Wednesday 30 December 2015

SumRando Messenger for iOS

In order to bring you the best, most secure services available, we will be updating and adding new features to our SumRando Messenger iOS app in 2016. During this time, we will be suspending the availability and support of this service.  Beginning 1 January 2016, SumRando Messenger for iOS will no longer be available.

SumRando Messenger for iOS will return in mid-2016 with more features including cross-platform capability and end-to-end encryption.  SumRando Messenger for Android will continue to be available as we work to integrate end-to-end encryption in the beginning months of 2016.  
If you have any questions, please email support@sumrando.com.

SHA-1 Sunset Highlights Internet Instability for Poor, Repressed and War-Torn Countries

For 37 million users across the globe, portions of the Internet will no longer exist on Friday.

January 1, 2016 marks the day that Secure Hash Algorithm 1 (SHA-1) will cease to provide users with an encrypted connection. For 98.31% of the population online, browsers will default to SHA-2 and life will continue as usual. For everyone else, the encrypted Internet is about to look like this:

encryption, net neutrality, SHA-1, SHA-2, SHA-1 sunset, Africa, Asia, Latin America, Middle East

As CloudFlare pointed out, 1.69% of the Internet population may not sound like a lot, but these nearly 40 million users are clustered in areas of the world already operating at a disadvantage: “Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war-torn countries in the world. In other words, after Dec. 31, most of the encrypted Web will be cut off from the most vulnerable populations of Internet users who need encryption the most. And, unfortunately, if we’re going to bring the next 2 billion Internet users online, a lot of them are going to be doing so on secondhand Android phones, so this problem isn’t going away anytime soon.”

The unlucky 37 million are largely found in Africa, Asia, Latin America and the Middle East and typically aren’t carrying the latest technology in their back pockets. (Beware, users of Windows XP before Service Pack 3, Android before Gingerbread and pretty much any phone more than five years old.) A CloudFlare report listed the 25 countries most affected by the change: approximately 1 of every 20 browsers will be unable to support SHA-2 in Cameroon, Yemen, Sudan, Egypt, Libya, Ivory Coast and Nepal; other countries significantly affected include China, Ghana, Nigeria, Ethiopia, Iran, Tanzania, Syria, Paraguay, Angola, Kenya, Algeria, Bahrain, Nicaragua, Myanmar, Senegal, Bangladesh, Venezuela and Pakistan.

It’s undeniable that the shift away from SHA-1 will negatively affect the very users who have long been the Internet’s second class citizens, but the alternative leaves little to be desired. The decision to migrate away from 20-year-old SHA-1 is rooted in insecurity, as the algorithm is widely understood to be increasingly easy to break.

Such is the Internet for the poor, repressed and war-torn—at best, insecure and at worst, nonexistent. As efforts continue to bring the next 2 billion online, users must keep in mind that their security ultimately remains in their own hands, and also that the planet is far from a being a net neutral place. When SHA-1 appeared in 1995, it was widely supported across all browsers; twenty years later, SHA-2 does not come with the same universality. In an era in which the desire to advance technology has outpaced the desire to meet the needs of all users, no one should take whatever Internet connection or security they have for granted.



Want to know more about the current state of an encrypted, net neutral Internet? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Friday 25 December 2015

CISA: Not the Christmas Surprise We Had Hoped For

United States, CISA, government surveillance, legislation, Ron Wyden, Access NowIt came without ribbons. It came without tags. It came without packages, boxes or bags.

That’s right—the United States' Cybersecurity Information Sharing Act (CISA) that we thought we had avoided has snuck into our lives, all but unannounced.

After months of much-publicized debate, a late-night, mid-December session of the United States Congress quietly tacked CISA onto a must-pass funding bill. On Friday, December 18, President Obama signed the bill into law, and so, CISA is here to stay.

Widely seen to align more closely with surveillance than cybersecurity, the legislation encourages companies to share cyber-threat data with the United States federal government by strengthening protections against privacy lawsuits for businesses.

In response, longtime opponent Senator Ron Wyden explained that CISA has only become more of a threat to individuals since its inception: “The latest version of CISA is the worst one yet – it contains substantially fewer oversight and reporting provisions than the Senate version did.  That means that violations of Americans’ privacy will be more likely to go unnoticed. And the Intelligence Authorization bill strips authority from an important, independent watchdog on government surveillance, the Privacy and Civil Liberties Oversight Board. This will make it easier for intelligence agencies – particularly the CIA – to refuse to cooperate with the Board’s investigations. Reducing the amount of independent oversight and constricting the scope of the PCLOB’s authority sends the wrong message and will make our intelligence agencies less accountable.”

Nathan White, of digital rights defender Access Now, similarly had little patience for Congress' Grinch-like trick: “We’re all feeling a collective sense of deja vu. This is like a bad sequel where we all know the ending, but shouting at the characters doesn’t change anything. Just like the USA PATRIOT Act, CISA was a collection of old ideas that Congress had repeatedly rejected. And just like the PATRIOT Act, they re-wrote the final bill in secret and snuck it through Congress before most people could even read it. And just like the PATRIOT Act, CISA will be used for far more than members of Congress think that they are authorizing. Ultimately this will be embarrassing for Congress.”

