Archive for the 'Encryption & Secure Communication' Category


Free Disk Encryption Tools

Author: Martin Voelk
February 4, 2016

Encryption should be used by everyone (businesses and individuals alike). Unfortunately we see that the majority of users are still neither encrypting their communication, neither encrypting their hard drives. What would happen if a laptop gets stolen? What if a laptop is seized by an oppressive government regime? It should be common sense to encrypt everything these days. There are so many sophisticated free tools out there. Today we feature 3 of them:

Bitlocker (Microsoft OS)
http://technet.microsoft.com/en-us/library/hh831713.aspx

DiskCryptor (Microsoft OS)
https://diskcryptor.net/wiki/Main_Page

FileFault (Apple OSX)
https://support.apple.com/en-us/HT204837

Share

Free Secure Email Encryption

Author: Martin Voelk
January 13, 2016

We are in 2016 now and we are surprised how many businesses still send highly sensitive data over plain text email without authentication or encryption whatsoever. We are not even talking about home users, we are talking about businesses of all size! We often get engaged by our clients to perform spear phishing campaigns and the results are shocking.

Consider the following example. Company ABC uses the domain companyabc.com and we know that a senior director’s email is jim.smith@companyabc.com. From an attackers standpoint the most logical thing is to register company-abc.com or any other similar available domain. Once done, ordinary employees are being told from a fake Jim Smith (jim.smith@company-abc.com) to click a link or supply information. 95% of employees will because they feel threatened by authority.

Which employee will ever check (let alone has the skills) to check the authenticity of such an email? On iPhones etc. the name , in this case Jim Smith, will show up as usual. Most companies are neither using digital email signage nor encryption which is fatal as our Pentests proof again and again.

So what can you do? Simple. Get all your employees a digital certificate. Comodo for example offers those for free even! https://www.comodo.com/home/email-security/free-email-certificate.php

Why? If everyone uses certificates you can make sure the sender is the person the email claims to come from and the traffic can be encrypted to stop any Man in the Middle. It’s such an easy exercise, yet even big corporates fail to do it. Please take a few moments to think about this post and how an email certificate could make your organisation much more secure!

Share

Cell Phone Encryption Solution

Author: Martin Voelk
April 11, 2015

Today we would like to show our readers a very good and affordable encryption solution for cell phones. Not only can domestic and international calls be encrypted but the solutions also allows for encrypted text messaging, video conferencing and more. There are no infrastructure costs as only the software is being deployed on endpoints.

https://silentcircle.com/services

Share

April 3, 2015

Both businesses and individuals desire privacy and secure communication channels when interacting online. May this be discussing a company secret between board members or a newly discovered competitive advantage, sending a credit card number to a relative or family member to make a purchase online. There are many reasons why we want to encrypt our conversations online.

There are dozens of man in the middle possibilities to intercept communication. From malware at the endpoint to anyone working in Service provider networks. There have been many cases where fraudulent network engineers at ISPs were phishing for credit cards with simple tools like mailsnarf. An engineer needs to enable a mirrored span port on a core or access ISP component and then can run Wireshark or hundreds of other tools. Unfortunately a lot of the traffic is still unencrypted and I personally know of cases where people sent credit card info to friends and family via SMTP/POP3 on Outlook Express. Anyone on route between sender and receiver can intercept standard communication which isn’t encrypted. Simple as that.

Encryption doesn’t have to be expensive and there are a lot of free tools out there. Today we would like to recommend a free open source tool called “Crypto Cat” which exists for many different OS platforms and smart phones. It allows for encrypted chats, sending files encrypted and more.

https://crypto.cat

 

Share