Easy encrypted email

In my daily communications with clients and providers I’ve noticed that sometimes they will send confidential information over email. I have received credit card information, social security numbers and other data that in the wrong hands can wreck havoc. I appreciate very much the trust these people put in me, but the fact is that email in transit is in OPEN TEXT form for EVERY computer between the sender and the receiver can read it. There are typically one or two dozen computers in any internet communication and trusting everyone in that chain is extremely naive at best.

Emcrypt your message easily, protect your informationI just discovered a service called Encipher.it that will solve this problem. you just need to visit https://encipher.it/ and write your message in the box. when you click on “Encipher It”, it will ask for a password (called an encryption key in spy parlance) and it will convert your message into gibberish.

 

 

 

 

 

 

For example, I used it to convert:

The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog

to

EnCt28070c2f6ffc645fabbd087024256938eb2ba3c038070c2f
6ffc645fabbd08702K4MihJ/DkQM
YtPvd0VA4AMsZdSIbul5ai/
of3Gp9qYQrFD3yJBQQHtzgZrJFciYmkxkonSTuDM7g7D7ow2
aENwokAhV
0v12tQfKiLj5h5HmZ5hA4NdXoVQKWJ2DZYCVO
kCJoD5r4yMxUWwNUrvh7y0Qy5ModBzGPjjqdF4ytDlG
qiuPQ
M8JqRqGSreaIiPUspLcHIwEmS

Using ‘password123’ as the encryption key (a TERRIBLE password by the way, please read my article about password strength HERE http://goo.gl/36yti)

You can copy and paste this encrypted message into your email (it has a feature to directly insert into Gmail or Google Mail for Business) and you can even ask to convert it into a short URL, you send the encrypted version and then you can contact the person receiving the message via phone, fax or a SEPARATE email message. This last option diminishes the risk because each email is likely to take a different route but is much less secure.

To watch a video on how it works please click HERE https://encipher.it/help#video

You can set up a bookmaklet in your browser if you want to but is not required. I tested with my iPhone and it worked as expected and they even have a mobile website that works great

PC World published a review HERE http://goo.gl/FCiYT

Hope this little tip can make your communications more secure.

 

 

 

How fast can your password be cracked?

The question is not if your password can be cracked, it is how fast. Black Hat hackers (determined outlaws looking to steal on the internet) are using sophisticated yet affordable hardware to crack passwords.

PC processors constantly increase in computing power either by increasing the speed, the efficiency and/or the number of processors -or cores-, but hackers are now installing multiple graphic cards, which have incredible computing power to build mini supercomputers just to crack passwords. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average a mind boggling 8,200,000,000 password combinations each second, hackers have set up systems with 8 graphic cards that allow more than 16,000 cores cracking passwords at neck breaking speeds.

Most internet users have 25 accounts for which only 7 passwords are used and each is composed of 8 characters or less.

Leaks of password files have terrible consequences, because hackers get a picture of the passwords people are using instead of trying with completely random collections of letters, numbers and symbols, which makes things a lot easier for them. They use this knowledge to build dictionaries to try in any system forcing their way in EVEN FASTER.

Recently a client gave me his credentials for uploading a video and the combination was equivalent to User: ‘smith’ Password ‘smith123

That is a quite obvious and weak combination, and the website http://www.grc.com/haystack.htm tell us that the password will be cracked in 0.029 seconds in a massive attack. Let’s strengthen it:

 Changing it a little with some substitutions to:

Sm1t4!@3

(Using capital S, 1 instead of i, 4 instead of h and the symbols on top of the 1 and 2) still similar to ‘smith123’, is a great improvement since it will take 1.12 minutes to crack but if we pad it with symbols:

{}{}{}{}Sm1t4!@3{}{}{}

it will take a whopping 1.04 hundred million trillion centuries. There are determined hackers out there, but I can assure you they are not THAT determined. I can also bet you that your bank won’t be around by the time they crack the password. Once you type it a few times this becomes an outrageously strong yet easily remembered password.

 Here are recommendations on how to cover all your bases:

  • Generate looooong passwords like the one described above and store them in secure websites like http://lastpass.com or http://passwordsafe.com protected by an equally strong but memorable master password.
  • Generate a unique password for every account you use on the internet.
  • Change your passwords at least every 6 months. Change it immediately if you have the suspicion that security has been breached.
  • When signing in into websites make sure the address of the log-in page starts with https:// and not http:// it means that what you type is encrypted and attempts by others to eavesdrop on your connection to the server to which you are accessing are futile.

 

Is Your Hosting Company Up To Snuff?

