Can encryption protect your secrets against “APTs” and web exfiltration? Well, it depends...

Details

Category: Cyber Security (Personal)

Many security (commercial) professionals and sales girls & boys will tell you we protect your data with military grade encryption and your transactions are encrypted with the same technology banking sites use. Often the scope of these comments is small and refers to SSL (TLS) encrypting names, email addresses, passwords or credit cards when flying through the unknown, between your device and the shopping carts server. A great one is “someone stole our data but passwords were encrypted (hashed in reality). How nice the website owners bothered to one-way hash passwords stored but who cares about email address, secret question/answer, data of birth or your address?

Take a standard website for instance, you create a free account, enter your chosen password, the passwords flies over HTTPs (SSL/TLS) and the password is transformed into a hash (MD5, SHA1/2/3 etc.) and stored as that. “000ca7b75084509a58de17c003c5” is what a hash looks like if you are wondering. The password is not usually stored in clear text (readable English). Hack the websites database and you get a load of odd looking strings which people think are “one-way”. Mathematically yes but if you have one million passwords you can generate one million hashes and compare them. Also known as: rainbow tables.

Read more …

You may shred your printed matter but what about your files?

Details

Category: Cyber Security (Personal)

Think of a doctors or dentist surgery with rows of shelves stuffed with paper private medical records in alphabetical order. Remove the A-Z index and finding Mr. and Mrs. Green will be very hard. This is like when you delete a file from your USB stick, the file is likely still there but the index record is not. The same applies to USB hard drives, hard drives and camera memory cards.

Survey: 40% of hard drives bought on eBay hold personal, corporate data sums this up well. People and companies may have deleted their files or formatted the drive but the files could be recovered with off the shelf software.

Just how easy is it to recover files.....?

Blank USB stick with a single 1KB TXT file on.	TXT file showing 321 as contents.

Deletion confirmation window.	Empty looking USB stick.

A five second scan with free recovery software shows the deleted file available for restore.	Recovered file shown on desktop and exactly the same as before it was deleted.

How do I ensure files cannot be recovered?
Various options exist including: physical shredding, physically punching holes, shredding individual files, overwriting the entire drive or even putting the whole drive in a furnace!

We have found a possible IED (bomb) left suitcase, let’s move it around and open it!

Details

Category: Cyber Security (Personal)

Whenever I am walking around subconsciously I spot security flaws or mistakes, be it physical or information technology wise. Yesterday while coming up the escalator of a prominent zone one station I spotted a British Transport Police officer (not a community support officer) following two Transport for London staff into the control room. The officer was fully uniformed and the two TFL staff next to him seemed to be station supervisors or similar.

One of the three men were wheeling in a suitcase to the ticket hall control room, then the TFL staff member pointed at it, the officer examined it from the outside and then started to unzip it. What has just happened? In my view the station staff have found an unattended suitcase, they moved it manually to the control room and then called a BTP officer to help... who looks at it and starts to open it.

Hello!!! This could have been a real IED (improvised explosive device) or bomb in old fashioned English thus moving it around and opening it is not a good idea.