Category Archives: Security

BitTorrent Sync Pro

I have been using BitTorrent Sync Pro for the past three months, using it to transfer my important files from my desktop to my laptop and phone.  I really enjoy using BitTorrent Sync Pro compared to other file syncing and cloud storage programs.  You can sync a lot more data than any other competitor, the only limit is how much hard drive space you have.   This is because your data is sent from one device to the next, it never touches a third-party server.  This is an advantages but at the same time a disadvantage.  The advantage being you never have to worry about someone else being able to get access to your data.  The disadvantage is that unless one of your devices is offsite, then you may be at risk for physical damage.  BitTorrent Sync Pro is also a lot faster than its competitors, I can add a file to the sync folder and it a few seconds later it will appear on my laptop.


BitTorrent Sync Pro is a great way to sync your files across your devices or sending data to friends and family.  It is not the most user-friendly of the solutions out there, compared to its competition.   Besides a spares GUI, and your data never residing on a third party server.  There are not many reasons not to buy BitTorrent Sync Pro.  For me, I am loving it and I hardly notice that it is a service provided to me I could easily believe it was built into Windows.

A Truecrypt vulnerability

For many users who love security, the shutdown of Truecrypt was a big surprise.  One of the major reasons that users of Truecrypt were so surprised  was because the developers left the users in the dark.  No one knew what happened, why they shutdown, all we were told was that it is no longer recommended to use Truecrypt by the developers.  The shutdown of Truecrypt occurred during a crowdfunded audit to make sure it is safe to use.  The audit did not find anything, but in more recent times a security issue has been discovered.  The issue that the audit missed was that anyone with a user account could get access to higher level privileges in the system.  This issue has been fixed in the forks of Truecrypt such as Veracrypt, so you are safe to all current knowledge if you use Veracrypt.


Could this be the reason that the Truecrypt developers decided to shut down the project?  There are countless rumors and ideas that are floating around the web, each one getting us no where.  But this recent discovery is another clue in why they shutdown.

 

 

How to change your Protonmail theme

Step by Step

  1. Open your Protonmail account in your web browser, your Protonmail web-interface will appear
  2. Click “Settings” in your Protonmail web-interface
  3. Click the “Theme” button, by default a blank text field will appear
  4. Copy everything between BEGIN and END of the css code above, i.e. from this file cohibaSIGNUMws_min.css
  5. Paste the copied text into the blank text field
  6. Click the “Save” button below the text field

Currently there are two themes that I know of.  But I am sure that someone can create their own.

whitesands theme

A child theme of white sands 

Also there has been a pretty large update to Protonmail; for the release notes check out this page.

Whiteout Update

A while back I wrote an article about Whiteout mail, a secure end to end email service that uses pgp to keep your messages secure.  When I wrote about Whiteout, they were in a closed beta test.  Now they are open anyone, go to their website to register.  They are also running a Kickstarter funding project to help them finish their project.  The funds from the Kickstarter project will be used to tidy up the project and further develop the project.  I really liked using the Whiteout app, I did not have to create a new account, I just logged into my Gmail account through their app.  With Whiteout you can use your normal email with extra security that is incredibly strong.  I love all security related projects and love seeing what people create to solve problems in the world.  One of the biggest problems in today’s world is insecure communications, and Whiteout does a great job of solving that issue.  Unfortunately their first attempt at running a crowdfunding project did not succeed hopefully it can a second time around.

Facebook adds PGP support

Facebook not lets you receive encrypted email messages, just add your PGP key to your Facebook profile.  This is a good step in the right direction for making the internet a more secure place.  But my main concern is not many people use PGP, so I doubt that a lot of people will make use of this feature.  Of all the people I have met, one or two people have given PGP a go and they do not use apart from the occasional encrypted message.

https://www.facebook.com/notes/protectingthegraph/securingemailcommunicationsfromfacebook/1611941762379302“>Link to Facebook Post

Bitsim

What is it?

Bitsim is a secure token that lets any mobile phone become a Bitcoin wallet.  The chip goes in the same slot that the sim card goes in, you can use your phone like normal because it leaves room for the sim card.  Bitsim has a huge amount of potential, “There are over 7 Billion SIMs out there in the world that we can address with BitSIM, the opportunity is huge.” (Bitsim).