Much as individuals did in response to the Patriot Act, now is again a time for users to take privacy into their own hands. The United States government is well-positioned to enter 2016 with greater powers of surveillance for Americans and non-Americans alike, but users must remember that privacy and anonymity remain universally recognized human rights. In 2016, it is every users’ responsibility to be just as stealth as Congress was when it passed CISA and provide no business with any more information than necessary.



Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday 23 December 2015

Shortened WhatsApp Ban Signifies a New Norm in Favor of User Choice

Brazil, WhatsApp, SumRando Messenger, government surveillance
Two noteworthy events took place last week: the banning of an American app affected the ability of an estimated 93 million Brazilians (nearly the entire online population) to communicate and, shortly thereafter, the suspension was reduced from 48 hours to far less than a day.

A Brazilian court had attempted to impose a two-day ban of messaging app WhatsApp as punishment for parent company Facebook not complying with a court-ordered police request for information. Facebook countered that the use of encryption made the data requested inaccessible, a choice that CEO Mark Zuckerberg defended in a post: “I am stunned that our efforts to protect people’s data would result in such an extreme decision by a single judge to punish every person in Brazil who uses WhatsApp."

Zuckerberg was far from alone in his sentiments. Just as #Nessas48HorasEuVou (#Inthese48hoursIwill) and its accompanying suggestions for finding ways to pass the time became Twitter’s latest trend, a second judge stepped in. Judge Xavier de Souza reinstated the service only hours after the ban began, suggesting a fine as a more appropriate way to address the situation, as it was “not reasonable that millions of users be affected by the inertia of the company."

This is one story that summarizes the current state of the Internet quite well:

  • Even the strongest Internet law is penetrable: Marco Civil, Brazil’s Internet law, was passed in 2014 amidst praise for its capacity to protect online rights. An unannounced, nearly unexplained interruption of a communication service utilized by half of Brazil’s total population that disrupted everyday users more than WhatsApp itself is certainly a violation of the very rights Marco Civil purports to protect.
  • There is strength in numbers: Judge de Souza’s argument for bringing WhatsApp back boiled down to one simple argument: everyone is on it. 
  • Communication knows no country lines: The unusually high cost of services provided by Brazil’s telecom companies initially prompted millions of Brazilians to turn to WhatsApp, a foreign, low-cost alternative. If last week's brief outage was an attempt to get Brazilians to communicate the old-fashioned way, the takeaway is this: during the outage, Brazilians were at a loss for what to do with themselves—until they remembered that alternatives exist. Foreign-based services such as Telegram and SumRando Messenger were able to affordably fill a void that national services simply could not. 
 Last week's abbreviated WhatsApp ban signifies the coming of an era in which concerned citizens will dictate country policies. SumRando looks forward to a 2016 in which user choice brings the world closer to a free and open Internet for all.



Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 17 December 2015

Draft Cybercrimes Bill Would Be a ‘Sin’ For South Africa

South Africa, draft Cybercrimes and Cybersecurity Bill, legislation, government surveillance, civil liberties, human rightsSouth Africa has spoken: the draft Cybercrimes and Cybersecurity Bill made public in September is not what she wants. The criticism poured in as the comment submission deadline approached:

Right2Know, a movement focused on freedom of expression and access to information, submitted a significant rebuttal to the Bill, and also condensed its complaints to “Seven Deadly Sins”, as the Bill would:
  1.  Hand over control of the internet to the Ministry of State Security
  2.  Give the state security structures the power to effectively declare ‘national key points’ of the internet—and potentially grant backdoor access to any network
  3. Criminalise journalists and whistleblowers by sneaking in the worst parts of the “Secrecy Bill”
  4. Increase the state’s surveillance powers and be even more invasive than RICA
  5. Undermine South Africans’ civil liberties and particularly the constitutional right to privacy.
  6. Contain 59 new criminal offences involving computer usage—many of which are so broad that they could ensnare ordinary computer users. The Bill considers suspects guilty until proven innocent.
  7. Contain anti-copyright provisions so harsh you could be criminalized for even posting a meme. 
In a more concise statement, PEN South Africa expressed “extreme concern” over the Bill’s potential for harm: “We have submitted feedback to the Department of Justice and Constitutional Development, requesting that the Bill be withdrawn and redrafted with input from civil society. We have asked that the Bill be reformulated in such a way that it achieves the protections sought in the safest way and which takes into consideration the freedom of expression clauses in the Constitution and protection of the public interest.” PEN South Africa, an affiliate of PEN International, defends free expression and encourages literature.
Similarly, the concluding remarks of the Freedom of Expression Institute’s submission argued, “The Cybercrimes and Cybersecurity bill is a ‘necessary evil’ addition to South Africa’s legislations; however, there are aspects of the Bill that unreasonably infringe on the rights of access to information and freedom of speech. These infringements must be expeditiously remedied in the revised versions of the proposed legislation.”
The Open Web Application Security Project (OWASP) of Cape Town, which focuses on improving the security of software, provided a detailed analysis that noted a close-to-home concern for SumRando Cybersecurity: “[The Bill] offers no protection to whistleblowers or personal privacy, and adds significant risk to any person or business who wish to operate in the information security field…The result will be that the very people that we need to develop to enhance cybersecurity will find other alternatives rather than run the risk of bad legislation possibly criminalizing their actions. Those that are interested in cybersecurity will in all likelihood leave the country to pursue their profession elsewhere.”

