Tag Archives | secure encryption software

LastPass possibly compromised by malicious hackers

/ 6 May, 2011 / Computer Security / Permalink

LastPass servers security

One of the most used online password managers, LastPass, winner of numerous IT awards, like PC Magazine editor’s choice and featured in IT podcasts like Security Now, is asking all its users to change their main account password after detecting an abnormal data transfer on their servers.

LastPass has noticed unexplained traffic and it is possible that encrypted data was pulled out from their database, the people who would be at risk in that scenario are those users using a weak password to log in, LastPass encryption algorithm is sound but using an easy to guess password makes it crackable using brute force attack, which consists in quickly trying all of the dictionary words in a matter of hours using specialist password cracking software.

Those using a weak easily guessed masterpassword stand a good chance to be affected, LastPass reccomends all of its users to change their main password account, the amount of data transferred by the hackers appears to be enough to contain the user’s email and salted hashed (encrypted) password.

Is LastPass still secure?

The company is announcing the roll out of a one-way encryption algorithm even stronger than the one they are using, PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds.

I would be concerned about about storing all of your passwords online, whether encrypted or not, breaking into LastPass, or any other online password manager, would mean a profit of millions of dollars for malicious hackers, just imagine what they could get, email accounts, online banking details, credit card numbers (stored in notes), date of birth and names (stored in profile), forum usernames for identity theft, etc.

I would imagine LastPass is pretty high in the list of targets for cybercriminals, my main concern with LastPass it is that like all of the online password managers out there, their PR claims that their servers are extremely secure, but even the USA Government secret services get hacked, I don’t think any server out there is 100% secure if it is connected to the Internet.

My other concern, with online password managers in general, not only LastPass, is that the company will have a personal interest in minimizing the incident, LastPass for example it is not even admitting they have been hacked.

Password security hacker

Password security hacker

I doubt LastPass would come out public with this if they did not believe the chances of someone having hacked their servers were pretty high. Can hackers erase all of their IP traces or is LastPass unwilling to admit they have been hacked for certain? Whichever the case, poor log auditing or a company covering it up, the result it is the same, not trustworthy.

Every time I see a company with its user’s database compromised (Gawker, Sony, Lush, etc), I notice a total lack of transparency, you just have to sit down and trust that the company with a direct economical interest in not making fuss over the incident explains the details of what exactly happened and what security mistakes they did.

You should also be aware that due to all of the people login into LastPass at once to change their password the server could not handle it and it momentarily it blocked some user’s access, a Denial of Service attack locking you out of your password manager is another hazard you are exposed to by using an online password manager.

Online password manager alternative

The obvious LastPass, or any other online password manager, alternative it is an offline password manager, a good choice would be KeePass which is free and open source. By using KeePass you are making sure that you will be in control of you passwords database at all times, if you are a LastPass customer, read the instructions to import LastPass passwords into KeePass.

Other free offline password managers alternative to KeePass are Password Safe and S10 Password Vault.

2 Comments

Very easy to use encryption software Conceal

/ 13 February, 2011 / Encryption Software / Permalink

This free encryption software named Conceal it is very easy to use, to encrypt a file all you have to do is to drag and drop it inside the Window that has a padlock on it, you will then be prompted to enter a password. After that you select the encryption algorithm you wan to use, Fast Encrypt, RC2, AES or TripleDES, the less secure encryption algorithms are quicker but the time difference can possibly be measured in seconds, I would recommend you choose the uncrackable AES encryption cipher.

Encryption software Conceal

Encryption software Conceal

When you want to decrypt  your data, stored using the .xcon file extension, just select the file with the mouse and drag and drop it inside Conceal window that has a key drawn on it, enter the password and you are done. If you want to introduce encryption to someone who doesn’t know anything about computers, Conceal is the ideal program to do that, there are only two Windows to choose from, one to encrypt and the other to decrypt data, they both are descriptive enough looking at the picture they have, no long manuals to read and no need to learn about the inner workings of encryption, Conceal is one of the easiest encryption programs to be found and if you use it with the AES algorithm, the data will be safe.

In case you find it too hard to remember your passwords Conceal will offer you to save them to your hard disk, encrypted, when you want to decrypt the file, point the software to your password file and it will be automatically entered.

