qr code excel generator 14: E-Mail and Instant Messaging in Software

Print QR in Software 14: E-Mail and Instant Messaging

14: E-Mail and Instant Messaging
Generate QR Code JIS X 0510 In None
Using Barcode maker for Software Control to generate, create Quick Response Code image in Software applications.
Recognizing QR In None
Using Barcode scanner for Software Control to read, scan read, scan image in Software applications.
Figure 14-1 S/MIME options in Outlook
Draw QR-Code In C#.NET
Using Barcode creation for .NET Control to generate, create QR-Code image in VS .NET applications.
QR-Code Maker In Visual Studio .NET
Using Barcode encoder for ASP.NET Control to generate, create QR-Code image in ASP.NET applications.
PART IV
Quick Response Code Generation In VS .NET
Using Barcode printer for VS .NET Control to generate, create Quick Response Code image in VS .NET applications.
Drawing QR Code In Visual Basic .NET
Using Barcode generation for .NET framework Control to generate, create QR Code JIS X 0510 image in .NET applications.
Figure 14-2 S/MIME options in Outlook Express
Make Code 128B In None
Using Barcode printer for Software Control to generate, create Code 128A image in Software applications.
Make GTIN - 13 In None
Using Barcode creation for Software Control to generate, create European Article Number 13 image in Software applications.
CompTIA Security+ All-in-One Exam Guide
UPC-A Supplement 5 Maker In None
Using Barcode encoder for Software Control to generate, create UPC-A image in Software applications.
Code 3 Of 9 Generator In None
Using Barcode drawer for Software Control to generate, create ANSI/AIM Code 39 image in Software applications.
to authenticate the sender Currently PGP supports public key infrastructure (PKI) provided by multiple vendors, including X509 certificates, Lightweight Directory Access Protocol (LDAP) key sources such as Microsoft s Active Directory, and Novell s NDS, now called eDirectory In Figure 14-3, you can see how PGP manages keys locally in its own software This is where a user stores not only local keys, but also any keys that were received from other users A free key server is available for storing PGP public keys PGP can generate its own keys using either Diffie-Hellman or RSA, and it can then transmit the public keys to the PGP LDAP server so other PGP users can search for and locate your public key to communicate with you This key server is convenient, as each person using PGP for communications does not have to implement a server to handle key management For the actual encryption of the e-mail content itself, PGP supports International Data Encryption Algorithm (IDEA), 3DES, and Carlisle Adams and Stafford Tavares (CAST) for symmetric encryption PGP provides pretty good security against brute-force attacks by using a 3DES key length of 168 bits, an IDEA key length of 128 bits, and a CAST key length of 128 bits All of these algorithms are difficult to brute-force with existing hardware, requiring well over a million years to break the code While this is not a promise of future security against brute-force attacks, the security is reasonable today PGP has plug-ins for many popular e-mail programs, including Outlook, Outlook Express, and Qualcomm s Eudora These plug-ins handle the encryption and decryption behind the scenes, and all that the user must do is enter the encryption key s passphrase to ensure that they are the owner of the key In Figure 14-4, you can see the string of encrypted text that makes up the MIME attachment This text includes the encrypted content of the message and the encrypted symmetric key You can also see that the program does not decrypt the message upon receipt; it waits until instructed to decrypt it PGP also stores encrypted messages in the encrypted format, as does S/MIME This is important, since it provides end-to-end security for the message Like S/MIME, PGP is not problem-free You must be diligent about keeping the software up-to-date and fully patched, because vulnerabilities are occasionally found
Encoding ECC200 In None
Using Barcode printer for Software Control to generate, create DataMatrix image in Software applications.
Printing GS1-128 In None
Using Barcode encoder for Software Control to generate, create UCC-128 image in Software applications.
Figure 14-3 PGP key management
EAN / UCC - 14 Drawer In None
Using Barcode generator for Software Control to generate, create ITF14 image in Software applications.
Make Barcode In .NET
Using Barcode printer for .NET Control to generate, create barcode image in .NET framework applications.
14: E-Mail and Instant Messaging
Print Linear 1D Barcode In .NET Framework
Using Barcode maker for VS .NET Control to generate, create Linear 1D Barcode image in .NET framework applications.
