Category Archives: Privacy

Securing Your Passwords: Chromebook

In previous blog entries, I’ve shared how much I appreciate the wonderful work the free, open source password protection/tracking solution community has done for Keepass. I literally work on Android, GNU/Linux, iOS, and Mac every day (occasionally Windows), and being able to access my passwords across all those platforms is a fantastic!

Visit http://techualization.blogspot.com

Unfortunately, I was finding myself spending a lot of time on a Chromebook, so I needed a quick way to access my passwords via the Chromebook. Since you can’t install Windows/Mac/Linux software on a Chromebook–I’ve installed GNU/Linux OS on Chromebook, but switched back to ChromeOS–I needed something to interface with Keepass.

The solution I ran across is “BrowsePass,” which was developed in 2013 and is still under development. You can install it in any Chrome browser, but it also works fine on Chromebooks (get it as an add-on).

BrowsePass reads KeePass (http://keepass.info) password database file (only version 2). It can open both remote and local files. You’d use BrowsePass when you cannot install or download KeePass locally. BrowsePass runs entirely in your browser, no additional software is needed. BrowsePass DOES NOT support files created with KeePass version 1 (KDB files)!

This solution works great, and I encourage you to give it a try.


View my Flipboard Magazine.


Make Donations via PayPal below:


Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3445626-5’]); _gaq.push([‘_setDomainName’, ‘mguhlin.org’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();

USPS Data Breach and The Irony

No one likes to have their private information spilled across the Web, viewable by anyone with the skill and access to do so. That’s why the Edward Snowden revelations caught us off-guard…it’s like your a creepy uncle was peeping at you through the restroom keyhole. When confronted, he shares, “It may seem strange, but I wanted to make sure little Sammy wasn’t guzzling toilet cleaner fluid. And, you never know when some weirdo will kidnap little kid through the window.” Yeah, that would be a real effective defense, creep.

I can’t help but feel bad for US Postal Service workers, who Monday had to find out the news:

More than 800,000 USPS employees may be affected, including those that work for USPS’ regulator, the Postal Regulatory Commission, as well as for the Postal Inspection Service and the Postal Service Office of Inspector General (OIG), David Partenheimer, manager of media relations with the USPS, told SCMagazine.com in a Monday email correspondence.
The employee information that may have been compromised includes names, addresses, dates of birth, Social Security numbers, beginning and end dates of employment and emergency contact information, according to a release issued on Monday by Partenheimer, which adds that other information may have been affected as well. 

The incident also affected call center data, the release indicated. Customers who made telephone or email inquiries to the Postal Service Customer Care Center between Jan. 1 and Aug. 16 may have had information compromised, including names, addresses, telephone numbers, email addresses and other information. (Read More)

It reminds of the data breach that affected the Texas Teacher Retirement System (TRS) a few years ago, compromising the information of my entire family of teacher–my elderly grandmother, my wife and I. That breach occurred due to negligence on the part of some state official who allowed the confidential information to be posted to a web server, resulting in the cost of identity theft protection for anyone in the TRS.

USPS said Investigation is still going on which is lead by the FBI, and joined by other federal and postal investigatory agencies…. Read More

When I read about data breaches like the U.S. Post Office, I can’t help but be struck by the irony of the United States government objecting to the breach of the USPS by potentially Chinese agents, when the U.S.’s National Security Agency is spying on many others, especially its own citizens. The irony deepens when you consider efforts like this one:

A letter signed by more than 40 organizations representing retailers, restaurants and other businesses – including the National Retail Federation, National Restaurant Association and Food Marketing Institute – was sent to Congressional leaders on Thursday, stating that legislation to address data breaches should cover all entities that handle sensitive information…“Congress should act to standardize reasonable, timely notification of sensitive data breaches whenever and wherever they occur,” according to the letter. (Read More)

Unfortunately, Congress can’t even protect the citizens that elected them into office. I am revolted by the view holes made in our privacy and that threaten liberty. For the sake of our children, our Nation’s legacy of sacrifice and history, let’s commit to making a change. Let’s restore privacy to America, rejecting data breach perpetrators at home and abroad.


View my Flipboard Magazine.