Visit Conceal homepage

0 Comments

SpiderOak, online data back up with encryption

/ 27 January, 2011 / Encryption Software / Permalink

Protect against computer adversity backing up your data

When computer disaster strikes you will want to be sure a back up copy of your data exists, forget about trying to recover data from a dead hard disk, drives do not last for ever and the most cost effective and trouble free way to be prepared for when your hard drive dies is by storing a data back up copy, at the very least in weekly intervals.

At the moment the cheapest way to back up an operating system is offline using an external hard disk, the downside is that in case of a fire breaking out it would also destroy your offline data backup, that is why big corporations tend to keep their data backups stored at different buildings, the home user does not have this luxury but we can use online data storage.

With SpiderOak you can backup, synchronize, and share data across all of your computers, there is a free and paid for option, the only difference between them being that in the free option storage space is much lower.

SpiderOak encrypted online data storage

SpiderOak encrypted online data storage

The way I have been using SpiderOak until now is by creating a folder named “online backup” and pointing SpiderOak to upload and synchronize all of the data inside it. The initial backup takes quite a while, particularly if your upload speed is slow, once the initial backup has been done this back up utility runs in the background and automatically syncs any data changes inside that folder, which is much quicker, you can instruct SpiderOak to start automatically when you boot Windows, for what I have seen it runs on very low resources.

Everything uploaded to SpiderOak is done via secure SSL, their servers keep all of the data encrypted with the unbreakable AES256 algorithm, even if someone managed to break into their server they would not be able to read the data. You create the encryption password in your computer, SpiderOak staff never has access to it, if you lose your password there is no way to recover your data, it has been made this way for privacy reasons, if a member of staff went rogue your data would still be safe.

You can share your files stored online with others creating a local “Share room” marking chosen specific files as shared and SpiderOak will give you a link leading to that shared room/folder that can be protected with a password. Now you can send the link to whoever you want and share your files safely, your local “Share room” is automatically synchronized with any changes you make and SpiderOak software works in Windows, MAC and Linux.

There are many online data backup solutions out there but very few of them use encryption and take security as seriously as SpiderOak does, up to the point that no even themselves can access the data they are storing. Being compatible across computers and running on very low resources makes this online backup service is one of the best for security conscientious people.

Visit SpiderOak online backup homepage

0 Comments

Rohos Mini Drive free USB thumbdrive encryption without admin rights

/ 5 January, 2011 / Encryption Software / Permalink

USB thumbdrive freeware encryption software

You could use Truecrypt traveller mode to encrypt your data on a USB stick but in order to use Truecrypt on a computer you will need administration rights and this is not possible in public computers like Internet cafe and libraries. Rohos Mini Drive USB encryptrion doesn’t require administrative privileges to open your password protected USB thumbdrive partition on a guest PC.

Rohos Mini Drive uses on the fly encryption making sure no data is left unencrypted on the guest PC after you have finished viewing it, there is a secure virtual keyboard included to stop key-loggers capturing your password and data is encrypted using AES256 a well known secure algorithm approved by the US Department of Defense to encrypt secret information.

There is a feature called ‘Hide and Encrypt Folder’ that allows to encrypt profile folders of applications like Skype, Google Chrome and Firefox as well as regular PC folders. This feature locks applications data with a password and ciphers the content strong encryption, when your encrypted USB drive is not plugged in to PC the applications will be unable to start.

Rohos Mini Drive encrypted USB thumbdrive

Rohos Mini Drive encrypted USB thumbdrive

This encryption software needs less than 1MB for stand alone installation and creates an encrypted .rdi file where to store your data, it includes Rohos Disk Browser to view and manage your encrypted files, this is very useful as it will help you to avoid using the guest computer Windows explorer and stop you from leaving temporary files behind.

The free version of Roho Mini Drive has a 2GB encrypted partition size limitation, you will need administration rights to preinstall Rohos Mini Drive on the USB flash drive first and after that this secure encrypted USB thumbdrive can be used anywhere without any admin privileges.

The company behind Rohos Mini Drive claims that there is no backdoor whatsoever, if you lose your password, that is it, that also means that nobody can force the company to decrypt data held in your USB thumb drive because they have no way of doing it.

Visit Rohos Mini Drive homepage

0 Comments

Kryptos: Voice encryption mobile phone applet

/ 24 December, 2010 / Mobile Phone / Permalink

Applet to encrypt mobile phone calls

Kryptos is a premium iPhone applet to encrypt your phone calls, the company behind it is planing on launching Kryptos for Android in January 2011 and Kryptos for RIM (Blackberry) in February 2011. This encryption mobile phone applet is very easy to manage and it will provide you with sound secure voice communications for a very reasonable price, Kryptos will work over any network, including 3G, 4G and Wifi.

