Free Personal E-mail Certificates from Thawte to end soon

Not too long ago, I recommended getting a free personal e-mail certificate from Thawte for e-mail security. It has now come to my attention that Thawte will stop offering Personal Email Certificates on November 16, 2009. This is now posted on the Thawte web-site. According to their web-site, Thawte is offering a free one-year VeriSign Email Certificate for each active Thawte Personal Email Certificate you own as of 24 September 2009. If I remember correctly those normally go for about $20 US.

No comments | Trackback

Internet Security Sense for Mere Mortals

I was just interviewed by Lisa Diaz of iDiaz Marketing. The subject of the interview was: “Internet Security Sense for Mere Mortals”. The whole interview was conducted on-line using the “Tweeterview” service which uses the Twitter micro-blogging service. You can follow Lisa on Twitter at: @lisadiaz and you can follow me on Twitter @diazconsulting.

This was an interesting experience as each question and answer was limited to 140 characters. Here is a link to the actual transcript at tweeterview.

Here is a transcript of the interview.

LD: Hello, I’ll be interviewing Hector Diaz of Diaz Consulting.

LD: Hector will be telling us about how trust for e-commerce is established through passwords, digital certificates and encryption.

LD: He will also tell you how you can get a digital certificate to secure your e-mail.

LD: Hi Hector, can you tell us about your background?

  • I am an IT executive w/extensive experience running multiple data centers in international environments. That includes internet security.

LD: Where have you worked in the past?

  • 21 years at Hewlett-Packard/Agilent Technologies and most recently at CaridianBCT, a medical technology company.

LD: OK, so why is security important?

  • Trust is a necessary pillar for commerce and in particular electronic commerce. You have to trust the identity of the parties involved.

LD: Interesting. Any other thoughts on trust?

  • Yes, you must trust the transaction to be private, that is safe from prying eyes.

LD: Like credit card information?

  • Right, credit cards, bank account numbers, SSN numbers and other such data must be kept private and secure.

LD: How do you go about establishing trust? Can anyone do this or is it just for the big companies?

  • Basically by setting up the ability to conduct e-commerce that allows for authentication, privacy, and non-repudiation.
  • This applies to big companies, small companies, and you as an individual. I’ll explain shortly.

LD: Good! First, how do you define those terms you just used?

  • AUTHENTICATION is all about proving you are who you say you are. This applies to both vendors and customers.
  • PRIVACY has to do with keeping sensitive information (like credit card numbers) safe from prying eyes.
  • NON-REPUDIATION keeps buyers/sellers from lying about legitimately placed orders/shipments. An electronic fraud-prevention paper trail.

LD: About non-repudiation. Do you mean proving you really meant to purchase or transact?

  • Repudiate is to deny. A vendor should be protected from someone ordering goods and then refusing to pay claiming they did not place the or..

LD: OK, that helps. Thanks! so, how do you establish your identity on the web?

  • Web-sites use digital certificates to establish their on-line identities. They verify identities of individuals upon account creation.
  • Vendors buy digital certificates from companies like VeriSign. They provide a branding logo for your site.
  • Individuals “prove” their identity when they supply a password. They too can get for-pay digital certificates from VeriSign.
  • Free digital certificates are also available from companies like Thawte. They require showing an ID to a notary.

LD: I send emails and make purchases all the time. Why would you want to go through the trouble of doing that as a consumer or vendor?

  • W/ a digital certificate you can “sign” your e-mail to prove it actually came from you and was not forged (authentication, non repudia..
  • W/ a digital certificate you can encrypt your e-mail to keep it from prying eyes (privacy).
  • Modern e-mail clients like Outlook and Mac Mail allow you to use these certificates to secure your e-mail.

LD: So, if I want to send an email to someone with a password, I should consider this authentication system. Right?

  • Yes. I would use e-mail encryption to send someone a password in an e-mail.

LD: And if I’m not encrypting my e-mail, does that mean anyone can read it if they know how to hack my email?

  • In a nutshell, Yes. No hacking required. System administrators at any site your mail goes through can read your e-mail.
  • You should NEVER assume e-mail is private unless it is encrypted.

LD: So, to send encrypted emails, get that taken care of at a site called Thawte?

  • At Thawte you can get a digital certificate that will allow you to sign all your e-mails and encrypt e-mails to users who also have certs.

LD: Cool. What is the link to Thawte

  • http://www.thawte.com/

LD: Thanks. One more question about purchases. Does that mean I need a digital certificate to buy with confidence or do e-banking?

  • No, those transactions are encrypted “on the fly” Look for a small padlock or other indicator on your browser.

LD: Thanks. So, the security takeaways here are: “thawte” for emails, “security lock” or “https” for purchases and “Verisign” for vendors. Is ..

LD: ..that accurate?

  • Yes. A small clarification, I’d say encryption for e-mail. In order to encrypt, you need a digital certificate. Thawte is a source for that

LD: Thanks for clarifying. And thank you for taking the time for this Tweeterview.

LD: This digest will be posted on the iDiaz Blog at http://www.idiaz.org/Blog/?p=96 and at the Diaz Consulting Blog at http://hdiaz.org/Blog.

LD: Thank you everyone! This concludes the Tweeterview.

