Tag: Computer Security

The SQRL and the One Time Login (OTL).

Paul

VPN4ALL : Use Coupon code “savenow15” and get 15% off the lifetime of your account!Secured QRL Codes!

You probably are wondering about this.   I heard it from Steve Gibson and he calls it “squirrel” Code.  It basically helps those who are worried about security and privacy.   I just didn’t want to forget to talk about this myself.  Ever since I heard the podcast entitled “SQRL Episode 424”,  my mind has been trying to get a handle of the whole thing. 

What most people don’t know and haven’t yet figure out is how useful a QR Code is.   I did not think of this solution and would of laughed if I did.  It is really simple, but yet from what I have heard and understand it could be a game changer in the next few months.  I just have a few things that I must be fixed and standardized.   I wanted to share them with you and maybe in the same instants help the community with this problem.

One Time Login “OTL”

Since we are basically logging in every time we use a different QR Code we are only allowing one instance of the login for each time we use a SQRL login.  Thus we will need to limit the time and when we can use that one QR to login.   We also must figure out how we will deal with collision logins.  This is where the site or server sends out the same securely generated long random number to two different users.   This could happen if say we were using this on like Facebook or Twitter.   It is unlikely but possible, unless we disallow it to only be used once and then we get into the ridiculousness of even longer random numbers.   The only thing I can come up with is using the date and time to create the cryptographic challenge.   This would change the it from any two different users from getting the same challenge and thus we would avoid the collision of logins.  

Pretty Good Privacy

The next problem is which encryption key would we want to associate with the smartphone.   I personally think PGP is a good one to start off with and maybe even create the public key that is needed to accomplish this.   The Smartphone in question could be linked in some way to a server with our public key PGP.   I am unsure as to how well this will work but it would allow us to share that key whenever needed.   It may not work but I am thinking we should only use Open Source encryption and thus this is one of the many options.

If the Smartphone is stolen?

This is where PGP can be very useful, we could Revoke the key and tell everyone else this is is no longer trusted and thus we prevent illegal logins to our services.   I’ve heard people do with PGP and thus it should be really easy to implement in SQRL but again, I am not a designer or even ever created things like this so I thought we should at least throw that out and see what people say about it.

Needs to be Available Everyone

It needs to be available on IOS, Android, and even Windows systems.   When this happens it will make it that much easier for this to succeed. 

As you can see I have  these small questions that need to be answer and I even saw some others which I will gladly link to to better help those who may want to explore more into this realm that Steve has started.  

What do you have to say about this and are you curious to see this happen or do you think this will even work.  I may have missed something or do not fully understand it but at least I am wanting this to succeed.   What is your thoughts on this?

Introduction to PGP and Securing your emails!

Paul

Coupon Code “savenow15” and Save 15% on the lifetime of your account!Pretty Good Privacy!

I thought we should talk about PGP and how it can make your emails a little more secure.   I found the terrific podcast thanks to Iyaz Akhar and thought I could at least give you some great video to help you get ready for the next Security Now (Episode 416).  

What is PGP

According to Wikipedia it basically means “Pretty Good Privacy and is a way to encrypt all your emails and in turn decrypt emails from people who you have public-keys with!

Encrypting your Emails can be a little hard for some and others it can be as easy as 1-2-3.  I already talked about a few but in the coming weeks I will talk about it even more.   Because i will have had time to read some of the books that I’ve borrowed from the library:

  • Invitation to Cryptology — Not the best book to read kind of hard to understand because some of it is almost wrong and others parts didn’t explain very well.
  • Cryptography Demystified — I started with Invitation to Cryptology and I must say this one is a whole lot easier.   I have only started the first few pages but it seems to be more understanding that the previous book.
  • Understanding Cryptography: A Textbook for Students and Practitioners — This  is the next book I intend to read but I first have to complete the Cryptography Demystified.  It does look promising but I won’t know more until I delve into this book.
  • Cryptography for Dummies — I must say I am going to read this one last because I believe I have more brain power than it gives me credit for.   I however am not leaving any stone unturned to understand PGP and understand encryption and how Public and private keys work.

I am confidient that after I get the books read and read again, I will understand PGP and encryption a little more better.   I just have to work through some of the books and you should have some Algebra and some math skills to understand some of these book.

Hopefully by the time Security Now talks about PGP I will have an even better understanding of encryption and how it applies to PGP.

If you want to keep your Privacy, look no further!

Paul

 

Privacy and the NSA!

When I first said something about NSA wiretaps the Internet, you probably thought I was joking.   Well, it looks to be a real issue now a days and that is a problem!  So we have heard about the NSA will consider any encryption being at risk, so they will be keeping those encrypted data for later inspections. Privacy is everything in my book and this is a continuing series for those who want to know how to protect their privacy from thief and criminals.   

