Tag Archives: security

Data Privacy Day 2016

It’s that time of year again! Data Privacy Day! What follows after the jump is an aggregation of posts I’ve written about data security as well as a commentary on web-browsers and a how-to guide for using TOR safely.

image

Continue reading

TrueCrypt is Still Safe

I want to preface this with a note from me: “Hey all, I apologize for not publishing anything recently; I’ve had writer’s block and now I’m doing research for my next big post (get ready for it!) amidst dealing with crashed hard drives and OS transfers.

But, inspired by a the comment “dude, truecrypt is dead” that I saw on IRC, I want to write a short statement about TrueCrypt. Now it’s no secret I’m a TrueCrypt fanboy so this will be a tad biased, but please hang with me.”

Since 2004, TrueCrypt has been the go to OTF encryption tool and has served probably millions of users (myself included). TrueCrypt had been in active development getting to version 7.1a when, on May 28, 2014, truecrypt.org displayed a very odd message warning of the insecurity of the software.

Although no one knows for sure why the develops suddenly stopped (although there are a few conspiracy theories), we do know that TrueCrypt is still safe.

Continue reading

Heartbleed Info

Because I have failed my duties as a blogger who not only aims to philosophical and religious discussions, but also posts about internet security and data privacy by not writing anything formal about the massive “Heartbleed” exploit in the openSSL protocol, I will provide the following videos if anyone is still interested.

So while it is too late for me to write a dedicated post (given the sheer number that exist), there are a few videos that are important for the layperson to see if they want to understand what “Heartbleed” actually is.

The first is a video from Elastica Inc. explaining the “Heartbeat” program in openSSL:



The next is a video by Lynda indicating what companies are doing to fix the exploit as well as what you should once a company has fixed the exploit (you can check to see if a company has fixed the exploit using this handy tool by LastPass):

Additionally, if sites offer it, you should enable two-step verification and you can read how to do that here.

And finally, a wise thing to do is to utilize a password manager (I explain them indepth here) and change them if needed. For instructions on how to use a password manager efficiently, please see my explanation here.

Happy Data Privacy Day! – Security Setup

Table of Contents (ToC Links not Working Yet)

1. Introduction
2. Passwords and Managers
3. Browsers and Add-ons
4. Email Providers and Clients
5. Data Encryption
6. Anonymity
7. How-To’s
8. Notes

Part 1. Introduction

In light of revelations about the NSA’s role in illegal domestic surveillance (x), and this terrifyingly hilarious photo inside a US army base (fig. 1), downloads of anonymity programs and browsers such as Tor (The Onion Router) have skyrocketed as people become more aware of what the government is doing and what “privacy” actually means. In fact, usage of Tor is up by over 100% and the so called “Dark Web” has risen to the Scroll to bottom spotlight. This surge, however, has been met with a downside – a false sense of security. The aim of this post will be to share the methods I use to keep information private and methods that one could use to attempt to remain anonymous on the internet. (Later posts may, if the need arises, be centered around specific security aspects)

Now this being said, there are a few disclaimers:

  1. The most obvious – I choose to share information about me on the designated page not because I do not know how to be secure, but because I am willing to share this much. I am also willing to stand by my convictions, thus I sign my name. That being said, incognito personas are fun and I maintain a few.
  2. There is rarely, if ever, total security. Someone wiser than I once said “a false sense of security is worse than being unsure”[1]. The point of this post is to give you the tools to try to be secure.
  3. These are just the tools I use, if you want to complain, use the comments section or, as will be linked to throughout the post, read some other article.
  4. Finally, I am no expert in the academic sense of the word, rather, I am an enthusiast who wants to learn and share what he has learned. As such, don’t take my explanations with the same rigor as you would Jacob Appelbaum or Bruce Schneier.

Continue reading