secure-transmit

Catching up from a successful event at the Miami Business Show last Wednesday and Thursday, March 6th and 7th. We met a variety of people, collected a number of business cards and interacted with so many entrepreneurs and small businesses. It was such a great time exploring Miami Beach and networking with the Exhibitors after the busy first day of the show on March 6th. All of the support we received from the Business Show enabled us to promote secure-transmit and make some significant contacts. Here is a picture of our booth before the secure-transmit team manned it. We are working through reaching out to all of the contacts that we met last week. Thank you for your interest.

Learn from the greatest minds in business in a series of spectacular seminars and masterclasses, teaching you the techniques that you need for your business to grow at The Business Show in Miami. Meet exhibitors showcasing services, including us, that will revolutionize the way you do business.?We will be in Booth 114 on March 6th and 7th. Hope to get the chance to demonstrate our unique file transfer solution to transmitting your data securely. #TBS #TBSMIAMI #TBSMIAMI24 #TBSUS

Here is a succinct 'Explainer' video about who secure-transmit is and what we do. Hope you enjoy it!

In late May of 2023 there was a major exploit reaping data from a widely used file transfer service, MOVEit. The repercussions from the data leaks are still being revealed, but data from hundreds of thousands of users across many organizations was leaked to a group of Russian hackers. Since we are in the business of secure file transfer, we spent some time examining what happened, to make sure it couldn't happen to us. ? The exploit was accomplished by an old technique - SQL injection - where an attacker constructs an SQL query and inserts it into an improperly sanitized field of a web form. The failure to sanitize the input fields was MOVEit's sin, but the magnitude of the data leak came from the fact that organizations were using MOVEit as an infrastructure to provide database access to the internet. This is not a file transmission function, it's a cloud infrastructure function. ? secure-transmit will never leak data about hundreds of thousands of users, because secure-transmit follows a strict design methodology that ensures that every record is encrypted with its own key. There is no database query that can deliver data about more than one user, and that data will always be encrypted with a key that secure-transmit has to receive from the user. Furthermore, secure-transmit never provides a direct interface to its underlying database to any https interface. Finally, secure-transmit only supplies the data to be transmitted to an enumerated list of correspondents, whose identities are established by multi-factor authentication. If a correspondent's proofs of identity and email security are so compromised that a hacker can successfully provide stolen claimchecks and spoof their identity, a complete record of the data theft will appear in the activity records. ? secure-transmit's internal structure was designed so that even full access to secure-transmit's servers and credentials will not allow an attacker to gain access to unencrypted user data or metadata. ? The MOVEit exploit does provide a useful cautionary example, however. Many of the users affected by the data leak did not even know that they were using the MOVEit infrastructure. secure-transmit utilizes several critical pieces of infrastructure. Furthermore, our users are dependent on the integrity of the secure-transmit code itself. As a result of reviewing the MOVEit exploit, we are instituting automated checks to ensure the integrity of our infrastructure and code. This should make us less vulnerable to an adversary corrupting our necessary infrastructure, or back-dooring our application. ? We're doing our best to be paranoid enough for the both of us because at secure-transmit, your business is none of our business - or anyone else's.