New Domain: chol.tech :-)

I’ve recently acquired a new domain that I’m very pleased about. chol.tech will now forward to this website in the same way as chol.technology. Only with six less keystrokes required.

choltech

When discussing domain names, small is way better 😉

A Couple of Free Books :-)

I have the following eBooks that I have written which are available for Free download.

  • Securing the Network: An eBook on Corporate Security Issues for the Non Technical (40 Pages)
  • Oracle Database 10g Exam Cram (70 Pages)

Please confirm your Name and Email Address, and select the book you would like from the dropdown menu, and your book will be with you shortly.

You can also access these books from the Free eBooks Page.

freebooks

 

Software Licensing and Software Piracy: Part 2

Part One of this article finished with the following question:

What is it fair to expect your customer to do to license their copy of your product, and so help protect your product, your sales, your livelihood and the future investment and development in a product that is important to both you ?

I believe that it is fair to expect the customer to do something to help the software developer protect their product, after all if the developer doesn’t stay in business then the product doesn’t have a future and the customer could be left high and dry.

That’s not to say the customer can be expected to jump through any hoops … the emphasis is on the developer to provide a method of licensing their product that can be done quickly and easily and thus encourage the customer to purchase and use a legitimate copy of the software rather than paying a visit to **insert name of dodgy virus ridden download sites here** or similar.

My opinion is that if I, as a user, purchase a piece of software for my own use, then I should be entitled to copy it onto my PC and my Mac and my Laptop for use whenever I like. I should also be able to copy it onto a USB Drive, connect the drive to a friends computer and use the product there also. I should not however copy the software to my friends computer thereby giving them the ability to use it in my absence. I expect to have to follow a documented procedure to identify to the software that I am the legitimate owner. This should be a simple and one off process.

I believe the previous paragraph is fair to both the customer and the software developer. I believe most people are honest and do not mind paying a reasonable price for a quality product. The software industry has in some ways become its own worse enemy with some companies having complex and unworkable, illogical and unfair licensing practices. ‘We need the customer more than they need us’ is something developers should be bearing in mind.

What prompted me to look into Software Licensing and then to write about it and to ask for feedback from other colleagues, professionals and interested parties, is that I have a new product soon to be released. In my opinion every new product is an opportunity to improve the purchasing and licensing experience for your customer. You only really get the one chance to get it right.

oneSql (www.onesql.uk) runs natively on Windows, Mac and Linux. It supports five languages and four databases. It is a tool that some DBA’s and Developers will want to put on a USB drive and carry around. Does (should?) copying oneSql to a USB Drive go against the Software License ?

No. Restricting access to a single computer either by the installation of Configuration Files or Registry entries goes against the design of Utility software. Utility software which in my humble opinion is the Developers or DBA’s equivalent of the tradesmans tools.

Can you imagine a screwdriver being licensed to only be used on a given object ? What if you had to pay for another license for every object on which you used your screwdriver ? Forget the expense, it’s just not convenient. I don’t want to punish legitimate users of my software in a vain attempt to stop people stealing my software.

The Software License I have settled on for oneSql is simple, and is basically per User / Concurrent. It is so simple it is summed up in the following, single, paragraph.

The oneSql Software License

You can copy and use oneSql on your own personal computers with one instance of oneSql allowed to be in use at any one time. You can put oneSql on a USB device and plug that into anyones computer and use oneSql from the USB device for as long as you need. All Licenses are valid for all supported Operating Systems, all supported Languages and all supported Databases.

I am making it easy for the customer to know if they are infringing the spirit of the Software License agreement. I am not stopping them, or even making it particularly difficult for them to disregard the license, but I am asking them for honesty. If that fails then there are several other incentives to help the customer make the right decision …

Active Incentive: Referral Fee
With a referral fee paid to a oneSql customer when they recommend someone else, it is in the customers financial interest to get their friends and associates to purchase a oneSql license.

The following short and simple (can you see a theme here?) paragraph explains.

The oneSql Software Referral Scheme

A payment is made to an existing customer 30 days after a new customer makes a purchase based on an existing customers referral, and quoting the existing customers referral ID within 48 hours of purchase. The payment amount is 10% of the new customers spend (before taxes) and the payment will be made via Paypal.