Make Donations via PayPal below:


Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3445626-5’]); _gaq.push([‘_setDomainName’, ‘mguhlin.org’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();

Automating FTP Transfers

If you are a school district, there are times when you have to transfer files securely–often, encrypted–from one location to another. It’s tempting to want to use built-in utilities in popular server operating systems, but you can also take advantage of for-cost solutions like the ones below (in no particular order and no preference/endorsement implied):

MOVEIt – Provides FTP and PGP support

AutoMate

SFTP Plus

GoAnywhere Secure FTP

Some of the features most need include:
  • Automating the transfer of files from one server to another
  • Securing the files with encryption (e.g. GPG/PGP)
  • Verification that files were sent and received
  • Encrypted transfer of files
If this has been a need in your organization, how have you resolved it? While setting up regular FTP on a FOSS server is pretty easy, I have been unsuccessful with SFTP setup. Any tips or advice?
By the way, I have to give a shout-out to GoAnywhere’s Free Open PGP Studio software!


View my Flipboard Magazine.


Make Donations via PayPal below:


Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3445626-5’]); _gaq.push([‘_setDomainName’, ‘mguhlin.org’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();

Sorry, Your Credit Card isn’t Working

“I’m sorry, sir,” said the Bill Miller’s BBQ Restaurant window attendant. “Your card isn’t working and there’s an error that says you need to contact your bank.” Since I had just checked my balance the night before, I knew that there wasn’t anything wrong. Still, I dug for cash and managed to scrape up the $8.39 for my lunch.



Later, when I visited my bank’s web site, I saw notice of the Home Depot breach. Although I make a habit of following data breaches, I didn’t think that I’d been affected. Unfortunately, I’d forgotten that I’d only just visited Home Depot–an extremely rare visit–to pick up something needed for home improvement (to this day, I don’t remember what…it was that quick a visit). My credit card had been cancelled because my account was affected by the breach.

The hackers that got into Home Depot’s computers didn’t only steal 56 million credit card details, the company has recently discovered that they also got away with 53 million email addresses. According to the retailer, no passwords were stolen along with the email ads, but it still wants to warn customers, in case they receive some phishing emails in their inbox. So, if you have Home Depot-loving family or friends who aren’t as tech-savvy, make sure remind them not to click on dubious links sent to their emails and to activate two-factor authentication when available. 

Source: Home Depot Hackers Also Stole… 

In order to protect myself these days, I find myself taking strange steps to try and safeguard my financial data. Those steps include the following:

  1. RFID Protected Wallet: Picking up my first pair of running shoes in 8 years at the store, I bought one of those wallets that protects against a scanner reading your RFID enabled credit card. Of course, I don’t have an RFID credit card on me so this is a moot purchase…I liked the wallet, though!
  2. Monitoring banks and credit cards: After trimming down the number of credit cards my family has, we have also gotten into the habit of monitoring our account balances. It’s a bit of a pain but a necessary one.
  3. Free credit checks: One of my credit card providers is now sending monthly credit check reports to me. I shudder to think what I may have done to deserve this level of attention, but it certainly is helpful to know where I stand and if anything untoward is happening.
  4. Keep a digital, encrypted copy of all my cards that I have in my wallet: With a scanner, it’s easy to capture all the details for your cards and ensure that no one has access to them. It goes without saying that any digital copies of financial details are encrypted and backed up.
  5. Carry and Use one credit card, rather than debit/credit card, for most purchases: In the old days, I would use whatever card was handy…usually my debit/credit card that connected to my bank account. Now, I’m switching to using one credit card that I can better control and won’t affect finances. 
  6. Use a different email for finances than what I do for regular stuff. Although I have a Gmail account, which I use for quite a bit, I have slowly moved my financial management to another email system. And, of course, I have two-step verification enabled on everything.


And, carry as little as possible in case your wallet is mislaid or stolen. What else do you suggest or what are you doing to safeguard your hacked data?



View my Flipboard Magazine.


Make Donations via PayPal below:




Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure


var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3445626-5’]); _gaq.push([‘_setDomainName’, ‘mguhlin.org’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();

Keep Your Stuff Secure

While I subscribe to the idea that we should encrypt all our communications, to be honest, it’s often a pain. I try to encrypt top secret text messages to my family using the cross-platform Telegram app. It’s easy to use, cross-platform, and allows voice messages in a way similar to WhatsApp, which isn’t secure (IMHO).