In short, a cybercrimes bill is very much needed, but concerned citizens and organizations are not about to bite the apple that has been offered. Now that the public comment period has closed, expect the real discussion to begin.



Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 15 December 2015

SumVoices: Unauthorized Access to Private Data Common in Pakistan

Our last installment of SumVoices featured Algerian journalist Rim Hayat Chaif, in English and Arabic. This week we bring you the insight of Fahad Desmukh, journalist and digital human rights activist with Bytes for All, Pakistan.

Fahad Desmukh, SumVoices, Pakistan, BlackBerry, digital privacy, government surveillanceWe welcome Blackberry's decision to walk away from the Pakistani market rather than compromise the privacy of its Pakistani customers. The open and frank announcement by Blackberry gave Pakistanis an idea of the extents to which our government is going to get unauthorised access to our private data. However, it has hardly caused any ripples within the country for a number of reasons.

First, we already know that the government is doing all it can to get access to our private data by the fact that it has pushed legislation such as the "Fair Trial Act" of 2013 and the upcoming cyber crime bill ("Prevention of Electronic Crimes Bill") which formalises the procedure for law enforcement agencies to surveil citizens and mandates mobile and Internet service providers to share customer data. Second, we have reason to believe that the government has already acquired intrusive surveillance software such as Finfisher, and has sought to set up a mass surveillance system which would tap the fibre optic cables that carry the bulk of network communication data to, from and through Pakistan.

So the desire and, to some degree, capability of Pakistani authorities to monitor our private information comes as no surprise. In fact, even as far back as 2011, it was clear that the authorities wanted to block Blackberry's encrypted traffic in Pakistan.

For the average Pakistani mobile and Internet user, Blackberry's suspension of services will not have a huge impact because, for one, there are not that many Blackberry users in the country any more. And even those who still rely on Blackberry's services for private encrypted communication will find that there are plenty of alternatives, some which are arguably more secure. Here we can mention the encrypted messaging app Signal for Android and iOS which is notable because it is free and open source software, meaning that the design blueprints for the app are publicly available and can be audited for security by anyone who understands the code. The end-to-end encryption offered by Signal means that no one other than the sender and recipient can decrypt the messages -- even the makers of Signal themselves. Signal is just one of a number of alternatives to Blackberry's encrypted messaging.

Finally, we should also state that while we welcome Blackberry's stance towards protecting the privacy of its customers in Pakistan, we also want to encourage it to consider applying the same principled position towards its customers in other countries, such as India, the UAE and Saudi Arabia, where it has reportedly made agreements with law enforcement agencies to share some level of data of its Blackberry Enterprise Service customers.

Bytes for All, Pakistan focuses on the intersection of human rights and Information and Communication Technologies (ICTs). Desmukh leads PakVoices, a Bytes for All project that seeks to bring greater transparency and accountability to governance in marginalized regions of Pakistan by promoting the flow of information within those regions, and by highlighting the most pressing local issues in national media outlets.

A quick glance at Freedom House's 2015 Freedom on the Net Pakistan report reveals a dire situation: Pakistan boasts a 14% Internet penetration rate, blocks platforms such as YouTube and was referred to as "one of the world's most dangerous countries for traditional journalists." For further explanation, take a look at our report on the factors that led to BlackBerry's Pakistan exit, including the troubled Prevention of Electronic Crimes Bill (PECB).  

Take steps to protect yourself online. Start by downloading SumRando VPN.

VPN



Want more SumVoices? Read on!


SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 10 December 2015

Blackberry Exits Pakistan Amidst Overwhelming Privacy Concerns

Pakistan, BlackBerry, government surveillance, VPN
In a reminder that user security will be 2016’s bottom line, on November 30, BlackBerry decided the best way to do business with Pakistan would be to not do business at all.

At stake is BlackBerry Enterprise Service (BES), which provides secure email and messaging communications. Pakistan wanted backdoor access to all BES traffic; BlackBerry responded by exiting the country altogether.

“BlackBerry provides the world’s most secure communications platform to government, military and enterprise customers. Protecting that security is paramount to our mission. While we recognize the need to cooperate with lawful government investigative requests of criminal activity, we have never permitted wholesale access to our BES servers,” explained BlackBerry Chief Operating Officer Marty Beard in a blog post.

BlackBerry’s exit is a fitting end to a year that has made Pakistan synonymous with surveillance state. Currently under review is a proposed Prevention of Electronic Crimes Bill (PECB), a document that has accurately been described as “a clear and present danger to human rights.” A joint statement from concerned parties including ARTICLE 19, Human Rights Watch, Privacy International and Pakistan’s Bolobhi and Bytes for All highlighted several flaws of the Bill:

  • It would enable government to order service providers to remove or block access to any speech, sound, data, writing, image, or video, without any approval from a court.
  • It would allow the Federal Government to share intelligence gathered from investigations with foreign spy agencies like the United States National Security Agency, without any independent oversight.
  • It would mandate service providers to retain data about Pakistanis’ telephone and email communications for a minimum one year.
  • It would enable the government to “seize” programs or data, defining seizing as to “make and retain a copy of the data”, without specifying the procedures by which the seized data is retained, stored, deleted or further copied.
 “Tipping the scales: Security & surveillance in Pakistan,” a July 2015 report from Privacy International, further exposed Pakistan’s less-than-impressive record. According to the report, mass surveillance has been in place since at least 2005 and has been used to target journalists, lawyers, activists and opposition politicians, amongst others. Since 2011, all Internet service providers and phone companies have been ordered to ban encryption and virtual private networks. The report concludes on a grim note: “The practical capacity of the Pakistani government for communications surveillance now outstrips the current capacity of domestic and international law for effective regulation of that surveillance.”