My Thoughts

As always when I see a new piece of Bitcoin tech, I immediately want to get one to mess around with it.  A small secure chip such as Bitsim can help spread Bitcoin all over because it lets any phone with  a sim port become a wallet.  Just insert the chip, there are no cables or adapters needed, so you can leave it in and never have to worry about it.  This makes using Bitcoin extremely easy because when you have your phone your Bitcoin wallet is with you, all while being super secure.  With Bitsim you phone becomes an ultra secure Bitcoin wallet.

 

VeraCrypt

A while back Truecrypt shutdown for no apparent reason, there are several theories on why it did.  You can still download a limited copy of Truecrypt, to prevent people from becoming locked out.  You can still use the TrueCrypt 7.1a copy, but there are no updates being made to it and it is somewhat strange that they shutdown out of the blue (TrueCrypt did undergo an audit and passed without any major problems).  For these who are looking to use an encryption program that offers similar features as Truecrypt and has no back doors (that haven’t been discovered), VeraCrypt is a great alternative.  VeraCrypt is a fork of Truecrypt, and it is based of the same code.  VeraCrypt has taken the TrueCrypt code, and fixed several problems and added more features.  Essentially VeraCrypt is the same software, but different developers and more support (as it is still under development).  Note that VeraCrypt has not undergone an audit and for all we know it could be some government agency plot to weaken security standards.  Overall I like VeraCrypt and look forward to using it to keep classified files safe and secure.  (For these still interested in using Truecrypt, you can download the fully functional file here, make sure to verify what you download with the hashes).

Software Wallets with Trezor (Electrum)

You do not have to use myTrezor with your Trezor hardware wallet.  At the moment, there are a handful of wallets  you can use with your Trezor.  The software wallets that work well to an extent are Electrum 2.0, Multibit HD and Greenaddress.it.  There are other software wallets that are planning to support Trezor such as Armory and Bitpay’s Copay.

Electrum

Electrum happens to be my wallet of choice because it has a lot of features.  One of the most important feature Electrum has in my opinion is the ability to use  a passphrase with Trezor.  Using a passphrase can be risky, because if you forget your passphrase then you lose all your bitcoins, there is no to get them back.  Using Trezor with software wallets is quite easy, easier in my opinion than setting up a new software wallet as the Trezor holds all the important “stuff”.

New_Wallet_2015-03-16_16-21-24

Initialize the creation of a new wallet

Electrum__-__Trezor_2015-03-16_16-21-45

Select the type of wallet

Electrum__-__Trezor_2015-03-16_16-21-50

Choose Trezor and Electrum will close, once you reopen it you should be able to use your Trezor with Electrum.  Give Electrum a little time to sync up and you are good to go.

 

 

Tutanota

Tutanota is another secure email service, that makes end to end encryption easy.  One thing that stood out before I even made an account was that they published all their code on Github.  What is nice about this is that anyone with the right skill can check the code and make sure it is secure and safe to use.  Using Tuanota is quite straight forward, you register like any other email service.  Then log in and your good to go and communicate securely.  The majority of your information is encrypted, the only information that is not is the sender, recipient and date (which they are working on encrypting).  Your emails are encrypted  before they are sent to Tutanota‘s servers with AES 128 bit and RSA 2048.  Another added bonus is that they strip your IP address from the email so that your location will remain hidden (they do not log IP addresses unless there is abuse to the system).  Have more questions?  Check out Tutanota‘s FAQ page here.


Tutanota ‘s approach to secure email is great!  They have made all the code open source and public, allowing for anyone to review and check it.  The team behind Tutanota has awesome ethics, “My aim is to fight mass surveillance. I write code to fight for our human right to privacy…”  – Matthias (one of the developers).  The ideas that Tutanota support is what really caused me to like them.  There multiple services that offer secure and private email, Tutanota’s team adds a more personal element that draws me in.  Special thanks to a reader who told me about Tutanota.

 

Tails Now Comes with a Bitcoin Wallet

For these of you who don’t know what Tails is, it’s considered the most secure operating system.  So secure that the NSA consider it a threat and Edward Snowden used it to protect his identity.  It is a Linux distro designed with security and privacy in mind.  It comes with many security/privacy related tools (see link here) that are extremely helpful in communicating securely and browsing the web anonymously.  It leaves no trace on a computer that it boots from, so the majority of the computers out there can run it.  Tails having  a bitcoin wallet makes the computer world a lot more secure, as now you can store bitcoin in a saver environment and use it on any computer without worrying about security.  Tails has to be one of my favorite Linux distros because you can use it to be super secure and safe, or have a portable secure computer that boots from a USB stick.