How to use encryption

Another short blog-entry which isn’t really for software producers, but aimed at everyday software users:  I found it more difficult then necessary to setup encryption.  Here is what I did, maybe this can help somebody.

Encryption is a really big deal.  If you already do this and worry about real classified stuff, don’t read on.  You already know how to handle encryption and these simple instructions may be useless for you.Data-Encryption-300x225

If you simply load your security certificates into your browser and are happy, you can also stop wasting your time reading this blog.  That is probably good enough for many users.

People inbetween (like me) just think the standard processes to use encryption are too complex.  The system may be foolproof, but it for sure fails to convince me that the stuff I’m sending around doesn’t contain my private keys. I may have an ultra secure certificate, but why should I think my computer keeps it really secret?  Some unknown code in my browser somehow uses a certificate, paints nicely closed locks on the monitor and what not.  But I know my normal desktop computer is not safe.   I know my virus checking program does safely catch about 60% of the simpler viruses (and secretly deletes binaries of tamper-proofed test program which it usually assumes to be malicious.)

Getting concrete:  a few programs which are really simple to use, so simple you might avoid making mistakes of your own.  So simple that their code is self contained and far away from most malware already having attacked your computer.

1) Encrypting or decrypting any file.   That program creates a window.  You give it the password and simply drag and drop files into it.
http://spi.dod.mil/ewizard.htm  In the middle of the page it says “Download EW-Public”.  Unzip the file you download and create a directory.  No installation is required.  The directory contains simple instructions.

2) To encrypt or decrypt just lines of text, e.g. within an email message.  The recommended program creates a window with a form-field for the password.  To use that program, use drag and drop as with the other program, only this time use lines of text, instead of complete files.
http://www.fourmilab.ch/javascrypt/  Use what they call the “Lean” version. The simpler a program is, the less chances you have of making errors.  You can make a local copy.  No installation is required.  The directory contains the full program and simple instructions.

3) When security really matters, there exists a program which can be used to make an otherwise unsafe computer safe.  How?  Use is simple: you reboot your computer into that program.  You get a “desktop” which is safe and completely separated from your file system.  Among other security tools, this program already contains both encryption applications mentioned above.
http://spi.dod.mil/lipose.htm  Get one of the “LPS-Public ISO Images”.

lock

 

And now for the grand finale:  Watch the short movie:  “Signs that your software needs better protection.”
http://spi.dod.mil/docs/Top_Ten_640x360.wmv

Cyber security for consumers and other people

White Hawk Software provides serious high end protections. Our solutions are aimed at software producers. This post, while serious, is however aimed at individuals and families, with and without security background.

closed_gate
Closed gate. Origin of pic is not known.

https://twitter.com/Readygov
In the event of an emergency are you prepared? Know who to Call, where to Meet, what to Pack.
This is about the real world; nothing virtual or cyber.

http://staysafeonline.org
The Internet is a powerful and useful tool, but in the same spirit that you shouldn’t drive without buckling your seat belt or ride a bike without a helmet, you shouldn’t go online without taking some basic precautions.

http://www.onguardonline.gov
Avoid scams. Secure your computer. Protect kids online. Be smart online and more.

http://www.lookstoogoodtobetrue.com
Looks Too Good To Be True.com
Every day consumers receive offers that just sound too good to be true. In the past, these offers came through the mail or by telephone. Now the con-artists and swindlers have found a new avenue to pitch their frauds — the Internet.

http://www.dhs.gov/stopthinkconnect-toolkit
Stop. Think. Connect. Toolkit
The majority of cybercriminals are indiscriminate**; they target vulnerable computer systems regardless of whether the systems are part of a Fortune 500 company, a small business, or belong to a home user. Cybersecurity is a shared responsibility in which all have a role to play. This toolkit provides basic resources just for that.
(**In contrast: White Hawk Software addresses the much smaller, much more sophisticated, and possibly very discriminating segment of cyber criminals.)

http://www.ic3.gov/default.aspx
Internet Crime Complaint Center (IC3)
The IC3 accepts online Internet crime complaints from either the actual victim or from a third party.

https://www.us-cert.gov/ncas/tips
Useful and comprehensive advice about common security issues also for non-technical computer users.

http://www.pbs.org/wgbh/nova/labs/lab/cyber/
“Cybersecurity Lab ” (Public Broadcasting Service, a television network )
Practice lab to take cybersecurity into your own hands. You’ll defend a company that is the target of increasingly sophisticated cyber attacks. Your task is to strengthen the cyber defenses and thwart the attackers by completing a series of cybersecurity challenges. You’ll crack passwords, craft code, and defeat malicious hackers.

https://twitter.com/Bruce_Schneier
Bruce Schneier is one of the most vocal but also most knowledgeable people in the cyber security arena.

http://cve.mitre.org
CVE is a dictionary of publicly known information security vulnerabilities and exposures.

http://www.fbi.gov
When you really need help…

https://www.infragard.org
InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

https://www.us-cert.gov/security-publications
United States Computer Emergency Readiness Team
The big guns.

http://www.dhs.gov/topic/cybersecurity
Cybersecurity at Homeland Security.

http://www.whitehawksoftware.com
Our favorite company on serious tamper-proofing software when security really matters.

zero_one