Farieha Aziz of Bolo Bhi, a Pakistani pro-digital security and privacy not-for-profit that has drafted a letter in protest of PECB, was quick to predict that BlackBerry wouldn’t be the only company to resist the draconian Pakistani state. November 29th tweets from Aziz include: “Data demands by govt forcing Blackberry to exit Pak. Yet govt claims Amazon, eBay & PayPal are coming” and “Companies to whom privacy of data and protection of speech matters will be weary of presence in Pakistan. Getting worse, not better.”

Aziz may be right that BlackBerry will be the first of several businesses to refuse to do business in Pakistan, but this also may be one situation that has to get worse before it can get better. In 2016, a surveillance state without business will soon be no state at all.



Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 8 December 2015

Let’s Encrypt: Free, Automated and Open

Let's Encrypt, encryption, HTTPS, Internet Security Research Group, ISRG, Josh Aas
[Source: Let's Encrypt]
It’s a Christmas miracle: Let’s Encrypt has entered public beta, making free HTTPS certificates readily available to all.

‘HTTPS’, usually accompanied by a padlock, are the five letters preceding a website URL that tell you all data sent between your browser and the website will be encrypted, making it safe for you to enter your password, credit card information or anonymous comment. Without Hyper Text Transfer Protocol Secure, your information could easily be compromised by anyone interested in taking it.

As Jacob Hoffman-Andrews of the Electronic Frontier Foundation recently reminded readers, “A huge percentage of the world’s daily Internet usage currently takes place over unencrypted HTTP, exposing people to illegal surveillance and injection of unwanted ads, malware, and tracking headers into the websites they visit.”

When reached for comment, Internet Security Research Group (ISRG) Executive Director Josh Aas reported, “I’m not 100% sure what the future holds, but demand for Let’s Encrypt’s services seems to be strong. Ultimately what we care about most is seeing two numbers go up: 1) the percentage of sites using HTTPS and 2) the percentage of encrypted traffic on the Web. We want those numbers as close to 100% as possible. That’s the next big step for the Web to take in terms of privacy and security.”

Let’s Encrypt, a joint project stemming from ISRG, was born in 2012 when Aas and then-Mozilla coworker Eric Rescorla concluded that the best way to increase transport layer security (TLS) usage on the Internet would be to provide a free and fully automated certificate authority. Three years later, Let’s Encrypt has issued more than 26,000 invite-only HTTPS certificates, a number that will only grow exponentially now that the service is accessible to all.

Anyone who owns a domain name is welcome to obtain a Let’s Encrypt certificate; for information regarding installation or renewal, go to https://letsencrypt.org/howitworks/. In keeping with an open internet, Let’s Encrypt is a transparent, cooperative effort that makes publicly available all issued and revoked certificates, publishes open standard protocols for adoption and is overseen by independent experts and those from supporting organizations alike. Although still in beta, Let’s Encrypt is committed to closely monitoring user feedback and quickly making improvements.

Here’s to an encrypted 2016!




Want to know more about the encryption debate? Read on! 
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 3 December 2015

To Encrypt or Not to Encrypt? That Is Not the Question

encryption, ProtonMail, Silent Circle, Information Technology Industry Council
[Source: EFF Photos]
If there were need for further proof that 2015 has become Orwell’s 1984, look no further than the renewed debate over encryption prompted by the recent Paris bombing. For every claim that this is the reason why encrypted communications must be stopped exists a counterclaim pointing out that the Islamic State did not necessarily even rely on encrypted communications to carry out their attacks.

The release of an ISIS security manual—providing a host of suggestions for safely accessing email, publishing pictures and using the Internet—has intensified the scrutiny several leading technology providers find themselves under. Rather than let their services be written off as facilitating acts of terrorism, SumRando Cybersecurity applauds the companies that have taken advantage of this opportunity to reframe the encryption conversation.

In a statement released last week, ProtonMail co-founder and CEO Andy Yen clarified that the company is standing by its tagline of “secure email with absolutely no compromise”:
“But even if the communications were encrypted, it is illusory to believe that you can block terrorists from communicating by banning encryption. With or without ProtonMail, terrorists will continue to have encrypted email capabilities, in the same way that they will continue to have access to weapons regardless of a ban on assault rifles. What we do know for sure is that banning encryption would certainly lead to an increase in cyberattacks, data breaches, and an end to online banking and online shopping. This is not to mention the numerous dissidents, journalists, and activists whose lives will be put at risk…We must remember that ISIS doesn’t just use ProtonMail, they also use Twitter, mobile phones, rental cars. We couldn’t possibly ban everything that terrorists use without disrupting democracy and our way of life, and in effect achieving the goal of terrorism.”