Passive Incentive 1:
The licensed user name is displayed in the titlebar of the startup window as well as on the main window. Hopefully this is a deterrent as the original purchaser does not want their name showing up elsewhere and the user doesn’t want to see someone elses name where theirs should be.

Passive Incentive 2:
oneSql is fairly priced. That’s self explanatory. Customers do not want to feel they are being ‘ripped off’ or being taken advantage of.

Passive Incentive 3:
Offer a choice of license types and schemes that not only give the user choice, but also offer additional discounts for worthy establishments, education and charities for example.

The different types of software license that are necessary in order to give the customer the choice they require, can also bring additional and unwanted complexity. In order to also give the customer the licensing choice as well as the simplicity they desire the additional license types are all costed at N * x. N is the Single User Standard Price, here shown as $30 and x is the multiplier. An example is shown below:

onesqlpricinggrid

Trial Mode

The above incentives are for a potential customer who has obtained an illegitimate license from somewhere and I am trying to attract them into the fold. What about a customer who has downloaded a Trial Edition of the software ? For them we have to give them the chance to see the full capabilities of the software, while also convincing them to reach for their wallet. Trial Mode restrictions can make or break a product. For oneSql I have implemented the following:

  • Restricted the Saved Connections to Four
  • Generated a Nag Message after Every Query

Note that I have not restricted the Trial to 30 days or similar, nor have I restricted the functionality in any way. The potential customer can still see and access the full capabilities of the product, I have just made it a little bit less convenient than if they had purchased a licence.

In order for the Trial Mode to be successful for you and the potential customer it is necessary to again pay attention to the overall customer experience.

For oneSql I supply a configured sample database so that the user can experiment with the product immediately. I also supply a full, quality manual. Something missing in the vast majority of software products available today. Will every customer read it ? No. Will a high percentage of customers notice if it’s not there? Probably. The customers experience is what will get you a sale,  or not. I believe that is how it should be.

Part Three of this document discusses some of the technical methods, issues and problems involved with Software Licensing.

busbanner

Affiliate Links

Software Licensing and Software Piracy: Part 1

Your favourite piece of software was created by someone, or many someones, who used their time and hard won expertise to build something useful or enjoyable, or both. With the exception of Free Software or Open Source Software, that someone is entitled to, expects and deserves to be rewarded for their efforts.

If a price is attached to the software and you use the software without paying the price that is asked, then that is Software Piracy. Many would argue that it amounts to nothing less than theft.

If I sell physical products, lets say Widgets, then if I have 10 and you take 10 without paying for them, then I now have 0, you have 10 and hopefully a guilty conscience as well. That is theft. If however you use my software without paying for it then I am not directly affected by it. I still have it. Would you have bought it if you couldn’t have obtained a pirate copy ? Maybe. Maybe Not. In my opinion that is why Software Piracy differs from traditional theft. What you have actually done is taken away my chance of receiving income from you for that software sometime in the future. It just isn’t clear cut either way, with laws, policies and attitudes being firmly rooted in the ‘pre digital media’ 20th century.

Having established that there is a cost to producing software and that the developer does deserve to be rewarded for their time and efforts, it stands to reason that we have to have a mechanism in place that makes this possible. That mechanism is generally known as Software Licensing.

I’ve been developing software for financial reward for nearly as long as I’ve been using computers, getting on for thirty years, and I have never wavered in my belief that whatever form of licensing you use, you should never punish the genuine, fee paying customer for the actions of the Software Pirate.

Seriously, I have bought software in the past that had licensing schemes so restricting or complex or time consuming (or just plain ridiculous), that I have saved time and effort by downloading a cracked copy of the software and using that instead, all the time cursing the software developers for making me waste my time and effort. In effect punishing me for my honesty.  As a Software Developer or Software Publisher that’s not an experience you want for your customers.

