Rss

Archives for : security

Encryptr

Every now and then something comes along where you can see somebody’s put some serious thought in to what they’re designing. The Raspberry Pi is probably the first thing that comes to mind, the Pebble watch is another. Lego is a brilliant example.

With apps, it’s lesser so. Not because people don’t think about what they’re doing, but because there are so many out there that are either sloppy/lazy, through no fault of their own the developers don’t have the experience, or because they’re looking at a means of making money (adverts, data theft etc.). Some apps really do shine through though, Tasker, AutoRemote, Titanium Backup, Spideroak. [See an early list]

Latest to the list must be Encryptr. Like Spideroak, at its core it is built on the ZeroKnowledge principle. This got Spideroak some criticism because with ZeroKnowledge systems, only the end user (that’s you) can read what’s stored. Not GHCQ, not David Bloody Cameron, not the FBI, not even Spideroak themselves. All associated data is encrypted and can only be decrypted with a passcode, password, phrase, or similar.

For a little while now (since Dropbox was hacked for the second time) I’ve been looking for something that uses Spideroak’s approach, end point decryption for keeping passwords secure. After a quick search I decided the best way was to use Spideroak’s Hive. Spideroak has a couple of options, data is stored per machine or shared with all machines signed in to that account. Hive is the latter, so my passwords are securely synced with every machine I choose to sign in with. It meant that if I didn’t have a phone signal I was a bit stuck, but only passwords for internet based systems were being stored. It also meant that I had to be at a PC to create the file but Spideroak are currently looking to implement this as an option in an upcoming release.

Encryptr is the solution to the problem. It doesn’t matter if your phone gets lost, stolen, soaked or damaged because no data is stored on your phone. Every password, PIN, credit card number and note that’s stored is done so securely online. With cross platform availability, the same passwords on your phone can be synced with your Windows or Linux PC or even your Mac. It even offers a secure, randomly generated password for you when you input an entry. Best of all, it’s free. There’s no advertising, no sign up, no personal details required to use it, just a user name and a passphrase/password. That’s it.

As Encryptr’s web site states, there’s a down side. If you forget your username and/or passphrase you’re locked out. No ‘forgot my password’ option as they don’t ask for your email address. Taking this into account, you have to acknowledge the advantages far outweigh any risk of forgetting your username and passphrase.

Encryptr’s developers have obviously thought about what they’re doing. While basic, the app and its ethos have a solid foundation. I’d like to be able to put entries in folders, toggle the courtesy password on/off and select its length and complexity (upper/lower case, numbers, symbols etc) and be able to copy the password in to the clipboard, but these are suggestions for a later version.

Considering the app is only at version 1.1.0, what Encryptr have achieved is impressive.

 

Weaker passwords

So many web sites, so many passwords.  Unless you’re willing to risk using fewer than ten (or possibly only one) password for every site you use, you probably have the browser save the passwords and use a random password generator.

There are a number of apps which will generate passwords for you.  You can set the password strength and it will give you a unique password each time you ask for one.  If you’re hoping to get the same one twice, you’re probably going to die before it happens.  The apps give you nice, strong passwords.  Other apps will save the details for you, password keepers.

It’s not often, but from time to time I’ll come across a site which doesn’t allow the 40-50 digit passwords I tend to use.  Sometimes I’ll add a more, sometimes take a few off.  When I exit the app, the contents of the phone’s clipboard are sent to the PC.  From there I’ll often drop the password in to a .txt file and save it in Spideroak.  For those who don’t know, Spideroak is much like Dropbox but is fully secure, only decrypting the contents at the user’s device.

For the first time I’ve come across a web site which not only limits the length of the password, but doesn’t allow most of the special characters (for example !£$%^&*{[]}@’#~<>?/`¬\|etc.).  Eon Energy only allow the basic 0-9, A-Z, – and _.  For the first time since using password generators I’ve been effectively told my password is too strong, please use a weaker password, twice!

We’re living in a world where everyone is using stronger and stronger passwords.  Those with Microsoft qualifications need at least two special characters in their lengthy passwords.  Google, Twitter and Dropbox are amongst many sites using 2-step security, requiring a password and a code either generated by / sent to your phone.  These sites don’t require payments or personal information to use them, but they still offer 2-step security.

I didn’t sign up with Eon.  I was tempted to type in ‘password’, but in the end I was afraid it would be accepted.
Eon - too longEon - invalid format

Automation

We’re only here for a finite time.  That time is precious.  We spend far too much wasted time checking up on things to see if there’s anything new.  That’s why we automate things, to save time and effort.

