Google sent a warning yesterday about targeted attacks on Gmail users that use phishing attacks to trick users to login to fake Gmail pages. The attackers thought to be Chinese seem to be targeting US officials that use Gmail (who would have thought they even do!?) and also political activists, journalists and military personnel.
To improve your online security Google recommends taking some steps if you are Gmail or Googlemail user.
1. Enable 2-step verification which uses a second password sent to your mobile phone to be able to login.
2. Use an extra strong password with numbers and characters to improve security. See our post on creating a password.
3. Only login from the from the Google domain and never on a 3rd party site or click a link in an email.
4. Check your account for suspicious forwarding addresses and see if there is anything there that you don’t recognize.
5. If Google detects suspicious activity with your account it will display a red message at the top of the page after you login, be sure to check out these messages and change your password immediately if you see them.
Also you can see below the difference between a fake Google login page and the real one, you need to be careful when logging in. For extra security we recommend the use of a VPN to encrypt your internet traffic also.
Following our post last week about the security of the online storage website Dropbox, they have responded to the claims and the FTC complaint filed against them.
The founder of Dropbox Drew Houston said “I take issue with the allegation that we have somehow lied or misled people for any kind of gain, we never put anything up there that was untrue, and now it’s leading to people think we are not secure.”
He claims that the website is upfront with users on their services, however they have also recently changed their website to word their policies a little different. He also did make a a statement saying that employees of Dropbox do have access to customer files but would only use them when legally required to do so.
Either way we don’t think its safe to store your documents on such sites unless they are encrypted previously to uploading with programs such as TrueCrypt. Do not rely on their encryption.
Last Pass claims to be an online password management software that allows you to store all of your passwords in an application/browser plugin and when you visit a website, this application will verify the site and compare the login to what you have entered in the app and it will fill in the login details for you and log you in automatically. It sounds very friendly, however this type of system has HUGE flaws.
You don’t know who they (LastPass.com) are, its a browser plugin that could easily be hacked and all your your details are stored on their database even though they claim they don’t have access to your passwords, just an encrypted version – do you really want to put your trust in them, epically with what is going on with PlayStation at the moment?
On Tuesday they posted a security notice saying they had found an “anomaly in their network traffic” that they couldnt find the cause for. They reccommend all users change their master password immediately but saying its “unlikley” users passwords were stolen but they dont want to take any chances.
““Because we can’t account for this anomaly either, we’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it’s big enough to have transfered people’s email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn’t remotely enough to have pulled many users encrypted data blobs.”
Using programs such as this puts you at unnecessary risks. If you are looking for a Password Manager we recommend Kee Pass which stores your passwords in a keyfile offline and uses the best and most secure encryption algorithms.
That is an interesting question, no doubt Osama Bin Laden would have been into some interesting stuff. Laptops and other computer equipment was seized when he was killed in Pakistan this week. As hard as it might be to picture the old man hunched in a corner with an old Sony Vaio atop a cardboard box in an old dusty room checking out the latest YouTube clips, reports are that the US has seized computer equipment and hard drives that were found in the compound.
I would bet that he is not computer savvy, but he must have had at least a few computer literate guys around him, after all the Taliban are known for making encryption software such as this program called Mujahideen Secrets that is used to encrypt and decrypt files shared between terrorist networks. So now that the US has all this data, can they really decrypt it all, and will he have secret terrorism plans on his computers or maybe just songs of Justin Bieber…
As much as we hate to rant on about the need for users on the internet to be using a Virtual Private Network to encrypt their data, there is just story after story out there of reasons why everyone should be using a VPN.
This one is a little old, but a worth while read none the less.
In March AT&T, the network service provider in the USA and Canada had a security lapse sending its Facebook traffic through China and then Korea due to a “routing mistake”. The private data was sent to Chinanet, a Chinese network provider, then via Chinanet to SK Broadband in South Korea, then to Facebook instead of directly to the Facebook Servers. Since Facebook does not use SSL or Secure Socket Layer protection, all this traffic was sent unencrypted to China and Korea where it could have been picked up and most probably was given those suspicious Chinese.
