Tag Archives: encryption

Layers of Computer Protection

Computer security people advocate layers of protection. There is no single software program that gives absolute protection. The Internet criminals and hackers simply respond too quickly, and are too sophisticated to be stopped by any one method.

One of the layers of protection that people seem to neglect is encryption. There seems to be a common misconception that encryption is something that is complicated and geeky. It really is not. It can be easy, and it offers an additional layer of security.

The crime of Identity Theft is growing. Two essential pieces of information necessary is to match your name to your social security number. It can lead to a host of problems financially. And if the Identity Theft is used for medical services, it can lead to deadly consequences. This is just a reality of the Internet – and a danger – as more and more medical services move to electronic record keeping for health providers. The key is simply preparation.

For your safety and security, SafeBit offers easy encryption:

SafeBit Disk Encryption is the perfect electronic vault you need for your privacy. It features military strength on-the-fly encryption, by creating virtual disk drives, where you can hide files and folders, keep them encrypted all them time, but still work with these files just like you work with normal files. SafeBit is the last line of defense if your current security system fails against viruses, trojans or hacker attacks.

This is a very special offer for our readers. The SafeBit people are offering our readers a generous forty percent (40%) discount off their regular price. This is a remarkable saving on an award winning software program.

This offer expires on January 6, 2010.

Here is just one last reminder for the people on laptops. If you are using different wi-fi connections regularly or plugging in to unfamiliar Internet connections, there is the risk of keyloggers. For example, the keylogger would record your name and password when you enter a site like PayPal. That would be comparable to handing over the log-in data to your online account. SafeBit has a virtual keyboard. It will give protection against such keylogger programs, and password-stealing malware. This is terrific for travelers, or for those people who are on the go with their laptops and netbooks. The virtual keyboard feature alone is worth the generous price of this program.

Thanks to the SafeBit people for offering this program to our readers at this price point.

Safeguard Your Security and Privacy

Identity theft has been tagged as being the fastest growing crime in America. Your private information is a commodity that some criminals harvest and resell. It is a whole subculture. The people stealing the personal information may not bother with committing the actual identity theft, but there are buyers for your personal information.

One of the best ways to protect yourself is to encrypt your computer information. Encryption has been advocated for years by the security people, such as our very own Kat. And we agree that it is an effective means of protecting your information. Encryption is an extra layer of protection. Somehow, there is a common belief that encryption is difficult and totally geekish. It really isn’t. SafeBit Disk Encryption makes it easy:

SafeBit features on-the-fly disk encryption, by creating encrypted virtual disk drives, where you can hide files and folders, keep them encrypted all the time, but still work with these files just like you work with normal files. Disk Encryption is transparent to the user…

This program is efficient and easy to use. It effectively provides security and stays out of your way. It really is non-intrusive. And, to encourage you to protect your sensitive data and to keep our readers safe, the SafeBit people are being kind and offering our readers an unbelievable discount of forty percent (40%) off the normal price.

This is an exclusive, time-limited offer that is available to our readers. It is a fifteen dollar savings. It expires on October 28, 2009. Safebit supports 32-bit versions of Windows Vista/XP/2000/NT.

In terms of security, there are three more things that need to be said. Often identity theft is not perpetrated by a stranger. It can be someone you know and that someone has access to your personal data. The second point is that you may have all the security software protection ever recommended on your machine. You may be protecting yourself from malware, spyware, Trojans, rootkits and all that other computer trash. An infection still can compromise your computer. No security software program dares to offer a hundred percent protection. It just takes one mistaken click. You are tired sometimes, focused on other things, and make a mistake. We all do that and hackers count on that. And then there are drive by infections that don’t require you to do anything except visit a site.

And finally, what happens if you lose or have your machine stolen? For example, missing/stolen laptops are reported every day. Then, all your confidential information is available to whoever is powering up your machine. And this security breach leads to identity theft. This type of encryption should be on every business and government laptop. [Give a shout if you want this program in high volume. We will see what we can do for you.]

The other thing is that there is no backdoor. None. The SafeBit Disk Encryption people state this clearly. The software does NOT include any backdoor. Neither the vendor nor any other entities are able to break the SafeBit Disk encryption. You must remember your password. There is no two ways about it. The vendor is not going to be able to save you. Again, you must remember the password. The program really is that good. Losing your machine may be costly but losing the confidential personal information on that computer may mean possibly long term anguish. SafeBit is just an efficient, easy way to protect yourself.

