subscribe and Remove Requests
* Process Webform Subscribe and Remove Requests
* Import Members from MS Excel, MS Access, Text (csv) or ODBC
* Global Blacklist for Import and incoming Messages
* Sort out duplicate Email Addresses automatically
* Built-in WYSIWYG Rich-Text (HTML) Editor
* Support for external Mail Client (e.g. MS Outlook)
* Direct support for external HTML Editors
* Personalization (Mail Merge)
* Add inline Graphics and File Attachments to Newsletter Messages
* Import HTML files from an external HTML Editor
* Send Plain Text, HTML or Messages in MIME Format
* Custom Charsets for international Newsletter Mailings
* Subscribe Archive (Save Subscribe Email Source)
* Email Software that runs on your Computer
* Works on a Windows PC, Desktop, Laptop or Server
* Runs as Windows Service (does not require an User being logged in)
* No special Hardware or additional Software required
* No Subscription and no Recurring Fees required
* Member Database stays private and secure

The newsletter software is available in 3 different versions: MailList Controller Free, Professional and eXtreme.

Via EPR Network
More Software press releases

Disk Doctors Reported That Sales Of Its Outlook Mail Recovery Software Sky Rocketed Due To The Strength Of The Utility To Recover In Very Severe Corruptions

Disk Doctor Labs Inc., today announced that Disk Doctors Outlook Mail Recovery (.pst) version 2.0.1 a pst repair software has been a big success since its release in January 2008. Sales included copies sold from Disk Doctors authorized online partner’s stores, and Disk Doctors online store.

Outlook Mail Recovery not only recovers deleted emails, but also repairs corrupt or damaged Outlook files as well as PST files. The email recovery includes recovery of emails, contacts, calendar items, notes, tasks and all other items in Microsoft Outlook.

It surpasses all other comparable applications and is the only one that actually lets you see the recovery results in a viewer before you purchase.

“This software is one of the most important research components that we have been able to deliver, we are happy that the software has exceeded our expectations in terms of sales and effectiveness” said Omer Faiyaz VP Marketing & Alliances.

Pricing & Availability Disk Doctors Outlook Mail Recovery version 2.0.1 is available through the Disk Doctors Online Store and Disk Doctors Authorized Resellers for a suggested retail price of $149 (US) for a single user license. Volume and Site licensing pricing options are available from Disk Doctors Sales Department.

Disk Doctors Outlook Mail Recovery (.pst) requires a minimum of 128MB of RAM and is designed to run on WindowsR 2000, XP, 2003, VISTA PC. It supports Microsoft Outlook 2000, XP, 2003 and 2007 versions.

Disk Doctor Labs Inc. is one of the most trusted and respected companies providing data recovery services since 1991 with over 50 dedicated data recovery labs in the world.

Disk Doctor Labs engineers are among the most experienced and professional data recovery experts in the world, working towards a common goal to bring clients halted operations back into working condition with the quickest, cost effective and quality data recovery available.

Disk Doctor Labs have excelled by miles in developing various techniques, which required intensive consistent research & development. These path-breaking technologies have made some of the complex data recovery cases possible. Disk Doctors current portfolio consist of several data recovery software and system utilities.

Via EPR Network
More Software press releases

SpamAid 4.0 – a Microsoft Outlook add-on that keeps your Inbox clean of unsolicited emails

SoftLogica announces SpamAid 4.0, a new version of its Microsoft Outlook add-on designed to keep your Inbox clean of unsolicited emails.

The program is based on Bayesian filtering technology. It automatically learns using your personal correspondence to increase the filtration accuracy. Quarantined e-mails are stored in a separate ‘Spam’ folder. Users can manage their friends and enemies lists or build their own filters. The program has an option to test outgoing mail for potential risk of being filtered as spam. Recognition of newsgroup messages using Safe Recipients list and automatic inclusion of outgoing mail recipients into Friends List are available. SpamAid is provided with POP3, IMAP, HTTP and MS Exchange support.

What’s new in version 4.0:

– Ability to automatically delete undoubted Spam. If you face a very high spam load, you may lose a lot of time browsing the content of your ‘Spam’ folder to check for good messages filtered by mistake, because no spam filter is perfect. However, considerable amount of messages can be recognized as spam with 100% accuracy. Now you can configure 5 rules for SpamAid to delete such messages immediately while putting all other suspicious messages to the ‘Spam’ folder for further possible review.

– Potentialities of wildcards for phrase filtering. You can use wildcards when specifying the spam/non-spam recognition keywords to deal with phrase variations.

– Outlook 2003 style interface. With this new interface style the product will fit perfectly to the modern versions of Microsoft Outlook.

Pricing and Availability:

SpamAid is designed for Microsoft Outlook 2000/XP/2003 and priced at $29 USD per license. Volume discounts are available. Free technical support is provided by e-mail and by phone.

The 30-day trial version with full set of features: http://www.spamaid.com/spamaid.exe Program Interface Screenshot: http://www.spamaid.com/spamaid.gif Interface Screenshot, Jewel Case and Company Logo images in printable quality (TIFF, CMYK, 300 dpi): http://www.spamaid.com/spamaid-artwork.zip (1.64 Mb).

IT reviewers are encouraged to use this press release and any other related materials. We will be pleased to grant you a free license key. If you do not consider electronically distributed software, please e-mail us with the details of your postal address and we will send you a retail package. CD editors are authorized to include the 30-day trial version of SpamAid in their CD-ROMs.

Via EPR Network
More Software press releases