How to use encryption

Another short blog-entry which isn’t really for software producers, but aimed at everyday software users:  I found it more difficult then necessary to setup encryption.  Here is what I did, maybe this can help somebody.

Encryption is a really big deal.  If you already do this and worry about real classified stuff, don’t read on.  You already know how to handle encryption and these simple instructions may be useless for you.Data-Encryption-300x225

If you simply load your security certificates into your browser and are happy, you can also stop wasting your time reading this blog.  That is probably good enough for many users.

People inbetween (like me) just think the standard processes to use encryption are too complex.  The system may be foolproof, but it for sure fails to convince me that the stuff I’m sending around doesn’t contain my private keys. I may have an ultra secure certificate, but why should I think my computer keeps it really secret?  Some unknown code in my browser somehow uses a certificate, paints nicely closed locks on the monitor and what not.  But I know my normal desktop computer is not safe.   I know my virus checking program does safely catch about 60% of the simpler viruses (and secretly deletes binaries of tamper-proofed test program which it usually assumes to be malicious.)

Getting concrete:  a few programs which are really simple to use, so simple you might avoid making mistakes of your own.  So simple that their code is self contained and far away from most malware already having attacked your computer.

1) Encrypting or decrypting any file.   That program creates a window.  You give it the password and simply drag and drop files into it.  In the middle of the page it says “Download EW-Public”.  Unzip the file you download and create a directory.  No installation is required.  The directory contains simple instructions.

2) To encrypt or decrypt just lines of text, e.g. within an email message.  The recommended program creates a window with a form-field for the password.  To use that program, use drag and drop as with the other program, only this time use lines of text, instead of complete files.  Use what they call the “Lean” version. The simpler a program is, the less chances you have of making errors.  You can make a local copy.  No installation is required.  The directory contains the full program and simple instructions.

3) When security really matters, there exists a program which can be used to make an otherwise unsafe computer safe.  How?  Use is simple: you reboot your computer into that program.  You get a “desktop” which is safe and completely separated from your file system.  Among other security tools, this program already contains both encryption applications mentioned above.  Get one of the “LPS-Public ISO Images”.



And now for the grand finale:  Watch the short movie:  “Signs that your software needs better protection.”

Cyber security for consumers and other people

White Hawk Software provides serious high end protections. Our solutions are aimed at software producers. This post, while serious, is however aimed at individuals and families, with and without security background.

Closed gate. Origin of pic is not known.
In the event of an emergency are you prepared? Know who to Call, where to Meet, what to Pack.
This is about the real world; nothing virtual or cyber.
The Internet is a powerful and useful tool, but in the same spirit that you shouldn’t drive without buckling your seat belt or ride a bike without a helmet, you shouldn’t go online without taking some basic precautions.
Avoid scams. Secure your computer. Protect kids online. Be smart online and more.
Looks Too Good To Be
Every day consumers receive offers that just sound too good to be true. In the past, these offers came through the mail or by telephone. Now the con-artists and swindlers have found a new avenue to pitch their frauds — the Internet.
Stop. Think. Connect. Toolkit
The majority of cybercriminals are indiscriminate**; they target vulnerable computer systems regardless of whether the systems are part of a Fortune 500 company, a small business, or belong to a home user. Cybersecurity is a shared responsibility in which all have a role to play. This toolkit provides basic resources just for that.
(**In contrast: White Hawk Software addresses the much smaller, much more sophisticated, and possibly very discriminating segment of cyber criminals.)
Internet Crime Complaint Center (IC3)
The IC3 accepts online Internet crime complaints from either the actual victim or from a third party.
Useful and comprehensive advice about common security issues also for non-technical computer users.
“Cybersecurity Lab ” (Public Broadcasting Service, a television network )
Practice lab to take cybersecurity into your own hands. You’ll defend a company that is the target of increasingly sophisticated cyber attacks. Your task is to strengthen the cyber defenses and thwart the attackers by completing a series of cybersecurity challenges. You’ll crack passwords, craft code, and defeat malicious hackers.
Bruce Schneier is one of the most vocal but also most knowledgeable people in the cyber security arena.
CVE is a dictionary of publicly known information security vulnerabilities and exposures.
When you really need help…
InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
United States Computer Emergency Readiness Team
The big guns.
Cybersecurity at Homeland Security.
Our favorite company on serious tamper-proofing software when security really matters.