One Step for Privacy and Security

South Carolina Governor Mark Sanford wrote what he considered to be private email correspondences to a “dear friend”. Unfortunately, the recipient of his email communications had her email account hacked. This unauthorized access meant that Governor Sanford’s private, intimate email correspondences were media fodder for the national and international press. The breach of email security was one of the reasons that Governor Sanford has much unwanted attention and public embarrassment.

This example may be extreme. However, it illustrated a point. What you do on the computer and on the internet may not be private and secure. What you have on your hard drive, like this year’s tax information, can be accessed by hackers and by malware.

One of the basic ways to protect yourself is to encrypt your computer information.

Encrypt – encrypt – encrypt. Security people have been saying this for years. And we agree. Encryption is an extra layer of protection. Somehow, there is a common belief that encryption is difficult and totally geekish. It’s not that at all. SafeBit Disk Encryption makes it easy:

SafeBit features on-the-fly disk encryption, by creating encrypted virtual disk drives, where you can hide files and folders, keep them encrypted all the time, but still work with these files just like you work with normal files. Disk Encryption is transparent to the user…

This program is efficient – and easy to use. It effectively provides security, and stays out of your way. It really is non-intrusive. And, to encourage you to protect your sensitive data, the SafeBit people are being kind and offering our readers an unbelievable discount of forty per cent (40%) off the normal price:

This is an exclusive, time limited offer that is available to our readers. It expires on July 15, 2009. Safebit supports 32-bit versions of Windows Vista/XP/2000/NT.

There are two more things that needs to be said. The first is that you may have all the security software protection ever recommended on your machine. You may be protecting yourself from malware, spyware, trojans, rootkits and all that other garbage. An infection still can compromise your computer. No security software program dares to offer a hundred per cent protection. What happens if you lose or have your machine stolen? For example, missing/stolen laptops are reported every day. Then, all your confidential information is available to whoever is powering up your machine. And this security breach leads to identity theft. Yes, this type of encryption should be on every government and business laptop. [Give a shout if you want this program in high volume. We will see what we can do for you.]

The other thing is that there is no backdoor. The SafeBit people state this clearly.

The software does NOT include any backdoor. Neither the vendor nor any other entities are able to break the SafeBit Disk encryption.

You must remember your password. There is no two ways about it. The vendor is not going to be able to save you. Again, you must remember the password. The program really is that good. Losing your machine may be costly but losing the confidential personal information on that computer may mean possibly long term anguish. SafeBit is just an efficient, easy way to protect yourself.

The NeoByte people will give you a choice. They are offering our readers a forty per cent (40%) discount on their Invisible Secret product. That product was reviewed previously.

Both these programs will help to keep prying eyes away from your sensitive, confidential files. Protect your privacy.

How to Save Money with Online Backup Service Discounts


Add to iTunes | Add to YouTube | Add to Google | RSS Feed

When is the last time you backed up your important data? I’m talking about things that cannot be reinstalled. I know people who have never done it at all, because they simply don’t know how or where to do so! I’m about to tell you about a way you can do offsite backups easily. These guys wanted me to do a video about their services, but I wasn’t too keen on the idea. Until, that is, they offered up discounts for our community!

Both Spideroak and BackBlaze offer excellent, encrypted backup plans. Both are also offering you guys a nice 10% discount by ordering through my link! Nice, eh?

Spideroak offers a different approach to online backup and sharing. This difference is not only measured in the zero-knowledge privacy policy. It’s also found in the flexible design in handling your data from all platforms and locations into one centralized account. It doesn’t matter if you’re using Windows, OS X or Ubuntu. And it doesn’t matter if you’re uploading data from your computer, a USB drive or an external drive. It will all be stored in one easy-to-get-to location for you!

BackBlaze backs up your data online to their datacenters. Using military-grade security, files are encrypted on your PC, then sent and stored encrypted on their facility. You can restore from the web… or have a DVD or USB drive sent to you via FedEx! Now that is service.

So there you go. You absolutely should be backing up your data. Both of these options are an excellent resource, and now you can save money on them!

Want to embed this video on your own site, blog, or forum? Use this code or download the video:

What’s the Most Secure USB Drive?

Add to iTunes | Add to YouTube | Add to Google | RSS Feed

No two flash drives are built the same. This new 2GB flash drive I have has software and hardware security built right into it. When you plug it in the first time, you set up a password which will automatically encrypt everything you put on it. If gets ahold of this USB drive and tries to enter an incorrect password ten times – the data will all be erased. They won’t ever access it, unless you set an easy-to-guess password. If this sounds like something you need to protect your data, check out the IronKey.

All user data is encrypted with AES hardware encryption that has been validated to meet government FIPS requirements. Unlike software-based encryption, this “always-on” protection cannot be disabled. And since the Cryptochip generates and stores the strong, random encryption keys, the encryption routines run faster and more securely than any software-based encryption system.

