Email and webmail security in ImpressCMS :: protect friends /member data
This is new to me, likely not to you.
How can We keep mail data in most secure way? In democratic countries we (may) accept some surveilance by leagal police, but NOT intrusions by criminal civilians.
My guess is that a mail-module can be one of the most secure way to keep track also on private mails. Like a politician or union ombudsman wanting to …
1) keep members contact data best protected.
2) be able to send mail to all or group of members without interference or espionage.
3) there is also the possibility to keep whole site secure. Is that good?
4) When posting mail, can mail message then be sent ”under cover” via (through) server OR special rute-service to prevent stalker tracking?
The problem to keep adresses integrity seem to be all phases. Input (or collecting), storing, administration and outgoing post. Likely it is the best that each person make the imput themselves... is it already made the best way? It is also preferred that owner can minimize the handelning of data him /herselves (reduce: tracks /clip books hidden data etc). Member name visible but mail adress kept spoiled.
# What possibilities are there? (note: site admin spoil function, different levels)
# … to include in ImpressCMS core or module?
# What may be the best?
PS: I kept some new friends safest possible and sent only as hidden (they where adressed by same fascistoid stalkers). /DS
Extr tags: surveillance, safety, community, democracy, ICMS, encryption, data management, administration, free internet, privacy
James (@jmorris) and I did a post on this a lo-o-o-o-ng time ago and the only place I could find it is on [url-http://www.christianwebresources.net/modules/article/view.article.php?5]my site.[/url]
David (@fiammybe) also did a nice post on some of the security features we have built in and apply by default for ImpressCMS.
Security has many layers - starting with your server and moving up to your application (CMS) and the choices you make.
As for Softaculous - any host using them will have the proper configuration so everything works after install (file and folder permissions, trust path outside of the web root, and database creation are the biggest obstacles for most). As David said, it's more a matter of convenience than anything.
Everything on the server is a potential security risk, so try to get a dedicated account for your site with nothing else on it. Ideally a VPS (as shared webserver accounts are more risky) but those are pretty expensive. Don't install modules you don't need.
Keep your site up to date, if any security patches come out you should apply them as soon as possible.
Install the Protector module, it does what it says and guards against the most common attacks.
The most important thing though - back up your site regularly. If anything goes wrong you can always get your site back. Bear in mind a hack may go undetected for a long time, so you should keep a time sequence of backups (and test them periodically - nothing worse than finding out your backup is a dud).
The security of any web application can only be as strong as the security of the server it is hosted on. When you have a good, performant and secure webserver, then ImpressCMS can build on those foundations to secure the web application and make it run swiftly. ImpressCMS (or any other web-facing application for that matter) cannot plug the holes in a badly setup server, no matter what.
To consider : take a reputable host, preferably that you know about. It's a question of trust.
Softaculous creates their packages based on input we gave them, so the different between installing from sofaculous or from files you upload yourself is convenience : easy installation and one-click upgrade if a new version of the core comes out. They don't handle module updates I'm afraid.
Impresscms security and web hotell choice
Does impresscms-sites security depend on server quality or arrangemants? I think mainly to 1) keep hackers outside and 2) maintain the site Clean.
1) What is there to consider?
2) Is there any differences between installation from the Softaculous and the original from within impresscms itself?
For SciFi'ers and NWO-readers:
If you ever hear my voice in your thoughts, most likely its not mine. Definitely not my oppinions.
Trying to find a solid home.../TS
Also tags... MySQL, PHP, cms, democracy online
Sort of. The long random number is a cryptographic challenge. You authenticate by signing the number with your public key (which is effectively your ID) and sending it back to the server. If the signature is valid it knows to let you in.
The phone app reads the data out of the QR code (random number, URL for processing login requests), signs it and sends it off for verification. The app also handles creation and management of site-specific keys.
Interesting approach, even if it could be overkill for some users. This seems to be a form of two-factor authentication, but backwards
Using 2-factor authentication, you get a code via a phone app that you have to put into the login page. Here, you get a code via the login page that you enter (via QR code) in the app.
What puzzles me is how you can login on your pc, by doing some stuff in an app. Would the random number be the linking element perhaps?
Other risk is that your 'keys' are stored on your smartphone. You'll need to have some pretty nifty security in place to prevent those to get breached.
By the way this approach is discussed in the latest Security Now! podcast.
Probably. I'm using the PHP QR Code library, its dox say that it can handle Japanese characters, but the developer has not tested it extensively. Maybe we can help with that later.
I've got a module skeleton that can generate the QR codes, and successfully read the data out with a barcode reader app. The module side looks like it will be fairly simple, its just checking signatures.
Making an Android app will be the hard part.
Certainly sounds a good solution.
Does it work in all countries?
You open the website on your PC. A QR code is visible. You point your *phone* at the code...and your PC logs in automagically, and securely.
