Privacy and Security News and Tips 20160621

There’s no harm in hoping for the best as long as you’re prepared for the worst.Stephen King, Different Seasons

Weekly Tip

With the summer travel season in full swing and the current state of our world it is wise to be prepared for problems,which brings us to a tip I read some time ago and have had in practice since then with minor adjustments for changing technology and environments.

Protecting your Personally Identifiable Information

Think about the contents of your wallet or purse. How many credit and debit cards, id cards, medical information, passports, etc do you have or take w

hen you travel? What happens if you lose them or they are stolen? Do you have medical issues, severe allergies, medical devices? What would you do if you were in a foreign country and had to replace the cards, prove who you are, or needed medical attention after having your wallet or purse stolen? Have you ever thought about making an emergency flash drive to carry your important information securely. I have, and that is today’s tip. To make this drive you will need a few items.

  • A physically small flash drive that is at least 2 GB formatted with exFat for maximum compatibility
  • A copy of VeraCrypt
  • Access to a scanner

The basic layout is as follows.

  1. Format the drive exFat
  2. In the root of the flash drive you will have a text file (MUST BE PLAIN TEXT) with some basic information (name, address, phone, “I AM AN AMERICAN CITIZEN”, “I HAVE INSURANCE”, include emergency contacts also) Title this file EMERGENCY.
  3. A file titled “Medical” that lists your medications, and allergies to drugs, foods, or bugs, as well as your primary care physician’s contact information. This document says “I HAVE HEALTH INSURANCE” at the top of it, so that you don’t run the risk of being denied treatment. If you have traveler’s insurance, put that info in here as well.
  4. A file of “credit card contact info” with details for each card you carry. Use this to quickly cancel your cards if your wallet is lost or stolen. Do not include the CC number, CVV, or expiration date. That data is in the secured partition of the drive.
  5. A scanned image copy or digital photo of your insurance card, front and back.
  6. A web browser. You can get portable versions of Chrome, Firefox, and other browsers that will run directly from the drive—more secure than using a public terminal loaded with who-knows-what snoopware.
  7. Install VeraCrypt and create a portable install on the flash drive
  8. Create an encrypted container on the flash drive approx 1GB in size and make sure to use a memorable but highly secure password
  9. In the container you will have the following items:
    1. Scanned copies of each of your credit and debit cards, front and back. (jpg format)
    1. A file titled “CCNs” that lists the account numbers, expiration dates, and CVVs of your cards as well as the toll-free contact numbers and international collect call numbers for each company. (plain text)
    2. The routing and account number for bank accounts, phone numbers to your local bank’s branch office. Be ready to have money wired or to freeze accounts. (plain text)
    3. Scanned copies or digital photos of your passport, your driver’s license, and at least one other form of state-issued photo identification. (jpg format)

Now that you have this drive, you will need to determine the best means of transport and security for the location and environment. There are drives that are “rugged” and will be fine on their own in most environments, but if you will be in a rainy location you may consider a watertight container. The drive should be on you at all times while traveling and should not be on your keys in case of theft. I carry mine in a “go tube” inside my clothing, but you can wear it as a necklace under your clothes or secure it to the inside of your clothes somehow. The idea is to have it not be subject to a pickpocket or being lost.

Interesting News

Facebook begins tracking non-users around the internet

Stop Facebook From Following You Around the Web

Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records

Web developers, meet WebGazer: software that turns webcams into eye-trackers

If you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.

Privacy and Security News and Tips 20160322

There are two types of encryption: one that will prevent your sister from reading your diary and one that will prevent your government.Bruce Schneier

Weekly Tip

With Apple and the FBI scheduled to testify in court today (since postponed), and the release of iOS 9.3 yesterday, I wanted to talk about encryption.this week. Encryption; its use, weaknesses, and the stigma that gets attached by those that do not understand its intrinsic value is forefront in the news and my mind.

