Sign in with
Sign up | Sign in
Your question

10 Easy-to-Use Security and Privacy Tools

Tags:
  • Security
  • Privacy
Last response: in Antivirus / Security / Privacy
Share
October 1, 2014 11:58:19 AM

These 10 security and privacy tools are both effective and user-friendly.

10 Easy-to-Use Security and Privacy Tools : Read more

More about : easy security privacy tools

October 1, 2014 2:01:39 PM

I'll just add a couple things to this list that I think should get some credit. These aren't the most user-friendly solutions, but are great for those who are a little more experienced.

BitTorrent Bleep is an end-to-end encryption messaging service that also hosts encrypted VOIP calls. It is currently in public Alpha testing, so expect some bugs; however, the software functions quite well for being in the early stages. It's currently available on Windows, Mac OS, and Android. One of the nicest features is there is no registration necessary; you can use the application in "Incognito" mode, and pick a username with no personal information needed.

I've been using Bleep since the day of the public Alpha release (Sept. 17), and there haven't been many notable issues. My only gripe is about their VOIP call quality; the audio sounds like it's over-compressed at times, and one side of the conversation will drop out at random. Then again... this application is still in Alpha testing, so I'm not complaining just yet. Also, according to BitTorrent's blog, "Android users will need to set the app to “Wi-Fi Only” unless you have an unlimited data plan; this is only for the time being while we iron out an issue related to battery and data-plan."

The Blackphone is a nice tool that was released in June, and is running a custom version of Android 4.4.2 known as PrivatOS. It was the love child of GeeksPhone and SilentCircle, which are both security minded companies. The phone is unlocked for all GSM carriers.
m
0
l
October 2, 2014 12:49:34 PM

please remember! the agencies that monitor these services operate procatively. any of these programs could be trojans.
m
0
l
Related resources
October 2, 2014 1:02:26 PM

Do your homework, phil. I've been trying to keep up with all of this stuff for the last few years, and I can confidently say that spy agencies don't need to install trojans under cover of a legit program; they have their ways of spying without all of that hassle. Half of the "secure" means of communication that we use is open to speculation on whether it's secure or not because the NSA is expending a lot of resources on breaking encryption.

Creating a trojan software to trick people is not only a waste of their time, it's a waste of resources; and will hinder them from what they are trying to accomplish with mass surveillance. Not to mention, they pay people to find security flaws in everything that currently exists (breaking software security is easier than creating secure software). They're trying to make everything readable, not trick people into giving them clear text.
m
0
l
October 3, 2014 9:20:41 PM

Assume that a classified data be protected by an encryption key of 256-bit entropy and the program to manage the data storage system be protected by a manager’s password such as P@$$WoRd1234, the chances may well be that the data storage system will have been taken over by the criminals who broke the password rather than those who tried to attack the 256-bit encryption key.

Using a strong password does help a lot even against the attack of cracking the stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.? We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

At the root of the password problem is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
m
0
l
October 3, 2014 10:41:00 PM

The real problem that I have seen with passwords is not the ease of guessing them through brute force attacks; however it's the lack of care that goes into quality passwords, and the ease of obtaining passwords through various tools (ie: key logging, or radio frequency eavesdropping). Numerous attempts at obtaining a more secured method of security have been attempted, but text is so far the only kind that can be done with ease across the board. Using images would be quite difficult for long term uses, as one must retain a particular image for the entire life of the security measure. If the image ever is accidentally modified, becomes corrupted, or is lost due to failed sotrage, then how would one access their restricted content? If you use text as a backup, then it suffers the same security flaw as all text authorisation, and the idea of using images becomes a moot point.

This is why there have been advancements in biometrics, especially in fingerprint security. Unfortunately, it's been proven, consistently, that fingerprint security is far less reliable than text. Recently, there was a headline of using one's "heartbeat" as a means of user authentication. The problem with this? Bluetooth. Well, bluetooth is only one of the problems; there's also device cloning, or capturing a sample of the individual's heartbeat (eavesdropping on BT communications), and then spoofing the heartbeat with a new device. Okay; well, what about RFID chips/tags? That's something that's been hacked endlessly, yet we still use unencrypted RFID everywhere. Do you have a tin foil wallet? I have one...