Similarly, President and CEO Dean Garfield of the Information Technology Industry Council (ITI), the “global voice of the tech sector”, responded:
Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety. We deeply appreciate law enforcement's and the national security community’s work to protect us, but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense.”

Bill Conner, President and CEO of Silent Circle, actively dissociated his company from terrorism while also acknowledging the need for ubiquitous encryption in everyday life:
Of course, encryption plays an important part of maintaining digital security in everyday life—from online banking and corporate intellectual property to the communications of our governments and intelligence services. But when tragic and abhorrent events happen, the focus inevitably turns to whether encryption is being used for hostile purposes instead…So, we will continue to be transparent in how we protect your communications and how we vet our members, but we will also continue to advocate the responsible use of end-to-end encryption to protect the legitimate concerns of businesses, governments and individuals.”

The Paris attacks and the released ISIS security manual are currently being leveraged to fuel a side on the encryption debate that lacks perspective. In truth, encryption is an important and fixed feature of the landscape we all live in. Think about it: What would your day be like without encryption? (Hint: You might think twice about using the ATM, checking your PayPal account or booking a flight.)




Want to know more about the encryption debate? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 1 December 2015

It’s a Vulnerable World: November 2015

It's a Vulnerable World, security vulnerabilities, Africa, Middle EastNovember was a month filled with insecure phones, credit cards and websites of all kinds.

The big trend, however, was the growing threat of cybercrime to Africa and the Middle East. The BBC called cybercrime Africa’s “next big threat”; a Fire Eye report found that cybercrimes doubled in the Middle East, Africa and Turkey in the first half of 2015; and ACLU principal technologist, Chris Soghoian, argued, “We now find ourselves in not just a digital divide but a digital security divide. The phone used by the rich is encrypted by default and cannot be surveilled, and the phone used by most people in the global south and the poor and disadvantaged in America can be surveilled.”

With that in mind, we bring you November’s vulnerability roundup:
Android phones: Google is capable of unlocking all Android phones prior to Android 5.0 that utilize a pattern lock. Protect yourself by switching to a PIN, password or fingerprint lock.

Credit card numbers: Security researcher Samy Kamkar cracked the code to American Express credit cards, enabling him to predict future card numbers. “The day that card is cancelled, as soon it gets rejected, two seconds later I know what your new number and expiration date will be. If I were doing fraud, that would be pretty useful,” Kamkar said.

Linux-based operating systems: Ransomware Linux.Encoder.1 has been found to target Linux-based operating systems, demanding a one Bitcoin/$500 ransom. If there remains any uncertainty about the future of ransomware, a recent Intel Security report predicted it will be 2016’s greatest threat to cybersecurity.

Dating websites: In case Ashley Madison wasn’t evidence enough of the insecurity of dating websites, Tantan (the Tinder of China) was recently found guilty of not encrypting or otherwise protecting phone numbers, passwords, gender, sexual orientation, interests and hobbies listed on the website.

…And nearly all other websites: A study done at the University of Pennsylvania revealed that “nearly 9 in 10 websites leak user data to parties of which the user is likely unaware.” The data, in turn, is leaked to 9 domains on average.

...And software of all kinds: Zerodium, a broker of “zero day exploits” (hacker techniques), has brought attention to the hush-hush market by publishing a list of going rates. The price for cracking a browser such as Chrome, Internet Explorer, Tor, or Firefox is $30,000; for an Android or Windows phone is $100,000; and for an Apple iOS phone is $500,000. Zerodium’s customers, in turn, are corporations and government organizations.  

Data collection: The data breach of childrens’ technology firm VTech compromised the information of 5 million parents and 200,000 children, including profile photos, audio files and chat logs, leaving many to wonder why there was so much information to steal. Mark Nunnikhoven of Trend Micro wisely advised, “Don’t collect data because it might be useful at some point. This opens the organizations up to unnecessary risk.” 

As always, let us know if there are any vulnerabilities we missed in the comments below.



Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Friday 27 November 2015

Seven Tips for A Secure Cyber Monday

Cyber Monday, VPN, Internet security, hackers
[Source: Kevin Marks]
Thanksgiving may be an all-American holiday, but Cyber Monday no longer belongs to any country in particular. Internet users from Brazil, Colombia, Egypt, Uganda and the United Arab Emirates alike will go online November 30 in search of deals, but hackers will also be there, looking for information to steal.

Before you shop online this Monday, protect yourself:
  • Take advantage of two-factor authentication when possible: Many platforms offer an additional layer of protection beyond username and password. If this is an option, take it. Amazon.com, for example, will now text users a code that needs to be entered before logging in. To set this up, click on “Your Account”, “Change Account Settings” and finally “Advanced Security Settings”; your stored personal and credit card information will thank you.  

  • Answer security questions with fake answers: What is your mother’s maiden name? What year did you graduate high school? What street did you grow up on? With Facebook, Google and a little ingenuity, it’s not hard for a hacker to find the actual answers to your security questions. Think differently: What was your first pet’s name? To get to the other side. 
 
  • Beware of pop ups and unsolicited emails: The approaching holiday season means that retailers are working hard to get you to buy now more than ever—and that hackers are creating malicious links they hope you will click on. (Typos and mismatched URLs are warning signs worth noting.) Yes, you will receive an onslaught of pop ups and emails, but you do not have to click on their links or attachments. If you see an offer you like, type the URL into your browser rather than use the link provided.   
 