Some of our new customers ask us: why can’t we host our site with Company X? It’s only $6.95 per month, much cheaper than your services. The answer is simple: Peace of Mind, and here is why:

Somebody recently called because a website hosted with Company X had been hacked and it had proven impossible for him to regain control over it. That is one of the scenarios where the difference is obvious. When a website is compromised (and any one can be) there are many operations that have to take place, and practically all require the highest level of access to the server and logs. This is called “root access”, the person doing the diagnostic must have constant communication with the systems administrator and work hand in hand. When you call Company X, a level 1 tech picks up the phone, he/she has a collection of scripts that are designed to make the call as short as possible and -if at all acting on the issue- send it to a level 2 tech. It frequently takes them up to 72 hours to do something on the trouble ticket. Meanwhile your site is down or worse: being used as a phishing platform or redirecting to another website in East Europe.

respond quickly to server issues

Who is looking after the server?

When you call for support at AMPHION you will talk with someone who will take responsibility for resolving your issue.

Weeks after the incident I’m not sure our caller has regained control on his site. At AMPHION we most definitely would have it solved in hours.

Security is not the only difference, our servers are monitored from 5 different locations around the world, so we know about any glitch before our customers do, and take corrective action. That is why our uptime has been better than 99.95% right up there with Google.

Servers are under attack everyday all over the world. If your website is important for your organization, who has your back will make a big difference. Can you wait days for it to be restored? If at all?

Do you want to know who is your neighbor?

Do you know what other websites are in the same server as yours?Today I received a request from a customer to make a change on their email. They moved their main website to another provider and are hosting in one of our HUGE competitors where your website is in a cluster server with maybe 10,000 others. I researched what company they were using so they could contact them directly and just by curiosity took a look at what other websites are been hosted on the same IP address (analogous to a physical street address on the Internet). At the very top was www.racial-humiliation.com. The site is plagued with anti-semitic, anti-islamic and aryan racist verbiage that turned my stomach. It claimed to be “entertainment” but it exposed a big chunk of what I consider wrong with our society. By far their favorite is the “n” word.
In all fairness the nature of your server neighbors may not affect you greatly. Google used to penalize websites that shared the same IP address on their searches, but they changed their formula years ago. The most relevant implication that sharing that IP address (or block) has to do with email. If one of your neighbors is actively spamming or has been hacked from the same server where your website resides, the whole server will quickly get blacklisted and suddenly you may stop receiving email inquiries from your contact form, your clients will not get their confirmation email when they place an order on your eCommerce store and your newsletter will bounce back from major email providers like Comcast, Hotmail Gmail etc.
That is the big advantage that we, “Boutique Web Hosters” have over the hosting farms. Not only do we take pride in our technical support and getting things solved fast, but some of us are very picky on who do we accept as clients. In our case we have 3 redundant monitoring solutions to discover hacking, spamming and other breaches of our terms and conditions. plus a very aggressive set of tools installed on our servers to prevent them in the first place.
In the end is a matter of choice as a client: Do you want to have your office or store in a building with guards, CCTV, intrusion prevention and security doors or do you want to have it in a building where the KKK meets, a fly by night scammer lures people in and drug dealing is done on plain sight. Do you think that the difference in price of 4 cappuccinos versus 1 capuccino of rent per month is worth it?
I’m very eager to hear your opinion, please share.

AMPHION communications develops solutions for the small and medium sized businesses. We are expert implementing Google Apps for Business. AMPHION has been in the Web and Email hosting business since 1996 and our goal is to develop solutions that allows us to render better service and have happier clients.

Give us a call at 888-AMPHION (888-267-4466) for a free 10 minute consultation and see if what we are doing for our clients can help you.

Is your email address hurting your Business?

As new media professionals we deal everyday with requests from prospects, clients, providers and other parties, and just by looking at their email address we can tell a lot. A prospect who is looking for website development or hosting with an aol.com address -in our experience- spells trouble. Being still attached to AOL as a business resource tells us that you are likely very reluctant to change or that you are technologically averse. Not very different from asking us “I want a website but I don’t do email”. (insert sound of alarm going off)

NOTE: I have nothing against AOL, was their customer from 1996 to 1998 and it once was the dominating online provider, but it is a company that got complacent in its business model, trying to make it easy for the customer but refusing to adapt to an ever changing environment. Their services fulfill a role in personal communications, but we deem them very lacking in the business ecology.