Security measures that are currently used, or have been considered, tend to suffer from the same problem: nothing is perfect. If someone wants to break that security, they can... somehow. Fortunately, our current high-bit encryption is perfectly fine as it is - at least, that's the speculation, as it's still unknown if the NSA is harbouring a vulnerability in AES encryption, as well as others - but we must remember that the end-user is always going to be the weakest link in a strong chain; like in the case of encryption. The more secure your method is, the less forgiving it has to be. It's a perpetual cycle, and it's going to be a while before we can find a method that won't be cheated by some shmuck with nothing better to do. Eventually, encryption will be crackable with a mobile phone; but until that day comes, that's our best chance.

The only way to stop hackers from doing their thing is to not give them a reason to hack... and that will probably never change.
m
0
l
October 5, 2014 12:37:37 AM

Hi Skyline,

The idea of using pictures for passwords is not new. It has been around for more than two decades but the simple forms of pictorial passwords were not as useful as had been expected. For the UNKNOWN pictures that we manage to remember afresh are still easy to forget or get confused, if not as badly as random alphanumeric characters.

We could, however, make good use of KNOWN images that are associated with our episodic/autobiographic memory. Since these pictures are the least subject to the interference of memory, it enables us to manage dozens of unique strong passwords without reusing the same password across many accounts or carrying around a memo with passwords on it. Furthermore, we no longer need to manage to remember the relations betweens accounts and passwords because each account shows its own picture matrix.

The Expanded Password System is inclusive of textual as well as non-textual passwords. Users can retain the textual passwords as before while they expand their password memory to include the non-textual passwords without being impeded by the cognitive effect of “interference of memory”. It is extremely difficult to imagine the users who would suffer disadvantage or inconvenience by taking up the expanded password system.

Incidentally, biometrics would be fine for physical security but I am not certain for the identity authentication in cyberspace. Whether static or behavioral or electromagnetic, biometrics cannot be claimed to be an alternative to passwords UNTIL it stops relying on a password for self-rescue against the false rejection altogether while retaining the near-zero false acceptance in the real outdoor environment. A dog which depends on a man cannot be an alternative to the man.

Biometrics can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. I would appreciate to hear if someone knows of a biometric product operated by (1). The users of such products must have been notified that, when falsely rejected by the biometric sensor with the devices finally locked, they would have to see the device reset.  It is the same with the biometrics operated without passwords altogether.

Biometric products like Apple's Touch ID are generally operated by (2) so that users can unlock the devices by passwords when falsely rejected by the biometric sensors. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y - xy) is necessarily larger than the vulnerability of a password (y), say, the devices with Touch ID and other biometric sensors are less secure than the devices protected only by a password.

It is very worrying to see so many ICT people being indifferent to the difference between AND/conjunction and OR/disjunction when talking about “using two factors together”.



m
0
l
October 5, 2014 5:21:07 PM

First off, I never said using pictures for passwords was new; I simply said the methods of use are, for the common consumer with no prior training, appear to be quite fallible. As modern society is so set on certain things, like text passwords, it would make things much more difficult to be implemented in a different way. Personally, I'm okay with using text passwords, and I'd rather keep it that way. I don't know of vary many people who are looking to change that; and that's where things start to fall apart. The consumer public has already been trained on one method; and it will be very difficult to implement a brand new method of authentication without having some sort of transitional period where it is extremely unreliable (thanks to consumer laziness).

Since I've never seen an example of the EPS you are talking about, I can't say whether I find it to be a substantial alternative. Searching for a simpler explanation, or an actual example of such a system, yields very little helpful information. Can you explain it in a different way that doesn't seem to be almost a copy/paste of what I can find on a web search? I'm not saying you did just that, but your post reads very close to what I can find elsewhere; and, frankly, it will go over most people's heads. Since this system is not one I'm currently familiar with, I'm not about to start poking around in the dark, without a proper explanation.

As far as biometrics are concerned, I'd like to see a device that is in use with conjunction; as I've not seen it. I understand that the reason Apple's biometric security is a failure due to its method; however, unless something is directly put into use, the idea is only as good as any other idea. I'm sure there are systems out there using such a method, but I'd like to see what methods might be used to circumvent such security measures.

Even still, all of this falls back onto what I've said before- nothing is perfect. Until we make a security system that is perfect, we should always expect the flaws to be heavily exploitable.
m
0
l
!