Generate ECC200 In C#
Using Barcode generation for Visual Studio .NET Control to generate, create Data Matrix image in Visual Studio .NET applications.
PART IV
Encoding Bar Code In Visual Basic .NET
Using Barcode generation for .NET framework Control to generate, create barcode image in .NET applications.
EAN-13 Creation In C#.NET
Using Barcode generation for .NET Control to generate, create GTIN - 13 image in .NET framework applications.
Figure 14-4 Decoding a PGP-encoded message in Eudora
Scan EAN-13 In Java
Using Barcode decoder for Java Control to read, scan read, scan image in Java applications.
Barcode Decoder In VB.NET
Using Barcode reader for .NET framework Control to read, scan read, scan image in .NET applications.
For example, a buffer overflow was found in the way PGP was handled in Outlook, causing the overwriting of heap memory and leading to possible malicious code execution There is also a lot of discussion about the way PGP handles key recovery, or key escrow PGP uses what s called Additional Decryption Key (ADK), which is basically an additional public key stacked upon the original public key ADK, in theory, would give the proper organization a private key that would be used to retrieve the secret messages In practice, the ADK is not always controlled by a properly authorized organization, and the danger exists for someone to add an ADK and then distribute it to the world This creates a situation in which other users will be sending messages that they believe can be read only by the first party, but that can actually be read by the third party who modified the key These are just examples of the current vulnerabilities in the product, showing that PGP is just a tool, not the ultimate answer to security
Instant Messaging
Instant messaging is another technology that has seen widespread acceptance in recent years With the growth of the Internet pulling customers away from AOL, one of the
CompTIA Security+ All-in-One Exam Guide
largest dial-up providers in the United States, the company had to look at new ways of providing content It started AIM, or AOL Instant Messenger, which was conceived as a way to find people of like interests online, and it was modeled after earlier chat programs With GUI features and enhanced ease of use, it quickly became popular enough for AOL to release to regular users of the Internet With several competing programs, AIM was feeding the tremendous growth of the instant messaging segment The programs had to appeal to a wide variety of users, so ease of use was paramount, and security was not a priority Now that people are accustomed to instant messaging applications, they see the benefit of using them not only for personal chatting on the Internet, but also for legitimate business use When people install these applications, they unwittingly expose the corporate network to security breaches Instant messages traverse the Internet in plaintext and also cross third-party servers be it MSN, Google, or AOL Instant messaging programs are designed to attach to a server, or a network of servers, and allow you to talk with other people on the same network of servers in near real time The nature of this type of communication opens several holes in a system s security First, the program has to attach to a server, typically announcing the IP address of the originating client This is not a problem in most applications, but instant messaging identifies a specific user associated with the IP address, making attacks more likely Also associated with this fact is that for other users to be able to send you messages, the program is forced to announce your presence on the server So now a user is displaying that his or her computer is on and is possibly broadcasting the source IP address to anyone who is looking This problem is compounded by the tendency for people to run these programs in the background so that they don t miss any messages Popular instant messaging clients were not implemented with security in mind All support sending files as attachments, few currently support encryption, and they do not have a virus scanner built into the file-sharing utility File sharing in any form must be a carefully handled application to prevent the spread of viruses and other malicious code Chat programs produce security risks because the sharing is done ad hoc between end users, administrators have no control over the quality of the files being sent, and there is no monitoring of the original sources of those files The only authentication for the files is the human interaction between the two users in question This kind of vulnerability coupled with a social engineering attack can produce dramatic enough results for Computer Emergency Response Team (CERT) to issue an incident note (CERT Incident Note IN-2002-03: Social Engineering Attacks via IRC and Instant Messaging) This personal type of authentication was abused, tricking people into downloading and executing backdoor or Trojan horse programs A user can also be persuaded autonomously to download and run a file via IM Several worms exist that attempt, via IM, to get users to download and run the payload W32pipeline uses AIM to install a rootkit Goner, running via ICQ, asks users to download a screen saver Choke, spreading via MSN, attempts to get users to download a game; if the game is downloaded, the worm will attempt to spread to any user the infected user chats with These worms and others all depend on user interaction to run the payload This file sharing mechanism bypasses all the server-side virus protection that is part of most organizations e-mail infrastructure This pushes more of the re-
Copyright © OnBarcode.com . All rights reserved.