Now you may think that this is a one off incident, well you would be wrong. The internet is simply not a safe place. Users concerned about their security and privacy should be using a Virtual Private Network that encrypts the data sent between your computer and the final destination. For more information on this process please view our VPN Page, About VPN page and for a comparative list of VPN Services view our VPN Plan comparative page.
As a follow up to yesterdays post on the secret Apple iPhone tracking fiasco, the below video shows its making it onto some of the main stream media outlets. So far Apple has still not responded. We will post another update when Apple does respond to their secret tracking software on the iPhone 4.0.
An interesting fact for some of you that are not already using a VPN. Search engines such as Google, Bing and Yahoo keep all your search history including keywords, IP addresses, cookies etc. on file for 18 months after you did the initial search. Why do they need to keep this data on file? Well only they really know, but if you are not using a Virtual Private Network to hide your true identity than every search, every page and quite possibly everything you have done on the internet in the past 18 months has been tracked and recorded. Yahoo recently changed its policy from 6 months to 18 months after it changed from 18 months to 6 months a few years back.
It doesn’t stop with the search engines either. Google Analytics tracks every user going to a specific website, what they do on that site, how long they are on it, what pages they visit and when they leave it. It can also pinpoint your location down to a few kilometers as you can see if this screen shot below taken from our Google Analytics of a user in California.
From Google we can see your location, browser, network speed, internet service provider, screen resolution and more!
Alot of this information is also used to target advertisers. Have you ever searched for something like “how to hide my ip address” and then suddenly your seeing ads on several sites directed to that previous search? Yes you guess it right; the search engine has stored this information and is now targeting specific ads based on that search from cookies stored in your browser. You are now on their marketing list.
So how do you stop this type of behavior and stop yourself from being tracked? Simple you just need to do a few things.
1. Get a VPN, this is the most important security feature to surfing online, it will protect you by encrypting your connection and also hide your true identity by hiding your IP address. View a list of the top VPN providers here.
2. Use the private browsing features in Google Chrome, Firefox or Internet Explorer. This will make sure no data, history, cache or cookies are stored on your computer. In Google its called “Incognito Mode” in Firefox its Private Browsing and in Internet Explorer its called InPrivate browsing. If you need help setting them us send us a message on the Internet Security Forum.
3. Not a necessity, but don’t browse the internet when signed into your Google or Yahoo account. Keep 1 browser specifically for browsing the internet and another one for your emails and personal stuff.
Quite a bizarre story for you today, one so outrageous it doesn’t even sound true, however it was posted at the ACLU (American Civil Liberties Union) website earlier this month.
According to a complaint filed against the Michigan State Police, the police are using specialized portable devices to search and extract your personal information, videos, call history, emails and messages etc. on your cell phone during random routine stops on the cities roads. The device the police officers are using is called the UFED Physical Pro which are sold by a company called Cellebrite with a a slogan of “mobile data secured” well not in this case. The device which seems to be made to restore access to phones including a data dump and also recovering the lock and sim passwords does not appear to be made for the purposes of searching private citizens phones but the police are using it for their own purposes in violation of your 4th Amendment rights.
The ACLU has been investigating this case all the way back to 2008 with no success. You can find Information on the ACLU website. Just a thought though, imagine if this hardware and these tactics were used everywhere, including on laptop in airports at road blocks etc, is that a country you would want to live in? Perhaps this is just a trial and its success could see it rolled out in other cities across the USA.
Toshiba has recently announced the upcoming release of a new hard drive called the MKxx61GSYG which comes in sizes up to 640 gigabyte and is able to automatically wipe all data on the drive if it is removed from the paired computer. Simply put, if the drive detects that it has been removed from the host system it will cause either part or all of the drive to become crypto-erased. An interesting feature includes setting custom sections to be erased based on pre defined policies of the hard drive.
Toshiba is trying to push these new drives into devices such as multi-function printers and fax machines that retain images of faxes and printed documents but also said the technology would be very useful to laptop owners to protect their data from being accessed if their computer was to be lost or stolen.
Prices for the new drives have not been set but they are no doubt set to become very popular. Samples of the new drives are being sent out this quarter for testing and reviews. I hope we can see one in actions very soon, stay tuned for a a review of the new Toshiba MKxx61GSYG self erasing hard drive!
For more information on wiping hard drives please visit our Erase Your Data section of the website.
An investigation has just been launched into the leak of 148 students information from York University in the United Kingdom after the sensitive data was published online. The data which includes names, phone numbers and addresses of all the A level students is a serious problem as it can be accessed from the University webpage without the need for any logins, the public has had access to these details.
The university later said it had “taken immediate action to rectify this problem” and had apologized to all those students affected… wow…
It just goes to show, sometimes you can take all the steps necessary to protect your own information, but it can all be in vein if someone else that has your information has no concern for its security.
- Cyber crime and more data breaches in 2011 June 11, 2011Its been a really bad year for companies that have experienced cyber crime or have had serious data breaches. Most recently the Sony Corporation has been in the headlines for failing to properly secure its PlayStation Network which allowed hackers to steal hundreds of millions of users details and possibly credit card information. In April […]
- Is internet privacy impossible? June 10, 2011Internet privacy is becoming more and more of a topic of discussion these last few months as issues with Google, Apple and Sony are in the headlines. Privacy advocates are going as far as saying that privacy does not exist, it can’t exist and on the internet privacy is virtually impossible. In some way they […]
- Google Chrome update fixes 15 bugs June 8, 2011If you are using Google Chrome than you need to update to the latest version as Google as fixed 15 bugs including 5 high severity vulnerabilities. Along with these new bug fixes the new version allows users to delete flash cookies just like they can do with web cookies. Another new feature will prevent the […]
- Internet Privacy Bill rejected in California for the 2nd time June 5, 2011Bill SB242 also known as the internet privacy bill was rejected 19-17 by lawmakers in California for the 2nd time after coming under heavy opposition by those pesky social networking sites such as Twitter and Facebook who want the bill abolished because it will defeat the purpose of their website which is to exploit internet […]
- Gmail users – beware of fake login pages June 3, 2011Google sent a warning yesterday about targeted attacks on Gmail users that use phishing attacks to trick users to login to fake Gmail pages. The attackers thought to be Chinese seem to be targeting US officials that use Gmail (who would have thought they even do!?) and also political activists, journalists and military personnel. To […]
- Hide My Ass VPN launches new website June 3, 2011Hide My Ass VPN, one of the premier virtual private network companies has just released a new version of its website complete with a new blog. They have also 10 more VPN servers to their already large list of available ip addresses to use anonymously. Hide My Ass VPN currently offers 13,000 unique ip addresses […]
- Google Wallet payment system May 30, 2011Google has announced the release of their long awaited new payment system Google Wallet. This revolutionary new payment system allows users to pay at certain stores by swiping their mobile phones instead of their credit cards. The technology is fairly new at the moment so it only works on the Nexus S 4G by Google […]
- Inside Strong VPN – World class VPN services May 27, 2011One of the best Virtual Private Network services around at the moment is Strong VPN which is owned and operated by a Reliablehosting.com, one of the best hosting companies. In business for over 12 years, with 24/7/365 support its easy to see why people go with Strong VPN for their VPN needs. With over 900 […]
- New Private Browsing feature for mobile Firefox users May 22, 2011Mobile phone users with the Android operating system can rejoice today as Firefox releases a new version of its popular mobile web browser that includes the “Do Not Track Privacy Feature” which is already used in its desktop browser. Firefox for Android is currently the only mobile browser that us the do not track feature. […]
- Ant Video Downloader addon for Firefox a privacy concern May 22, 2011If you are a user of Firefox and have the Ant Video Downloader add on installed than we strongly recommend you remove it ASAP. The app which has recently been removed from the Firefox website has been found to be secretly collecting data about every website you visit and combines it into traceable data even […]