Certainly worth a look indeed - I've recently come across software and services that exist for "captcha busting" - and they're shockingly cheap.
There are ways to make life trickier for spammers, but they also make life trickier for the users... the idea you suggested is certainly one possible solution to consider.
Steve Gibson from GRC has proposed a new approach for secure login that does not require passwords, security tokens or the involvement or third parties.
In a nutshell, the site login page generates a QR code containing the login URL and a unique random number, which you show to an app on your smartphone. The app generates a *unique* public/private keypair for that site, cryptographically signs the random number and sends it together with the public key to the login URL for validation. If the signature is good the site lets you in.
The public key becomes your ID for that site, and you authenticate yourself by signing random numbers generated by the site using your private key. There is nothing to remember, no shared secrets and you don't need to type anything.
This looks like a pretty good system to me. As far as I can tell there is only one major downside: You need develop a phone app. I might have a go at this for Android (you iPhone users are on your own, sorry).
Worth a look?
This has long been a subject of interest to me, and it has become quite hot recently. The Edward Snowden leaks have given us the best glimpse yet of how far governments are prepared to go to eavesdrop on electronic communications and to compromise online security of basically everyone on the internet.
So I thought I'd start a thread where people can post interesting material as it crops up. While individual stories are scandalous enough, if you follow the topic for a while the way the pieces start fitting together starts looking quite scary.
This stuff is something that every web head needs to be aware of and resist. More soon!
A wiki page about how to properly configure your site for SSL would be a great help I think.
@Madfish, could you write something up? You have the first-hand experience.
SSL Labs have a free test that will analyse an SSL-secured site and offer advice on how to improve it. There are currently a couple of attacks against common / mainstream configurations of SSL.
At the moment the only way to prevent the BEAST attack is to use RC4 ciphers. Unfortunately, RC4 is now in the 'looking shaky' camp, but this is a case of trading off a theoretical weakness against a practical exploit.
They also offer a free best practice guide on SSL deployment. If you have an SSL site check it out!
the intro of the paper is very good to scare people into thinking there are vulnerabilities everywhere. I think that was the goal they had to push people to read the text
The article does note that it's not the SSL itself that is busted, but the way some higher-level libraries USE that SSL technology due to incomprehensible docs of the low-level tools that offer the SSL functionality.
Standard ImpressCMS doesn't use SSL, so a normal installation is not touched by this.
To use SSL, you need to do some extra setup, maybe we should look at the tools they propose on the page to see if there is a vulnerability.
An interesting paper you might like to have a look at: The most dangerous code in the world: validating SSL certificates in non-browser software.
Turns out there's a whole lot of busted stuff loose at the moment including a lot of eCommerce software (see abstract below). Trillian is also busted by the way.
SSL (Secure Sockets Layer) is the de facto standard for secure Internet communications. Security of SSL connections against an active network attacker depends on correctly validating public-key certificates presented when the connection is established. We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes Amazon's EC2 Java library and all cloud clients based on it; Amazon's and PayPal's merchant SDKs responsible for transmitting payment details from e-commerce sites to payment gateways; integrated shopping carts such as osCommerce, ZenCart, Ubercart, and PrestaShop; AdMob code used by mobile websites; Chase mobile banking and several other Android apps and libraries; Java Web-services middleware - including Apache Axis, Axis 2, Codehaus XFire, and Pusher library for Android - and all applications employing this middleware. Any SSL connection from any of these programs is insecure against a man-in-the-middle attack. The root causes of these vulnerabilities are badly designed APIs of SSL implementations (such as JSSE, OpenSSL, and GnuTLS) and data-transport libraries (such as cURL) which present developers with a confusing array of settings and options. We analyze perils and pitfalls of SSL certificate validation in software based on these APIs and present our recommendations.
Some interesting developments re. the Flame malware (MP3, 44MB) recently covered on the Security Now podcast. For a start, it now seems to be produced out of the same shop that brought you Stuxnet (ie. it would seem to be government sponsored). And how is this for nasty:
* Has a forged (but valid) certificate from Microsoft.
* Installs itself as a proxy / man in the middle against Windows Update service.
* Signs its own malicious components, using the forged Microsoft certificate and hands them off as updates.
Microsoft has reacted by introducing automatic updates to their list of untrusted/revoked certificates, creating a certificate specifically for signing updates to the Windows Update client, no longer allowing windows update to operate via a proxy, and has given advance notice that they are going to kill ALL certificates using 1024 bit keys or less, whether you like it or not.
When governments break their own laws, it seriously makes me not want to pay tax.
they teach you that on advanced computer science courses.
not beginners stuff, but is very difficult to detect, it also requires specific circumstances to achieve.
but there are quite a few apps on sourceforge that can do it. as well as a few commercial apps that will too, though i'm not sure of their full capabilities.