Category Archives: Security

Keeping users safe online.

Shhh! Google Might Be Listening…

Anyone who harbors suspicions of what the search engine giant might be up was given good reason to be even more alarmed recently. Google has been accused of eavesdropping on users of its Chromium browsers. Some people noticed that the browser would download modules from Google as part of its automatic updating process. And that among the new features was one that turned on the computer’s microphone by default and automatically transmitted what it heard back to Google’s cloud for analysis. Further cause for concern was that Chromium, their sibling to their Chrome browser platform, is an open-source project, but the speech recognition feature was part of a “black box” module. These are closed-off sections of proprietary code that are impossible for developers or researchers to examine, which totally subverts the idea of “open-source”. The Voice Search feature is intended for users to look up stuff by sound alone; activated by simply saying, “OK, Google,” aloud. (It’s also available for the Chrome browser.) While the company maintains that the search function will not work until that magic phrase is uttered, critics rightfully pointed out that it would still have to be listening and analyzing everything it picked up just in order to know when to do so. Google also claims that the controls of the aural search function that indicate the microphone is on and “Audio capture allowed” merely indicate the presence of a working mike, not activating it. But … Continue reading

Posted in News, Security, Warnings | Tagged , , , , | Leave a comment

Supersize Your Passwords

A report by Anthony Mason on the CBS Evening News recently highlighted the latest consumer security concerns about hackers. A “white hat” expert from the security firm Trustwave managed to break Mason’s 7-character password in just 37 seconds. And it wasn’t an obvious one that the machine somehow guessed either, like the supposedly most commonly used one these days, “password1″. No, it was cracked by good old-fashioned number-crunching. The ability to break passwords by sheer brute force, running through every combination there is until the right one is stumbled upon does not depend in the least on how the password was created or what it signifies. The algorithms don’t try to guess meaning or substitutions – they don’t care about your mother’s maiden name, capitalization or whether you used a lower-case “l” or the number “1”, or anything at all other than length. A password, using the standard English alphabet with both upper and lower case letters (like “E” and “e”) plus 0-9 numbers and various punctuation characters, can be made out of roughly 72 or so elements. So for a 7 character-password, that’s over 10 trillion possible combinations; while adding just one character increases it to over 722 trillion. Therefore if it took 37 seconds to break before , now it should take 44 minutes 24 seconds. Hopefully, that will be too much time and trouble, with so many other, easier targets available. So the best strategy is simple: … Continue reading

Posted in News, Security | Tagged , , , | Leave a comment

Burn After Reading: Private Messages Made Simple

Email and texting are great modern conveniences, but they were never intended to be secret. Nowadays, with hackers dumping stolen messages on the Web and the government recording everything, these methods are decidedly risky for sending any information that must remain truly confidential. In fact, email was designed to be like an electronic equivalent of a postcard that can be read anywhere along the way by anyone who comes across it. Encryption with software, despite many forms being compromised by the NSA and others, is still held up by Edward Snowden and many security experts as the best means of securing private communications. But to do it right is hard, requiring preparation and a kind of discipline. If there were only some simple way of harnessing current available technology to permit an easy exchange of private information between individuals… And indeed there is. Southwest Cyberport presents Burn After Reading, free for anyone’s use. Burn After Reading is a secure private message dead-drop. It cleverly uses the same Internet technology already built into everyone’s Web browsers that enables safe purchasing online to allow private communications between two parties. All you need do is visit the Burn After Reading page and write your message into the field. You can have it send a link to the message for you, or you can send the link the page generates yourself in your own email to the other party. Either way, once the person … Continue reading

Posted in News, Resources, Security | Tagged , , , , | Leave a comment