Archive for the 'Encryption' Category

Asymmetric Warfare & Business Continuity

Published on June 16, 2011 in Business Continuity, Communication, Encryption, Espionage, Industrial Espionage, Intellectual Property Rights, Intelligence Services, Privacy and Risk Management. 0 Comments

In a previous article, I wrote about a system that created a single point of failure. In a strategic sense, computers and IT as a whole have become a single point of failure in both government and industry.

Chinese military leaders call automation the great equalizer, since its enemies heavily depend upon computers. An effective attack upon their enemy’s IT infrastructure provides an immediate and disproportionate impact which is the core concept of asymmetric warfare.

This asymmetry benefits the attacker, regardless of his motives or methods.

This Message Will Self-Destruct

Published on September 6, 2010 in Communication, Encryption, Security and Web Worker. 0 Comments Tags: , , , .

This Message Will Self-Destruct offers the ability to send an encrypted email-like message to another person either with or without a password.  As a reassurance that your message is secure, it’s never stored with TMWSD.  The optional password salts the encryption key for even more security.

Once you have entered your message and clicked on  SAVE THIS MESSAGE, you will be given a URL to pass on to the recipient.  When the intended recipient reads your message (with or without the password you may have given them) the encrypted message is deleted forever. If you lose the password your message is also lost!

Dropbox

Published on August 28, 2010 in Encryption and Web Worker. 2 Comments Tags: , .

Dropbox allows you to work on and synchronise documents from many computers. However, it does have a significant security weakness. Continue reading ‘Dropbox’

Secret Squirrel

Published on August 27, 2010 in Communication, Encryption, Privacy, Surveillance and Web Worker. 0 Comments Tags: , , , , , , .

Concealing one’s activities on the Web is something every Investigator should understand.  You should understand this for your own use and to understand how these techniques may deny you needed information.  Yet using these techniques may also target you as an undesirable in some circumstances.

The following are methods used to obscure Internet traffic and avoid IP blacklists  and content filters.

Continue reading ‘Secret Squirrel’

COMSEC

Published on May 12, 2010 in Communication, Encryption and Security. 2 Comments Tags: , , .

Thou shalt not be afraid for the terror by night; nor for the arrow that flieth by day; Nor for the pestilence that walketh in darkness; nor for the destruction that wasteth at noonday. (Psa 91:6)

I don’t think they were talking about Communication Security (COMSEC) when they wrote that Psalm, but good COMSEC helps avoid terrors that come in the night.

Zfone for VOIP

Zfone  appears to be the lowest cost solution for robust VOIP encryption that you control.

Skype

Calls made over Skype are encrypted by 256-bit long Skype encryption keys are a length that at least in theory, would take a literal eternity to crack. But you don’t have control over the encryption, Skype does.

Oldstyle COMSEC

To avoid an electronic trail, hard copy letters that are distributed via snail mail in a circular rotation might work– these are known as circular letters.  Each letter is given a number, and each addenda that is added is given a letter. Subsequent letters can reference the content of earlier ones, for example, “as mentioned in Letter 2-A”, etc., etc..

This can be modified to include an emailed file that is encrypted and the message sending it digitally signed by each person.  Using nearly anonymous email accounts accessed through TOR would make this very secure.

VoIP Encryption

Published on March 20, 2008 in Communication, Encryption and The Investigator's Computer. 1 Comment Tags: , , .

In 1991, Philip Zimmermann developed an encryption technology known as Pretty Good Privacy. Zimmermann, the CEO of PGP Corp., created ZRTP, a technology for encrypting Internet telephone calls. PGP Corp. has just released Zfone, which is ZRTP-enabled Voice over Internet Protocol (VoIP) software that prevents Internet telephone call wiretapping.

Forbes.com spoke with Zimmermann about why his company created Zfone which he offers to the public for free. The article is interesting because Zimmermann points-out the intelligence value of traffic analysis, which I mentioned in a previous article. Zfone makes it nearly impossible to eavesdrop on a conversation, but it does not prevent an intelligence service or police service from conducting traffic analysis.

VON Magazine also interviewed Zimmermann in its January 2007 edition about issues surrounding wiretapping and VoIP.

