In 1991, Philip Zimmermann developed an encryption technology known as Pretty Good Privacy. Zimmermann, the CEO of PGP Corp., created ZRTP, a technology for encrypting Internet telephone calls. PGP Corp. has just released Zfone, which is ZRTP-enabled Voice over Internet Protocol (VoIP) software that prevents Internet telephone call wiretapping.
Forbes.com spoke with Zimmermann about why his company created Zfone which he offers to the public for free. The article is interesting because Zimmermann points-out the intelligence value of traffic analysis, which I mentioned in a previous article. Zfone makes it nearly impossible to eavesdrop on a conversation, but it does not prevent an intelligence service or police service from conducting traffic analysis.
VON Magazine also interviewed Zimmermann in its January 2007 edition about issues surrounding wiretapping and VoIP.
Two years after Seagate announced the world’s most secure hard drive, the 2.5 inch Momentus 5400 FDE.2 (full disk encryption) hard drive will go on sale at the end of March in a laptop from ASI Computer Technologies. The on-the-fly encryption is integrated into the drive.
A friend who works for a very security conscious government organization surprised me when he asked why I had a plastic cup on my desk containing half a dozen dice cubes. Everybody knows why you keep dice at your desk, don’t they?
Passwords were the cornerstone of data security. It doesn’t matter if you are signing onto the company LAN, starting your laptop, or receiving email, passwords were required to keep out the thieves and brigands. Well today passwords are obsolete! Today you need a passphrase! Continue reading ‘Information Security is a Roll of the Dice Away’
Have you ever sent an important report out to be copied and bound?
How Investigators and Consultants handle deliverables after the final editing may affect the security of the entire job. Yet they often give the product of their genius to some unknown person for copying and binding, then leave to have lunch. We have all seen this.
Another version of this slipshod security practice is emailing unsecured reports. Or unwarranted reliance on the passwords in Word or PDF files to protect the contents.
Anybody who thinks that file passwords are completely secure should look at this Google Directory for Password Recovery software or this one for PDF Password Crackers. All password systems have weaknesses that can be exploited under some circumstances. Security comes from minimizing the exposure of the password-protected report files to circumstances that could lead to unauthorized access. Knowing the weaknesses of the password system and experience with the tools used to break it form your best defence.
The word “Steganography” is from the Greek meaning “covered, or hidden writing”. Generally, a steganographic message will appear to be something else: a picture, a report, or some other document. The advantage of steganography over cryptography alone is that messages do not attract attention to themselves. A visible coded message, no matter how unbreakable, will arouse suspicion.
A steganographic message in plaintext is first encrypted, and then a covertext is modified to contain the encrypted message. The recipient can recover and decrypt it if he knows the techniques used to conceal and encrypt the hidden message.
Stories of terrorists using steganographic messages began with USA Today articles written by Jack Kelley, who was fired in 2004 for fabricated stories and inventing sources. Private Investigators have far more mundane uses for steganography.
Steganography is used for “Watermarking” which has taken on a new importance in the digital era. Digital images, video, and text, are all easily copied and illegally distributed. By embedding identifying information in a file, steganography software enables Investigators to control the distribution of, and to verify ownership of their digital information. It essentially conceals copyright and distribution information within digital information. One easy-to-use program for this purpose is wbStego.
However, beware that the more important the steganographic message, the more likely someone will try to remove it. StirMark and other software may remove copyright information from files.
It seems that truly usable hardware encryption is beginning to emerge as a practical data safeguard. Seagate DriveTrust Technology integrates encryption into the drive itself by using the unaddressable part of the drive to store the encryption keys, unlike software encryption where you have keys floating around the OS.
This certainly makes laptops more secure, but data recovery will be much more complicated if the drive becomes damaged. However, it seems that hardware encrypted laptop drives will become common in a couple years with a large manufacturer like Seagate committed to the technology.
A friend who works for a very security conscious organization surprised me when he asked why I had a plastic cup on my desk containing half a dozen dice cubes. Everybody knows why you keep dice at your desk, don’t they?
Continue reading ‘Information Security is a Roll of the Dice Away’