Whatever Software Licensing mechanism is used, there will always be some who do not like it and resent it being used. If as a developer you have done your best to minimise the impact on the genuine customer, whilst making some effort to thwart the Software Pirate, then you have done all you can and any customer who is going kick up a fuss about your licensing mechanism is unlikely to be a customer you actually want. Most customers would actually like you to stay in business and realise that to do that, it is necessary to be paid for the work you do, and / or the products you sell. Sacking your customer can sometimes be a good thing. But that’s a subject for another blog post 🙂

So what is a fair software license, for both the supplier and the customer ?  What is it fair to expect your customer to do to license their copy of your product, and so help protect your product, your sales, your livelihood and the future investment and development in a product that is important to both you ?

Part 2 Soon …

busbanner

Affiliate Links

Some More Book Feedback

 

Steve, I wanted to let you know, really enjoyed reading Securing The Network.pdf [it] was well written and very authoritative. A great reference book, thanks again for making it available. Sincerely - John

Hi Steve. I downloaded and read the book. This is a great book. It explains the details of security at a level clients understand. I’m going to suggest it to clients and other consultants. Thanks for making it available. - Duane

You can get your free copy of 'Securing the Network' from here

Some Book Feedback

I received this feedback via email this morning, it's a great way to start a Monday morning 🙂

John had downloaded my free Computer and Network Security eBook last week. This is what he had to say:

Steve,

I wanted to let you know, really enjoyed reading Securing The Network.pdf [it] was well written and very authoritative. A great reference book, thanks again for making it available. Sincerely

John

Thanks John - glad you enjoyed it 🙂

 

Heartbleed: This Could Hurt

Heartbleed is the name given to the recently confirmed bug found in the OpenSSL Cryptographic Software Library. This vulnerability affects SSL/TLS encryption which is used to obtain a ‘Private’ connection between your computer and a server located elsewhere on the Internet.

heartbleed

This is a serious vulnerability and you are more than likely to be affected either directly or indirectly.  For further information go to this site: heartbleed.com

 

Blogfooter

 Products and Affiliate Links

 

Customer Feedback

All I did was send this customer a new license for R10Cipher after he lost his license during a reformat of his hard disk.  This was his reply:

Thank you, Steven. Looking forward to your next gem. – Joe

www.r10cipher.com

It means a lot to get thanked like that. Cheers Joe.

 

Blogfooter

 

Products and Affiliate Links

 

Free eBooks

I have the following eBooks that I have written which are available for Free download.

  • Securing the Network: An eBook on Corporate Security Issues for the Non Technical (40 Pages)
  • Oracle Database 10g Exam Cram (70 Pages)

Please confirm your Name and Email Address, and select the book you would like from the dropdown menu, and your book will be with you shortly.

You can also access these books from the Free eBooks Page. stevencholerton.com Products and Affiliate Links

Software Help: R10Cipher

Software:            R10Cipher
Author:                Steven Cholerton
Last Update:        July 2013


Registering R10Cipher

After downloading R10Cipher and deciding that you would like a full working copy, you can purchase this directly at the following web address:


Once you have done this we are automatically notified of your purchase and a User Name and Serial Number are sent out to you via email.  The Serial Number is tied to your Name and the two must be used in conjunction.

Note: R10Cipher 5 needs a different serial number to previous versions.  Existing users can upgrade at reduced cost for a limited period.  Please contact upgrade@artenscience.com for further details.

When you receive the serial number email you should follow the included instructions.  In a few seconds R10Cipher will be fully licensed and ready to use.

Our licensing allows one purchase to be installed on two computers that you own, for example your desktop and also your laptop.  Please respect our efforts and purchase additional licenses if you need to install on multiple computers.  We also offer discounted licenses for families, corporations, charities and educational establishments.

Any problems with registration, please email us at: support@artenscience.com


Introduction

R10Cipher is a simple but extremely powerful Cross Platform Encryption / Decryption tool.

R10Cipher takes text or files and encrypts them using up to 384 bit Blowfish encryption.

These files can be Word files, Excel files, MP3 files – almost any kind of file.

These encrypted files can be copied elsewhere, even to a different operating system and unencrypted by anyone in possession of the Shared Secret that was used for the encryption. If encrypting text, the Cipher Text can then be copied into an email, saved as a file and attached to an email or just copied elsewhere.

