Made by Engineers for Engineers...

One of the continuing challenges with the adoption of strong cryptography on the Internet is that the majority of cryptographic products have been designed by engineers for engineers. A good example of this comes from my own experience; a client and I were attempting to set up secure e-mail communications between our Security Operations Center and a number of different external customers. We had manually exchanged keys and were attempting to enable an email program to selectively encrypt email contents. The result was five CISSP certified security professionals standing around an e-mail client unable to make it work ... embarrassing.

This type of headache and complexity is what has prevented a large number of important technologies from being widely adopted. This is the reason why we at Laconic Security have taken designers and mathematicians and paired them together in such a way as to create a truly easy-to-use strong encryption product. We've taken something really hard and made it easy. The next time you evaluate an encryption product consider whether or not your users can or will actually use it. Hard to use security is no security at all.

Laconic Security's Position on Cryptography in Society

Privacy is a fundamental human right, guaranteed by the U.S. Bill of Rights, the UN Universal Declaration of Human Rights and in the founding documents of many democracies around the world. That would seem to give it all the legitimacy it needs, yet our privacy is under constant assault. Beyond the individual's right to privacy, businesses have a critical need to protect their intellectual property as well as their customers’ sensitive information. At Laconic Security, we believe that strong cryptography has a central role to play in protecting our information and in defending our basic right to privacy.

We acknowledge that these are complex times in terms of how people integrate technology into their daily lives. Personal technology is with us every minute of the day; there is almost nothing we do that doesn’t leave a host of digital records. Think of the many ways that people use the Internet: personal finance, charity, political support, political resistance, news, email, photo and video sharing, shopping, work, collaboration, social interactions, democratic participation, religion, healthcare, etc. This small list highlights why Internet privacy, while ailing, is NOT dead and is in fact essential to modern society.

This erosion of privacy comes in two forms, the legal system has not kept up with technology and we voluntarily give our data to many Internet companies who don’t inherit the responsibility to protect our right to privacy. When we give away our data (to a cloud provider or social network, for example), the justice system views that as a reduction in our “expectation of privacy” and thus continues to lower the legal barriers. This is a vicious circle, and the reason we must exercise our rights if we want to keep them. All representative democracies have challenges balancing legitimate national security and law enforcement needs against a citizen’s reasonable expectation of privacy. They balance the preservation of our rights against our safety and security with ever increasing favor given to safety and security. The informed consent of the people is required as a check and balance. Because of this we believe anyone who desires privacy on the Internet must use strong cryptography to protect their information and demonstrate their expectation of privacy.

The Internet is a digital community, the virtualization of a neighborhood. As with actual neighborhoods, we believe people should have the right to choose to close and lock their doors and windows in order to have a measure of security and privacy.

We specifically designed our Aegis solution to make it mathematically impossible for us, or any unauthorized entity, to ever gain access to our clients’ encrypted information. Our privacy policy is iron clad in support of your data’s protection. Society cannot function without reliable personal and commercial privacy. We believe that YOU own your data; not your cloud provider, not your Internet service provider, and no government. Don't trust, encrypt.

Detecting and Blocking Bad Robots

It is often in the best interest for authors of web robots to obfuscate the true identity of their requests. These obfuscations often consist of changing the HTTP User-Agent header without making further modifications to other HTTP headers. By leveraging existing passive browser fingerprinting projects, it is possible to determine the existence of these robots. If desired these requests can be blocked using applications such as modsecurity in Apache, or the native configuration files of web servers such as lighttpd or Apache.

Communicating Compliance

Tracking, reporting and communicating compliance status to management is cumbersome and time consuming. The right tools to track and report compliance status will enable a pre-audit compliance team to be more productive by clearly communicating status and limiting duplicate effort.

The Federal Information Security Management Act (FISMA) is a federal law enacted in 2002 as Title III of the E-Government Act of 2002. Several implementations of FISMA exist, most notably within the NIST Special Publications http://csrc.nist.gov/groups/SMA/fisma/index.html.

GTD in Outlook

I’ve been experimenting with David Allen’s GTD (as well as other productivity methodologies) for a while now and have settled on an implementation that works rather well for email. In this post, I’d like to give you the process I follow to organize my email life and code for an Outlook macro that automates many aspects of the process.

Disclaimer: I by no means claim to have developed all of the methodologies described herein. This is simply my implementation and conclusions drawn from several productivity methodologies which include David Allen’s Getting Things Done, Merlin Mann’s Inbox Zero , GTDGmail and of course many posts on Lifehacker. I HIGHLY RECOMMEND visiting these links.

Simply stated, GTD is a method for keeping track of your life. Since many of us live in a world where email is constantly piling up, a method for managing email and the tasks associated with those emails are imperative. I’ve read David Allen’s book several times and I like many of the ideas, but find I need a simpler method for tracking everything.