Protecting your Personally Identifiable InformationIt is your right and duty to demand strong, secure, and unbreakable encryption if you are at all interested in protecting your personal information from those out to do you harm. Use the latest and most secure version of your phone and/or tablet’s operating system and make sure to enable encryption. Look for and demand that any online transactions are secure, be it a login, contact form, shopping cart, financial site, etc. If you must send something through email that you want to keep private and secure, make sure to use a secure email system such as Protonmail, ZSentry, PGP, or something else that can be vetted and trusted.

Encryption is at work in our lives everyday, from our banking, email, texting (sometimes), to our medical records, online shopping, and more. There have been times both recent and past where our government has legislated to weaken or disable encryption for a variety of reasons. Weakening export encryption, requiring backdoors, and requesting master keys is detrimental to the security of our everyday lives as well as our rights to privacy.

Interesting News 

Big tech companies want to make email more secure

Symantec warns of serious security holes – in Symantec security kit

McAfee Uses Web Beacons That Can Be Used To Track Users, Serve Advertising

ProtonMail’s encrypted email is now available to all

FTC warns app developers against using audio monitoring software

If you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.

Encryption Explained

From WikiPedia: encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

While the process of encrypting information is nothing new, encryption technologies are a hot topic in IT recently — with good reason. This article hopes to explain the various types of encryption as used regularly by IT pros.

At rest vs. in transit

Data can be encrypted two ways: at rest and in transit.

At rest

Refers to data storage — either in a database, on a disk, or on some other form of media.

Examples of at rest encryption

In transit

Refers to data which is encrypted as it traverses a network — including via web applications, smart phone apps, chats, etc. In-transit basically refers to the point at which the data leaves the storage drive or database until it’s re-saved or delivered to its destination. Protecting information in transit essentially ensures protection from others attempting to snoop or eavesdrop on information as it traverses the network.

Examples of in transit encryption

Please note: employing these two types of encryption safeguards must occur in tandem; it’s not automatic. Data encrypted at rest does not guarantee it remains encrypted as it traverses a network. Conversely, data encrypted “over the wire” does not offer any safeguard that the content remains encrypted after it has reached its destination.

Encryption methods and protocols

The actual process and algorithms by which encryption technologies and software use differ. The current standard specification for encrypting electronic data is the Advanced Encryption Standard (AES). Almost all known attacks against AES’ underlying algorithm are computationally infeasible — in part due to lengthier key sizes (128, 192, or 256 bits). If this argument sounds familiar, see: Passwords and Passphrases.

Symmetric vs. asymmetric key algorithms

Symmetric key algorithms use related, often identical keys to both encrypt and then decrypt information. In practice, this is known mostly as a shared secret — between two or more parties.

Asymmetric key algorithms, however, use different keys to encrypt and decrypt information; one key encrypts (or locks) while the other decrypts (or unlocks). In practice, this is known mostly as a public/private key; the public key can be shared openly, the private key should not. In most cryptographic systems, it is extremely difficult to determine the private key values based on the public key.

How this encryption works

Using public/private keys, the lock/unlock algorithm can go two ways. Alice can encrypt some bit of information with Bob’s public key, and then send it to Bob. Only the holder of Bob’s private key should be able to decrypt and read the message. Conversely, Alice could encrypt some bit of information with her own private key — and while anyone else in the world could read the message, they would have to use Alice’s public key to do so, meaning that the message must have come from Alice.

Common technologies that rely on public key cryptography include TLS/SSL and PGP.

Read more about public key cryptography.

Subscribe to get new posts in your mailbox.

Privacy And Security In Uncertain Times

Recently I was at a conference and the subject of computer and Internet security came up.  That, coupled with all that has been in the news lately, helped me decide to do a series of posts covering some of my general security suggestions.  I will try to make at least one post a week, and will be posting some suggestions on 7th Circle Designs as well.

Topics will include (and will be amended as we go):

Stay tuned for our first post on hard drive encryption.

Subscribe to get new posts in your mailbox.