The recipient can use R10Cipher to open the file and view the encrypted contents, assuming they are in possession of the Shared Secret that was used to encrypt the document in the first place.

If encrypting a file the encrypted file can be stored or sent in the full knowledge that the contents are not visible to anyone without access to R10Cipher or cuteCipher and the Shared Secret.

Decryption can be carried out just by double clicking the encrypted file and entering the Shared Secret.

R10Cipher supports batch encryption by drag and drop to make encryption fast and painless, even when dealing with dozens of files.

As R10Cipher does not require installation you can for example copy the Mac, Windows and Linux versions of R10Cipher to a USB drive along with your encrypted documents and files.  Your documents and files are secure ,but available whenever and wherever you require them.

R10Cipher does not make any alterations to your computer and stores the configuration files within its own folder.

Many people do not realise that sending an email is the equivalent of sending a postcard, it’s contents are easily visible. For many companies, individuals and markets this is totally unacceptable and with the potential complexity and setup issues with the Public Key Encryption systems it makes sense to encrypt using R10Cipher.

R10Cipher, like all software, is a work in progress.  We need your feedback to keep R10Cipher the best Cross Platform Encryption Tool available.  Contact us with your suggestions and comments.

R10Cipher 5 is a major rewrite with additional functionality that was asked for by our customers.  5 is also slicker, faster and easier to use than ever before.  Encryption has never been so painless.


Text Encryption

Enter your Shared Secret (this is your encryption key) into the area at the bottom left of the screen.  This can be between 4 and 56 characters.  For example:  yuetrtytpl*565r0.  Enter your Shared Secret again in the area directly below to confirm that you did not make any typing errors.

Important Note:  The strength of the encryption is directly related to the length of your encryption key.

Enter the message or text you wish to encrypt into the large text area to the right.  You can right click and Paste the text, or use Drag and Drop if you wish.

Select the Encrypt button (There is also a Menu Option and a Hot Key Shortcut).  You will see the encrypted text shown in the text area on the left of the screen.

You now have a number of options:

1. Click the Email button and an email will be opened for you with the encrypted text as the message.

2. Click the Clipboard button and the Encrypted text will be copied to clipboard, ready to be pasted elsewhere.

3. Click the SMS button and the Encrypted text will be sent to the phone number you input.  This option assumes you have purchased SMSRelay or subscribed to the SMSRelay service.

4. Use the Save option on the File Menu and save the Encrypted text as a document.


Text Decryption

To Decrypt a message or text use any of the following options:

1. Open an Encrypted document using the Open option on the File Menu

2. Paste the Encrypted text into the cipher text area to the left of the screen.

3. Drag the Encrypted text into the cipher text area to the left of the screen.

Enter the Shared Secret and Select the Decrypt button (A Menu Option and Keyboard Shortcut are also available) to view the Decrypted contents.

You can then do any of the following:

1. Select the Print button on the Toolbar and output the Decrypted Text

2. Select the Speak button on the Toolbat and listen to the Decrypted Text as it is read to you by your computer.


File Encryption

Enter your Shared Secret (this is your encryption key) into the area at the bottom left of the screen.  This can be between 4 and 56 characters.  For example:  yuetrtytpl*565r0.

Drag and Drop your files over the large text area on the right of the window. Your documents will be Encrypted and placed on the Desktop.

The filename for the Encrypted files remains the same but the file extension is changed to .r10Enc.

This activity will be logged to the Activity Log. Following the encryption, this will show you details of the encryption process. The Activity Log can be viewed by using the option on the View Menu.

Optionally the Log can be saved to the database by activating the option within the Preferences screen.

For average size documents and files the encryption will be virtually instantaneous.


File Decryption

There are three ways to Decrypt files with R10Cipher.

Decrypt a File from Within R10Cipher

Enter your Shared Secret (this is your encryption key) into the area at the bottom left of the screen.  This can be between 4 and 56 characters.  For example:  yuetrtytpl*565r0.