Image Source: https://www.eff.org/secure-messaging-scorecard

The Electronic Frontier Foundation (EFF) has come out with its Secure Messaging Scorecard and I’m pleased to see some of the apps I’ve recommended to others on there, such as:

  1. Telegram: Fails audited code–they’ve announced a hacking contest, though–and past communications are not secure if your encryption key is stolen. Otherwise, this ranks highly for me as a must-have app. While I have used TextSecure, it’s not available for iOS, which means it’s not an option (you may also want to read this paper on TextSecure via cryptome.org).
  2. Mailvelope: You may recall that this is an easy to use text/messaging encryption tool.

In the future, I hope EFF evaluates file encryption tools. 

Image Source: Minilock.io

My go-to ones right now include the following in order of preference:

  1. AESCrypt.com – Free, open source and available for Mac, Windows, Linux and has an Android encryption tool.
  2. Minilock – From their web site: “miniLock uses your email and secret passphrase to generate a miniLock ID. miniLock IDs are small and easy to share online — anyone can use your ID to encrypt files to you, and you can encrypt files to friends using their miniLock IDs.” It is quite easy to use, even on a Chromebook.
  3. Secret Space Encryptor – This features a java app and works on Android.
While I still use GPG/PGP, I have to admit that safeguarding a private key can be difficult and I much prefer using one of the 3 tools above.

View my Flipboard Magazine.


Make Donations via PayPal below:



Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3445626-5’]); _gaq.push([‘_setDomainName’, ‘mguhlin.org’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();

Book Review: Deadly Odds (Updated 10/4/2014)

Image Source: Wikipedia

In late September, I received an email making me aware of a book entitled, Deadly Odds, by Allen Wyler.

We’re currently raising awareness for our upcoming techno-thriller Deadly Odds by award-winning author Allen Wyler, to be published in October. And to promote its release, I’m contacting you on the off chance that you might be interested in a suspenseful, fast-paced thriller about a young computer genius whose impressive hacking skill gets him involved in a web of international terrorism. If so, we’d love to send you a complimentary advance copy of the book (ebook or print) for a possible review on your site, Around the Corner.

Astor and Blue Bookstore

So, I said, “Sure, why not?” Who wouldn’t like to read a book like that? In a short time, I was emailed a DRM-free ebook (epub, mobi) for review…great!

If you have been following the Edward Snowden leaks, as well as been perturbed by the illegal spying on Americans by the National Security Agency (NSA), or are intrigued by the Darknet, The Onion Router (TOR) to anonymize your browsing, then you’ll find this work of “fiction” to be up your alley! It will probably end up as supplemental reading in some government operative’s booklist to introduce them to the vocabulary of the hidden web.

Terms like “The Hidden Wiki,” “DarkNet” and “DeepWeb”–surprisingly, I didn’t see TAILS–are liberally sprinkled through the text, FBI agents appear befuddled and the NSA is invoked.

Deep Web (also called the Deepnet,[1] Invisible Web,[2] or Hidden Web[3]) is World Wide Web content that is not part of the Surface Web, which is indexed by standard search engines. . .Some prosecutors and government agencies think that the Deep Web is a haven for serious criminality.[4] Source: Wikipedia

Image Source: http://goo.gl/EHTbzA

You’ll be, as I was, thoroughly engaged by the antics of the 23-year old online gambler who has developed a system for making predictions that pay off…he manages to pay off the debt of his mysteriously murdered parents, pays off their debts, but it all goes downhill from the starting gate. A few days of debauchery in Las Vegas strip the protagonist of his innocence and embroil him in a cyber-terrorist plot similar to “the Twin Towers.”

Here’s a little background on the story:

The novel follows Arnold Gold, a self-described “computer nerd” with a knack for hacking, and an equal knack for not getting girls. A spontaneous trip to Vegas “to get lucky,” however, puts him in the path of a group of murderous terrorists who want Arnold’s system to enact a terrorist attack in Sin City. This leads to a high-stakes game of survival as Arnold fights to stay one step ahead of the terrorists, the FBI, and the local cops–all while using his tech-savvy to prevent the deadliest terror attacks since 9/11. 

Arnold Gold’s task is to penetrate the DeepWeb communication system in use by terrorists and share how with the FBI.

For those who have followed Snowden leaks, NSA, read about or use TOR, and other similar technologies, it is a fun exploration of topics with relatively current news events (e.g. Boston Bombers, Silk Road Anonymous Marketplace (narcotics store)) worked into the text to give it all a ring of authenticity.  I was halfway through the book before I realized it! Of course, fiction is about as close you may want to actually get to all the scary stuff and vocabulary the novel’s main character, Arnold Gold, thinks and talks about!!

