Monday, 29 February 2016

It's a Vulnerable World: February 2016

It's a Vulnerable World, vulnerability, SumRando Cybersecurity, February 2016, VPN, Secure Messenger
Another month, another onslaught of Internet insecurities. The big news in February was the ongoing battle between Apple and the United States Federal Bureau of Investigation (FBI), but this short month also brought reports of vulnerabilities for airports, social media, faces and more:

Airport Wi-Fi: In an effort to demonstrate the danger of public Wi-Fi, Avast Software set up 3 fake Wi-Fi networks next to the Mobile World Congress registration booth at the Barcelona Airport. In 4 hours, Avast had the data of over 2,000 conference attendees. Gagan Singh of Avast advised, “With most Mobile World Congress visitors traveling from abroad, it’s not surprising to see that many opt to connect to free Wi-Fi in order to save money, instead of using data roaming services. When taking this route, people should utilize a VPN service that anonymizes their data while connecting to public hotspots to ensure that their connection is secure.”

Facebook Users and Non-Users: CNiL, the French data protection authority, has found Facebook guilty of collecting the information of non-users who visit public Facebook pages as well as collecting the sexual orientation and religious and political views of users without their explicit consent. CNiL has given Facebook 3 months to comply with the French Data Protection Act. If only the rest of the world were similarly looked after…

African Corporations and Governments: Hacktivist group Anonymous has targeted Rwanda, Uganda, South Africa, Zimbabwe, Tanzania, Sudan, South Sudan and Ethiopia in its latest attack on child abuse, child labor and internet censorship: “The focus of [Operation Africa] is a disassembly of corporations and governments that enable and perpetuate corruption on the African continent.”

Power Grids: Evidence has confirmed that a December blackout in Ukraine was in fact caused by a cyberattack. According to United States officials, such an attack is far from limited to the Eastern European nation, as power grids in countries such as the U.S. are no more secure.

Gmail: The security hasn’t changed, but it has become a bit more apparent. Gmail recently added a red unlock symbol to any emails that haven’t been authenticated by TLS encryption. Look for it: you may be surprised to discover how many insecure emails land in your inbox.
Social Media: February 18 brought not only elections, but also a shutdown of Facebook, Twitter and Whatsapp to Uganda, which was written off as a “security measure.” In response, a reported 1.5 million VPN downloads were used to access these valuable platforms on election day.

The Internet of Things: United States intelligence chief James Clapper is aware of the vulnerabilities found in IoT devices such as cars, appliances and power grids, but appears to view them in a positive light: “In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

Hospital Computer Systems: Vulnerabilities were found this month on both coasts of the United States. Ransomware forced the computers of a California hospital offline until the demanded $17,000. was paid and security researchers revealed the medical devices at a dozen Baltimore and Washington, DC hospitals to be vulnerable to attack.

Your Face: Artists Adam Broomberg and Oliver Chanarin have created portraits of over 100 Russians with Vocord FaceControl 3-D, a camera surveillance system. When utilized as intended, the cameras collect and identify the faces of passersby in crowded entrances to stadiums and train stations.

Surf secure, stay Rando and check out our Leap Year special: 12 months of SumRando Platinum VPN (unlimited data) for only $29 USD!

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.

Thursday, 25 February 2016

San Bernardino iPhone Unlocking Would Leave Us All Less Secure

All eyes will be on Apple this Friday, the day the company is due to respond to a court-ordered unlocking of an iPhone 5c.

Of course, it’s not just any iPhone; it’s the iPhone of Syed Farook, gunman in the December 2015 shooting in San Bernardino, California that led to the death of 14. And it’s not just any court order. It’s a court order with serious potential ramifications for the future of security worldwide.

The current round of the privacy/security battle between Apple and the United States Federal Bureau of Investigation (FBI) has enlisted the All Writs Act of 1789, obscure legislation that exists for extraordinary circumstances otherwise uncovered by law. In this case, the government is asking Apple to develop software that would allow a brute force bypass of Farook’s phone’s security passcode. Thus far, Apple has refused.

An impassioned Lawfare post by FBI Director James Comey argued that the demand is a special exception not to be repeated: “The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that.”