The first way is to open R10Cipher and choose the Open option on the File Menu. R10Cipher will then ask you to select the file that you wish to Decrypt.

Once selected R10Cipher will ask you for the name you would like to call the decrypted file, the original name is used as the default.  The decrypted file will be saved with the name, and at the location, you chose.

Drag and Drop Decryption

Enter your Shared Secret (this is your encryption key) into the area at the bottom left of the screen.  This can be between 4 and 56 characters.  For example:  yuetrtytpl*565r0.

Drag and Drop your encrypted files over the smaller text area on the left of the window. Your documents will be Decrypted and placed on the Desktop.

Double Click a File to Decrypt

R10Cipher 5 attempts to make working with encrypted files as simple as possible.  Therefore any encrypted file can be decrypted just by double clicking the encrypted file.

Following the double click you see the R10Cipher File Decrypt window.

Enter the Shared Secret that was used to encrypt the file and press the Continue button.  R10Cipher will save the decrypted file to your desktop with the original file name.

NOTE:  Before you use this feature for the first time you may need to associate the R10Enc files with the R10Cipher Software.  How you do this depends on your Operating System.  We have instructions in the Manual Addendum for Mac OSX and Windows XP.


Key Creation

The creation of keys is done by selecting the following Menu Option:

     Key Management
          Key Creation and Administration

You will see the Key Creation and Administration window.

This is where you setup your clients/contacts and your/their Shared Secrets.  In addition, for each client you setup you can assign two passwords, a Master password and a Usage Password.  For an explanation of the two passwords see the Key Management Introduction section.

To Insert a contact, just start typing and fill in the five information fields, from Name to Usage Password.  When complete press Save, and Save again to confirm.

To Edit a contact, select the contact from the list on the left hand side of the screen.  You will see the Name and Email Address but the Shared Secret and the Passwords are encrypted and not readable.  To view this data and edit it you need to input the Master Password for this contact into the Decode Password area of the screen and press the Decode button.  You can then edit the information and save it using the Save button.

To Delete a contact, select the contact from the list on the left hand side of the screen.  You will need to input the Master Password for this contact into the Decode Password area of the screen and press the Decode button.  You can then press the Delete button to erase the record.

Note:  Deleted records are gone and cannot be retrieved.

If you intend entering a number of clients or contacts you may already have them stored in a database or spreadsheet somewhere.  If that is the case then you should Import the records which will save you time and increase information accuracy.

Note:  You will need to edit each record later to apply the Shared Secret and Password(s).

To Import records you have three choices which can be selected using the Radio buttons on the bottom left of the window.  When you have selected the type of import you require press the Import button.  The three choices are Tab Delimited, Apple Address Book and the ContaxCRM Database.


Key Retrieval

Scenario 1: Encrypting or Decrypting Text or a File from within R10Cipher

In these circumstances instead of having to remember and enter the Shared Secret for the contact you can instead select the Keys View (from the View Menu) and input the Master or Usage Password for the appropriate contact.  Then choose the contact from the list.  You can search for the contact and filter the list using the search box on the bottom left of the screen.

Select the contact in the list.  If you have entered the correct Password the indicator will change from red to Green and the Shared Secret fields will be populated.

You can now encrypt text or files without having to enter the Shared Secret.

Another Advantage of retrieving the Shared Secret from the Key Management Database is that if you are sending an encrypted email, R10Cipher will know the email address and fill in the email header appropriately.

So instead of having to remember lots of Shared Secrets and Email Addresses, you only, using the Key Management Database, have to remember a minimum of one Password.

Scenario 2: Double Clicking an Encrypted File to Decrypt It

When double clicking an encrypted file you now see the R10Cipher File Decrypt window.

In these circumstances instead of having to remember and enter the Shared Secret for the contact you can instead input the Master or Usage Password for the appropriate contact.

You can search for the contact and filter the list using the search box on the bottom left of the screen.

Select the contact in the list.  If you have entered the correct Password the indicator will change from red to Green and the Shared Secret fields will be populated.

Click Continue to decrypt your file.

