How to Boost your Yahoo! Sign-In Security
17th October, 2018 | Cyberprivacy | Entropic
This breach collectively consisted of two major events instigated by Russian hackers contracted by the Russian Federal Security Agency (or FSB) - one that occurred in late 2013 and one in late 2014. This resulted in the loss of names, addresses, security questions, DOB, and hashed passwords for all of Yahoo's then user base - over 3 billion users. Magnifying the impact was that Yahoo! took over 2 years to report this breach to authorities and their customer base.
What we can learn from this is that at any time, your personal information might be in transit to hackers who have already found and exploited a previously unseen vulnerability in a given service. Additionally, we know that you are more likely to find out about the theft of your personal information months or years later. With this delay in discovery and reporting in mind, it's very good plan to regularly and frequently check the security of your Yahoo! account.
Updates: How to Boost your Facebook Sign-In Security
28th September, 2018 | Cyberprivacy | Entropic
1) Facebook has announced another major data breach of almost 50 million user accounts. Hackers have exploited a vulnerability in the "View As" feature of Facebook that allows users to see what their profile looks like to other people.
2) Emerging research by Northeastern, and Princeton University working with Gizmodo has revealed that Facebook is now using your phone number that you entrust to them when setting up SMS-based two-factor authentication (2FA) for other purposes, aside from enhancing the security of your account. Specifically, they are using it to improve the granularity of their advertising services, including enhancing the ability for advertisers to target you more directly.
This adds to the list of reasons not to use this ailing type of 2FA to secure your account. 2FA is still a crucial part of securing your account, however there are better types of 2FA offered by Facebook - such as authenticator app-based 2FA. All forms of protection come with their own caveats, as illustrated in the updated Facebook 2FA options shown further in this article.
3) Instagram, a subsidiary of Facebook is rolling out support for authenticator-app based 2FA, which will allow their users to move beyond SMS-based 2FA.
Who Else Can Access Your Tweets?
26th September, 2018 | Cyberprivacy | Entropic
In our previous article we reviewed the current options available for boosting your Twitter sign-in security.
The need to continue delivering information efficiently to its users over the years has driven Twitter to establish a vast global computing infrastructure spanning five continents, with data centers consisting of thousands of servers.
To ensure efficiency and redundancy, much of the information that flows through this infrastructure is copied and duplicated across many different servers, for instance in caches, which helps to ensure information can be accessed efficiently across different regions.
Each of the countries that host Twitter computing infrastructure also have their own distinct regulations that designate access to the information that reaches those regions, such as access by local government authorities and law enforcement.
In this article we'll discuss the options Twitter provides to control your Tweet privacy - who can read your Tweets, and based on these options, who else might be able to access and accumulate your Tweet history over time.
How to Boost your Twitter Sign-In Security
19th September, 2018 | Cyberprivacy | Entropic
It was May 2013 when Twitter first introduced their SMS-based Two-Factor Authentication system, which they named "Login Verification". This was done in response to a breakdown in the security of their username/password based sign-in security that was rapidly becoming vulnerable to spear-phishing attacks, and other types of data breaches.
Amongst other key events, the most noteworthy was the use of spear-phishing to gain access to the Twitter accounts of The Associated Press, and on April 23rd 2013 make false posts that caused the Dow Jones to plunge 143 points. Since then, hackers have managed to find ways to bypass SMS-based two-factor authentication, putting more pressure on Twitter to provide additional options to help enhance sign-in security for their users.
How to Review Your Amassing Facebook Data
12th September, 2018 | Cyberprivacy | Entropic
In our previous article we reviewed the current options available for boosting your Facebook sign-in security.
In this article, we'll show you how to download and interpret the data that Facebook accumulates about you, with a focus on identifying the more important elements of your personal information.
The use of a centralized storage approach - holistic elements of your personal information that are stored and replicated across the globe, continues to be the single most significant vulnerability of Facebook.
This approach to information storage makes Facebook data centers very high value targets which are subject to a constant barrage of attempted infiltrations from nation states, cybercriminals, or seemingly legitimate entities, such as Cambridge Analytica that find ways to circumvent legal and technical loopholes, to glean and leverage your personal information.
If you have opted not to #DeleteFacebook, then at the very least you should regularly review the information that is accumulating about you in Facebook data centers across the globe. You can do this using the Download Your Information feature that Facebook provides in Settings.
How to Boost your Facebook Sign-In Security
28th August, 2018 | Cyberprivacy | Entropic
It was May 2011 when Facebook first established its SMS-based Two-Factor Authentication system, which they originally named "Login Approvals".