After the user has downloaded the Kryptos iPhone applet from iTunes on their iPhone he needs to activate the account with Kryptos. Each user receives an individual ID, calls using the Kryptos applet will be secured using peer-to-peer encryption, the initial symmetric encryption keys exchange is made using 1024-RSA and after that calls are routed with AES256 encryption.

Kryptos mobile phone call encryption

Kryptos mobile phone call encryption

There are no backdoors in this encryption applet, your encrypted conversation cannot be decrypted by anyone other than the two parties participating on the Kryptos call session and the company does not keep any logs of the calls made, your phone applet will keep a record of  call logs locally but they can be easily erased.

Visit Kryptos Communications homepage

0 Comments

Review free steganography software SilentEye

/ 12 December, 2010 / Encryption Software / Permalink

What is Steganography?

Steganography, is the science of concealing information in such a way that the existence of the message will only be known to the sender and the recipient, anyone else looking at the message recipient will not suspect there is something hidden inside or it has a meaning, this kind of covert communication is also known as security through obscurity.

Covert communications using Steganography can be traced back to 440 BC when Histiaeus shaved the head of  one of his most trusted messengers and and tattooed a message on it, waiting for his hair to grow back before sending him off to deliver the message.

Computer software implementing steganography, aka stego, often uses encryption as a double safety net so that if the hidden message is ever discovered the opponent will still need a password to decrypt it.

SilentEye steganography review

This crossplatform open source free steganography software available for Windows, MAC and Linux offers a very simple and easy to use interface, SilentEye can hide messages or files inside images or sound files, at the moment restricted to .bmp images and .wav sound files but the developers plan to support data hiding inside .jpg and .mp3 files in their next release.

It is important to understand that the data you hide inside a file must be considerable smaller than the innocuous carrier, there is no perfect science to know the proportion of data that can be hidden inside a carrier, many factors come to play like data compression efficiency.

I normally hide files that take 10% of the space of the carrier file at most, after extensively using steganography to hide text messages inside images, 10%  is what I have found to be the size closer to the limit allowed, you need not to worry about attempting to hide a file too big inside the carrier as the stego software will warn you of this and you will not be able to carry out the operation until the data you want to hide is reduced or you choose a bigger carrier file.

SilentEye allows you to use drag and drop to encode and decode data, the encoding window allows you to choose encoding format, output image’s quality, pixel colours used and other settings. You can type your secret message directly into the program prior to hiding it inside the file or have a .txt or any other file ready and merge it directly with the covert file.

Besides the pretty interface this free steganographic software has a plug-in system to integrate new cryptographic algorithms, sound AES encryption being already available at present time and you can encrypt your data before hiding it.

SilentEye free Steganography software

SilentEye free Steganography software

Conclusion open source stego SilentEye

You can find more advanced steganographic software but few of them are as easy to use as SilentEye is, the best part of this free stego tool is that it is open source and it allows anyone with coding knowledge to write plugins for it. Source code is also available for download and you can compile SilentEye yourself.

I do not think that hiding messages in .bmp and .wav files is good enough as these files are normally huge in size and very little used nowadays and it would suspicious for people to exchange songs as a .wav.

Once the developers release their planned plugins to hide data inside .jpg and .mp3 files, SilentEye will be one of the best and easier to use steganographic tools for people who want to get the job done with a point and click mouse, totally suitable for newbies with little computer knowledge.

Visit SilentEye homepage

0 Comments

Review free encryption software Safetica Personal Edition

/ 19 September, 2010 / Encryption Software / Permalink

Encryption Safetica Personal Edition overview

Safetica Personal Edition is totally free for the home user and it is the best free encryption security suite I have come accross for a long time, with Safetica Personal Edition you get secure encryption implemented with AES256 a well known uncrackable algorithm, a password manager, a data shredder, asymmetric and symmetric encryption, security profiles, security schedules, an archive manager to compress files and much much more, I was really impressed with the amount of security tools that come integrated with this free computer security suite, this is an all around solution that does a perfect job at securing your data.

Safetica also has paid for versions of its software for commercial enterprises that allow for the use of parental control, staff monitoring and other business utilities that will be of little use for the home user. Safetica Personal Edition has all a home user needs to achieve a good level of computer privacy, I found it suitable for PC novices as well as crytpogeeks and advanced users.