Programs to protect your Privacy!

There are programs out there to help keep people from snooping on you.   Although it has gotten a lot easier because of Firesheep and most web sites now offer secure connections but not all.  This is where I suggest you use something like VPN4ALL and I’m not saying that because they paid me to say it.   I am saying this because they have become a sponsor for me for the whole year.  I get paid every time someone uses buys a subscription and they are affiliate links!   They’ve given me a free 1 year account and I really am impressed at how well they get around the library restrictions and that they are a OPENVPN provider.  There are others such as SecureVPN and CyberGhost VPN and even ProXPN VPN.  Each one has their merits and I have nothing against any of them.   I just have had a better experience with VPN4ALL and I think you will to.

Streaming Music and Videos

I’m no advocate for people getting around international borders to watch BBC and other such videos but you could if you wanted to and be able to watch Netflix and Hulu from outside the USA.  This is one of the many reasons I like this service because you don’t have to pay for watching a show that is being played over seas.   

Online Activity

Keep your online activity safe from prying eyes and people who are looking to cause trouble.  It isn’t going to be bulletproof but it will at least help with coffee shops and if you use it all the time at home also.   You don’t have to look over your shoulder as much, figuratively, and wonder who is see the insecure connection.

Mobile Devices!

 

Another reason, I love this service is that you can take your Tablet, like my Acer 200 to a free wifi hotspot and not worry because they even have a very good PPTP(Point-to-Point Tunneling Protocol) that allows you to use your device anywhere you may go and keep people from spying on you while you on an un-encrypted free wifi hotspot.   So you can sit back and watch or do what you want and no one will know or see your actions.  You can use this for Mobile Phones also but that is totally your call.   I use it strictly for my Acer 200!

30-day money-back guarantee

Although this has some conditions, and I will be honest with you it is really always a full refund.  You have to have use under 100 megabytes of data or have some other issue that has been document with a support ticket and usually they will refund your money but it is still a better way to go then not to have any privacy or risk your identity from being taken.   You owe it to yourself and others to protect your privacy and identity and give yourself and others peace of mind.  Give VPN4ALL a try and Save 15% with Coupon Code “savenow15”, and I am sure you will be as happy as I am when I’m at a insecure location.  

 

 

Computer Security : How not to get Infected.

Paul

In my [intlink id=”3999″ type=”post”]previous blog post[/intlink] we talked about how the computer would get infected with Malware. Now on this blog post we will discuss how you can prevent most to all of these from ever happening again on your system.

Now let’s face it we are more and more going to be on the internet.   This is almost a necessity for a business or individuals.  You see Businesses have built there product around the internet and that is why it is necessary to be on the internet.

What program not to use to Surf the web

You should consider getting away from Internet Explorer,  I don’t say this lightly.   It may take Microsoft Months to fix a hole in something that involves [intlink id=”2301″ type=”post”]ActiveX or Something like that[/intlink].  We know how Microsoft will only[intlink id=”1951″ type=”post”] push out the really big security holes[/intlink] out of Cycle but keep the minor ones in Cycle.   [intlink id=”2301″ type=”post”]Hackers have jumped on exploits[/intlink] before when it comes Internet Explorer and use them on Black Wednesday, not less than 24 hours after the patches have been released.

Although these examples I showing doesn’t mean that they haven’t been fixed they are showing you how long it takes sometimes to fix them.

What you should use to Surf the web

One of te ways to prevent getting infected is keeping your browser up to date as quickly as possible, and I believe Mozzila Browser which is called FireFox is the answer.   One reason I recommend this to anything else is it is a community based browser and that means there is no waiting for a fix to come out when you know about it they have been working to fix the security hole.

They don’t wait till next month to send out a patch they usually only take a week or two to come up plugging the hole.   So that is why I always recommend to my clients to use FireFox instead of Internet Explorer.

I have 3 Addons that I would recommend along with FireFox, these addons help stop some of the most common ways to exploit your system.   The first one is called NOSCRIPT it is good to prevent scripts from being used on the web or on your system.  The next Addon I would recommend is Bit.ly Preview this is good for any shorten URL that is out there and will show you where it is really going.    It will also work well with Twitter web interface really well and let you know were a url is actually going to easily. Finally the last on I would recommend to my customers is AdBlocker Plus, this one is really good to use for like Facebook or other social sits where there might be a scareware redirect advertisement.  This will prevent some of those Notorious attempts at getting you to click a fake ad.

Also you may want to consider also installing some [intlink id=”2205″ type=”page”]Firewall and Antivirus[/intlink] software to better protect your system from getting a virus in the first place.

On my next post I will talk about some common ways to trick you into installing a virus or scareware on your system. So stay tuned.

[ad#SUPERAntiSpyware]