No one can access files stored on your IronKey unless they authenticate with the correct password. All encryption and password verification are performed in hardware, and cannot be disabled by malware or a careless user. This eliminates the risk of compromised confidential portable data.

The IronKey does not require any software or drivers to be installed and even works on Windows XP and Vista without administrator privileges. The IronKey offers drag-and-drop encryption, “plug and play” simplicity, and intuitive encrypted backup, which helps minimize the total cost of ownership. Onboard security software cannot be tampered with or removed. Each IronKey has a unique, easy-to-read serial number, making it simple to track and inventory.

If you are in the market for something that will protect you, this is what you need. For anywhere from $80 – $300, isn’t it worth the money to save your peace of mind?

Want to embed this video on your own site, blog, or forum? Use this code or download the video:

Wireless Security: Why WEP is Bad

Fellow geek Andy Riordan emailed me in regards to a video we recorded a while ago on wireless (WiFi) access points. I haven’t used WEP for wireless security since WPA was available as an option. I refuse to run anything less than WPA on my home wireless network, although it was recently revealed that WPA has also been cracked. What’s so bad about WEP? Andy’s here to explain…

WEP does indeed stand for Wired Equivalent Privacy, which is a rather hopeful name considering that WEP can be cracked in less than 60 seconds now. How? Well, when you connect to a WEP network, the router sends you a randomly generated “hello” message. The connecting machine then encrypts the message using the WEP key and sends it back to the router. The router then decrypts it with the WEP key, and if it matches the original, unencrypted (“cleartext”) message, the machine is authorized.

This is bad. Why? Well, first we have to look at how the encryption and decryption is done. You may or may not be familiar with bitwise operators, but in this case we’re dealing with “exclusive or”, XOR. XOR, like other bitwise operators, operates on bits. If the 2 input bits are 0 and 0, it puts out 0. If they are 1 and 0, it puts out 1. If they are 0 and 1, it puts out 1. If they are 1 and 1, it puts out 0.

To encrypt the data for WEP, the data is XORed with the key (getting “cyphertext”). To decrypt, the cyphertext is XORed with the key, reversing the operation and returning the cleartext. When you think about it, that really can be shown visually (hope it doesn’t get mauled in the mail):

Cleartext   0 1 1 0 1 0 1 1
Key         1 1 0 0 1 1 0 1
—————————-
Cyphertext  1 0 1 0 0 1 1 0

Now, to decrypt:

Cyphertext  1 0 1 0 0 1 1 0
Key         1 1 0 0 1 1 0 1
—————————-
Cleartext   0 1 1 0 1 0 1 1

As you can see, we end up with the original message. (Cryptography is fun!)

However, this is where the problem is. Remember what we did to authenticate with WEP – we got sent a cleartext message, and then sent back the cyphertext results. What happens when we XOR the cleartext with the cyphertext?

Cyphertext  1 0 1 0 0 1 1 0
Cleartext   0 1 1 0 1 0 1 1
—————————-
???         1 1 0 0 1 1 0 1

That byte looks a lot like one we’ve seen before. I wonder what it could be…

Key         1 1 0 0 1 1 0 1

Well, darn. That’s our key. An attacker can get our key just by XORing two things exchanged when a connection is made. It can’t be all bad, though, since a connection has to be made before that can happen, right? How often do you disconnect a machine and reconnect it? A few times a day. They would have to be lucky to catch you doing it.

Except that there’s another vulnerability which makes booting everyone off the network and causing a reconnect easy. Thus, our friend the cracker needs only to force a disconnect of all clients, then watch for the handshake and XOR the two pieces of information exchanged between the router and one of the clients.

That’s why you use WPA now. WPA is pretty much competely safe, if you have a good password. Rule 1 (or perhaps it’s 0) of security is that you never use a short, easily guessable password. Using a short, easy to guess password opens you up to the dictionary attack, or as I like to call it, the Gandalf attack. Scream elvish words at the router long enough and the gates of Moria are bound to open to one of them. Make the “word” long enough (32 characters is good, and is about what I use since some devices have issues with 64) and it will be impossible to guess. Again, a lock is only as secure as its combination. In your case, for instance, I don’t recommend a password of “Pixie”.

Now, for the banking/email question. This brings us to the realm of diffie-hellman key exchange. Many a beginning cryptographer has lost his life to the tangle of bits and factored prime numbers that awaits us here, so suffice it to say this: If there is an SSL connection between you and your web site of choice, you are safe. All your traffic will be encrypted, and will not be decrypted until you get to the site. You’re safe, as long as you have an SSL connection to the site itself, regardless of whether it’s an open wifi hotspot. If you don’t have an SSL connection and they give you a WEP or WPA key, don’t think banking will be secure – if they gave the key to you, they gave it to others, too!