  • Look for HTTPS and a padlock in your browser: HTTP is not enough if you are about to enter personal or credit card information. A secure site will begin with https://.
 
  • Choose credit over debit: A hacker with your debit card information also has access to your bank account. Credit cards, alternatively, typically have protections against unwanted purchases built into their user agreements. 
 
  • Avoid QR codes: Those pixelated squares that can be scanned by your phone’s camera can also be infiltrated by hackers to redirect to a malicious website. QR codes are convenient, but not worth the risk involved. 
 
  • Use a VPN for an extra layer of protection: Hoping to do a little mobile shopping while waiting in line for coffee? Whether you’re at the mall, a coffee shop or the airport, public Wi-Fi is an insecure hacker haven. Be sure to login to a VPN to secure your connection and encrypt your traffic.
 
Utilizing two-factor authentication, typing in a URL, and logging into your SumRando VPN connection are measures that will slow down your Cyber Monday shopping, but they will also protect your purchases from the prying eyes of hackers. Isn’t your security worth it?


SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.
 Surf secure and stay Rando!

Wednesday 25 November 2015

#Justice4Morocco Postponed, But In Reach

Hicham Mansouri, Morocco, human rights
Journalist Hicham Mansouri, currently in jail, and 6 others face charges for their work as human rights defenders. [Source: LaSource]
A Moroccan trial originally scheduled for November 19 has been postponed until January, a testament to the power of international pushback.

According to the Washington Post, the Moroccan law violated was “support intended, or used, to finance an activity or propaganda capable of harming the integrity, sovereignty or independence of the Kingdom, or shaking the loyalty that citizens owe to the state and institutions of the Moroccan people.”

In reality, activists Maati Monjib, Hicham Mansouri, Abdessamad Iach, Mohamed Elsabr and Hisham Almiraat’s “crime” was training others to use StoryMaker, an Android app for citizen journalism, and in January could face up to five years’ imprisonment. Of the five accused, Mansouri has been in jail since March on official charges of adultery that are widely thought to have more to do with his work with the Moroccan Association for Investigative Journalism (AMJI) than his personal life.

Additionally, Maria Moukrim and Rachid Tarik face charges of receiving foreign funding without properly notifying the government, as Free Press Unlimited, a Dutch NGO, funded the StoryMaker app project in Morocco.

These seven individuals have dedicated their time to not only AMJI and Free Press Unlimited, but also to the Association of Digital Rights (ADN), Global Voices, the Moroccan Association for Youth Education (AMEJ) and the Moroccan Association of Human Rights (AMDH)) and deserve recognition, not punishment, for the work that they have done.

Individuals and organizations opposed to the charges, including the Electronic Frontier Foundation, Amnesty International, Front Line Defenders and Free Press Unlimited, should be heartened by last week’s postponement, but this is one worthy fight that is not over yet. 

We encourage you to follow Front Line Defenders’ recommendation to tell Moroccan Minister of Justice Mustafa Ramid to:
  1. Immediately drop all the charges against Maati Monjib, Hisham Almiraat, Samad Iach, Hicham Mansouri, Mohamed Elsabr, Rachid Tarek and Maria Makram, as [you] believe that they are being targeted solely as a result of their legitimate and peaceful work in the defence of human rights;  
  2. Refrain from any further harassment of the human rights defenders;
  3. Guarantee in all circumstances that all human rights defenders in Morocco are able to carry out their legitimate human rights activities without fear of reprisals and free of all restrictions. 



Want to know more about government repression of free speech? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Monday 23 November 2015

SumVoices: Problems Without End In Algeria's Internet

Our last installment of SumVoices featured Swedish librarian and Internet access advocate Helén Palm. This week we bring you the insight of Algerian journalist Rim Hayat Chaif. The two-part report features a version in Arabic, below

Rim Hayat Chaif, Algeria, internet accessTalking about the situation of the internet in Algeria has spilled much ink, between frequent cuts, high costs, poor quality service and exaggerated rates of subscriptions. Algérie Télécome (AT) is the only internet service provider (ISP) in Algeria and it leads the telecommunications sector. Algerian internet users complain of bad service. The promises are many, but without implementation on the ground. Let Algerians ask about solutions and what to do to avoid such things.

Algeria greatly lags behind in access to technological resources including the internet. In the region of North Africa, Algeria is ranked behind Morocco and Tunisia. Indeed, the internet penetration rate is estimated to be 14% while neighbors Morocco and Tunisia are respectively about 51% and 39% according to a case study conducted by Google North Africa in 2013. This lack of penetration is explained by the vast space of the country compared to its neighbors.

The infrastructure of the internet in Algeria is weak and requires many things to make the situation better for Algerian internet users. This poor quality of internet connectivity is due mostly to selling the same bandwidth to more than 40 families at the same time, which causes major online blockage and traffic.  Users wonder why they are getting such a slow internet connection even if they registered for better service. By this logic, it became impossible to give them good internet service.