###

Security Mistakes [1]

We are constantly told that the most insecure password is one that relates to us directly and is easily remembered. That is not true, the most insecure password is the one that is written down in plain sight.

The only reason to write down a password and make it easily retrievable ( on a postit note stuck under the lid of a closed laptop is common ) is if it is too complicated for you to remember. One way to guarantee you won’t remember it is if it has to conform to someone else’s rules, for example:

stevencholerton.com

This is a screen grab from the installation of Windows 8. 

This from one of the worlds biggest software companies. Scary. This restriction very possibly causes the following issues for their customers:

  • A difficult to remember password, so written down and insecure
  • A password structure that is some would take as literal, ie: XXxx00## – again, less secure
  • A password structure now standard across gazillions of Windows systems – again, less secure
 
stevencholerton.com
stevencholerton.com
 
 
To summarise, well done Microsoft for participating in ‘Security Theatre’ – On the surface a higher security password is enforced, job done.  In reality, not really !

@stevechol

The R10Cipher Story

Product: R10Cipher

Purpose: Email and File Encryption and Privacy Software

Website: http://www.r10cipher.com

Online: http://www.webappdevelopments.com/artenscience/r10online/r10online.cgi

r10cipher

Overview

A Simple and Easy Method to Safely Encrypt your Email Correspondence and Document Files. It’s like your emails and documents are carried by a SWAT team rather than being written on a Postcard ! R10Cipher is for Individuals. For Businesses. For You. For Me. For Mum and Dad. For Teachers. For Professionals. For Journalists. For Executives. For Everybody. Because our Privacy and Security have never been more important.

Innovation

R10Cipher is unique in that this is the first cross platform end to end encryption product that real people can and will use for day to day encryption purposes.  R10Cipher does not attempt to encrypt a complete volume, R10Cipher does not try and involve the user with complex Public Key encryption, R10Cipher does not need a complicated install, in fact R10Cipher does not need installing at all.  R10Cipher concentrates on being the easiest to use and most reliable End to End, Text and File Encryption software.

The lack of an installation makes R10Cipher unique in that you can copy the Windows (XP, Vista and 7), Mac OSX and Linux versions of R10Cipher to a USB drive or external device, along with your documents and carry your data about with you knowing that a) You can access that data on any computer and b) It is secure, so if you lose it or leave it in a taxi then the information is unreadable and no harm is done.

Because of it’s simplicity and ease of use R10Cipher pioneers new ways of working.  Backup your important data to the web, iCloud, Dropbox or similar – encrypted by R10Cipher, and retrieve the information later,  wherever you happen to be.  Your data is secure – secured by you not by your web hosting company.  If your hosting company is enforced by law to hand over your information, that information is useless to the recipient unless *you* agree to provide access.

The recipient of an R10Cipher encrypted document or file has to do nothing more advanced than double clicking the file and entering the ‘Shared Secret’.  The document or file is decrypted and saved to the recipients desktop using the original file name.  Again, this is one of the features of R10Cipher that helps make R10Cipher an encryption product that can and will be used by ‘Mum and Dad’.

The main innovation of R10Cipher therefore is not in the technology but the way in which the product is designed to be easy and simple to use for everybody – not just IT Professionals.

r10cipher

Success

From an initial release in early 2008 R10Cipher is now at Version 5 which was released July 2012.  Version 1 was build because we needed it and I decided that if we did, then so did others.  Version 1 sold a few dozen copies and using the feedback from these early customers Version 2 was released with some significant enhancements including drag and drop batch encryption of files and documents.

When Version 2 was released, Version 1 was featured as a free edition on the DVD Cover Disks for the UK editions of MacFormat and MacWorld, on consecutive months.  Since then I have agreed for it to be distributed on several foreign editions of the magazines.  Hundreds of new users were gained through the distribution of the free edition, and many of those went on to pay for an upgrade to Version 2.

Direct Sales of Version 2 were excellent, with good feedback and testimonials.  New customers means new ideas and feature requests and so Version 3 was scheduled.