World’s Most Secure Hard Drive

Published on March 12, 2007 in Encryption, Identity Theft, Privacy, Security and The Investigator's Computer. 0 Comments

Two years after Seagate announced the world’s most secure hard drive, the 2.5 inch Momentus 5400 FDE.2 (full disk encryption) hard drive will go on sale at the end of March in a laptop from ASI Computer Technologies. The on-the-fly encryption is integrated into the drive.

Information Security is a Roll of the Dice Away

Published on March 6, 2007 in Communication, Encryption, Espionage, Industrial Espionage, Intellectual Property Rights, Privacy, Security and The Investigator's Computer. 0 Comments

A friend who works for a very security conscious government organization surprised me when he asked why I had a plastic cup on my desk containing half a dozen dice cubes. Everybody knows why you keep dice at your desk, don’t they?

Passwords were the cornerstone of data security. It doesn’t matter if you are signing onto the company LAN, starting your laptop, or receiving email, passwords were required to keep out the thieves and brigands. Well today passwords are obsolete! Today you need a passphrase! Continue reading ‘Information Security is a Roll of the Dice Away’

Report Passwords

Published on March 3, 2007 in Encryption, Industrial Espionage, Intellectual Property Rights, Private Investigator, Security and The Investigator's Computer. 0 Comments

Have you ever sent an important report out to be copied and bound?

How Investigators and Consultants handle deliverables after the final editing may affect the security of the entire job. Yet they often give the product of their genius to some unknown person for copying and binding, then leave to have lunch. We have all seen this.

Another version of this slipshod security practice is emailing unsecured reports. Or unwarranted reliance on the passwords in Word or PDF files to protect the contents.

Anybody who thinks that file passwords are completely secure should look at this Google Directory for Password Recovery software or this one for PDF Password Crackers. All password systems have weaknesses that can be exploited under some circumstances. Security comes from minimizing the exposure of the password-protected report files to circumstances that could lead to unauthorized access. Knowing the weaknesses of the password system and experience with the tools used to break it form your best defence.

Steganography

Published on February 28, 2007 in Encryption, Intellectual Property Rights, Methods, Private Investigator, Report Writing and The Investigator's Computer. 0 Comments

The word “Steganography” is from the Greek meaning “covered, or hidden writing”. Generally, a steganographic message will appear to be something else: a picture, a report, or some other document. The advantage of steganography over cryptography alone is that messages do not attract attention to themselves. A visible coded message, no matter how unbreakable, will arouse suspicion.

A steganographic message in plaintext is first encrypted, and then a covertext is modified to contain the encrypted message. The recipient can recover and decrypt it if he knows the techniques used to conceal and encrypt the hidden message.

Stories of terrorists using steganographic messages began with USA Today articles written by Jack Kelley, who was fired in 2004 for fabricated stories and inventing sources. Private Investigators have far more mundane uses for steganography.

Steganography is used for “Watermarking” which has taken on a new importance in the digital era. Digital images, video, and text, are all easily copied and illegally distributed. By embedding identifying information in a file, steganography software enables Investigators to control the distribution of, and to verify ownership of their digital information. It essentially conceals copyright and distribution information within digital information. One easy-to-use program for this purpose is wbStego.

However, beware that the more important the steganographic message, the more likely someone will try to remove it. StirMark and other software may remove copyright information from files.

Hardware-based Encrytion

Published on November 23, 2006 in Encryption. 0 Comments

It seems that truly usable hardware encryption is beginning to emerge as a practical data safeguard. Seagate DriveTrust Technology integrates encryption into the drive itself by using the unaddressable part of the drive to store the encryption keys, unlike software encryption where you have keys floating around the OS.

This certainly makes laptops more secure, but data recovery will be much more complicated if the drive becomes damaged. However, it seems that hardware encrypted laptop drives will become common in a couple years with a large manufacturer like Seagate committed to the technology.

Information Security is a Roll of the Dice Away

Published on August 4, 2006 in Encryption. 0 Comments

A friend who works for a very security conscious organization surprised me when he asked why I had a plastic cup on my desk containing half a dozen dice cubes. Everybody knows why you keep dice at your desk, don’t they?

Continue reading ‘Information Security is a Roll of the Dice Away’