Encryption in Transit and At Rest

19 05 2017

There is an app for that.

It’s Boxcryptor by the German Secomba GmbH and it’s easy to use with a perfect design. Nothing is saved on Secomba’s servers without being encrypted by the user’s password, a zero-knowledge relationship between the user and the company behind Boxcryptor.


Here’s a short guide for backup freaks enabling them to even access their sensitive information in the worst case (iPhone died or was stolen). The good news is that they can even do it with their 💯$ Windows 10 backup phone.

Let’s get ready to rumble …

If a note contains sensitive information it can be locked with iOS’s built-in encryption capabilities. As an option it’s either stored locally on the iOS device or on iCloud.

It’s intended to

  • store an encrypted backup on a further cloud storage like Dropbox, Box, OneDrive, Google Drive, etc
  • ensure access to encrypted files from a device running on a different OS, e.g. a mobile phone running on Windows 10

Here is the workaround to transfer files from Apple Notes on an iPhone to Dropbox as a strongly encrypted PDF.

  1. Write a note.
  2. Tap on the Action Menu (top right).
  3. Choose PRINT.
  4. In PRINT PREVIEW force press on page 1.
  5. Tap on the Action Menu (bottom left).
  6. Choose BOXCRYPTOR.
  7. In BOXCRYPTOR choose UPLOAD.

Note …
A zero-knowledge service provider will always store any private and sensitive information in an encrypted form protected by the user’s password – which is never transferred to the provider. Passwords, password keys, and file keys never leave the users’ devices and are never transferred anywhere or to anyone.

Handle with care! Zero-knowledge means that Secomba cannot help you if you forgot your password. You’ll lose access to all encrypted files.

Benefits …

Your are safe and so you are. If you buy a new device you mustn’t take care of the OS. Boxcryptor runs on Windows, Windows Mobile, macOS, Android, iOS, Blackberry, and Chrome. 28 clouds are supported including Apple iCloud. You can share files with non-Boxcryptor users (Dropbox, OneDrive, Google Drive only as of May 2017).

More …

Boxcryptor Review

Boxcryptor Technical Overview

Thanks for reading.





Expensive password keeper?

17 05 2017

or even with a subscription model?

That’s the new way developers try to assure their livelihood and secure against poverty. That stands to reason and ad a retired programmer I know what I’m talking about.

But …

Users disagree substantively over subscription models although it’s the only way to do a meaningful economic analysis.

How much money are they willing to spend monthly for their let’s say 30 apps?

Stats tell us that this is the average number of apps frequently used by iOS users.

Well, I personally do not have any subscription (except my 50GB iCloud plan for 0.99€/month).

It’s not only Apple’s SVP Phil Schiller promoting subscription based models but also he makers of the well-known password keeper 1Password. So it was time for me to scrutinize alternatives.

And it turned out that Apple’s built-in app NOTES is now my first choice. I don’t need and don’t want to use the integrated browsers of 1Password or OneSafe. I have Apple’s strongly encrypted Keychain to save credentials for websites opened in Safari.

But what happens if things don’t go my way?

Well, then I still have the list of essential access information in a locked note of Apple’s built-in App Notes. For free.

More …

Apple Notes

Thanks for paying attention.





About Apple Pay, no kidding!

24 04 2017

A shopaholic’s best friend

If a new technology or service hits the market it shouldn’t be accepted without qualification.

Here are my thoughts and reservations not only about Apple Pay but also about electronic payments with smartphones or smart watches in general.


Well, in your everyday life the easiest way to get rid of your -bogus- money is to pay cash. But carrying cash with you is followed by two risks: loss and mugging. Both may also happen to your password.

So there is a need to innovate and make payments secure and fast with something you always carry with you: eyes and fingers.

Admittedly you also carry your belly with you but after intense scientific researches it turned out that the waist circumference isn’t as unique as required.

Apple decided to use the fingerprint as the biometric identifier.

Your fingerprint might be unique but the technique to transform it into bits and later retrieve you as the actor can be buggy according to Murphy’s law.

So, what happens if things don’t go your way?

If you need support the worst case that can happen, a customer’s nightmare, is, that you have more than one partner. Here it’s Apple and your bank. Apple will say that they don’t have access to your data because the transaction isn’t done with real data but with generated tokens. The bank will tell you, that it’s not responsible for the technique and it suggests to contact Apple or, that your Axx processor should be repaired.

And what about the lost money?

It’s way to complicated to explain the strange redemption of John Doe’s or Mr A.N. Onymus’ money. Refunds are announced many times, according to legislation. But it seems that there are some unexpected black holes implemented in laws.

For God’s sake do not invest in any technique except your pillow (only halfway filled but secure). SMSs are winging it’s way to recipients in a jiffy but money still uses the Silk Road on the back of turtles.
Abso-fucking-lutely fuckers, that’s what bankers are when returning money or gaming via Investment Fonds, sorry, ASFs, aka Arrant Scoundrels Fonds.

Btw, did you know that ASF is also the official abbreviation for ‘African swine fever virus’?

Bankers are responsible for the financial crisis, they dashed people’s hopes, force people into poverty, and forward a very special legacy to our children, valuelessness.

So we learn:

Isn’t the law – still not adapted to activities in the Internet – a nicely flexible and bendable thing?