Algerian internet users certainly know better than anyone the extent of the shortcomings of internet services. They have suffered from decades of bad connections. Moreover, this is due to the monopoly of the internet by just one company. In vain the private sector suggested the creation of an independent company, which would manage the national network and the fiber optics as well as the international connections and the infrastructure. Algerie Télécome (AT) is the state owned company that monopolizes the national IT market and telephone lines in the country. The lack or even the absence of competition in this sector has resulted in a delay for the internet and what comes with.

This situation has created a huge delay in online services as e-commerce and e-payment have not been implemented yet. Despite the existence of many e-commerce sites in Algeria like Echrily.com and Guiddini.com, traditional methods for payment by bank transfer, cash on delivery or even by chéque are used.

A recent official report published in Algerian newspaper Echourok disclosed that Algérie Télécome (AT) was unable to make a global and obvious plan for fiber optic utilization and exploitation in a better way or to raise the capacity and the speed of the local and international access to the Internet. Algeria is considered to be one of the countries that has the slowest internet connectivity in the world, ranked 179th with a rate of 3.3 mbps/sec, according to a net index website.

Meanwhile, the improvements are minor, and several places in rural regions in Algeria are still unconnected.

Recently, internet access was disrupted for several days and was totally cut in some areas, caused by a cut of a submarine cable linking Annaba (600 km east of Algiers) to Marseilles in south-eastern France. This was announced by Algerie Télécome on 22 October. As a result, the country lost 80% of its internet access capacity.

This blackout forced many cybercafés to close their doors, and many netizens criticized the weak infrastructure. In reality, there are two submarine cables that link Algeria to Europe, the one which was cut, and the other from Palermo, Italy.

In fact, Algeria has about 10 million internet subscribers while two million are connected via ADSL according to AT, nearly a quarter of the population. After that Internet was restored, ADSL subscribers received a free automatic extension for a period equal to the time during the plagued interruption of the internet service.

Rim Hayat Chaif




Want more SumVoices? Read on!
Interested in contributing to SumVoices? Contact us at blog@sumrando.com.
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

الأنترنت في الجزائر: مشاكل لا نهاية لها

Our last installment of SumVoices featured Swedish librarian and Internet access advocate Helén Palm. This week we bring you the insight of Algerian journalist Rim Hayat Chaif. The two-part report features a version in English, above

Rim Hayat Chaif, internet access, Algeriaالحديث عن وضع الانترنت في الجزائر أسال الكثير من الحبر، فبين الانقطاعات المتكررة والتدفق البطيء والتسعيرة الغالية، مازال مستخدمو الانترنت الجزائريين يشتكون من رداءة الخدمات الى حد الساعة. الوعود كثيرة ولكن شتان بين الوعود والتطبيق على أرض الواقع. على العلم بأن الجزائرية للاتصالات تعتبر الشركة الوحيدة المزودة للأنترنت في الجزائر كما تقوم باحتكار قطاع الاتصالات.

تفتقد الجزائر الى الكثير في مجال تكنولوجيا المعلومات والاتصالات بما فيهم خدمة الأنترنت. ففي منطقة شمال افريقيا تحتل الجزائر أسوأ مرتبة بعد تونس والمغرب. في الواقع، تشير دراسة قام بها جوجل لشمال افريقيا حول معدل انتشار الانترنت في شمال افريقيا لسنة 2013 بأن معدل دخول الانترنت في الجزائر هو 14 بالمئة في حين أن البلدان المجاورة لها المغرب وتونس يمتلكان المعدلين كالتوالي 51 بالمئة و39 بالمئة. ولكن يمكن تفسير هذه النتيجة بمساحة الجزائر الشاسعة مقارنة بجاراتها.

كما أن البنية التحتية للأنترنت مازالت ضعيفة ولا تصل الى المستوى، وتستلزم القيام بأمور كثيرة من أجل تحسين الوضع لمستخدمي الانترنت الجزائريين.  كما أن لرداءة الانترنت سببا اخر يتمثل حسب تقرير كشفت عنه جريدة الشروق الجزائرية في بيع 1 ميغابيت الى أكثر من 40 عائلة في نفس الوقت مما يسبب زحمة كبيرة على الخط الذي يعتبر الطريق السيار الى الدخول الى الشبكة العنكبوتية فكلما زاد عدد المبحرين على نفس الشبكة كلما زاد الضغط عليه وبالتالي تضعف الشبكة. وبهذا يكون من المستحيل تقديم خدمة جيدة للزبائن بالرغم من ان للشركة نطاق نفاذ واسع يمكن من خلاله تحسين الخدمات.

فبلا شك، يعرف مستخدمو الانترنت في الجزائر أكثر من غيرهم مدى التقصير معهم في الخدمات، يعاني هؤلاء منذ سنوات من ضعف الأنترنت وانقطاعه في بعض الأحيان لأيام. ويعود هذا بالنسبة للتقنيين وخبراء جزائريين الى احتكار شركة اتصالات الجزائر للأنترنت وعدم إعطاء الفرصة للشركات الخاصة بالدخول والمشاركة في هذا المجال والذي يفتح المجال للتنافس بينهم من خلال عروض و باقات تمكن المواطن من اختيار ما يراه مناسبا له. من اجل وضع حد لهذا الاحتكار السلبي، تقدم عدة متعاملين خواص بالطلب من الحكومة بتحرير الشبكة الوطنية للألياف البصرية و البنية التحتية للاتصالات ونقاط النفاذ الى الشبكة الدولية للأنترنت و تأسيس متعامل مستقل بذاته و متخصص في تسييرها كما هو معمول به في اغلبية دول العالم. فعدم وجود متعامل منافس أدى الى ضعف الخدمة أو حتى عدم الاكتراث لها.