Check it out when it is released later this month, October, 2014!

Update – A Note from the Publisher:

In celebration of Allen’s new book, all of his previous thrillers are currently on sale for 99 cents (e-book versions) on Amazon and Barnes & Noble, which will run the whole month of October. If you don’t mind, could you add the links to those books to your review for your audience? We’d really appreciate it and it’ll help with our promotional efforts for Deadly Odds! The links to his books are attached below: ·         Dead End Deal: http://amzn.to/1nUtyhL ; http://bit.ly/1xPHahs·         Dead Ringerhttp://amzn.to/1xaJMmZ ; http://bit.ly/1pB497M·         Dead Wronghttp://amzn.to/1sUiqU8 ; http://bit.ly/1oI6Lk8·         Deadly Errorshttp://amzn.to/1vHl25A ; http://bit.ly/1rVxVZC


View my Flipboard Magazine.


Make Donations via PayPal below:


Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3445626-5’]); _gaq.push([‘_setDomainName’, ‘mguhlin.org’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();

Selecting a Virtual Private Network (VPN) Provider – #PrivateInternetAccess @buyvpnservice

Private Internet Access – It works and great price!


As my daughter went off to college, she remarked that she’d have free WiFi in her apartment.
“Really?” I asked. “Is it encrypted?”
“No,” she replied. “Does it need to be?”

Data theft occurs at several different levels online. First, your data can be stolen by hacking into your social network and email accounts. Secondly, your data can be phished using emails that appear to be from valid sources. Finally, your data can also be stolen by wiretapping/eavesdropping on your internet connection both via wire and wireless connections.
ETHEREAL and WIRESHARK provide criminals access to your network traffic whether on wired or wireless connections. These softwares are free and available for anyone to use and download with minimal computer knowledge. 

Source: Data Theft, Private Internet Access

Of course, that kicked off a whole discussion on the issues with using unencrypted WiFi that you find offered free…well…everywhere. Although I’ve always had the good fortune to be on encrypted networks, whether at home and work, I’ve been a bit worried about her doing all her online banking, etc. via unsecured WiFi network that anyone can snoop on…having explored snooping myself, just to see if a low-tech person (wink) like me could do it, I was shocked.

So, I sent out a tweet yesterday and asked around. Wes Fryer (SpeedofCreativity.org) suggested Astrill, a recommendation that was backed up by another in my network. Unfortunately, after doing the math, I realized that this solution wasn’t going to work for my budget.

Reluctantly, I turned to the next best solution on the list, TorGuard. And began an epic journey that ended with me a bit irritated (enough to post 2 negative tweets) after 3 hours of suffering. I cancelled the TorGuard Pro account after banging my head against the screen of my Ubuntu 14.04 laptop. Although the support folks insisted, “We can get it working! Just give us a chance!” the fact is, anything that is that hard isn’t worth it.

So, what to do?

What success looks like using Private Internet Access via DNSLeakTest.com


My daughter texted me, “Why don’t we try Private Internet Access? The price is right–$40 per year for 5 devices!” I signed up and Ubuntu laptop was connected instantly. Apparently, their instructions actually worked (unlike, in my experience, TorGuard). I mean, it was that easy. The setup is drop-dead simple on Android and Mac (Windows, too).

Features:

“Privacy is the number one concern for our VPN service. Logging directly compromises that privacy, and also slows down the efficiency of an internet connection. When using a VPN service, privacy, speed and connectivity are all important factors to bring customers a better service. In order to provide the most private, efficient and high-speed VPN service to our customers, PrivateInternetAccess.com does not maintain any logs of any kind, period.” (Source)

  • Secure VPN Account
  • Encrypted WiFi
  • P2P and VoIP Support
  • PPTP, OpenVPN and L2TP/IPSec
  • 5 devices simultaneously
  • Multiple VPN Gateways
  • Unlimited Bandwidth
  • SOCKS5 Proxy Included
  • No traffic logs
  • Instant Setup


I can’t emphasize the highlighted item enough–Instant Setup! Check the pricing online.

You might find this review and walkthrough worth watching. (I didn’t and was able to set up quick…also, Android works great)




View my Flipboard Magazine.


Make Donations via PayPal below:



Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3445626-5’]); _gaq.push([‘_setDomainName’, ‘mguhlin.org’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();