There is new or Earth-shattering here, at least nothing that I haven’t mentioned and advocated for years. Hit the comments and add your own.
Secret Splitting, also called Secret Sharing in cryptography, is a method to split numbers, text or computer data into two or more parts, also called keys or shares. All shares are required to retrieve the original information. It is mathematically impossible to obtain the original information if one of the shares is not available . The information, obtained from separate shares does not reveal any information or partial information about the original, and does not assist in any way in retrieving the original information. Therefore, Secret Splitting offers mathematically absolute security as long as the shares are separated.
If you need to ensure access to assets but want to keep said access secure, this is the way to do it.]]>
Post your comment with the cleartext here. The solution will be posted tomorrow on Halloween.]]>
Had it not been for an honest Geek, a fellow Geek’s personal data could have been compromised. Here’s the story.
The honest Geek, calling in sick with the flu, was informed that one his sites had lost internet access. After some preliminary troubleshooting by phone, he attempted a remote access session and could not connect. Another phone call to the site to have someone reboot the server and the person reports the server says “Missing operating system.” Oh, oh. Same message after reboot. Oh, no! Makes trip to site (hasn’t been able to take a sick day for real in 15 months because of stuff like this). Walks into server room. Sees orange light glowing at USB port on front of server. Dawns on him that server rebooted over weekend due to updates. Removes thumb drive. Reboots server. All is well.
The thumb drive in question is not encrypted and contains some very sensitive personal information and was left in the slot by a consultant who was working on a telephone system upgrade. The good news is his data is safe.
The honest Geek will return the thumb drive upon receipt of further instructions from the owner who has been notified that his data is safe.
The honest Geek wonders what a fair ransom might have been, but figures that the lesson learned is sufficient. For those who wonder, the lesson is this: Personal information has no business being kept on a thumb drive that carries your Geek Toolkit. It’s simply too easy to forget to remove it when you are working in the field. If you simply must carry personal information with you, make sure the drive is encrypted.
Be careful out there.]]>
Most of the bundled security software allows you to either encrypt the whole drive or create an encrypted area on the drive. I have always been an advocate of TrueCrypt as one of the best Open Source encryption programs in existence. There is a catch to using TrueCrypt, however, as this MakeUseOf article points out: If you want to transfer files to a computer on which you don’t have administrator rights, you’re out of luck.
Enter Rohos Mini Drive, a portable application that allows you to work with a password protected partition on any PC. You just click the “Rohos Mini” icon on the USB flash drive root folder and enter your disk password. Rohos will start a volume and will stay in the system tray. It doesn’t require administrative privileges to open the password protected USB drive partition on a guest PC. It stays in the system tray so you can close the disk when you finish working.
Rohos Mini Drive comes in both free and paid versions. The free version has limitations, of course, the main one being a 2 GB encrypted partition size. I don’t consider this a hindrance, however; my needs are limited to transporting the occasional sensitive file and 2 GB would be more than enough to store secure notes containing passwords and other key numbers.
Give it a test drive and let me know what you think.
Nice T-shirt, eh? Yeah, it’s been around for awhile, having been part of one of Mozy’s (the online backup firm) promotions a few years back. It’s a great double entendre (not to mention the eye candy) and really punches home the need for backups. Which is what this post is about. Specifically, it’s about Duplicati, a free backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers. It works with Amazon S3, Windows Live SkyDrive, Google Drive (Google Docs), Rackspace Cloud Files or WebDAV, SSH, FTP (and many more).
Duplicati is licensed under LGPL (if you don’t know the difference between this and the GPL, well, better find out) and is available for Windows, Linux and, as of May 2012, MacOS in several languages. AES-256 encryption is built in and GNU Privacy Guard is also available. The latest version is 1.3.2.
It took me less than a minute to download and install with the defaults, but you’ll probably want to turn off the translations unless you speak several languages. After installation, the Duplicati Setup Wizard let me set up a new backup. For test purposes, I selected “Custom folder list” for my backup. After that, I was taken to the “Select password for the backup” screen. Here, you can choose the encryption method you want and set a good password. You can click the magic wand button to generate a super-strong password, or you can use one of your own. I chose to run the backup immediately and everything went smoothly.
Restoring from backup is straightforward: just click the Duplicati tray icon, open the wizard and follow the instructions.
It doesn’t get much easier than that to produce reliable, secure backups.]]>
Using a powerful 256-bit encryption algorithm, AES Crypt can safely secure your most sensitive files. Once a file is encrypted, you do not have to worry about a person reading your sensitive information, as an encrypted file is completely useless without the password. It simply cannot be read.
Steve Gibson uses AES Crypt and had this to say about it in Security Now! Episode 356:
This is simply a utility to give end users access to AES 256-bit file encryption. So it’s just a – it’s as simple as you use this in the same way that you use ZIP to zip up a bunch of files, you use this to encrypt a file. It asks you for a password. And that password is hashed and then used as the key for the encryption. And no force on Earth, as far as we know, if you use a strong password, is able to decrypt it. So it’s absolutely bulletproof.
If you don’ already have it on your system, the installation routine will install Microsoft Visual C++2010 Redistributable. Installation is quick and does not require a reboot. The program has a context menu entry so you can simply right click on a file and select “AES Encrypt.” Enter your password (be sure it’s a strong one) and the program creates a new, encrypted file with a .aes extension.
One big advantage is that AES Crypt’s file format is also published so other applications can utilize it. In fact, Duplicati, an Amazon S3 front end that I will cover in a future post, bundles the file format into their back end so the files that Duplicati stores at Amazon are AES Crypt compatible encrypted.]]>
“The Cloud” is becoming the place to be for backup and data storage. Microsoft offers its SkyDrive; Apple has iCloud; there’s Mozy, Acronis, JustCloud, Carbonite, Dropbox, etc. There are so many, it’s impossible to list them all. This Geek uses SkyDrive, iCloud, DropBox and, for clients, Carbonite. They all have their advantages, similarities and differences. You can do your own study and make your own choices as to who you choose for your cloud storage provider; however, be aware of this very important concept: TNO – Trust No One. You want to make sure that only you, or those you designate, have access to your data. This means that:
This is why you must PEE before you upload anything to the cloud.
PEE stands for “Pre-Egress Encryption.” In other words, encrypt your data before it ever leaves your machine. If you do this, no one will ever be able to see anything but random noise unless you allow them to decrypt it by providing the key.
Over the next couple of posts, I’ll give you a rundown of what I consider the best applications and techniques to make it easy for you to PEE. Stay tuned.]]>
Stage One is a simple 24-character code.
Here it is:=ImYndmbn1ieiBnLmJWdjJmZ
All you need to do is to figure out how to transform this code into a URL.
Then follow your nose to the next stage.
Believe me, it’s not easy (unless you already know how to transform the text!) Hint: The “=” gives it away if you know your Linux.
I’ll post the video solution on New Year’s Eve, 23:59 UTC.]]>
Poe’s short story, “The Gold Bug,” is what got me interested in ciphers and encryption as a young boy; a collection of his most popular short stories is what inspired me to become a writer.
So, on this Halloween 2011 I present a very special reading of Poe’s famous poem, “The Raven.” Enjoy!
[kml_flashembed movie="http://www.youtube.com/v/rIckeYVuMC0" width="425" height="350" wmode="transparent" /]