Now, there are caveats (aren’t there always with technology?). Notice I said “If there is an SSL connection between you and your web site of choice, you are safe.” I don’t want to have to send you HTML mail, so mentally underline the first part of that sentance. What’s to stop the hotspot from saying “Ah, he’s going to ‘MyBankSite’ – take out their certificate (the part that contains their “public key” – what you use to encrypt your data to send to them. Note that public and private key encryption are one-way operations – if you encrypt something with the public key, it cannot be easily decrypted with that same key. When I say “easily”, I mean it would take a supercomputer thousands of years.) and put in our own public key. That way, we can decrypt his traffic on our end, look at it, then encrypt it with his bank’s public key and send it on.” Well, in a word, nothing is stopping them. This is known as a man-in-the-middle attack.

Wait, nothing is stopping them? How am I safe, then? Well, nothing is STOPPING them, but their key won’t be signed by a signing authority. A signing authority basically verifies that a given key belongs to a given site, and then when someone asks whether a key belongs to ‘MyBankSite’ they check their database and see. The “someone” who asks is your browser. This is done automatically in modern browsers – if you have the SSL indicator in your browser somewhere on ‘MyBankSite’ (this varies by browser – it usually comes in the form of a lock in the statusbar), that means the browser has checked the site’s credentials out with a trusted authority (VeraSign, etc) and it has checked out. If you get a site that can’t be verified but has a certificate, you will be warned – as in the case of our scheming wifi friends. Thus, if you see a warning, run far, far away.

Whew. Well, that certainly only scratched the surface, but it should help some. Glad I didn’t type that on my phone.

Disk Encryption and PGP


Chris | Live Tech Support | Video Help | Add to iTunes

http://live.pirillo.com/ – PGP’s “Whole Disc Encryption” sounds like a good idea. Everything is protected! But, what about the drawbacks of that? What about the fact that it’s considered a ‘feature’… one that can be disabled anytime a user chooses?

Four of my friends joined me for this discussion: Kat, SC_Thor, Wirelesspacket, and last but certainly not least… Datalore.

PGP Corporation’s widely adopted Whole Disk Encryption product has an encryption bypass “feature” that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base.

According to PGP themselves, “PGP Whole Disk Encryption locks down the entire contents of a laptop, desktop, external drive, or USB flash drive, including boot sectors, system, and swap files. The encryption is transparent to the user, automatically protecting data.”

What good is this though, if someone decides it’s too much work? Let’s say Company A’s employee doesn’t want the hassle of going through all that to get to his files and programs. So, he disables it. Uh oh… the laptop was stolen. Now, all of Company A’s documents are accessible to anyone who can turn the laptop on. Kinda defeats the purpose, doesn’t it?

I don’t know about you, but I don’t see this as much of a “feature”. I see it as a big loophole, in an otherwise excellent product.

Want to embed this Disc Encryption and PGP video in your blog? Use this code:

Formats Available: MPEG4 Video (.mp4) Flash Video (.flv) MP3 Audio (.mp3)

What is BitLocker?


Chris | Live Tech Support | Video Help | Add to iTunes

http://live.pirillo.com/ – When Microsoft first announced their plans for Windows Vista, expert users were excited. Finally an operating system with a multitude of bells and whistles! Unfortunately, we’re still waiting to see this happen. While there are a few good add-ons, we’re still waiting for Microsoft to deliver the goods.

One of the add-ons available is called BitLocker. This handy little feature will encrypt your entire hard drive, making the entire system much more secure. Sadly, BitLocker is only available for Vista Ultimate and Enterprise editions.

BitLocker makes use of a hardware chip called a Trusted Platform Module or TPM. When you turn on the computer, BitLocker communicates with the TPM to make sure the Operating System hasn’t been tampered with. If everything is ok, BitLocker then sends a key to the software on your hard drive, allowing it to boot.

There are, of course, minimum system requirements needed in order to make use of BitLocker:

  • Vista Ultimate or Enterprise
  • Trusted Platform Module (TPM) microchip v1.2
  • Trusted Computer Group (TCG)-compliant BIOS
  • Two NTFS partitions – one for the system volume and one for the operating system volume
  • System volume must be at least 1.5 GB and set as the active partition

Want to embed this video into your blog? Use this code:

Formats Available: MPEG4 Video (.mp4) , Flash Video (.flv)