Important Notice: OpenSSL "Heartbleed Bug" vulnerability

A serious security issue referred to as "Hearbleed Bug" has become public recently. Systems using OpenSSL encryption are affected.

Read more

Microsoft lures business files into the cloud

The MS SharePoint Conference 2014 reveals a strategy that increasingly drags corporate data into US-based cloud storages.

Read more

E-mail providers force SSL encryption

A number of e-mail providers demand their users to use SSL connections for sending and receiving message. How big is the gain in terms of security?

Read more

Head of Microsoft Germany demands a 'New Deal' to re-establish trust into IT Security.

Christian P. Illek demands everybody taking part in electronic communication to take action.

Read more

German economy wants to invest more in IT security

Rise of IT security awareness in German Economy.

Read more

U.S. monitoring of data and information creates a stir

 

In recent days, a wave of indignation was triggered when the Washington Post published information suggesting that U.S. authorities such as the NSA have access to data from large Internet service providers and cloud services under the program called "PRISM".

Even if the affected companies deny that such access to data has occurred doubts remain. Ultimately nobody knows whether his data is copied or read and how the information will be used. Ideally, of course "only" to ward off crimes as terrorist acts. But how far may the analysis of the data go to identify potentially criminal activities in advance?

Another spin on this is the stance of the Chinese Government who appear to sponsor the theft of data wherever it may be found to advance their trade position and improve their competitive position in the world.  There is a deep conflict of philosophy here but for an organisation with private data the challenge is the same.

“This story highlights a real dilemma for business today” states Matthias Kess, Technical Director of email encryption and secure file transfer solutions vendor Cryptshare, he goes on “Whilst there is considerable appeal to some aspects of shared services and the benefits of scale that Cloud vendors offer these are offset for many by the rational desire to keep their data in a place which they know is as secure as it can be and we are not short of threats to our secrets! There is a real tension here between the need to protect information from the myriad of threats to it, and remember there are penalties if we fail to meet the data protection laws in place in our country and the desire for the state to scrutinise data and protect us from threats of one kind or another.”

This debate is causing many to look again at the need to protect core information in files, data stores and when in transit and many are looking to Cryptshare as a key part of a more secure infrastructure for their staff.

With your own installation of Cryptshare your information is protected against external interference of any kind, although it requires you to take some small steps to get started.  Your Cryptshare system can be running in your own IT infrastructure or can be hosted, access is limited in a range of ways which you can control from general access to your systems and using the security systems of your IT infrastructure. Critically the files residing on your Cryptshare server can only be accessed by persons who are in possession of the correct transfer ID and the associated password, the sender and recipient.  No other access is possible, either when in transit or stored.

“We designed our system from the outset to be highly secure but easy to implement” says Kess, “Surely the correct way for Governments to protect us is to encourage organisations of all kinds to protect the information they have to in the strongest ways, it is then up to the companies themselves to ensure proper use policies are adhered to.”

 

Read more

Cryptshare for Notes unter "den besten Tools für Lotus Notes"

Cryptshare Security Bulletin IX/2012-1EN

 

On Monday, 17.09.2012, the German Federal Office for Security in Information Technology (BSI) issued a press release in which it warns about a security vulnerability in Microsoft Internet Explorer. Affected are the versions 7 and 8 running on Windows XP and versions 8 and 9 on Windows 7. As the BSI also states there is no security fix available from the manufacturer yet. However the attack code required for exploiting this vulnerability is already available on the internet. For this reason, the BSI assumes a rapid, wide-scale exploitation. Even an accidental visit to a malicious website may lead to an arbitrary code being executed with the privileges of the user on the system.

In their security bulletin dated 17.09.2012 Heise Online (www.heise.de) explains in more detail how attackers may exploit the security leak. According to Heise it may come to a complete loss of control over the affected computer.

If you do not want to use Internet Explorer until a fix is available for this vulnerability, we advise to alternatively use Firefox (version 2 or higher) or Safari (version 3 or higher) for file transfers via Cryptshare. There are no restrictions in functionality of Cryptshare when using one of these alternative browsers.

 

Read more