Recent polls have concluded that the thoughtful people of America remain unsure. In a Pew Research Center poll, 51% of respondents favored Apple helping the FBI, 38% were opposed and 11% were indifferent. A conflicting poll released by Reuters/Ipsos listed 46% of respondents as supporting Apple’s refusal to comply, 35% in support of the FBI and 20% indifferent.

In all this, one thing is for sure: it was Apple CEO Tim Cook—and not James Comey—who had the support of a protest rally behind him on Tuesday.

San Bernardino, Apple, data privacy, security, VPN, secure messenger, SumRando Cybersecurity
A San Francisco protest in support of Apple's commitment to privacy. [Source: Eric Risberg/AP]

Cook clarified Apple’s stance in a February 16 post:

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
“The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

Nate Cardozo of the Electronic Frontier Foundation went one step further and made explicit that this is more than just an American issue: “If China [today] demanded that Apple put in a backdoor, Apple would say no. That equation changes once Apple accedes to an FBI order. If the FBI can compel Apple to do it, and it’s publicly known that Apple has given the FBI this key, then China has a very different calculus…The PR around a Chinese demand gets a lot better for China, and a whole hell of a lot worse for Apple.”

Come Friday, Apple is expected to resist the court order on grounds that it is a violation of free speech and an inappropriate use of the All Writs Act, and also to ask that Congress, not the courts, be in charge of such matters. Given that Apple has been asked to extract data from 12 phones since September 2015, it’s hard to believe that the case of Farook’s iPhone is an isolated event and not a precedent waiting to be set. For the sake of all of our security, let’s hope this is one phone that remains unbroken.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Reflecting Upon the Iranian Blogosphere

As we await the results of elections in Iran, we look back at the Iranian blogosphere, Neda, and the Green Revolution. As of now, no major blockages of the internet have been reported on election day. 

Since the Green Revolution in 2009, the once vibrant Iranian blogosphere has become a shadow of itself. After the violence that saw Neda Agha-Soltan become a symbol of the revolution after a video of her death was uploaded to YouTube, the Iranian regime has cracked down on online communication and internet freedom. While blogging in general has declined throughout the world with the advent of Facebook and other social media, the drop that Iran has witnessed is greatly linked to the political climate that has seen hundreds of bloggers threatened, arrested, detained, and murdered. One study estimated 64,000 blogs in Persian at the peak. Only 15% of the blog URLs in the network were the same from 2009-2013. Fifty percent of reformist blogs are gone or not active, and twenty percent of the prominent blogs from 2008-2009 were still online at the end of 2013.

The first Persian blog was probably that of Hossein Derakshshan, known to some as the Iranian Blogfather. Deraskshshan, who goes by Hoder online, spent six years in the notorious Evin prison for his criticism of hardliner policy and Ahmadinejad in particular. While he is still active on Twitter, he no longer blogs regularly, and the tone of his writing has changed. He laments the loss of the vibrant blogosphere and the online independence it once had, condemning the social media giants for crushing that independence. He believes hyperlinks were a sort of currency, but now most content is housed within social media, which makes it easier to control information. Many of the bloggers who suffered a similar fate no longer have a public online voice.

Hoder was not the first Iranian blogger to go to prison, nor was his punishment the worst. Sattar Beheshti lost his life in Evin prison, a victim of torture at the hands of abusive guards. According to Global Voices Threatened Voices, 44 Iranian bloggers are currently in prison. The situation hasn’t changed under the Rouhani regime; in fact; arbitrary waves of arrests are rather normal. Since Rouhani has taken office, the following Iranians have been arrested for what they have posted online:

  • Oct 2013: Mahdi Khazali sentenced to 6 years, released after 7 months 
  • May 2014: 8 Facebook users sentenced to a combined 123 years 
  • May 2014: 6 youths arrested for posting a video of them dancing to the song “Happy” 
  • Sep 2014: Facebook activist Soheil Arabi sentenced to death; the sentence was commuted in Sept 2015 to two years of theology study
  • Oct 2014: Atena Daemi sentenced to 7 years for Facebook posts 
  • Oct 2014: 11 arrested for text messages containing jokes about Khomeini 
  • Feb 2015: 12 arrested for Facebook posts; another 25 summoned 
  • Jun 2015: 6 arrested for “illegal invitations on social networks;” 1 arrested for WhatsApp activity 
  • Sep 2015: Supreme Cyberspace Council created by Khamenei 
  • Nov 2015: 170 arrested for “acting against moral security” and “distributing indecent and immoral” texts and images 
  • Nov 2015: Journalist Somaz Ikdar sentenced to 3 years for Facebook posts 
  • Nov 2015: Blogger Mohammad Reza Pourshjari completed his prison term but has yet to be released 

Why were blogs so popular in Iran? Well, there’s the obvious reason that it was a platform to speak in a society that doesn’t always allow its citizens to speak. But what is often overlooked is the illusion of anonymity that blogging provided, an illusion shattered by regime crackdowns that began in the middle of the aughts and continues until now. When the first crackdowns began, bloggers who hosted their blogs on Iranian hosting services were easy targets for hardliners; moving to international platforms like Blogger and WordPress kept them only one step ahead until the hardliners learned how to find users through their IP addresses. Next came proxy servers. In a demonstration of what is good with humanity, many people across the globe worked round the clock during the Green Revolution to set up proxies so Iranians could continue to access social media and information about the protests. Photos of Neda lying in a pool of blood shared on social media served as a catalyst for continued protests that may have had some effect on Rouhani’s election. It was a spark, but only a spark.

VPNs became the next step to protect anonymity online, but the regime has become more sophisticated as well, having learned to block VPNs with varying degrees of success. A cyberpolice force and Supreme Cyberspace Council have been created, and the regime has forced IP registration for individuals and internet cafes, as well as identity registration for website owners and cell users. Despite the regime’s crackdown on VPNs, Iranians still use them to give themselves some semblance of internet freedom.

Want to know more about data privacy, anonymity and Internet access around the world? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday, 24 February 2016

Mobile World Congress 2016 Highlights Global Internet Inequities

This year’s Mobile World Congress is already shaping up to be one event with two contrasting missions, serving as a reminder that the technology divide between rich and poor is alive and well.

Mobile World Congress, an annual Barcelona event which attracts nearly 100,000 individuals from all walks of the mobile industry, saw a significant shift in focus this year, as the improved smartphone that was once the hallmark of the event no longer captures the attention it previously did: in the developed world, smartphones are reaching a saturation point and in emerging economies they remain out of the price point of the average consumer. As such, while some are busy seeking the next big thing, others are still on the hunt for basic Internet access—and few are looking for a more expensive phone.

Carolina Milanesi of Kantar Worldpanel ComTech summarized the dominant perspective well: “Everyone has a smart phone now. So the sellers need to try to figure out what kind of new devices will get consumers reaching for their wallets and spending their money.” For those with the cell phone they want in their pockets, this year’s Mobile World Congress has been all about the future potential of virtual reality, 5G and even smart cars.

The alternate narrative at Mobile World Congress is one that continues to be championed by Facebook’s Mark Zuckerberg. As the social platform founder pointed out, “It’s amazing that one is sitting here in 2016 and there are still four billion people worldwide who do not have access to internet.” He took advantage of the opportunity to both announce his new Telecom Infra Project and to promote the better-known Free Basics. The former will create a space for companies to collaborate in order to expand telecommunications infrastructure, in turn accelerating the pace of innovation beyond what a traditional model would allow; already, the project has been able to bring connectivity to a Philippine village that was previously without. Zuckerberg further credited Free Basics with connecting more than 1 billion people in 36 countries to basic Internet services and was confident in the service’s future, despite a recent ban in India for violating net neutrality.

Yes, Facebook has made its mission to connect all the world, but Mobile World Congress made clear that it is not alone in this endeavor. For example, American company Obi Worldphone was also in attendance, celebrating the release of its $149 MV1 smartphone. Compatible with Android 5.1 Lollipop or Cyanogen OS, the relatively inexpensive phone hopes to accommodate emerging markets in Asia, Africa, Latin America and Europe.