Although basic, Safetica Personal Edition also includes an archive manager for .zip and other compressed files, you do not need to install any other special application to manage them.

Safetica claims their free encryption program has no backdoor, you can sleep safe and sound knowing that nobody will be able to access your encrypted personal data unless you give them the password.

Safetica will award $200.000 to anyone breaking their encryption

Many companies claim their product is unbreakable but very few of them put their money where their mouth is, Cosect, the makers of Safetica, are running a competition for one year, expiring in mid 2011, if you manage to break one of their encrypted files they will reward you with $200.000, full details on their website.

Safetica RSA encryption key creation

Safetica RSA encryption key creation

Creating and encrypted virtual drive, NTFS or FAT32 filesystem?

When you create an encrypted virtual drive in Safetica you are given the choice of formatting it with NTFS or FAT32, the choice of a file system matters if you intend to use advanced file properties that are available in Windows 2000 and later.

The FAT32 file system usage is limited by the length of  filenames and when copying files, it has a maximum file size of 4GB in size, you will not be able to copy a file bigger than 4GB to a FAT32 formatted disk. Most USB thumbdrives normally come formatted with FAT32 in order to interact with the maximum number of operating systems.

Unless you are using an old version of Windows that needs FAT32, you will be better off formatting the virtual  encrypted drive, and any hard drive, with the NTFS file system which has a theoretical maxium file size of 16 Terabytes.

Safetica encryption wizard profile

Safetica encryption wizard profile

Encryption Safetica Personal Edition good stuff

Very nice clean layout with easy navigation through tabs, possibility to encrypt single files allowing for lots of advanced choices in the process, from encryption with public key to creating a self extracting .exe encrypted files and data shredding scheduling.

Easy set up Wizard with Basic, Safe and Paranoid security profiles, the Safe profile is the one I used, it uses the AES cipher, it will not cache the passphrase and sets up the data wiping utility to overwrite all files seven times.  The Paranoid security profile uses the Serpent cipher for encryption and data shredding is set at 35 passes, regular password changes are also enforced.

You can create a security key to recover your encrypted data, this process will take some minutes to create an RSA Private key (with extension .privkey), you can set up this masterkey to have an expiration date from 1 year to 10 years.

If you attempt to copy text from a password field to the clipboard Safetica will stop you from doing so and you will get a warning, this is a good security measure that stops lazy users from copying and pasting their encryption passphrase around Windows.

The encrypted virtual drives (they use a .dco extension) can be accessed via password or with an encryption key, your choice. Safetica encryption software manual is very complete with easy to understand explanations and screenshots, there are daily security tips that come up when you start the software.

Safetica Personal Edition comes with an integrated password manager using AES-Rijndael256 for encryption and a decent file shredder that can be scheduled. The data wiper can also delete temporary files, browser history and recent documents history.

The password manager can work with public encryption keys, it includes a password strength analyzer, it has highly customizable features as well as a very advanced password generator.

Safetica encryption suite supports the Czech, English,French,German,Spanish,Polish,Portuguese andRussian languages and their interface can easily by switched to one of them. Safetica Personal Edition also supports encryption of RAID disks, physical external hard disks and encryption of USB thumbdrives, from where you can run applications like a portable internet browser to avoid leaving internet surfing tracks in your operating system.

Safetica encrypted virtual disk

Safetica encrypted virtual disk

Encryption Safetica Personal Edition bad stuff

Their bigger downfall has to be that there is no full disk encryption available, Safetica will create virtual encrypted drivers but the operating system itself remains unencrypted and a computer forensics expert will still be able to retrieve some personal data from your operating system, although not much, the developers claim to be looking into this for next releases.

The file shredder to erase temporary files can be scheduled to run at logon but the most obvious option, which would be to run it after logging off is not available, it makes much more sense to me to destroy all of your temporary files when you have just finished working with your computer than not the day after when you login.

Creation of encrypted disks using the Safe profile will choose AES256 cipher for encryption and SHA256 for password hashing by default, Safetica user manual names the Blowfish448, Mars448,Twofish256 and CAST6 cipher algorithms too but this is hard to find, it took me a while to find out how to change the default encryption algorithm.

Their encryption software only works in Windows and you get the occasional nagging screen when you start Safetica Personal Edition inviting you to upgrade to the business edition or make a donation to the encryption software developers.