We all have automated devices, even if we don’t look at them that way.  Washing machines, dishwashers, apps on mobile phones.  We don’t want to waste time checking our phone all day, so we use notifications.  We don’t want to wash our clothes or dishes ourselves, so we use washing machines and dishwashers to do the work for us.  The question is, where do we draw the line?  With houses, offices, servers, PC’s, smartphones, vacuum cleaners and even cars being automated the line keeps moving.

For me, my line is drawn far away from most people’s.  I take things a step further, I like automation.

I use automation tools on my phone, computer, tablet, watch etc.  I like the fact that my computer knows how long the dishwasher takes and turns it off at the right time, sends a message to my phone which in turn forwards that message to my watch to let me know when to open the dishwasher door, just so the crockery dries itself.  I like the lights turning themselves on when it gets dark.  I have NFC stickers throughout my house which enable the phone to perform various tasks.  I like that my calls and texts are automatically backed up to my Google account for me, so I can keep track of who I called, who called me, and when.  I love smart notifications, apps you can configure to link obscure items to your phone or tablet.  Don’t get me wrong, I’m not saying I’m getting overloaded with messages all day long.  This is simply about having the right information at the right time. This then enables me to disregard or act upon what I receive.

So, how can you set things up?  First of all decide on what you want automated and why.  My own inspiration was the Orange Automated Home which featured in their magazine, boasting levels of technology which at the time was admirable.  Since then a number of high tech, fully automated homes have been featured as newer technology is developed.   Since reading the article I wanted to own my very own automated home. Building Management Systems are now used to automate offices across the globe.  The thing is, once you start automating things you get the experience and imagination to automate so much more.  You end up looking for ways to help you.  

I currently use Homeseer to run the house, an automated alarm system to keep it secure.  The PC’s have EventGhost with the AutoRemote plugin for two way notification and control.  This allows me to be notified on my phone/tablet when the computer does something I want to be told about without having to sit at the computer.  [This is particularly useful if you have kids with their own (albeit really old) computer.]  Our smartphones use NFC, Tasker, Secure Settings, AutoRemote and Pushover to perform multiple functions with little or no input. [Useful if your bairns use your old phone].  Finally my watch links to the phone so that the most important information is brought to my attention without the need to keep taking out the phone.  Because of the way all these things link together I only have to look at my watch to know the PC or the house has done something on my behalf.  Web sites, files and even clipboard contents can be pushed from the phone to the PC (and vice versa).  I know if my son has my old phone turned on or not, whether he’s playing games or reading ebooks on the Kindle app, and we can lock / unlock / track / take photos / reboot the phone remotely.

One web site that really helps is IFTTT (If This Then That).  It works on logic principles, if (for example you get an email) then do (insert action here) for me automatically.  I use IFTTT when awaiting deliveries (amongst other things) to keep me up to date by using smart notifications on my phone by linking the tracking number to Pushover.  I don’t have to keep checking the tracking web site on the off chance that something had happened, I’m not wasting time. There are all sorts of ways IFTTT can help you.  If it’s going to rain that day you can have the weather report sent to your phone before you wake up.  You get the idea.

If you’d like to know more about automation, please feel free to comment below or get in touch.

Links:
Home automation hardware
Smartphone automation – Android
NFC tags

 

Big Brother Birds

A couple of days ago, @Engadget posted about how GCHQ and the NSA may be scouring data obtained from mobiles with Angry Birds (and likely other popular games) installed.  It doesn’t come as a shock.  The NSA was recently outed for wanting to read emails.  There have been numerous posts about Apple secretly obtaining GPS data and the permissions of apps [see my post on Facebook’s app] wanting permission to access parts of your mobile which may or may not be used to obtain copious amounts of data from your device.

I lock out a lot of permissions that apps claim to require in order to function.  Many more require my approval each time the app wants to access my location or SMS history.  I can’t see why an app such as Bad Piggies wants to know my location, phone number, phone’s and SIM card’s serial numbers, access my network etc.  There’s just no need.

I use an app called LBE Privacy Guard.  Although a variant is available from the Play Store, the Chinese version is considerably larger.  Thankfully, someone at XDA has translated the Chinese version to English.  Just sideload the translated version and retrospectively alter the permissions of your apps.  [Some functions may not be available unless your device is rooted].

Of course, this won’t stop the powers that be from acquiring information about you should you find yourself in their crosshairs but these steps may help minimise the risk of your personal data (and mine if you have it) from being uploaded from your phone and sold.