Version 3 released 2nd August 2009 was a major new version that addressed all user requests from Versions 1 and 2.  The main advantages of Version 3 were an increase in encryption strength to 384 Bit, an encryption strength indicator and a full Key Management capability which creates an encrypted local database which contains the ‘Shared Secrets’ that you use to communicate with your different contacts.

With an appropriate password you can recall these and use them for encryption and decryption quickly and easily.

Interest in Version 3 was phenomenal, it far exceeded our expectations.  We have had many upgrades from Version 2 to Version 3 and as we offered an upgrade policy even from the free edition, we have had a few upgrade from Version 1 to Version 3 also.

For Version 3 the decision was made to give NFR, Free of Charge, copies of R10Cipher to employees of Apple Computer Inc.  We also offered our desktop security product MonitorMyMac http://www.monitormymac.co.uk/ on the same terms.  Interest from Apple employees has been excellent with over 1000 licenses already applied for and sent.  Who knows how many licenses sold since have been a result on recommendations from Apple employees ?

In April 2010 in conjunction with MacFormat Magazine we offered a free Version 2.5 SE on the DVD Cover Disk with a discounted upgrade to Version 3.  This promotion was not as successful as earlier promotions, possibly because 2.5 SE was a ‘designed to be free’ product, rather than an actual previously sold version.  In addition Version 3 had at this stage been out for a while.

June 2010 brought R10Cipher IV.  An exciting new release of R10Cipher. Fast becoming a standard for cross-platform text and file encryption.

This brings us neatly to July 2012 and R10Cipher 5.  Many new features including automation.  You can read about these changes on the website.

Commercially R10Cipher has been a great success for Arten Science with several thousand users and it is a product I am very proud of.  Just as importantly, our customers have had immediate and measurable benefits through the use of R10Cipher, previously they knew they needed something to protect their communication and documents, but they could not find a product that seemed easy and simple enough for them to use.

IT Security and Data Protection are high on many peoples agendas at the moment, or at least they should be, and yet the majority of people are left exposed because until R10Cipher came along there was not a product simple and easy and complete enough for them to consider using it.

Customer Satisfaction

Some of the feedback we have received for R10Cipher recently:

R10Cipher is a fantastic cross platform tool which has given us the peace of mind that our patient sensitive research data can be transmitted electronically in a secure manner on site or with collaborators around the world.  The ability to encrypt and attach files to emails or simply encrypt the email text between Apple Macs and Windows PCs without the need for complicated software installations means that our users are happy to use this great bit of software.  The developer’s proactive approach to their software development requesting and rapidly incorporating users feedback has turned a good encryption tool into and excellent one.  Paul McGrath, Computer Manager, Cancer Research UK Clinical Centre

 

My Sony USB Microvault is so much easier than lugging my laptop through airport security, yet again.  The nightmare of the lost or stolen USB stick is only too real, with the Staff Salary Reviews and the Acquisition Financials modeled in embarrassing detail.  I use R10Cipher for Mac as a simple and reliable way of exchanging financial models and private placement memorandums across platforms as well as for secure storage on my USB sticks and portable hard drives.  Simple, reliable and easy to use. Karl Mattingly, Partner, slowCapital

 

R10Cipher is simple, easy to use and powerful. It is the best encryption program for the Mac we have found.  Paul, OnTravel.Com

 

R10Cipher has been an excellent product for ensuring the safe and secure transmission of files in a cross platform environment.  As an independent Strategy Consultant using Apple Mac, but with a client base using mostly PC platforms, I need to find a way to easily send sensitive market and financial data to clients with no hassle for my clients.  R10Cipher does the job simply, easily, and with no problems at all, and causes no difficulties with clients firewalls. Enough said!… great product.  Peter M. Scott

 

For NetFoos I am lucky enough to travel around the USA and parts of Europe to bring live streaming foosball tournaments to the foosball community. For the live streaming there is a lot of information needed to keep the server running and secure. Now, while on the road with R10Cipher, receiving this information from the home office is much easier as we can simply encrypt and email it while feeling confident that our data remains private. Although we are constantly finding new uses for the software, this one capability has made R10Cipher a great investment for us.  Mark Winker, NetFoos.com

 

If you need to make company or private info available on a need to know basis, them R10Cipher is the tool for you. There are other encryption packages but I haven’t found an easier to use cross platform software than this one.  Paulo Pires

 

Developed in the UK

R10Cipher was designed and developed entirely in the UK by Steven Cholerton, a Chartered Information Technology Professional awarded by the BCS, Fellow of the Institution of Analysts and Programmers, Certified Ethical Hacker and holder of several Security and Technology certifications.  http://www.stevencholerton.com

The encryption technology used by R10Cipher was also developed in the UK.  Blowfish is a keyed symmetric block cipher which was invented by ‘Security Guru’ and renowned author, Bruce Schneier, Chief Security Technical Officer at British Telecom, in 1993.  It provides excellent encryption and will continue to do so for the foreseeable future.  Blowfish is free of patents, and back doors, and Bruce has placed Blowfish in the public domain. 

Availability

The publisher of R10Cipher is Arten Science, a small Derbyshire based enterprise dedicated to providing quality and innovative software, security and business solutions.  http://www.artenscience.com

Award

r10cipher

r10cipher

Summary

The success of R10Cipher is primarily down to one thing:

The fact that R10Cipher provides much needed security and encryption functionality in a way that makes it accessible to anybody and everybody. Having listened to the users and let them guide the development of the product has meant that R10Cipher does what it needs to do and no more.

The R10Cipher website states:  ‘Security For All. It Just Works’ and goes on to say ‘It’s like your emails and documents are carried by a SWAT team rather than being written on a Postcard !’.  Those two statements mention nothing about 384 Bits or Blowfish or Symmetric Block Ciphers, instead they appeal directly to the man in the street who has information that needs protecting.

The fact that we listen to our users and incorporate their changes as well as the ability of R10Cipher to work on all popular computer platforms without requiring installation, that is all icing on the cake.  Very tasty icing we think.

r10cipher

@stevechol

101: Penetration Testing

Computer and Network Security 101: Penetration Testing

 

Introduction

 

Penetration Testing is an attempt to break the security of a computer system or network, under instruction from the owners or maintainers of that facility. It is an attempt to simulate an attempted break in by a computer savvy criminal. A Penetration Test gives a snapshot of the security at a moment in time, and is not a full security audit.

 

If a criminal attempts to breach your computer network they will generally follow a sequence of five steps:

 

  • Reconnaissance
  • Scanning
  • Gain Access
  • Maintain Access
  • Cover Tracks

 

It therefore makes sense that a Penetration Test follows a similar, although obviously not identical, sequence of events.

 

Planning and Preparation

 

This stage involves a meeting between the Penetration Tester and the Client. Key areas to be covered are: Scope, Objective, Timing and Duration. In addition documents must be signed to cover the Penetration Tester and the Client, generally in the form of a Non Disclosure Agreement (NDA).

 

Information Gathering and Analysis

 

This next stage involves the Penetration Tester finding as much information as possible about the company he will be asked to target. His first stop will probably be the companies own website, from there he may then consult additional online services and references. The information he is looking for is Domain Names, Server Names, ISP Information, Host Addresses and anything else that will help him build a picture of the target. The second part of this process involves Port Scanning and OS (Operating System) Fingerprinting.

 

Vulnerability Detection

 

If Stage 2 has been successful then the Penetration Tester now has all the information he needs to make the decision as to what hosts to target, and with what vulnerabilities. Some techniques he may use at this stage include Password Cracking, SQL Injection, Rootkit, Social Engineering and Physical Security.

 

Analysis and Reporting

 

This is where the Penetration Tester reports back to his Client. The information he is going to present to the client, includes the following:

 

  • An Overview of the work done
  • Detailed Analysis of all Vulnerabilities
  • Summary of Successful Penetration Attempts
  • Suggestions for the next step

 

Finish Up

 

This is where the Penetration Tester makes sure that anything he has done in the course of his work will have no effect when he has finished. For example he will remove any backdoors and additional user accounts that he has created, leaving the system how he found it.

 

The above is a quick overview only of the procedures that may be followed by a Penetration Tester while undertaking their assignment.

 

@stevechol