Supporting Reset the Net & Free Software for End-to-End Encryption

Today, June 5, just a year after one of the most significant leaks in U.S. history by Edward Snowden, SpiderOak joins Reset the Net and hundreds of thousands of others to protect our privacy and freedom from government mass surveillance. Our CEO, Ethan Oberman, had this to say about Snowden and the campaign: The Snowden revelations […]

Read More

Lessons to Be Gained from the Recent eBay Data Breach

The occurrence of security breaches at large companies appears to be on the rise. Last year, we saw massive data breaches at Target and Adobe affecting millions of customers. The personal data of many people were at stake as a result of the incidents. Data breaches are the stuff of nightmares for any enterprise. They not only suffer […]

Read More

Usability challenges on privacy-preserving systems (Part 3)

As we talked in here and in here, about the challenges of creating good usability/UX in a privacy-preserving system, password handling and processing is hard. What can we do to avoid having to worry about it? Third-party authentication systems Some of the big names in the internet have implemented this authentication thing for us. Twitter, for […]

Read More

Examining Lavaboom’s Email Service Security Against NSA Surveillance

In light of NSA surveillance, finding a truly secure email service presents a challenge. The PRISM revelations have made us aware of government surveillance programs targeting the email communications of millions of Americans for mass data collection, and as a result, many of us are more concerned about the privacy and security of our data in the […]

Read More

Usability challenges on privacy-preserving systems (Part 2)

In the previous post we started the first of several posts explaining the usability challenges when developing a privacy preserving service. Today we will continue with passwords and how they are processed. Password strength The main problem with making a system’s security depend on a password is that good ones are really hard to remember (or are […]

Read More

Protecting Data Against SQL Injection Attacks

Data attacks have unfortunately become commonplace these days, with new reports of penetrated security systems being reported on a seemingly regular basis. SQL injection is the most commonly used form of attack by intruders to compromise enterprise data, as it is highly effective and successful in gaining access. The SQL injection vulnerability has been around […]

Read More

Welcome Firefox Sync to the ‘Zero-Knowledge’ set of applications!

As a company, SpiderOak would of course benefit from being the only provider of privacy services. But there’s more to it than just money. We don’t want to be the only company in the privacy field because society benefits from variety in this case. So we embrace this, and our goal is to conquer markets where […]

Read More

NSA Surveillance Spurred Tech Firms to Tighten Security- Examining the EFF Survey Report

The PRISM revelations served as a wake-up call for tech firms in terms of privacy, security, and NSA surveillance. The documents leaked by Edward Snowden indicates that the NSA has left no stone unturned in getting access to a huge amount of sensitive user data. They have been successful in circumventing the majority of encryption technologies over […]

Read More

The cards on the table: people are being killed because of metadata

I’m the pessimist of the company, that’s basically my job description. But recent news like this from The New York Review of Books will make anybody want to start a plush bear manufacturing company and forget about all things digital. ‘We Kill People Based on Metadata’ Ok, so that’s scary and explicit. I’ve been saying […]

Read More

Considering Your Most Vulnerable Security Links- How to Combat Social Engineering Attacks

Enterprises invest huge sums of money on developing security mechanisms to protect company assets and networks against cyber attacks. With ever-emerging security threats, it becomes imperative for any organization to bolster their security controls. Organizations tend to focus on introducing new technical upgrades, improving encryption technologies, better threat detection, and prevention tools for preventing unauthorized access […]

Read More