If you are a shopaholic or not don’t use the ultra-modern techniques. Get rid of your money by paying cash or using the old-fashioned credit card. Don’t trust all the involved techniques and transfers of data over thousands of miles via cables, servers, and through the air. They are not qualified to build up confidence.

I’m an Apple fan and trust in what Tim Cook tells us about privacy. But there should be limits because even Tim and his excellent engineers can’t kill all bugs living in Apple’s ecosystem. Some bugs are like bacteria, they are resistant. Some others are doing their job on the way to Maiden or other data centers.

Summary …

New kinds of electronic payment systems are not designed to reduce the costs but to get more personal data and force people to spend money they don’t have.

Why going a long way round? The next level of paying is to do it even without any device, just with your fingertip or your eye.

Follow Roman poet Ovid’s slogan Nip things in the bud (“Principiis obsta”) to prevent the society getting fully electronic instead of improving humanity.

Thanks for reading and
sorry for going ballistic.

If you ask me “Are you serious?”
my answer is “Nine times out of ten.”.





Bad Boys

4 04 2017

Strong efforts have to be undertaken to secure data in the digital world. Even your identity can be countermined if you think about a hacked social media account where a bad guy publishes using your name.


Sometimes hackers behave like terrorists and try to destroy everything they are able to. A victim could suffer humiliation, identity theft, and lifetime suspension from services and social networks.

So turn on 2-Factor Authentication.

2-Factor Authentication means “something you know” (like a password) and “something you have” (like a smartphone). Once you activated 2-Factor Authentication you have to use both, your password and an authorized device to sign in. To increase usability Apple as well as Google let you authorize a device to not asking for an authentication code again.

With 2-Factor Authentication security is drastically increased but not perfect at all. The only way to further increase the level is to use biometric identifiers (like a fingerprint) which are actually not supported for mobile devices. A standardized solution implemented in all operating systems would be a great step forward.

Many authentication processes could be made much more easier if “something you are” (fingerprint, iris) would replace “something you know” and it would increase security drastically if all these three methods are combined to identify yourself.

Regarding codes for 2-Factor Authentication …

There is an app for that. It’s AUTHY.

Running on your iPhone (even in the Notification Center) and on your Apple Watch it provides generated codes for the 2nd step of logging into your account.

Some background information

More about Bad Boys

Thanks for reading.





Overheating

9 10 2016

It happens not only with Samsung’s Galaxy Note 7 devices. So it’s good to know more about your smartphone’s energy pack.


If a Li-ion battery overheats, hisses or bulges, immediately move the device away from flammable materials and place it on a non-combustible surface. If at all possible, remove the battery and put it outdoors to burn out.

A small Li-ion fire can be handled like any other combustible fire. For best result use a foam extinguisher, CO2, ABC dry chemical, powdered graphite, copper powder or soda (sodium carbonate). If the fire occurs in an airplane cabin, the FAA instructs flight attendants to use water or soda pop. Water-based products are most readily available and are appropriate since Li-ion contains very little lithium metal that reacts with water. Water also cools the adjacent area and prevents the fire from spreading. Research laboratories and factories also use water to extinguish Li-ion battery fires.
(batteryuniversity)

More …

Li-Ion Batteries

Safety Concerns

Take care and thanks for reading.

Note
No, it’s not true that I took this photo of a burning Note 7 with my iPhone 6S Plus.





Insecurity of Security Apps

1 06 2016

Open systems are almost always open to bad guys. Only limitation (a rigorously implemented “sandbox mode“) adds value to your digital life. Openness is only needed if smartphones are designed to be play stations.

It’s the job of manufacturers to offer security.

Think of it like this:

You buy a car. Then you have to visit a market for accessories to separately buy the safety belts. Nobody would accept that.


Regarding mobile devices without wheels everybody should know that there are many bad as well as innovative guys often behaving like terrorists and always on the way to compromise digital identities.

So …

Again it turns out that running iOS is the best way to stay secure.

Here is the latest analysis of Fraunhofer SIT …

Insecurity of Security Applications


Note

If you want to keep a secret, you must also hide it from yourself.

(George Orwell)

Thanks for taking your time.





The new Porsche 911

20 12 2015

The new 911 only has Apple Car Play because Google is Nicht Gut.

So much for “Do No Evil.” There’s no technological reason the 991/2 doesn’t have Android Auto playing through its massively upgraded PCM system.

But there is an ethical one.

As part of the agreement an automaker would have to enter with Google, certain pieces of data must be collected and mailed back to Mountain View, California. Stuff like vehicle speed, throttle position, coolant and oil temp, engine revs – basically Google wants a complete OBD2 dump whenever someone activates Android Auto.

Not kosher, says Porsche.

Obviously, this is “off the record,” but Porsche feels info like that is the secret sauce that makes its cars special. Moreover, giving such data to a multi-billion dollar corporation that’s actively building a car, well, that ain’t good, either. Apple, by way of stark contrast, only wants to know if the car is moving while Apple Play is in use. Makes you wonder about all the other OEMs who have agreed to Google’s requests/demands, no?

(motortrend com)

  
Dire straits for companies whose business model is based on selling customer data, especially in Europe. Google damaged their reputation with collecting data extensively. People don’t trust this data kraken any longer.

Thankfully Apple just sells exciting products.

More …



13 Cool Facts about the 2017 911



Apple and Porsche, about similarities



When government comes knocking



CarPlay by Apple


Thanks for visiting iNotes4You.








%d bloggers like this: