Today I’m going to talk about a topic that has gained a lot of attention since the presidential election: encrypted email.Services such as ProtonMail—a secure email system with end-to-end encryption—have reported record signup numbers in recent months. This parallels the increasing adoption and provision of encrypted instant messaging services such as Signal, Telegram, iMessage and WhatsApp. As someone who works in security, I applaud this; more people communicating via encrypted messaging can only be a good thing.+ Also on Network World: Enterprise encryption adoption up, but the devil's in the details +
However, there is a big problem with encrypted email, which is that it mostly sucks. The problem lies in the open nature of email itself. Unlike proprietary messaging systems like WhatsApp, email is based on open-standards. Anyone can run their own email server, and you can send an email to anyone in the world just by knowing their email address using any software you like.To read this article in full or to leave a comment, please click here
Today I’m going to talk about a topic that has gained a lot of attention since the presidential election: encrypted email.Services such as ProtonMail—a secure email system with end-to-end encryption—have reported record signup numbers in recent months. This parallels the increasing adoption and provision of encrypted instant messaging services such as Signal, Telegram, iMessage and WhatsApp. As someone who works in security, I applaud this; more people communicating via encrypted messaging can only be a good thing.+ Also on Network World: Enterprise encryption adoption up, but the devil's in the details +
However, there is a big problem with encrypted email, which is that it mostly sucks. The problem lies in the open nature of email itself. Unlike proprietary messaging systems like WhatsApp, email is based on open-standards. Anyone can run their own email server, and you can send an email to anyone in the world just by knowing their email address using any software you like.To read this article in full or to leave a comment, please click here
One of my main roles is improving the security of the software produced by my employer, and it was in that role that I attended the annual gathering of the security industry in San Francisco last week. The RSA Conference is one of the two global security conferences I attend, the other being Blackhat. While Blackhat has become more corporate, it’s still dominated by hackers and focuses more on vulnerabilities, whereas RSA is very much a corporate event focused on enterprise security and security policy.RELATED: Machine learning offers new hope against cyber attacks
Several of the tracks at RSA this year covered the area of security in the development process. I was most interested in the Advanced Security & DevOps track. DevOps is a hot topic in the industry, and now we have SecDevOps, or perhaps DevSecOps as the new security buzzword spinoff. Behind the buzzwords, however, I learned some useful lessons, a few of which I’d like to discuss here.To read this article in full or to leave a comment, please click here
One of my main roles is improving the security of the software produced by my employer, and it was in that role that I attended the annual gathering of the security industry in San Francisco last week. The RSA Conference is one of the two global security conferences I attend, the other being Blackhat. While Blackhat has become more corporate, it’s still dominated by hackers and focuses more on vulnerabilities, whereas RSA is very much a corporate event focused on enterprise security and security policy.RELATED: Machine learning offers new hope against cyber attacks
Several of the tracks at RSA this year covered the area of security in the development process. I was most interested in the Advanced Security & DevOps track. DevOps is a hot topic in the industry, and now we have SecDevOps, or perhaps DevSecOps as the new security buzzword spinoff. Behind the buzzwords, however, I learned some useful lessons, a few of which I’d like to discuss here.To read this article in full or to leave a comment, please click here
Average internet users are starting to realize they should be protecting their personal information better. But do they understand why?Protecting private data is more important than many people realize, and also quite simple. I’d like to unpack the top five most common misconceptions of cybersecurity to demonstrate why you should learn how to protect yourself and your data. 1. I have nothing to hide. Why do I need my data to be encrypted?No skeletons in your closet? No searches you’d prefer didn’t surface? That’s fine, but what about your credit card information, passwords and Social Security number? Just because you don’t have dirty laundry to air doesn’t mean your personal data isn’t worth protecting.To read this article in full or to leave a comment, please click here
Average internet users are starting to realize they should be protecting their personal information better. But do they understand why?Protecting private data is more important than many people realize, and also quite simple. I’d like to unpack the top five most common misconceptions of cybersecurity to demonstrate why you should learn how to protect yourself and your data. 1. I have nothing to hide. Why do I need my data to be encrypted?No skeletons in your closet? No searches you’d prefer didn’t surface? That’s fine, but what about your credit card information, passwords and Social Security number? Just because you don’t have dirty laundry to air doesn’t mean your personal data isn’t worth protecting.To read this article in full or to leave a comment, please click here