The disturbing trend that the first two days of Mobile World Congress only served to amplify is the reality that the developed world holds the rights to its own technological innovation as well as the innovation of others. American companies such as Facebook and Obi Worldphone claim to be part of a benevolent movement to bring equal access to all, but, as Mobile World Congress’s lack of interest in traditional mobile development makes clear, they are also part of an enterprising, entrepreneurial society desperately seeking the next big adventure. Emerging markets, take note., Mobile World Congress, Facebook, State of Connectivity 2015, SumRando Cybersecurity, Secure Messenger, VPN's State of Connectivity 2015 [Source:]

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday, 18 February 2016

SumRando Speaks: 5 Questions with i freedom Uganda’s Kelly Daniel

Today is the Ugandan presidential election. For those who have witnessed the event in the past, it’s hard not to expect a victory for Yoweri Museveni.

Museveni, who has held the office since 1986, gained international attention in 2014 for signing the repressive Anti-Homosexuality Act, a measure that not only threatened life imprisonment for the “offense of homosexuality,” but also criminalized the use of “internet, films, and mobile phones for the purposes of homosexuality or promoting homosexuality.” The Act has since been nullified on a technicality, but a Museveni win today would only strengthen the argument for its reintroduction.

With or without the Act, Uganda is a place largely unfriendly to the LGBTI community, a fact that i freedom Uganda Network is actively working to counteract. The Network is made up of 28 LGBTI, Sex worker and human rights organisations, all collectively working for the freedoms of speech, expression, association and assembly. In our most recent interview, i freedom Uganda Executive Director Kelly Daniel shares more about the Network’s successes and his personal approach to security.

1. Describe the work you do with i freedom Uganda and why you do it.

i freedom Uganda Network, SumRando Speaks, Kelly Daniel, Uganda, SumRando Cybersecurity, VPN, Secure MessengerI am the Executive Director for the i freedom Uganda Network and the Secretary for Gender and Disability for the Internet Society Uganda Chapter.  
i freedom Uganda Network is an organization that promotes and supports freedom of speech, expression, association, and assembly through technical IT support and research and development of tools and applications that enhance digital security and safety.

i freedom is guided by the principles of the Human Rights-Based Approach (HRBA), and although its intervention primarily targets its membership, it also addresses the needs of other Human Rights Organizations (HROs) that may require its services.

We are an organization that strongly believes in freedom of expression, free speech, freedom of association and of assembly and as such we use the available technologies to safeguard citizens when they are exercising these rights. In this, we provide free digital security training to marginalized LGBTI and Sex Worker persons in Uganda and offer free web designing and hosting in a bid to improve on existing platforms of sharing information by Civil Society Organizations in Uganda. We also run a crowd sourcing map where we monitor violations of freedom of expression, association and assembly among other activities.

2. What is i freedom Uganda’s greatest success to date?

Since the year 2013 we are proud to have reached more than 500 marginalized gender and sexual minorities in Uganda with our digital security training and a further 400 Sex Workers with our Computer Literacy training. We have managed to design and host over 10 organizational websites since last year. We have also continued to represent gender and sexual minorities in Uganda in Internet freedom initiatives across the globe, from the Uganda Internet Governance Forum and the Forum on Internet Freedoms in East Africa to the Global Internet Governance Forum. Our voice on behalf of the gender and sexual minorities of Uganda continues to echo far and near.

3. From your perspective, are the issues faced in Uganda regarding digital privacy and net neutrality unique or are they similar to those faced elsewhere?

I think the issues faced are in no way unique from what happens elsewhere in the world. What is unique is the way we as Ugandans and indeed Africans interpret these issues and understand them.

4. What individual, organization or law would you like to recognize for its work in support of or against digital privacy rights and net neutrality?

I would like to recognize the wonderful contribution of activist organisation Tactical Tech Collective in support of digital privacy rights. Their digital security manuals have continued to be a great resource for many of us in Uganda and Africa at large. They indeed take a very positive stance when it comes to defending net neutrality too.

5. What measures do you take to protect your digital privacy and security?

What should I say? It is just simple, strong passwords and using applications and tools that support strong end-to-end encryption.

Want more SumRando Speaks? Read on!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday, 17 February 2016

Cybersecurity in Ghana: A Promising Work in Progress

Ghana, 2015 Ghana National Cyber Security Policy and Strategy, Data Protection Conference, SumRando Cybersecurity, VPN
In a world of cybersecurity problems, Ghana is one country actively seeking solutions.

In 2015, the West African nation embraced a National Cyber Security Policy and Strategy, in which it first laid out a long list of concerns:
  • Cyber cafes, a primary source of Internet access for many Ghanaians, have become “fertile” for cyberattacks.
  • The growth of smart phone usage as well as M-commerce has led to increased mobile phone cybercrime.
  • Multiple government websites have also fallen victim to cyberattacks.
  • “Sakawa,” Internet fraud that takes advantage of traditional and religious rituals to gain money, continues to be popular and to be under-prosecuted due to an under-resourced and untrained police cybercrime unit and a lack of laws against such acts.
  • A coordinated structure for reporting cyber incidences does not exist.

With a vision of creating, “A secure and stable connected Ghana with Internet users working and creating wealth in a safe cyber space, with a well-researched and trained academic and professional community protecting Ghana’s cyber space equipped with global standards and responding swiftly to cyber incidents, and with up-to-date laws and systems in place to efficiently prosecute cyber criminals,” it is clear that the Ghana National Cyber Security Policy and Strategy aims to remedy the aforementioned issues.

Such change, however, won’t happen overnight.

To achieve this vision, Ghana is focused on nine policy pillars, set to be achieved in a 5-year strategic plan between now and 2020. The pillars are: effective governance, a legislative and regulatory framework, a cyber security technology framework, a culture of security and capacity building, research and development towards self-reliance, ensured compliance and enforcement, child online protection, cyber security emergency readiness and international cooperation.

Although Ghana’s nine pillars remain a work in progress, last month’s inaugural Data Protection Conference in Accra demonstrated Ghana’s commitment to work in the present towards a more secure cyber space. The conference, themed, “Creating the Right Balance between the Need for Information and Data Protection,” strived to raise awareness about data protection issues and statutory obligations for data controllers and processors.

The event reminded the hundreds in attendance to adhere to the provisions set out in 2012’s Data Protection Act (Act 843), legislation that has been widely applauded for directly addressing the need for data privacy. Of note, the act establishes data protection principles and guarantees user rights regarding personal information, including the right to access and amend your personal information, to prevent processing of your personal information and to complain to the Data Protection Commission. Unfortunately, Act 843 is not without flaws. The Data Protection Act includes a vague exemption to all provisions of personal data processing when for the good of “public order, public safety, public morality, national security or public interest.” Such loosely defined terms can be—and frequently are—used to infringe upon individuals’ rights.

In the words of Ghanaian Chief Justice Georgina Theodora Wood at the conference, “Privacy fortifies our human dignity and guarantees other key values such as freedom of association and freedom of speech in our society. Our fundamental right to privacy as enshrined under Article 18(2) of the 1992 Constitution cannot and should not be compromised, especially today.”

We agree. The National Cyber Security Policy and Strategy and the Data Protection Act collectively establish Ghana as a leader in cybersecurity and protection of free speech. As we wait to see what that brings, remember your privacy and security remain in your own hands.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday, 11 February 2016

Karisma Advises Colombia to Dismantle Data Retention Regime

Colombia, Latin America, SumRando Cybersecurity, VPN, Secure Messenger, data privacy, government surveillance
Lately, Colombian news has been plagued with problems in need of solutions: the threat of Zika, the persistence of female genital mutilation, an increase in violence against journalists and even a not-yet-agreed-upon peace following decades of civil war.

The issue that has not received its share of attention is data retention.

In January, the Karisma Foundation quietly released a report titled, “Is Data Retention Legitimate in Colombia?: Comparative Analysis of a Mass Surveillance Tool that Restricts Human Rights.” Karisma’s report may not have reached audiences everywhere, but its conclusion must: Out of respect for human rights, Columbia needs a new approach to data retention.

The report included a powerful reminder of why our metadata matters: “Our most personal information, a reflection of our life and our very thoughts, no longer remains exclusively in our private sphere. Now, personal information is also found in databases, built for different purposes and administered by entities both public and private. These databases are fed by constant flows of information. Together, they make up a file about each individual, a “personal dossier”. Computers register the time they are turned on, the applications they use, the webpages they visit, and the location from which they are used. Cell phones are constantly aware of their location, and they register incoming and outgoing calls, text messages, and photos. The strength of these data lies in their combination: an analysis based on cross referencing various databases can reveal enough about a person to constitute a violation of their rights.”

In the report, Karisma compared practices in Colombia with those in Brazil, Mexico and Peru and investigated the legitimacy of each country’s data retention as defined by the Organization of American States, which finds communications surveillance legitimate if it is established in a law; pursues a legitimate aim; is necessary, adequate and proportional to the objective pursued; and respects due process and judicial review.

Specifically, two Colombian laws were examined: Decree No. 1704 of 2012, regarding criminal investigations, which requires telecommunications service providers to keep subscriber information and device location data and Law No. 1621 of 2013, focused on intelligence activities, which mandates retaining “communications activity histories for telephone subscribers, technical identification data for subscribers subject to operation” and location data.

Karisma found Colombia’s data retention according to Decree No. 1704 and Law No. 1621 to be illegitimate because:

  • The laws are vague and limitless, not legitimate or proportional. What exactly must be kept and for how long is ambiguous. All criminal investigations are granted access to data, as are all “authorized” intelligence activities; who provides such authorization is not defined.
  • Data retention is not subject to judicial authorization or review. It’s automatic for all.
  • There is a lack of transparency. Users are not notified of monitoring practices and the state does not disclose information about requests for communication interception and surveillance. Therefore, citizens cannot appeal or respond to what they don’t know.

The report concludes: “Data retention law in Peru, Colombia, Mexico and Brazil are too permissive, too broad, and provide so few guarantees that it isn’t possible to rely on them as a legal framework for the protection and respect of their citizens’ human rights. It would be advisable for Colombia and the remaining countries to demonstrate their strong commitment to the protection of human rights and to dismantle the current data retention regime.

Colombia has her hands full right now, but if she can mitigate Zika while potentially concluding peace talks with the FARC, we’re confident there is also room at the table for data retention revisions.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday, 9 February 2016

SumRando’s Guide to a Secure Brazilian Carnival Experience

Brazil, Carnival, Zika, Chiba, VPN, Secure Messenger, SumRando Cybersecurity
[Source: Yasuyoshi Chiba/AFP/Getty Images]
Brazil is currently mid-Carnival celebration, which means the weather is warm, the party is endless and the clothing is practically non-existent. This annual event gives Brazilians and tourists alike an opportunity to let it all hang out before Ash Wednesday ushers in yet another season of Lenten piousness.

Year after year, Carnival has proven to be an explosion of Samba, shimmer and sensuality, but one of this year’s main attractions is an invisible virus called Zika. The virus, which was recently discovered to lead to the birth defect microcephaly in pregnant woman, has infected 1.5 million Brazilians already. Known to be contained in saliva, semen, sweat and blood and thought to be transmitted by mosquitoes (if not the bodily fluids themselves), it’s not hard to see that the very premise underlying hot, sweaty, sexual Carnival is a public health incident waiting to happen.

Regardless, if the first four days of this time-honored tradition have proven anything, it’s that the show will go on, virus or no. For those who are celebrating, SumRando suggests the following critical safety gear:

  • Mosquito Repellent: Apply. Apply. Bathe. Apply. And apply some more. 
Tama, Brazil, Carnival, Zika, VPN, Secure Messenger, SumRando Cybersecurity
[Source: Mario Tama/Getty Images]
  • Protective Costumes: Be creative! Tuck a little mosquito netting under your hat to keep your head safe, or go all out and cover your entire body.
  • Condoms: Health workers at Carnival hand out condoms every year, and this year they have seen more takers than ever before. If you were looking for an excuse to practice safe sex, know that the latest research points towards sexually transmitted Zika.
  • SumRando’s VPN: How many times a day do you use the Internet on your phone? Multiply that number by 6 and that’s how many times you will use it on insecure public Wi-Fi from Carnival’s Friday kickoff to Ash Wednesday. Be smart—login to SumRando’s VPN before entering any passwords or personally identifying information online.  
  • SumRando Secure Messenger: Want to guarantee that only you and a selected recipient see a certain Carnival photo? Better yet—want to permanently delete that photo from both phones after it has been seen? SumRando Messenger for Android is here for you. 

Carnival’s persistence in the face of Zika is a good reminder that the lives we lead—in person or in private—are ours, are worth living and are worth protecting. Samba secure and stay Rando!

Want to know more about data privacy around the world? Read on!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Friday, 5 February 2016

Lunar New Year: Your News or Ours?

Much of Asia and the world will celebrate Lunar New Year on Monday, February 8. What will vary from place to place is how the media chooses to depict the holiday:

From our Hong Kong server, the South China Morning Post reported on the pressures Lunar New Year brings to have a significant other—and how far individuals will go to manufacture one:
Hong Kong, VPN, Your News or Ours?, SumRando Cybersecurity
[Source: A Secret Between Us]

In Singapore, the Straits Times focused its attention on a pre-New Year ritual involving money:
Singapore, VPN, SumRando Cybersecurity, Your News or Ours?
[Source: ST/Neo Xiaobin]

And in the United States, Reuters took advantage of the opportunity to highlight the politics behind the Pope’s Lunar New Year well-wishes:
Reuters, United States, VPN, SumRando Cybersecurity, Your News or Ours?
[Source: Reuters/Max Rossi]

The news you receive depends on where your internet service provider believes your computer is. See for yourself with our nodes in Brasil, Hong Kong, Jordan, New York, Singapore, Sweden and Turkey. Discover what's out there, surf secure and stay Rando!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.

Tuesday, 2 February 2016

It's a Vulnerable World: January 2016

Vulnerabilities this past month popped up in the places we’d least expect: dental software, Blackphones, thermostats and even Twitter shortlinks, just to name a few. Take note of the risks below and take time to protect yourself:

It's a Vulnerable World, vulnerability, vulnerability roundup, VPN, Secure Messenger, SumRando CybersecurityDental Software: Dentrix G5 has been proven to not live up to the industry-standard level of encryption that its advertising promised, leaving sensitive patient information insecure.
Hyatt Hotels: Malware compromised the payment card data at Hyatt hotel restaurants, spas, golf shops, parking, front desks and sales offices worldwide from August 13 to December 8, 2015. A list of locations affected can be found on Hyatt’s website.

Blackphones: Smart Circle’s Blackphone, the “private by design” smartphone, has a vulnerability of its own: an open socket was found to allow hackers to control functions such texting, calling and altering the phone’s settings.

Phone calls: The MIKEY-SAKKE voice encryption protocol, promoted by the British government as a secure way to communicate, is in fact “motivated by the desire to allow undetectable and unauditable mass surveillance.” MIKEY-SAKKE supports key escrow, which gives the government the very backdoor into phone conversations it was looking for.

Argentina, Brazil, Ecuador and Venezuela: For the last seven years, hacker group Packrat has been targeting political opposition and the independent press in these South American countries with malware, phishing and disinformation. Even more disconcerting is the fact that the attacks are thought to be carried out by government actors.

Nuclear power: 20 countries, including Argentina, China, Egypt, Israel, Mexico and North Korea, completely lack government regulations regarding protection of atomic weapons or nuclear facilities against cyberattacks. According to former United States Senator Sam Nunn, “There was great progress for six or so years. But it has slowed down. It’s hard to keep this subject on the front burner.”

IoT thermostats: The Google-owned Nest Learning Thermostat was found guilty of leaking homeowners’ zip codes. Rest assured, the bug has since been fixed.

Medium in Malaysia:
When Malaysia blocked the Sarawak Report in 2015, the investigative journalism news source turned to publishing its articles on Medium. Now, Malaysia has blocked all of publishing platform Medium, citing “false” reporting as the reason for doing so.

Twitter links: Choose your Twitter shortlinks carefully: disguised links to have been circulating the platform. Accidentally click on one of them and your iPhone or iPad will shut down immediately.

Surf secure and stay Rando!

Want to know more about previous security vulnerabilities? Read on!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!