Walter Soldierer’s Blog

Gnu Privacy Guard (GPG) is an open source PGP clone. It uses strong encryption to protect emails as well as files and folders. For encrypting drives, folders, and files I use a different piece of software (Truecrypt). GPG is my encryption tool for email. The majority of email traffic on the Internet still goes unencrypted, which still amazes me. Many email users don’t know that their email can be easily intercepted and read. PGP’s documentation compares sending email to sending paper postcards, and rightly so. There is no envelope. Any person having access to a mail server or a router could read or automatically filter the many emails that are processed every day. Wireless connections are even more of a problem. There is software which can make email data visible if it is sent over an unencrypted WLAN connection.

So do I encrypt all my email? No. I wish I could, but none of my friends and colleagues uses email encryption. There is only two things I can do: Download my mail with a secure protocol to at least encrypt the last hop, and never forget that emails are like paper postcards that not only the postman can read.

Free encryption software (1): Introduction
Free encryption software (2): File encryption on USB flash drives
Free encryption software (3): Hard disc encryption

In an effort to meet accessibility requirements, I was looking for tools to check whether users with a variety of color blindness conditions can actually use our websites. Posters and brochures can already be difficult to read for color blind people. On web sites another dimension is added to this problem because certain features may be rendered useless by choosing a bad color palette. Colored links for example, if not underlined, may not be seen as links because they appear to be of the same color as all other text.

(more…)

I have been doing do a lot of email marketing lately. Our email marketing service does a pretty good job at removing records with an invalid email address from the imported data set. However, some invalid addresses still slip through and cause unnecessary bounces and license costs. We therefore need to correct or remove all invalid addresses before we import them. Some can be easily corrected without involving the subscriber, like

someone@hotmail
someone @ yahoo.com
someone@gmail.cmo

Others can be removed from the subscriber list because they originate from fake subscriptions, like test@justtesting.

I was looking for an online tool to clean up an email address list but could only find tools that process one address at a time. So I read RFC 3696 to learn more about valid email address formats and wrote my own. The tool does email format checks for most of the RFC requirements. It also queries the email domain’s DNS server to look for MX and A records.

(more…)

For one of our current projects I was looking for a way to validate strong passwords with regular expressions. Form field validation requirements are defined as a regex in the database properties for the field, so the easiest way to set up secure passwords was using this method. I found many examples for regular expressions but they all lacked one important feature. To avoid SQL injection issues or html formating issues we need to limit the characters allowed in passwords, and all regular expressions that I found on the web would not allow us to do this. Many of the examples posted also contained useless or redundant patterns. Here is my own pattern, which works in Perl, PHP, Java, and .Net. Needless to say that regex engines based on the old POSIX standard will not support something cryptic like this (read as one line):

(?=^[\w ,\.;:/\!@\#\$%&\*=\-\+\(\)\[\]\{\}\|]{10,}$)
(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*\W)

- ten or more characters long
- one or more a-z
- one or more A-Z
- one or more 0-9
- one or more    ,.;:/!@#$%&*=-+()[]{}|   (includes space)

You can easily test this pattern using online tools for different languages:

Perl (PCRE, surround pattern by ” “)
PHP (surround pattern by # #)
Java
.Net