Phosphorus Five, secure your emails with PGP cryptography

I have just now created a new release of Phosphorus Five. Check out the latest release over here, and follow the installation instructions if you’d like to test it out.

A crucial new feature, or rather to be specific a “module”, which I have now added, is the “Peeples” module. This module allows you to manage multiple users, create new user accounts, and edit existing user accounts. This implies that you can easily setup Phosphorus Five, install Sephia Five and Peeples, and start sending and receiving PGP encrypted emails if you’re a corporation – And such have a centralised administration of your email system, running a webmail interface, working on all devices – While still getting to utilise extremely strong cryptography, and a whole range of additional security features that Sephia comes with, out of the box.

Below is a screenshot of how my desktop looks like, when I log into my personal home cloud.

Notice, for a non-root account, there will be much fewer icons. For instance, the “Bazar” and the “Peeples” icons, will not show at all for non-root accounts.

When you start out Sephia Five for the first time, as a new user, you will be guided through a setup, which allows you to create your own PGP key pair, necessary for sending encrypted emails. It looks like the following.

Notice the “Babelizers” above, which will make sure even your email’s subject is encrypted, and replaced by a random header, from which ever news provider website you choose for your user.

Few email clients support PGP cryptography, and even fewer supports it well. Almost none will encrypt your subject line, which is a major security risk, since most people aren’t even aware of that simple fact. In Sephia Five, we insert a randomly generated subject, from some website which you can configure, while the actual subject is moved into the main body parts of your email, and such becomes equally well encrypted, as the rest of your email.

To create a PGP key pair, is as easy as clicking a button. And in fact, unless you have special needs, I would encourage you to not fiddle too much with the settings of your PGP key pair while creating it. However, you can modify every possible bell and whistle in the creation process, exactly as you see fit. Below is an example of the “advanced” way of creating a new PGP key pair.

Notice how you can even supply your own random server salt, if you don’t trust the random number generator of your server. In addition to that by default, your public PGP key will automatically be submitted to the PGP key servers, such that others can instantly start sending you encrypted emails by default.

Below you can see how simple it is to create a new user, using the “Peeples” module.

Basically, there’s a list of existing user to the right, and the option to create new users to the left. If you exceed your “tickets”, an automatic window will popup, allowing you to purchase additional “user tickets”. By default, Phosphorus Five comes with 5 user tickets for free out of the box. If you’d like to have more tickets, the automatic PayPal integration will instantly allow you to purchase additional tickets.

Sending an email, is as easy as doing the same in e.g. GMail, probably much easier in fact. However, if you attempt to send an email to a recipient that does not exist in your list of contacts, you are being thoroughly warned, and asked to confirm your action.

This reduces the likely hood of that you send an email to the wrong recipient, due to typos and spelling errors. See how this works in the screenshot below.

Sephia Five contains many additional security features, such as that it’ll warn you if you attempt to download a file that might contain virus, etc. In general, it’s a kick-ass corporate webmail client system, allowing you to centralised manage your emails.

Or for that matter also as a private person, and/or a small family, or a group of friends for that matter.

And the best parts with Sephia Five and Phosphorus Five, is that it consumes extremely small amounts of bandwidth, and renders extremely responsively, which makes it perfectly render on your phone, tablet, or any other device you want to access your emails from.

Simplicity is key!

Advertisements

How to avoid email phishing

Phishing is for instance when an adversary attempts to trick you into visiting a URL, which you believe is leading somewhere else, than where it is actually leading. Surprisingly, a lot of these phishing attacks can be avoided by simply displaying the actual URL, or more specifically its domain, to your users – Regardless of which anchor text the hyperlink contains. For instance, and adversary can create a hyperlink with the anchor text of “paypal.com”, while the hyperlink actually leads to “somewhere-else.com”. Often simply clicking such a link, is a security risk.

However, in Sephia Five, we have been spending a lot of effort avoiding such security risks, and one of the things we have done, is to show the actual domain for hyperlinks in emails, regardless of which anchor text the sender is supplying. This simple feature makes you see which domain the link is leading to, and hence, significantly reduces the risk of that you will click a malicious link. See screenshot below for an example.

Not only do we display the domain, but we also emphasise it, with bold letters. We could have shown the whole URL, however, that would defeat the purpose, since the point is to show only the information necessary, to allow the user to do the intelligent action. If we had shown the whole URL, the domain would often “drown” in tons of other garbage.

Since a significant number of phishing attacks are created by adversaries sending you an email, leading to phony domains – This would significantly reduce the security risks for you, of becoming the next victim of a phishing attack.

In the image above, the first hyperlink is a simple inline hyperlink, written simply as a URL, where we display the domain emphasised. While the second hyperlink, is a true anchor hyperlink, with an anchor text of “Google”, where we append the domain after the anchor text, to such display it to the end user.

Such a simple trick, could potentially reduce the success ratio of a phishing attack towards your organisation, by orders of magnitudes. Simply since users can often understand they’re about to become victims, if you simply display the direction they’re attempted to be drawn towards. Basically, if the fish can see the hook, he won’t bite … 😉

Security starts out with simplicity, unless it’s simple, it’s not secure!