I was just interviewed by Lisa Diaz of iDiaz Marketing. The subject of the interview was: “Internet Security Sense for Mere Mortals”. The whole interview was conducted on-line using the “Tweeterview” service which uses the Twitter micro-blogging service. You can follow Lisa on Twitter at: @lisadiaz and you can follow me on Twitter @diazconsulting.
This was an interesting experience as each question and answer was limited to 140 characters. Here is a link to the actual transcript at tweeterview. http://www.tweeterview.com/published-tweeterview/4d544131
LD: Hello, I’ll be interviewing Hector Diaz of Diaz Consulting. Hector will be telling us about how trust for e-commerce is established through passwords, digital certificates and encryption. He will also tell you how you can get a digital certificate to secure your e-mail.
Hi Hector, can you tell us about your background?
I am an IT executive w/extensive experience running multiple data centers in international environments. That includes internet security.
LD: Where have you worked in the past?
21 years at Hewlett-Packard/Agilent Technologies and most recently at CaridianBCT, a medical technology company.
LD: OK, so why is security important?
Trust is a necessary pillar for commerce and in particular electronic commerce. You have to trust the identity of the parties involved.
LD: Interesting. Any other thoughts on trust?
Yes, you must trust the transaction to be private, that is safe from prying eyes.
LD: Like credit card information?
Right, credit cards, bank account numbers, SSN numbers and other such data must be kept private and secure.
LD: How do you go about establishing trust? Can anyone do this or is it just for the big companies?
Basically by setting up the ability to conduct e-commerce that allows for authentication, privacy, and non-repudiation.
This applies to big companies, small companies, and you as an individual. I’ll explain shortly.
LD: Good! First, how do you define those terms you just used?
AUTHENTICATION is all about proving you are who you say you are. This applies to both vendors and customers.
PRIVACY has to do with keeping sensitive information (like credit card numbers) safe from prying eyes.
NON-REPUDIATION keeps buyers/sellers from lying about legitimately placed orders/shipments. An electronic fraud-prevention paper trail.
LD: About non-repudiation. Do you mean proving you really meant to purchase or transact?
Repudiate is to deny. A vendor should be protected from someone ordering goods and then refusing to pay claiming they did not place the or..
LD: OK, that helps. Thanks! so, how do you establish your identity on the web?
Web-sites use digital certificates to establish their on-line identities. They verify identities of individuals upon account creation.
Vendors buy digital certificates from companies like VeriSign. They provide a branding logo for your site.
Individuals “prove” their identity when they supply a password. They too can get for-pay digital certificates from VeriSign.
Free digital certificates are also available from companies like Thawte. They require showing an ID to a notary.
LD: I send emails and make purchases all the time. Why would you want to go through the trouble of doing that as a consumer or vendor?
W/ a digital certificate you can “sign” your e-mail to prove it actually came from you and was not forged (authentication, non repudia..
W/ a digital certificate you can encrypt your e-mail to keep it from prying eyes (privacy).
Modern e-mail clients like Outlook and Mac Mail allow you to use these certificates to secure your e-mail.
LD: So, if I want to send an email to someone with a password, I should consider this authentication system. Right?
Yes. I would use e-mail encryption to send someone a password in an e-mail.
LD: And if I’m not encrypting my e-mail, does that mean anyone can read it if they know how to hack my email?
In a nutshell, Yes. No hacking required. System administrators at any site your mail goes through can read your e-mail.
You should NEVER assume e-mail is private unless it is encrypted.
LD: So, to send encrypted emails, get that taken care of at a site called Thawte?
At Thawte you can get a digital certificate that will allow you to sign all your e-mails and encrypt e-mails to users who also have certs.
LD: Cool. What is the link to Thawte?
http://www.thawte.com/
LD: Thanks. One more question about purchases. Does that mean I need a digital certificate to buy with confidence or do e-banking?
No, those transactions are encrypted “on the fly” Look for a small padlock or other indicator on your browser.
LD: Thanks. So, the security takeaways here are: “thawte” for emails, “security lock” or “https” for purchases and “Verisign” for vendors. Is ..
LD: ..that accurate?
Yes. A small clarification, I’d say encryption for e-mail. In order to encrypt, you need a digital certificate. Thawte is a source for that
LD: Thanks for clarifying. And thank you for taking the time for this Tweeterview.
LD: This digest will be posted on the iDiaz Blog at http://www.idiaz.org/Blog/?p=96 and at the Diaz Consulting Blog at http://hdiaz.org/Blog.
LD: Thank you everyone! This concludes the Tweeterview.
No comments | Trackback

Hector to be interviewed on E-mail Security

On Sunday 03 October, at 2:00 MST, I’ll be interviewed by Lisa Diaz of iDiaz Marketing. The subject of the interview is: “Internet Security Sense for Mere Mortals”. This interview will also serve as a test of the “Tweeterview” service which uses Twitter to conduct an on-line interview. Lisa will be asking me about e-mail security issues, and the actions every day business people can take to be aware of and be more proactive about e-mail security. This interview does not guarantee e-mail security, but simply creates more awareness of the issue. I will post a link to the completed interview in post comments below.

No comments | Trackback

Internet Technology Primer

Have you ever wondered:
  • Why your browser is not displaying what someone else is telling you they see on their screen?
  • Why your browser seems to stall accessing a site but instantly gets the page by hitting refresh?
  • Why are your friends getting e-mails from you you did not send.
  • Is e-commerce safe?

Don’t miss the August Denver Athletic Club’s (DAC) Web 2.0 event on August 14. Join us for an informative primer on Internet technology. This one hour session will translate the technical jargon and explain the workings of “the Web”. This is intended for people who want to make better use of the technology, either as a customer or as a provider or web-based services. Link will take you to registration details.

We will cover the following topics:

  • What is the Internet?
  • Who “owns” the Internet?
  • Who “manages” the Internet?
  • How does it work?

Hector Diaz of iDiazMarketing will speak from his 20 years of technology management experience at companies that include Hewlett-Packard, the Communications Satellite Corporation, and a Silicon Valley technology startup in the electronic design automation industry.

No comments | Trackback

Hello World!

This is the very first post on this blog!

No comments | Trackback