Encryption Safetica Personal Edition conclusion

This computer security suite is ideal to encrypt all of your internet pornography, banking details and family photos, it is a great free all-round computer security suite to stop identity theft and noisy people looking at what confidential data you have stored in your hard disk. Safetica encryption is safe and sound, highly customizable, you get a password manager and file shredder integrated, this free computer software should fulfil most of your security and privacy needs.

Visit Safetica to download this free encryption suite

0 Comments

Review free encryption software: File Encryption 2.1

/ 14 September, 2010 / Encryption Software / Permalink

Not the most original of the names, File Encryption is an open source program using symmetric encryption to make sure your files are safe from prying eyes, and best of all it is free.

File Encryption also allows for full encryption of the data contained inside a directory, but not the directory itself, this is called “Enable encrypting entire directories” inside “Settings” and it is not enabled by default. The name is highly misleading because the folder never gets encrypted, it is only the data inside which does, creating an encrypted file for each one of the files you have.

You can password protect the encryption software too, if you are sharing computer nobody will be able to open the encryption software without your password but I fail to see how that helps much, anyone can download it off the internet for free.

File Encryption good stuff

This security software is free and open source and it includes an amazing number of encryption algorithms to choose from. You can encrypt your files with Blowfish 448, Twofish 256, Cast 256,Ice 64, Mars 1248, Tea 128, Serpent 256, AES256 and many more.

Encrypted files are given the extension .enc and coloured red in the navigation panel, this makes them to stand out, hidden files are also showed. This encryption software also includes a basic file shredding utility and allows for automatic deletion of the data once encrypted.

Files can be marked as hidden after encryption, one of the best features, files marked as hidden can not be seen in the computer unless it is with specialist computer forensics software and will fool Joe Doe. File Encryption navigation panel shows all of the hidden files making it easy for you to see your hidden encrypted data.

File Encryption software

File Encryption software

File Encryption bad stuff

The help file is only available online and it is very poor, with very ambigous information no specifics or screenshots at all are included in File Encryption online help “manual”, if it can be called that.

All of the decrypted files are created with the extension .dec if you decrypt a picture you will find this is created as name.jpg.dec making it impossible to open until you manually change the .dec extension to .jpg

There is no password strength indicator, nothing tells you if the password you are using is weak or strong. File Encryption is a Windows only software.

Conclusion review File Encryption

I was pretty dissapointed that this security software only works for encryption of single files and that the navigation panel is archaic, you need quite a few clicks to get to your file.

My biggest problem was that every single decrypted file was presented to me with the .dec extension and I had to manually change it to the original file extension in order to view it.

File Encryption usability and help manual need to improve a lot, I think you can find better free encryption software than this one.

I only found two reasons why someone might want to use File Encryption over something else: the wide selection of encryption algorithms available and being able to hide the files in Windows after they are encrypted.

I got an overall feeling of a very basic encryption program, my main concern was not with security, it was with usability and the lack of a proper help manual.

Visit File Encryption Website

0 Comments

Free easy to use encryption software R-Crypto

/ 1 September, 2010 / Encryption Software / Permalink

R-Crypto Data Security and disk encryption software will help you hide all of your internet pornography, financial details and other sensitive data from prying eyes. This free encryption software will create an encrypted virtual disk only visible after you enter the appropiate password, inside that encrypted disk you will be able to store anything you like and after closing it,  the encrypted data will remain unaccessible for anyone without the right password.

R-Crypto encrypts data using the cryptographic infrastructure of the Microsoft operating system, this can include Microsoft AES crypto provider with key lengths of 128, 192 and 256 bits, for the password it will use the well known uncrackable Secure Hash Algorithm SHA-512. It can also use the Data Encryption Standard DES, or 3DES but it is highly reccomended to stick to AES as DES is not a safe encryption algorithm anymore.

R-Crypto constitutes a robust and safe encryption program with no backdoors, best of all R-Crypto is completely free of charge. If you want to hide your internet pornography from your wife and others, R-Crypto will be very useful and it is easy to use for beginners.

With R-Crypto you will have access to your encrypted disk control with an easy to use wizard that will guide you through the creation of the encrypted disk and it will also allow to change the size of the encrypted disk easily and it has many more features like being able to wipe the encrypted hard disk to make sure this is irrecoverable.

R-Crypto Data Security screenshot

R-Crypto Data Security screenshot

Because R-Crypto uses Microsoft cryptographic infrastructure, it is ideal for companies that require certification for such products to meet certain governmental or corporate standards, as well as individual users with high security and privacy needs.

Visit R-Crypto free data encryption software

0 Comments