13 Nov How to keep you data from getting stolen
QUOTE OF THE DAY
“Computers are like Old Testament gods; lots of rules and no mercy”. -Joseph Campbell
Personal Computer is now an integral part of our digital lives and in good or evil it plays a fundamental role, almost irreplaceable, for each of us. In just over a decade, Personal Computers have been transformed from “simple” iron boxes to shimmering power monsters that let us browse the web, use social media or play complex video games at the speed of light! But have we ever wondered if most of us, common computer mortals, need this tremendous amount of power for everyday use? Most likely our daily way of working has not changed so drastically. Most of us, in fact, continue to use our computer for e-mail, to create some spreadsheets or some presentation, maybe even to share it via Skype … So, we wonder if the evolution of Personal Computer was more to follow Silicon Valley’s Big Names Trends than to respond to the real needs of most users.
REPEAT AFTER ME
“What happens in Vegas stays in Vegas… what happens on the Internet stays on the Internet!”
In all this we certainly know one thing! The need for personal security and privacy is growing, and the ongoing global and distributed cyberattack news increase the sense of insecurity and frustration of most technically unskilled users. It is very easy to realize that the last sparkling supercomputer model is practically as vulnerable as the computer we used more than a decade ago, and this is because it is not automatic that we must be transforming ourselves into security experts to compensate for the weaknesses of modern personal computers or the latest software. Complex and technically challenging applications are freely available on the web, but unfortunately, they are extremely difficult to learn if you are not a Tech Savvy. Encrypted disks and encrypted e-mail, peer-to-peer encrypted communications, web surfing are just a few of the devilries that a normal user needs to know if he wants to venture into the modern web without being exposed to any kind of threat. Just click on the wrong link or visit a fake webpage made to art to deceive you and steal your credentials and your most precious data as well as violate your privacy.
Starting from this alarming perspective we have tried to respond as easily and effectively as possible to the needs of all users who want a good level of peace of mind but at the same time do not have the time, the will or the skills to become security experts.
Think about what happened with WannaCry last May. What can we do to start protecting us in this world where cyber-attacks and data breaches are on the agenda?
- Backup your data. We are in the Internet age, data can be purchased and sold on the black market online and this means that your data is of great value to hackers. This means that all information on your personal computer, all of them, are accessible and keeping them all in one place without adequate protection is a vulnerability. Get an encrypted hard drive to store securely all your precious data and use a backup and restore software in case of any theft or loss of your primary data source (usually your personal computer). These are just a few examples of software that can be useful to you:
- Backup Maker Free – it has all the features worthy of the best paid backup programs and it allows to create encrypted archives as well
- Areca Backup – is an open source backup program with some interesting features, including the ability to create archives of up to 4GB, even encrypted (128-bit or 256-bit)
- VeraCrypt – free and open source software, capable of encrypting the system disk (very delicate, time-consuming operation, to be made only if needed) and creates a separate encrypted disk, which is read by the operating system as a second hard disk, in which you can put all the most important data. Based on TrueCrypt, it solves many vulnerabilities and security issues found in TrueCrypt
- Use an open source operating system. An open source operating system is synonymous with transparency and allows anyone to freely examine every single line of code. At the same time, it can count on a vast community of independent developers who improve it and fix it every day to make it more stable and reliable.
Historic remains the confinement (and denunciation) of Linus Torvalds, the very creator of Linux OS, towards government agencies to put backdoor or spy codes inside the operating system itself to carry out not very clear governmental operations…
There is a wide choice of Linux-based operating systems like Tails, powerful and super-secure but unfortunately too technical and complex to be adopted by less experienced; or Ubuntu, probably the most well-known among the various open source operating systems that combines reliability and eye-catching graphics or even Secure-K OS that makes ease of use and simplicity its winning weapon without compromising on reliability and security.
- Tails – is a Debian-based operating system designed to preserve the privacy and anonymity of its users. All outbound connections are transmitted solely via the anonymous Tor communication system and all incoming direct connections are blocked as they are not anonymous
- Ubuntu – is an operating system born in 2004, focused on ease of use. It is predominantly composed of free software but also contains proprietary software and is freely distributed under the GNU GPL license. It is oriented to use on desktop computers but features variants for servers, tablets, smartphones, and IoT devices
- Secure-K OS – operating system also based on a Debian distribution (one of the longest mother distributions), originally created for the enterprise world and to adhere to the most stringent security and regulatory compliance rules; then redesigned by its engineers with safety, portability and ease of use in mind. It will soon be released in a freely downloadable version
- Encrypted emails and encrypted communications, especially for sensitive data exchange. Encrypted email providers are very varied, some are web applications, others are programs to install on the computer, others integrate with your email account, adding a security level.
- ProtonMail – is a mail service that allows you to send end-to-end encrypted emails and messages that are self-destruct without installing anything on your local computer. To use it you do not need to have a specific technical knowledge, just sign up to create a new secure mail address and use it
- Open PGP e Mailvelope – open PGP is the standard for sending and receiving encrypted emails, which can be enabled on Gmail using the Mailvelope extension
- Signal – provides end-to-end encryption for both chats and phone calls. It uses the same protocol as WhatsApp and Messenger, but is based on open source software and its business model is collaborative and supportive
THINGS TO KNOW
The new ransomware is called BadRabbit and it reminds us a lot of WannaCry and Petya / NotPetya. In fact, when BadRabbit infects a computer (blocking the operating system) it requires a redemption to pay in bitcoin (about 250-300€). If the victims do not pay, after 40 hours the ransom increases. Ransomware spreads through drive-by download attacks, or attacks where the malware is downloaded from the victim by a website. BadRabbit attacks have used a camouflaged file from Adobe Flash to deceive the victims and cause them to install it. At the moment, ransomware has infected several hundred organizations, especially in Russia, Ukraine, Germany, Japan and Turkey.
If you’re still thinking that this kind of attack happens only once a year, we have bad news: the number of attacks on stealing data is increasing exponentially, and the only thing we can really do is be prepared.