Friday 31 May 2013

Security Round-Up

China Training Army for Cyberwar

According to the state-sponsored news outlet Xinhua, the Chinese military will begin digital war games next month in order to train new military units focused on digital warfare.
This will be the first time the army "has focused on combat forces including digitalized units, special operations forces, army aviation and electronic counter forces," says Xinhua.
The ramp-up comes amid allegations of cyber-espionage from other world powers.

Facebook Introduces ‘Verified’ Pages
Facebook is introducing a new system that promises to verify the authenticity of pages — particularly those of celebrities.

Starting this week, Facebook will go through their pages and verify them one-by-one. Successfully verified celebrities will receive a blue check mark on their page.
Though the authentication process will start off as invite-only, Facebook says they plan to allow for applications in the near future.

Evernote Offers Two-Factor Authentication
Two-factor authentication is quickly becoming the hot security trend of the season. Now note-taking service Evernote is hopping on the bandwagon as the latest vendor to offer the feature.
Like Twitter — which also recently added two-factor authentication — Evernote’s second factor will come as an SMS to users’ mobiles. When users look to use Evernote from the web or to install it on a new computer, they’ll be prompted to input a numerical code the service will provide via text message.
“This combination of something you know (your password) and something you have (your phone) makes two-step verification a significant security improvement over passwords alone.”

Friday 24 May 2013

When Should You Use a VPN?

Here at SumRando, we keep our VPN on pretty much all the time. What can we say, we can’t say no to a little one-click security. And we advise you do the same. That said, there are times when you should use a VPN and there are times when you need to use one. So we thought we’d put together of a list of instances when a VPN is absolutely awesome!

Beating Censors

Live or work in a place that blocks certain web content with filters? Get around those filters with a VPN. When you connect to our network, instead of using your default IP address, all your data is rerouted through our servers and assigned a new IP address. Nobody can tell what you’re viewing or where you're from and nothing is off limits.

Public Wi-Fi

We love cafés. And not just because we’re caffeine addicts. It’s a great way to get out of the house or office and get stuff done. And what’s better than free internet access? Unfortunately, that free Wi-Fi is about as safe as a seal in Shark Alley. Any idiot with a laptop can download a simple program and watch everything you’re doing. Don’t be the seal. When you use our VPN, all your data is encrypted and hidden in a secure VPN tunnel.

Online Banking

Your money is important to you — make sure it’s safe. Banking online without a VPN is kind of like leaving a briefcase full of cash in your car. Sure, the car might be locked, but how hard would it really be to smash a window and grab that cash? Lock up that connection with a VPN and make sure you're not buying some hacker a new monitor.

Accessing Remote Content

This is one of our favorite VPN features. Some content like Hulu is only available to people in certain countries. If you want to catch up on your favorite shows, move your IP address to the country you want and hit connect. You might be sitting at home in Cairo, but the sites you visit will think you’re in New York.


Traveling is awesome. Trying to get things done online while traveling is not. Whether you’re banking, streaming movies, or logging into your favorite site, appearing as if you never left your home country will make your life much easier. Since our VPN reroutes your connection, all you have to do is click on the server you want and you’re good to go for hassle-free surfing from anywhere.

Remember, there’s never a bad time to use a VPN. Whether you’re banking, streaming, sitting at a coffee shop, or traveling the globe, make sure your data is safe.

Wednesday 22 May 2013

You Are the Weakest Link

"Unfortunately, the human is often the weakest link in security."
That quote came from Google Chrome’s security head Parisa Tabriz. And it’s undeniably true.

You are the Weakest Link, Goodbye

Tabriz spilled this unfortunate truth at Google’s I/O conference last Thursday while discussing passwords and alternate protection measures.
Our current state of online security and privacy is nothing to boast of. But it’s not hopeless if you’re willing to put in the groundwork yourself and maintain a certain degree of vigilance when surfing the web.
Obviously, one of the best measures you can take is to download and use a good VPN. Remember, a VPN encrypts all data coming in and going out of your computer. If you ever work or surf at cafés or other hot spots, all your data is available and easily accessed by anyone else using that same Wi-Fi connection. No joke. It’s just out there for the taking. But one click on your VPN client will wrap that data in a protective tunnel and scramble it in 128-bits of encryption. Even supercomputers have trouble cracking that kind of security.
Google also has a few more recommendations. According to Eran Feigenbaum, director of security for Google Apps, "You should turn on two-step verification, make sure [the browser] is up to date, and make sure your password recovery options are set."
We’d also recommend making sure your passwords are strong and varied. Never use the same password twice. If your Twitter account gets hacked, you don’t want the perpetrators gaining access to your email, Facebook, or bank accounts as well. Furthermore, make sure your passwords include letters, numbers, and symbols. 

You can try SumRando for free here.

Friday 17 May 2013

Reason You Should Be Using A VPN #428: A Saudi Telecom Company is Trying to Read Your Tweets

A cryptographer who goes by the pseudonym Moxie Marlinspike reported on his blog earlier this week that Saudi telecom company Mobily recently approached him for help with intercepting encrypted data sent from mobile apps like Twitter, Viber, and others.
I learned that they are organizing a program to intercept mobile application data… The project’s requirements come from “the regulator” (which I assume means the government of Saudi Arabia). The requirements are the ability to both monitor and block mobile data communication, and apparently they already have blocking setup. []
According to Marlinspike’s email exchange with the Mobily representative, the eavesdropping initiative is part of an effort to curb communications related to terrorism. Unfortunately, a program with this kind of breadth would also result in massive privacy violations for anyone on Mobily’s network. And while Marlinspike claims their level of sophistication is pretty marginal, he also acknowledges Mobily has enough resources to make it happen.
Their level of sophistication didn’t strike me as particularly impressive, and their existing design document was pretty confused in a number of places, but Mobily is a company with over five billion in revenue, so I’m sure that they’ll eventually figure something out. What’s depressing is that I could have easily helped them intercept basically all of the traffic they were interested in (except for Twitter—I helped write that TLS code, and I think we did it well). They later told me they’d already gotten a WhatsApp interception prototype working and were surprised by how easy it was. The bar for most of these apps is pretty low.
Had Marlinspike not been approached, odds are nobody would ever know about this eavesdropping effort. And that’s kind of creepy. We no longer live in a world where default channels guarantee our personal data will remain private. But a good VPN can. So let this story act as a reminder to take your personal privacy and security seriously!