Since then, due to widespread security issues with SMS-based two-factor authentication, they have been pressured into providing additional options to help enhance sign-in security for their users. This includes introducing their own authenticator feature into the Facebook App, called Code Generator, the ability to use security keys on Android smartphones, and finally in May of this year, announcing support for third-party authenticator apps, such as Google Authenticator, Authy, Duo Mobile, LastPass, or Yubico Authenticator.
Two-Factor Authentication (2FA) can significantly boost the security of your Facebook account by requiring a second piece of information, or action before allowing you to sign in. It should be noted that this feature does not eliminate the need to maintain your password. This is something that you'll need to continue to regularly change, record, and remember.
And, Your Exact Location in Your Living Room Is?
21st August, 2018 | Cyberprivacy | Entropic
In a previous article, we touched on the Google Titan Security Key, as an example of how companies are trying to extend the sensory reach of their devices, using Bluetooth LE (BLE) to gain better visibility into your lifestyle.
Companies that produce intelligent IoT devices for the home are increasingly being pressured to not only improve the usability and reliability of their products, but also to ensure they coexist seamlessly with other products from other manufacturers. This includes being more intuitive to their surroundings, including how they sense and interact with other devices and people.
Improving the sensory awareness and response of their devices can not only provide intuitive benefits to their customers, but also helps companies glean increasingly refined telemetry about how people move throughout their home, along with their activities in each location therein. The resulting data revenue can help them further refine their products and services, as well as generating revenue by making this data available to third parties.
GPS Is No Longer Enough
Consider your physical location as tracked by your smartphone, and how valuable this is to companies like Google who, for instance use it to provide you with critical information on traffic congestion in Google Maps.
Which Notes Do You Really Need in iCloud?
14th August, 2018 | Cyberprivacy | Entropic
If you are the type of person who loves using Apple devices, but are weary about how much of your personal data is seeping into iCloud, we'll discuss a few privacy checks that you can perform regularly to mitigate this problem.
The more of your information that Apple can push to iCloud, the better it is for their bottom line, since this gives them more opportunities to sell you things like additional iCloud storage.
By simply using and maintaining your Apple device(s) over time, the overall volume of information that "seeps" to iCloud increases. This is largely due to default configuration changes made during key events, that can change the data being collected. Some examples include:
How to Boost your Gmail Security
8th August, 2018 | Cyberprivacy | Entropic
Over the years, Google has continued to evolve the ways they can help improve the level of sign-in security for their users.
Their 2-Step Verification feature, a type of two-factor authentication (2FA), now has several different options and, additionally Google has decided to start producing their own security key.
With these recent events, we thought it would be a good time to review the options, and provide an overview of what methods are currently available to secure your Google account.
Don't Forget your Keys, Dave
30th July, 2018 | Cyberprivacy | Entropic
Phishing, along with a host of other types of cyber attacks against their customers, has gradually forced many companies to introduce multi-factor authentication into their account sign-in process for their customers.
For an average consumer, multi-factor authentication has always been a relatively cumbersome process, which is why companies that develop these types of authentication products have invested a lot to make them less cumbersome and more user friendly, without compromising on the quality of their devices and the security of their users.
Google, as an example currently supports several options as part of their 2-Step Verification feature, including the use of an Authenticator app, such as Google Authenticator and third party security keys, which allow you to sign-in to Google by plugging the key into your notebook/PC, or placing it near your mobile device.
What has your Nest Protect been Gossiping about Lately?
22nd July, 2018 | Cyberprivacy | Entropic
Earlier this year, Google reported having sold over 11 million Nest devices to date. Perhaps one of the most essential, trusted, and well engineered of these devices is the Nest Protect Smoke + CO Alarm.
The conveniences of this device, which include intelligent notifications of smoke and carbon monoxide alarms (from home and away), remote management, automatically lighting the way in the dark, combined with the overall reliability of this device make it a solid choice for a consumer looking to upgrade their legacy smoke/CO alarm.
Amongst all of the Nest devices, this one is in the top category for having the most sensors and transceivers. Given the essential need for smoke/CO alarms, combined with the Nest Protect's capabilities of 24x7 collection of activity in your household, we decided to further investigate this device to better articulate what it gives to your home vs. what it takes.
Who Else Can Read Your Gmail?
13th July, 2018 | Data Security | Entropic
In a previous article, we discussed some ways that you might unwittingly disclose your physical location while using Google. Amongst the services of Google, the most widely used include Search, Android, Gmail, Chrome, Maps, YouTube, Google and Play Store - each of which have users numbering in the billions. Additionally, services such as Google Docs and Drive are also very popular.
If you depend on any of these services, it's important to be aware of what other Apps might also have access to your personal information on Google. This is because over time for instance, by using a mobile or web-based App, you may have unwittingly authorized one or more of them with specific levels of access to your Google account information - for instance Gmail, Google Drive, or Calendar.
Decentralize to Protect your Data
26th June, 2018 | Data Security | Entropic
While most of us rely on encryption and authentication to protect our most critical files and other information, the reality is that these approaches to securing information have shown a continual pattern of failure since their inception. Compounding this issue is that over the past 20 years, we have carried forth an endemic fortress-based mindset of protecting information into the digital world, by consolidating massive amounts of sensitive information and concentrating it select physical locations using cloud-based infrastructure. This approach has dangerously centralized and even duplicated masses of stored information, in the name of manageability and cost savings.
By prioritizing manageability and cost savings over security, we have unwittingly created high value targets for cybercriminals, and further increased the motivation and ease at which they can extract large amounts of information for sale, distribution and exploitation.
Unwittingly Revealing your Location to Others via Google
20th June, 2018 | How To | Entropic
For billions of us, Google is an everyday part of our lives. We depend on it for searching, e-mail, shopping, evaluating businesses, networking with others, finding our way around, and a host of other daily routines.These conveniences are too good to resist, but with these conveniences comes a loss of personal privacy.
A company can glean a lot of valuable information about an individual by tracking only their location, and in turn this information can ultimately be translated into company revenue. In this process however, others might also gain access to this information.
The Genetic Fortress
11th June, 2018 | Data Security | Entropic
Companies that provide Genetic genealogy services offer individuals the option to submit a sample of their DNA, to enhance their ability to explore their ethnic origins, their family heritage, and discover and reunite with lost relatives. Similarly, Personal genomics companies also offer individuals this option to help them better understand their genetic traits, and how that might affect them in their lifetime, along with their descendants and relatives.
Despite the advantages that these services bring, the widespread use of expiring security and storage technologies to protect this information represents the next significant new threat to the loss of our privacy and individuality.
A River of Facebook Profiles
23rd May, 2018 | Data Security | Entropic
In our previous article, we introduced a model to help describe the lifecycle of information after it has been disclosed to an organization by another individual or organization. In this article we'll focus on another phase of this lifecycle - the Third Party Sharing phase, and describe how it applies to the 2014 mass extraction of 87 million+ user's Facebook profiles performed by Global Science Research (GSR), which were subsequently sold to SCL Elections and Cambridge Analytica, a subsidiary.
The Fuel of Facebook
15th May, 2018 | Data Security | Entropic
In our previous article, we introduced a model to help describe the lifecycle of information after it has been disclosed to an organization by an individual. In this article we'll focus on one particular phase of this lifecycle - the Collect & Send phase, and describe how it applies to Facebook.
When you think of how users interact with Facebook, you might picture someone using an app on their phone, or a browser on their PC to interact with the social network. However, over the years through third party integrations, company acquisitions, and the evolution of the Facebook Platform, the number of products and services they now offer, along with the volume of information that they collect from their users, has massively increased.
The Information Disclosure Lifecycle
5th May, 2018 | Data Security | Entropic
Organizations are constantly challenged to continually improve their security posture, and protect the information they rely on to do business. Many now also rely heavily on curating information about individuals who have consented to share, as they go about their daily lives.
Blockchain is helping to improve these organizations cybersecurity posture, in areas such as multi-factor authentication (MFA), and the Internet of Things (IoT). Some of these improvements are detailed in this article by Christina Comben, originally posted on CoinCentral.com
With the recent increase in events surrounding the handling, processing and protection of information, we thought it would be a good idea to create a draft model that would allow us to better describe the lifecycle of information after it has been disclosed to an organization by an individual.
Best Practices for Decentralizing Information
27th April, 2018 | Data Security | Entropic
In our previous article, we discussed how the fortress mindset has influenced how we instinctively protect information. Today, encryption and authentication are the foundation of how we secure information that is holistically stored in one location - the fortress.
If an attacker knows that all of the information they seek is holistically secured in one place, their motivation to break through the barriers that protect this place becomes very high. Over time, both encryption and authentication have had to adapt to contend with evolving attack techniques, many of which exploit vulnerabilities arising from the need to balance security with convenience for the user.
