What is FireGPG?

FireGPG is a Firefox extension under MPL that provides an integrated interface to apply GnuPG operations to the text of any web page, including encryption, decryption, signing, and signature verification.

FireGPG

Support for Gmail

FireGPG adds some features to the Gmail1 interface to let you use GPG’s features directly in your webmail. More webmail applications will probably be supported in the future.

FireGPG is OpenPGP/mime compliant !

Check webmails supported by FireGPG

via FireGPG – Welcome to the official website of FireGPG!.

This is a pretty interesting addon.  It works with Gmail really well, it slows it a bit, but it does add encryption and digital signatures.

Here’s my public key, if you can’t figure out how to get it from one of the main key repositories (http://pgp.mit.edu:11371/)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0

 

Show me more... »

Tags: Digital Signature,encryption,GPG,PGP,Public Key,security
Categories: Technology
No Comments »

There’s lots of innovation going on in security – we’re inundated with a steady stream of new stuff and it all sounds like it works just great. Every couple of months I’m invited to a new computer security conference, or I’m asked to write a foreword for a new computer security book. And, thanks to the fact that it’s a topic of public concern and a “safe issue” for politicians, we can expect a flood of computer security-related legislation from lawmakers. So: computer security is definitely still a “hot topic.” But why are we spending all this time and money and still having problems?

via The Six Dumbest Ideas in Computer Security.

This is a very high level list of security concepts that no programmer should be without.  While it is extremely important for programmers and software engineers, it is probably more important for management.  Since they have the final say in funding and project approval, it is important for managers to understand these concepts and require their implementation.

Tags: Internet,security,software engineering
Categories: Technology, Work
No Comments »

Today, we live in a world of rapidly diminishing privacy. If you use your employer’s email system, it is possible that every message you send or receive is logged and intercepted without your knowledge. This may have unintended or even disastrous consequences if an intercepted email message contains sensitive personal information. Unless your email goes through Secure Socket Layer (SSL) protected connections, your email is vulnerable to what is known in the IT security field as man-in-the-middle attacks, where an attacker can intercept your message as it flies to its intended recipient.

Email is sent in a format that is easily readable if an attacker can grab and reconstruct enough pieces (packets) from the data transmission with packet sniffing software. Technologies like deep packet inspection make it theoretically possible that any given message that goes over the internet can be sniffed and read by third parties who have the right software and know-how. (the feds, your ISP, etc.) While no one may have a real reason to spy on you, relying solely on security through obscurity has always been a poor policy to live by. Because of this, encryption is the only real option you can trust. We teach you how to put your emails in a lockbox before sending them off to their destinations.

Show me more… »

Tags: encryption,Internet,privacy,security
Categories: Technology
No Comments »