وهذا ما نتج عنه تأخر كبير في عدة ميادين مرتبطة بالأنترنت كالتجارة الالكترونية والدفع الالكتروني، على الرغم من وجود عدة مواقع جزائرية للبيع الالكتروني Echrily.com, Guiddini.com,  و لكن وجودها كعدمه فهي تستخدم طرقا تقليدية للدفع كالتحويل البنكي او الدفع بنفس المكان او حتى بالصك.

هذا و قد احتوى التقرير المشار اليه سابقا بأن شركة الاتصالات الجزائر فشلت في وضع خطة وطنية شاملة واضحة المعالم من أجل ضمان رؤية شفافة لكيفية استغلال الشبكة الوطنية للألياف البصرية بشكل امثل ما أدى الى تقديم خدمات رديئة بأسعار غالية للزبائن. كما تحتل الجزائر المراتب الأخيرة و تعتبر من البلدان ذات الانترنت الضعيف بحيث احتلت المرتبة -179- بسرعة تحميل 3.3 ميغابيت بالثانية حسب موقع نت اندكس.

وفي نفس الوقت، التحسينات قليلة وهناك عدة مناطق ريفية لا تملك الانترنت الى حد الساعة.

كما سجل في الفترة القليلة الماضية انقطاع للأنترنت بصفة جزئية من الجزائرمؤديا بها بالانقطاع عن العالم لأيام متواصلة، مؤديا بالجزائر الى فقدان 80 بالمئة من قدرتها بالدخول الشبكة العنكبوتية. نتيجة تضرر الكابل البحري الذي يصل مرسيليا – فرنسا- بعنابة –الجزائر- التي تبعد حوالي 600 كلم عن الجزائر العاصمة من الجهة الشرقية. تم الإعلان عن هذا من طرف الشركة الجزائرية للاتصالات يوم 22 أكتوبر الماضي.

هذا ما أدى بالكثير من مقاهي الانترنت بالوطن بغلق ابوابهم كما استغل الناشطون الجزائريون على الأنترنت بالتعبير عن سخطهم من الامر وانتقاد البنية التحتية للأنترنت في بلدهم.

بعد عودة الانترنت استفاد جميع زبائن اتصالات الجزائر بخدمة انترنت مجانية لستة أيام كاملة تعويضا للتضرر الذي حصل و الذي استنكره أغلبية الجزائريين.

وتملك الجزائر كابلين بحريين الأول الذي يربطها بفرنسا عبر عنابة والثاني يربطها بإيطاليا عبر العاصمة. وتسجل الجزائر 10 ملايين مشترك في الأنترنت الرقم الذي يمثل ربع سكان الجزائر بينهم مليونين مربوطين عبر خدمة ADSL.

ريم حياة شايف



Want more SumVoices? Read on!

Interested in contributing to SumVoices? Contact us at blog@sumrando.com.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 19 November 2015

Facebook Offers A French Flag; Concerned Users Provide Choice

allflags.com, Facebook profile picture
Allflags.world gives SumRando a new look.
If you’re one of the millions of people who check Facebook daily, you may have noticed a hostility in your news feed that wasn’t there a week ago. Users are upset that Facebook offered a flag in solidarity with the Paris bombings, but not one in support of Kenya; that Safety Check was turned on for Paris, but not Beirut; that they cannot express sympathy for Paris without being criticized for not sympathizing with other bombed cities; that the rights of refugees have been called into question…

Be it an act of recognition, apology, or pacification, Facebook activated Safety Check for the second time in less than a week, this time for Tuesday’s bombing in Yola, Nigeria. Historically, Safety Check had been reserved for times of natural disaster (think: April’s earthquake in Nepal), but Paris was the precedent that shifted the tool into the realm of human disaster.

Regardless, given that Nigeria’s Safety Check was not accompanied with a flag overlay, it’s clear that Nigeria has been given the ‘Free Basics’ treatment, if also likely that Facebook had little interest in perpetuating the very flag war it had begun.

A disaster is one of the few reasons we can imagine a user would want to broadcast their location and status to others; for that, we applaud Safety Check and its growing ubiquity.

Regarding flag overlays, however, we remind you that your Facebook page is just that: your page. Facebook’s suggestions are always yours to leave or take; your profile picture is yours to modify as you see fit. 

Facebook has been littered with French flags in the past week, but there are also countless examples of users taking matters into their own hands. Of note:
  • Allflags.world was created to add an overlay of flags from all countries attacked by ISIS to profile pictures. The website includes 27 countries and welcomes submissions of any countries overlooked.
  • Facebook user Hubert Southall posted “All cries need to be heard” and has offered to create any overlay not provided by Facebook for any user in need.

No platform is perfect, but what Facebook has always done well is enable users to express themselves to friends and the public as they (more or less) wish. The hostility of the past week demonstrates that Facebook users everywhere want equal treatment and also that messages are perhaps best expressed without Facebook’s prompting.


SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.