Let’s revise our recommendations for business email:

  • Use your own domain: Instead of using ForImage@hotmail.com set yourself up with info@ForImage.com (obviously an example only), here is why:
  • Your domain is yours: As long as you pay the domain registration (ForImage.com in this example) only you own the use of it. That works towards building your brand, it tells everybody you are serious and accountable about your business.
  • Your domain is portable: You are not tied to a provider, you have the capability of moving your operation to another provider if you want/need. If your email address is ForImage@yahoo.com and you change providers you have to notify every party you do business with of the change and you will most probably lose business.
  • Your can increase your productivity: By embracing a new technology your email can become way more than your email. It can become your instant message platform, your scheduling system, your document collaboration platform and a lot more.
  • You have control over mail flow: you can set up info@ForImage.com to send copies of every email to Joe@ForImage.com and Kate@ForImage.com and even set rules of which emails to send or delegate someone in your organization to screen your email.
  • You can have your email everywhere: Modern email implementations (notably using IMAP) will hold the email on the server so you can access it from your office PC, check it, search and reply from your tablet at the coffee shop and check it again in your home PC, accessing all the time the same messages in all the devices.
  • You can expand the use of your domain: Your domain allows you of course to have a website set up on ForImage.com and/or www.ForImage.com but you can also set up fb.ForImage.com to re-direct to your Facebook page and tw.ForImage.com to your Twitter feed.

I’d love to hear your opinion

AMPHION communications  concentrates in Google Apps for Business. We have been doing Web and Email hosting since 1996 and have discovered that relying in Google for email and online collaboration means better service and happier clients.

Give us a call at 888-AMPHION (888-267-4466) for a free 10 minute consultation and see if what we are doing for our clients can help you.

Break email barriers without breaking the bank

Business people try to get the best of many worlds from their email, they want:

  • Lots of space: they receive proposals, spreadsheets, documents, manuals
  • Peace of mind: If they are downloading their email to just one computer and that computer goes kaput, their business is in deep trouble. They don´t want to think of backup strategies. They want reliability.
  • Convenience: They want to receive and send their email from wherever they are, using their desktops, laptops, tablets and smart phones and find messages FAST.
  • Identity: Their email has to be on their domain name to maintain their corporate image intact.
  • Affordability: An in-house email server will probably set you back 10 grand and setting the service on the cloud typically cost close to $150 per user per year. Too spicy for many small businesses.
  • Work Smarter: Our clients want their email to be uncluttered, not only to curb spam but to see only the ones that need their attention while keeping the rest. They want integration with other services like calendar, cloud storage of documents, advanced sharing options, messaging, tasks and incorporate new technologies as they become available.

The Solution:

After dealing with multiple environments, options, and budgets we have concentrated in Google Apps for Business. We have been doing Web and Email hosting since 1996 and have discovered that relying in Google for email and online collaboration means better service and happier clients.

Give us a call at 888-AMPHION (888-267-4466) for a free 10 minute consultation and see if what we are doing for our clients can help you.

Get your inbox back!

Aren’t you tired of having to delete, archive label or move to a folder the same offers, newsletters, statements and requests day after day?

Don’t you wish you had a slim inbox with only the relevant messages ?

One solution is of course to set individual filters that will do the archiving/labeling/organizing for you, but doing research for one of our customers I’ve found a much easier way:

Enter Zigmail.com

The clever guys at Zigmail have devised a very effective procedure and after some quick setup their system will seem to suck up all the less relevant email. It’s like having a personal assistant constantly cleaning up your inbox. Apparently they have put some serious AI (artificial intelligence) behind this process. After initial setup ZigMail processed some 5,000 messages in my account and screened my email, leaving only the good stuff behind. Their process will ask you when in doubt so it can learn what you consider relevant.
Right after you create your free account with Zigmail.com you will need to provide your User ID and Password to your current email provider. This is needed so they can retrieve email clogging your inbox. They DID NOT delete the messages from my inbox. They are just archiving them and labeling as ‘zigmail-backup’ so your email is always there and available to be found with a search.

Their tech support is fast at responding and either they have vastly outperformed Siri or they have real people handling your requests. There is nothing I despise more than getting a canned reply that has a few keywords in common with my question but suggest that the support team did not read or has no clue. Obviously not the case with ZigMail.

After using the system for a while, I am very excited about reclaiming my inbox and above all getting back the 20 minutes daily I spent doing repetitive tasks (amounting to 7 hours per month). Not too shabby! That’s 20 more minutes per day for more productive work.

Every day you’ll get a digest with a breakdown of the messages that ZigMail have processed in your account and a VERY CLEAN inbox

At this time ZigMail’s QuickStart system only works with Gmail (but no Google Apps yet), Yahoo and AOL. They are working to bring other IMAP supported accounts online in the near future.

ZigMail was awarded Best Email Innovation for 2011 in the About.com 2012 Readers’ Choice Awards. Well deserved!