Decentralizing the Information Fortress
17th April, 2018 | Data Security | Entropic
Over the past 20 years, as a result of implementing cost savings, better efficiency, and improved manageability, we have seen a significant migration of software, hardware, and data to public and private cloud-based storage infrastructure.
Within these fortresses of information - data centers, and possibly unbeknownst to many, a large amount of personal information continues to accumulate.
Panwrypter v2.0 "Langkawi" Release
5th April, 2018 | Product Release
We are pleased to announce the launch of Panwrypter v2.0 - an App to protect your most important files, using a type of decentralized protection called bitwise depletion.
This release improves upon convenience & ease of use, and introduces additional, advanced security features...
Tutorial: Protect Files while Traveling with Panwrypter
29th March, 2018 | Tutorial
You may travel as part of conducting business with regional offices and customers. During travel, you may habitually choose to store sensitive files on your notebook, or on a USB stick. Using this approach vs. cloud storage might give you some peace of mind that the sensitive information is physically with you at all times.
During travel however, when your carry-on or checked-in luggage is not with you, this information might be vulnerable to unauthorized access....
Is Encryption Safe?
11th April, 2017 | Infographic
A visual comparison of using file encryption vs. file depletion with Panwrypter.
Using Panwrypter to Protect your Personal Photos
27th March, 2017 | How To Series
Do you want to protect personal/sensitive photos so that only you, and someone else has access to them? This video shows how you can do this with Panwrypter.
Should you prefer using cloud-based file storage, you'll know that these services are not immune to cyber-attacks and based on recent events, theft of your files is a reality.
Are You Watching Your Internet Connected Files?
15th March, 2017 | Security Intuition Series
In our previous article, we discussed the increased focus of cyber-criminals on targeting the Apple Mac platform. A recent example of this is Proton RAT, a Remote Access Trojan that was reported by security researchers at Sixgill.
We also discussed the tendency for files to accumulate on your Mac over time, along with some common folders where this accumulation occurs, such as your Downloads folder.
Know your Cloud File Storage - Sync Folders
1st March, 2017 | Security Intuition Series
There are many companies now offering cloud file storage services, most of which will give you a certain amount of initial storage for free. They are a convenient way to store, access and share your files from anywhere you might be.
In this article, we looked at a couple of cloud file storage services:
- Google Drive(v1.32.4066.7445)
- Apple iCloud Drive(El Capitan v10.11.6)
- Microsoft OneDrive(v17.3.6783)
These vendors will usually provide a web based portal that allows you to access your files, along with a sync app that you can install onto your Mac, that makes it easier to move files between your Mac and the Cloud.
Are your Mac Files being Neglected?
26th February, 2017 | Security Intuition Series
From a security perspective, when compared with Windows, the Mac OS platform has enjoyed many years of relative peace.
As the Mac platform has grown more prevalent over the years, Apple has worked increasingly with the security community and it's customers to address a majority of security problems proactively through operating system updates, and architectural changes.
As a result, cyber-criminals have historically stayed away from developing for the Mac platform, not just because of Apple's ability to address security issues relatively quickly, but also due to the need for these criminals to develop new skill sets.
Using Panwrypter to Protect your Teams Sensitive Files During Travel
20th February, 2017 | How To Series
You and your team may travel as part of conducting business with regional offices and customers. During travel, you may habitually choose to store sensitive files on your notebook, or on a removable or thumb drive. Using this approach vs. cloud storage might give you some peace of mind that the sensitive information is physically with you at all times.
During travel however, when your carry-on or checked-in luggage is not with you, this information might be vulnerable to unauthorized access. For instance if you place your carry-on backpack in an overhead bin on the plane, and it is out of your sight, it might be possible for others to access your baggage, and gain access to your files during flight. Similarly, your checked-in luggage is vulnerable to interception while it is not under your control.
Using Panwrypter to Safely Use Online File Storage
18th February, 2017 | How To Series
This is the first in a series on tutorials on how to use Panwrypter to protect your files from unauthorized access in different scenarios.
Online or Cloud File Storage is a convenient way to store, access and share your files from anywhere you might be. Yet, this type of storage might not be suitable for all types of files and information. For instance, it is a convenient way to store and share photographs of a recent work-related event with others, but when it comes to more confidential files, such as personal documents and information, you may not feel as comfortable to use these types of services.
17th February, 2017 | Product Release
Panwrypter is a unique App that gives you back control over how to properly protect your files and personal information from unauthorized access, using methods that are simpler, yet far more effective in the long term than today's encryption techniques, which are prone to compromise over time.