SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2010
    Location
    Calfornia, USA
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Secure file transfer

    I believe that emailing sensitive documents is not a good idea. Is that true? Or, as long as someone's email is secure in that no one else knows the password, is it ok to send sensitive documents?

    If not, does anyone recommend a service where I can send a file securely? Then the person on the other end needs a password to get the file.

    Thank you.

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,598
    Mentioned
    411 Post(s)
    Tagged
    6 Thread(s)
    You could use something like DropBox.

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2010
    Location
    Calfornia, USA
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    You could use something like DropBox.
    Thanks.

    I actually didn't realize that Adobe Acrobat can password protect files. I think I'm going to try that feature for now.

  4. #4
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,598
    Mentioned
    411 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by Braxton View Post
    I actually didn't realize that Adobe Acrobat can password protect files.
    Yep, although those passwords are extremely easy to bypass, so don't rely on them too much.

  5. #5
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,600
    Mentioned
    24 Post(s)
    Tagged
    1 Thread(s)
    If both you and the recipient have email security certificates then you can use them to encrypt an email so that no one except the intended recipient can read it.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  6. #6
    SitePoint Member
    Join Date
    Jun 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I use filejam secure file upload, it's really safetly file transfer methood.
    Last edited by Mittineague; Aug 27, 2013 at 12:43.

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Ralph,

    TechRepublic had a Michael Kassner article online April 15th (2013) entitled "DropSmack: Using Dropbox to steal files and deliver malware." The point was that Dropbox was not safe as files could be compromised.

    A follow-on article by the same author on April 29th, "BoxCryptor vs. Dropsmack: The battle to secure Dropbox" stated that Dropbox files CAN be encrypted before loading (and getting Dropbox's security) to protect the files.

    PM me if you want PDFs of those articles - they were worth saving!

    The pair of articles provided a valuable reminder that the "soft encryption" of common programs are not sufficient to protect valuable information.

    For nearly 20 years, PGP (Pretty Good Privacy) was the defacto encryption program for the general population. NSA tried to crack it and then attempted to have it made illegal but only succeeded in making it available within the US - not for export - so an international version (identical functionality) was made available, too. PGP was sold to a security firm which took the product commercial circa 2000 so it's lost a lot of its following ... but it remains an excellent encryption program.

    Finally, Security is the proverbial three edged sword as there must be a tradeoff between cost, convenience and the level of protection to be given the data to be protected. If you want military grade encryption, it'll cost big time!

    Back to the original question, e-mail can easily be captured so it is not safe. Dropbox has been shown not to be safe without pre-encryption. PGP has been around for ages and is still quite strong (but inconvenient) so other programs like BoxCryptor and TrueCrypt are finding a niche which you can use them to protect your files.

    Finally, you are spot on that Acrobat passwords are trivial to break. There are programs out there which even allow "script kiddies" to do it, too. As for edit/print protection passwords, they are bypassed by simply saving to another format.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  8. #8
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,598
    Mentioned
    411 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by dklynn View Post
    The point was that Dropbox was not safe as files could be compromised.
    Thanks DK. Yeah, nothing's safe, really. Luckily, I have nothing of value. (My life's worthless. )

  9. #9
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Ralph,

    Yeah, me too! Join the club!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  10. #10
    SitePoint Member RH-Calvin's Avatar
    Join Date
    Jun 2013
    Location
    Las Vegas
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You must check SkyDrive for secure file transfer, here you can give proper file access permission for specific users.
    Last edited by ralph.m; Jun 17, 2013 at 08:07.

  11. #11
    SitePoint Member
    Join Date
    Aug 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    While cloud file sharing services are not as secure as PGP encrypted files send via email or FTP, it is much easier to use. That's why it's more popular. For most end users, getting a file encrypted has been confusing and then asking your recipient to figure out how to unencrypt it is worst. I understand why so many files are sent as email attachments. It's easy. People just want to get their files moved without thinking too hard about how unsecure it can be. It's a dilemma that really makes small IT shops struggle to keep data secure, as various employees take the easy way.

    Then, I just found a free PGP encryption tool (there are several) that actually makes encryption easy. Linoma Software released it's free OpenPGP Studio that can be downloaded for free. I tested it and found it to be refreshingly easy to use. Granted, the end users still need to understand concepts such as encryption keys and still needs to have the recipient know what to do with those keys to unencrypt the file but OpenPGP Studio just made the process so much easier.
    Last edited by Mittineague; Aug 27, 2013 at 12:50.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •