Tag Archives: privacy

Secure Banking & the Cloud

The banking world has set out some of the tightest online security measures for secure banking transactions on the web. But as hosts of private customer knowledge, account numbers, and assets, online banking services are prime targets for hacking, leaks, and attacks. One of the best ways for banks to secure their information is to remap their services using the private development framework Crypton while exclusively storing and syncing sensitive data to a secure cloud service provider.

Courtesy of dailymail.co.uk

Santander

Recently a Santander bank branch in London was the victim of a sophisticated cyber-attack worthy of the silver screen. London police in conjunction with PCeU, Scotland Yard’s e-crime unit, detained twelve men on suspicion of conspiring to steal data and money from the bank. One of the suspects allegedly posed as a maintenance engineer and was able to install a keyboard video mouse device (iKVM) to a branch computer, which enabled the group to seize the desktop contents of the device through the bank’s network. According to PCeU Detective Inspector Mark Raymond, “This was a sophisticated plot that could have led to the loss of a very large amount of money from the bank, and is the most significant case of this kind that we have come across.”

Courtesy of techweekeurope.co.uk

KVM Switch

Santander responded through a spokesman, which assured customers that their assets were still safe. According to a statement the bank claims, “Santander was aware of the possibility of the attack connected to the arrests. The attempt to fit the device to the computer in the Surrey Quays branch was allegedly undertaken by a bogus maintenance engineer pretending to be from a third party. It failed and no money was ever at risk. No member of Santander staff was involved in this attempted fraud. We are pleased that we have been able, through the robustness of our systems, to prevent the fraud and help the police gather the evidence they needed to make the arrests.” But according to Dr. Eerke Boiten from the University of Kent, the failed plot should be cause for concern for all banks as it shows a ramped-up level of criminal sophistication. Boiten says that the iKVM “captures all the information that goes to the screen, keyboard and mouse. If you manage to get it installed inside the computer, it gives you a way of contacting the device through a remote computer. This is what people use for controlling a big server remotely. You basically can control a computer inside that bank branch. With one such device you can do as much damage as an individual teller can, within the bank. This is not just one guy trying to install this thing and see if he can get through to the Internet.” The foiled attempt at digital theft shows that thieves are willing to exploit any and all weaknesses in security, whether physical or digital.

Courtesy of cs.kent.ac.uk

Dr. Eerke Boiten

This case of attempted theft has caused a wave of concern to ripple through the tech security world. According to senior security researcher at Kaspersky Lab David Emm, “Like many other hacking attempts, the game plan of the hackers in this case was to be able to get information on transactional and customer data held on the computers within the bank to use for financial advantage. This attempt should remind organizations that a holistic approach needs to be taken toward security. It’s not just the IT security methods that need to be scrutinized, but the people within the organization as well.” Banks should make sure that all employees are brought up to date on security protocols and that no unauthorized personnel are allowed near branch devices.

As McAfee CTO Raj Samani says, “These arrests prove that the ease with which anybody can conduct what is described as a very significant and audacious cyber-enabled offence requires limited technical knowledge and [a] questionable moral compass. Simply plugging in a physical device that can be [acquired] from any number of legitimate outlets demonstrates that the bar required to be a ‘cyber-criminal’ is probably at its lowest level.” The fact that banks and security experts can’t agree on the level of sophistication that this foiled plot poses should worry customers that expect strong security measures for their assets. Through creating completely private infrastructures on Crypton and uploading sensitive information to a private cloud, banks can ensure that data is kept safe, even when accessed remotely from approved users.

Keeping Customer Data Safe With SpiderOak

For most banks, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides banks with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive customer data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, banks can rest easy knowing that their customer data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a secure mobile workforce.

The DEA, AT&T, And Your Right to Privacy

It wasn’t that long ago that Edward Snowden blew the lid off the NSA’s now notorious PRISM program. This digital spying program has caused a fierce backlash against participating companies and may even result in lost revenue for many U.S. cloud companies. Recently, the New York Times revealed that AT&T has partnered with the DEA in offering law enforcement officials access to a massive database of phone records. Civil liberties groups are enraged and promise to battle this encroachment of citizen privacy in the courts. In the meantime, mobile users should be wary of information they disclose through their phones. And any sensitive data hosted online should be exclusively stored through a secure cloud that offers data privacy and user anonymity.

Courtesy of static.rappler.com

The Hemisphere Project

The DEA program is called The Hemisphere Project and is enabled through a close partnership with AT&T. According to the NYT release, the U.S. government pays AT&T to merge some of their employees with drug enforcement units around America. Officials are aided by AT&T employees in accessing phone data from 1987 until today. According to the American Civil Liberties Union’s deputy legal director Jameel Jaffer, “the integration of government agents into the process means there are serious Fourth Amendment concerns.” The program has remained secret until relatively recently and Jaffer wonders if “one reason for the secrecy of the program is that it would be very hard to justify it to the public or the courts”.

 

Image courtesy of publicintelligence.net

How the Project Works

The Hemisphere project uses a complex algorithm to track users across different phone devices so that investigations remain fluid even if someone gets a new phone. Law enforcement officials, the DEA, and detectives can tap the project to find the exact location of phones as well as call logs from as old as one hour. The ACLU’s Jameel Jaffer claims that “The government appears to have had a significant role in developing the program, and apparently it’s even paying the salaries of some AT&T employees…To the extent that this is a government program, it’s subject to the Fourth Amendment. In any event, the fact that AT&T is playing such a big role here should be alarming, not reassuring. AT&T is looking out for its shareholders, not ordinary citizens, and its conduct isn’t governed by the Constitution.”

Courtesy of networkworld.com

Disclosure Statement

Digital privacy groups, consumer advocates, and 4th Amendment defenders echo Jaffer’s concerns. The government claims that the outrage is unwarranted and that this program isn’t simply a telecommunications version of PRISM. According to Justice Department spokesman Brian Fallon, “Subpoenaing drug dealers’ phone records is a bread-and-butter tactic in the course of criminal investigations…The records are maintained at all times by the phone company, not the government. This program simply streamlines the process of serving the subpoena to the phone company so law enforcement can quickly keep up with drug dealers when they switch phone numbers to try to avoid detection.” But consumers are wary of such data collection and monitoring programs, especially as the PRISM leak shows that the government isn’t always honest when asked about the extent of their privacy breaches.

Marc Rotenberg is the Electronic Privacy Information Center’s executive director voiced concern over the high potential for abuse in the program. According to Rotenberg, “One of the points that occurred to me immediately is the very strong suspicion that there’s been very little judicial oversight of this program,” Rotenberg said. “The obvious question is: Who is determining whether these authorities have been properly used?” When it comes to any data you want to keep safe, be careful of what you disclose over unsecured telecommunication servers. And for any online data you need to store or sync, be sure to exclusively upload to a secure cloud provider.

Securing Data Online With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling safe mobile access.

How to Reduce Your Risk in the Cloud

Small businesses have been somewhat hesitant to switch to cloud service providers, especially after the NSA PRISM program leaks. International backlash threaten many U.S. cloud services, as users are suspicious of governmental citizen espionage. But there are ways for businesses to still leverage all of the cloud’s benefits while securing their data from legal snoops. From better practices onsite to exclusive storage through a secure cloud service, there are plenty of options for SMBs to protect themselves from all sides.

 

Courtesy of risk.net

Cloud Warning

 

Some businesses are already aware of cloud services that protect user data through strong encryption and zero-knowledge policies, but many still don’t know hot to protect data onsite. Encryption should begin at home through Virtual Private Network (VPN) and TLS (HTTPS) tunnels. Through proactively protecting data before it reaches your secure cloud provider you can ensure that you have all of your bases covered. Don’t let government overreach scare you away from capitalizing on the cloud, with a service that offers data privacy and user anonymity, you can reach the right combination of convenience and security.

 

Courtesy of online-backup.choosewhat.com

Data Encryption

 

Aside from employing a secure cloud and encrypting onsite, there are other ways to help keep your data safe while using the cloud. Gretchen Marx is the manager of cloud security strategy at IBM and recently offered The Guardian six keys steps to protecting your data while using a secure cloud:

1. Know who’s accessing what
People within your organization who are privileged users, – such as database administrators and employees with access to highly valuable intellectual property – should receive a higher level of scrutiny, receive training on securely handling data, and stronger access control.

2. Limit data access based on user context
Change the level of access to data in the cloud depending on where the user is and what device they are using. For example, a doctor at the hospital during regular working hours may have full access to patient records. When she’s using her mobile phone from the neighborhood coffee shop, she has to go through additional sign-on steps and has more limited access to the data.

3. Take a risk-based approach to securing assets used in the cloud
Identify databases with highly sensitive or valuable data and provide extra protection, encryption and monitoring around them.

4. Extend security to the device
Ensure that corporate data is isolated from personal data on the mobile device. Install a patch management agent on the device so that it is always running the latest level of software. Scan mobile applications to check for vulnerabilities.

5. Add intelligence to network protection
The network still needs to be protected – never more so than in the cloud. Network protection devices need to have the ability to provide extra control with analytics and insight into which users are accessing what content and applications.

6. Build in the ability to see through the cloud
Security devices, such as those validating user IDs and passwords, capture security data to create the audit trail needed for regulatory compliance and forensic investigation. The trick is to find meaningful signals about a potential attack or security risk in the sea of data points

Following the six steps laid out above will go a long way in keeping your company’s data safe. Another way that privacy advocates are fighting for your security is in the world of development. Crypton is an open source software project that offers a way for developers to make encrypted cloud-based developments in a collaborative and mobile-enabled environment. According to the Crypton website, “To our knowledge there is no other existing framework that handles all the encryption, database storage and private user-to-user communication needed to build a zero knowledge cloud application.” The company behind this effort to encourage secure app development is SpiderOak, a leader in secure cloud solutions.

Courtesy of irec.executiveboard.com

Security Concerns

Securing Data With SpiderOak

For most SMBs, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides businesses with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, SMBs can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a secure mobile workforce.

Google Claims It Has a Right to Your Email

Millions of online users rely on Google Gmail for personal and business correspondence. But despite passionate consumer backlash against privacy breaching policies by companies like Facebook and organizations like the NSA, Google is claiming in court that it has a right to the contents of your emails. This outrageous declaration has prompted consumer rights groups to fight back and governmental organizations are even considering banning Gmail for official correspondence. As lawmakers and privacy advocates champion digital privacy rights, one way to protect your data in the meanwhile is to exclusively store and sync sensitive files to a secure cloud service provider. A good provider will offer data privacy, user anonymity, and zero-knowledge policies so that only you have access to the contents of your data.

Google Privacy

The group that filed the lawsuit against Google is Consumer Watchdog. The organization asserts that Gmail users do not reasonably expect that the company will search the contents of their emails. Director John Simpson recently told ABC News that Google “actually read and data-mine the content of the messages. They’re using my content for whatever purposes they want to do with it.” He hopes that the lawsuit might encourage Google to seek a profit through other means like “ads that aren’t based on reading your email. Or they could just stop reading emails. There are a number of commercial services that are more amenable to privacy concerns.” Other privacy experts are less certain of the legality of Google’s policy but still caution against it, as the company claims they are protected in part by the fact that they use computers and not people to scan the contents of emails. According to Lorrie Cranor, director of the privacy engineering master’s program at Carnegie Mellon University, “The issue isn’t whether it’s a machine or human reading emails, but what could happen as a result of having your email read…There is a difference between user expectations and business practices. Just because every business may do it doesn’t mean that users know the things that are actually done. Ideally, the best choice is to give people the option to opt out.”

How Gmail Uses Emails for Ads

 

What does Google have to say about all of this? Essentially, they claim you have no privacy rights over your email. In their filing for a dismissal of the class-action lawsuit, Google wrote, “Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use Web-based email today cannot be surprised if their communications are processed…Indeed, a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” The idea is that because users put their content on Gmail, the company has a right to mine it for advertising purposes. The same idea was put forth by Facebook and shot down in the courts so it’s likely that this won’t hold up for long. Still, the company’s aggressive stance is frustrating to say the least. Google attorney Whitty Somvichian says that “Users, while they’re using their Google Gmail account, have given Google the ability to use the emails they send and receive for providing that service…They have not assumed the risk that Google will disclose their information and they fully retain the right to delete their emails.” Instead of waiting around for this company to protect your data, exclusively store anything sensitive to a secure cloud service like SpiderOak.

 

Backlash Against Google

Securing Your Emails With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave emails and private data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that emails, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Facebook’s Privacy Policy & Your Digital Rights

Facebook has already gained the ire of privacy advocates over their advertising policies and their consent to the NSA’s PRISM program, but recent changes in the language of their privacy policy have sparked up another wave of controversy. All the while, shares of Facebook continue to rise, as users neglect the company’s use of their data for advertising purposes. Still, privacy groups continue to fight a public awareness campaign while challenging the company through a letter to the Federal Trade Commission. For users concerned with privacy, be sure to take control of your privacy settings and never upload content you don’t want exploited. Any sensitive data should be exclusively uploaded to a secure cloud provider that offers data privacy and user anonymity.

Facebook Privacy

Six major consumer advocate groups have championed digital privacy rights in an open letter to the FTC. The groups include CDD, Consumer Watchdog, EPIC, and representatives from the Privacy Rights Clearinghouse, Patient Privacy Rights, and the U.S. Public Interest Research Group. The privacy groups allege that changes in Facebook’s language violate a FTC court order and settlement that was reached back in 2011. According to the letter, “Facebook users who reasonably believed that their images and content would not be used for commercial purposes without their consent will now find their pictures showing up on the pages of their friends endorsing the products of Facebook’s advertisers. Remarkably, their images could even be used by Facebook to endorse products that the user does not like or even use.” This “free” advertising through mining and selling user profile data has outraged users that care about their digital rights. Executive director of EPIC (the Electronic Privacy Information Center), Marc Rotenberg, says, “Facebook is now claiming the default setting is they can use everyone’s name and image for advertising and commercial purposes, including those of minors, without their consent. Red lights are going off in the privacy world.”

Marc Rotenberg

Another issue is the fact that the new language indicates that simply by signing up, teens using the site imply parental consent to the use of teen data for advertising. But as the privacy advocate letter to the FTC points out, “Such ‘deemed consent’ eviscerates any meaningful limits over the commercial exploitation of the images and names of young Facebook users.” Marc Rotenberg offered privacy advocates his organization’s support saying, “The FTC needs to open an investigation and make a public determination as to whether the change in privacy policy complies with the 2011. Groups such as EPIC are prepared to litigate if the FTC fails to enforce its order that we all worked to put in place.” While groups like EPIC fight back against Facebook’s encroachment, some users are also up in arms. Facebook asked users to comment on the changes and received hordes of scathing criticism. One user wrote, “If, that proposal really is enacted, the first time ANY of my friends sees an ad with any of my information in it, I will be deleting my account, and encourage everyone else to do likewise. You need us. We don’t need you.” At the end of the day, each social media users should remain the sole owners of their data.

Who Has Access to Your Info?

Social Media & Security Through SpiderOak

Social media users should be aware of how their data is collected and used before using any social media site or platform. Don’t upload anything you don’t want shared and exploited for advertising purposes. And be sure to exclusively store anything sensitive to a secure cloud provider. For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access

NSA & The Rise of Cryptography

You might think that the NSA would back off of their rampant citizen spying programs after the enormous international backlash against the PRISM program. Unfortunately, it doesn’t seem that assuaging public rage is on the NSA’s docket. Recent revelations published by the Guardian indicated that the NSA and UK’s GCHQ have continued to broaden digital espionage programs. Privacy advocates are fighting back through legislation, but the best way to protect your digital rights in the meantime is to exclusively upload to a secure cloud provider that offers both data privacy and user anonymity.

NSA & Cryptography Image from fcw.com

According to files published by the Guardian, the NSA spends over $200 million annually on a programs which seeks to “covertly influence” technology product designs. Additionally, the NSA has allegedly been involved in a decade-long program that enabled Internet cable taps. Over in the UK, a GCHQ team is developing a way to crack the encryption efforts of Facebook, Google, Yahoo, and Hotmail. In a leaked GCHQ document from 2010, the joint intent to crack encrypted data was made public. The document states, “For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used Internet encryption technologies. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.” This has troubled both privacy advocates and libertarians that feel their digital rights are being infringed. According to Bruce Schneier, Harvard fellow at the Berkman Center for Internet and Society, “Cryptography forms the basis for trust online. By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.”

Bruce Schneier photo from Wired.com

Cryptography researcher Matthew D. Green of Johns Hopkins University agrees that attempting to build and implement such backdoor spying programs is dangerous. According to Green, “The risk is that when you build a back door into systems, you’re not the only one to exploit it. Those back doors could work against U.S. communications, too.” Other countries and spies could use these programs against our own national interest, especially given that the Snowden and Manning Leaks show that the government doesn’t quite have a good handle on its sensitive data. As law professor James Grimmelmann says, “Start from the point that if the NSA had competent security, Snowden wouldn’t have been able to do a tenth of what he did. You give sysadmins privileges on specific subsystems they administer. And you do not give them write access to the logs of their own activity. The NSA should be grateful that Snowden got there first, and not the Chinese.”

Other privacy advocates and cryptographers feel disheartened, as all of this just seems like a regurgitation of the same played out debates over the NSA Clipper Chip encryption back door program proposed in the 1990s. Cryptographer and SSL protocol designer, Paul Kocher, expressed his frustration with the current debacle. In regards to the NSA’s attempts at creating an encryption backdoor, he said, “And they went and did it anyway, without telling anyone. The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort. This is the golden age of spying.”

Snowden’s NSA Cryptology Leak from Wired.com

This should send anyone who is scared toward proper encryption and secure cloud services. For as Edward Snowden recently asserted, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” Along with proper encryption and exclusive storage and syncing with a secure cloud service, Bruce Schneier offered the Guardian five simple steps to stay secure despite NSA surveillance programs:

1) Hide in the network.

2) Encrypt your communications.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t.

4) Be suspicious of commercial encryption software, especially from large vendors.

5) Try to use public-domain encryption that has to be compatible with other implementations.

Staying Safe With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

How to Protect Your Kids From Cyber Bullying

Parents already have so much to contend with in the modern world when it comes to keeping their children safe. The Internet only complicates things with increased threats and the possibility of well-meaning kids unintentionally disclosing sensitive information like school names and personal addresses. As more and more kids plug in online to a wide range of social media, the rise of cyber bullying has only picked up steam. Parents and schools can proactively combat cyber bullying through strategic protocols, clearly articulated expectations, and strict penalties. And when it comes to protecting identities and photos, exclusive storage through a secure cloud service is essential.

Cyber-Bullying

Children of all ages have signed up for Facebook, Instagram, and Twitter accounts, despite age restrictions. Through these forms of social media, kids can bypass parental knowledge and permission, while offering up their sensitive info to strangers online. A photo could reveal school sites, friends’ names, and home addresses to would-be predators, while cyber-bullies have used publically posted photos to harass, blackmail, and demean children. Geotags are particularly tricky in that they can reveal the exact location of children. Another problem posed by online social networking is the blanket of anonymity that cyber-bullies hide behind.

Through private profiles or fake identities, bullies can make outrageous claims and attacks without having to worry about retribution or consequences of any kind. Such anonymous bullying has even led to suicides, as in the case of a 16-year-old that recently hung herself in response to the cruelty she experienced online from strangers. The teen had posted a simple medical question on eczema, a common skin condition, to Ask.fm. Instead of getting helpful answers, which is what the website is purportedly intended for, she received a barrage of harassment and shaming. Parents should be cautious about letting their children post to public forums, especially if bullying has been an issue in the past. And schools should establish strict guidelines for posting to forums, staying away from public sites that attract cyber-bullies in favor of protected educational sites that don’t allow students to hide behind anonymous avatars.

How Cyber-Bullying Victims Feel

Cyber-bullying has become somewhat of a buzzword as of late, but just what does this broadly applied term mean? Russ Warner of Net Nanny recently offered a description of cyber-bullying to The Huffington Post:

  • Post rumors, lies, or “dirt” about the victim in a public forum
  • Share embarrassing pictures of the victim in a public forum or through email
  • Use texts, instant messages, emails, or photos to send mean or threatening messages
  • Upload a video to YouTube that embarrasses the victim
  • Create a fake Facebook account and pretend to be the victim, but act in a negative way
  • Pretend to be the victim in a chat room, and act in embarrassing ways
  • Share the victim’s personal information in a public forum

Fundamentally, cyber-bullying is traditional bullying carried into the digital world. Much of it revolves around trying to embarrass, shame or imitate the victims.

Safe Facebook Practices

According to the Cyberbullying Research Center at the U.S. Department of Health and Human Services, 52% of students have been affected by cyber-bullying. Over 80% of youth admit that there are hardly any consequences for online bullying and about a third of children younger than 13 have experienced some sort of cyber-bullying. Kelly Sheridan at Information Week offers some suggestions for schools that parents can also implement at home.

1. Filter objectionable content and keywords.

HTTPS sites can help schools and parents catch cyber-bullies in the act.

2. Deploy URL categorization and filtering software.

Don’t let kids access sites that are notorious playgrounds for bullies and predators.

3. Application control.

Install strict privacy applications and security measures. SpiderOak is one great secure cloud service that offers private storage.

4. Stay current on trends.

Children’s taste change just as fast as the Internet so make sure you don’t fall behind the trends.

5. Implement awareness campaigns.

Some schools have shown success in eradicated unwanted bullying behavior by meeting the challenge directly through awareness campaigns.

Once kids know what your expectations are regarding online behavior and cyber-bullying, it’s appropriate to roll out consequences for failure to adhere to the policies you set forth. Successful consequences typically revolve around online use, such as the suspension of accounts or loss of Internet privileges. According to psychologist Roxana Rudzik-Shaw, “Bullying is no longer confined to the school playground, home or workplace. It is all around us in this digital age, which often feels inescapable.” One of the best ways to escape the encompassing sense of cyber-bullying is through a secure cloud service.

Parental Supervision and Protection in the Cloud

For many parents and guardians, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave their children’s data and photos wide open to theft, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy.

SpiderOak protects sensitive data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile security.

The Past and the Future: Taking the 4th Amendment Online

The 4th Amendment to the U.S. Constitution protects citizens from warrantless searches and seizure of private property. Many civil libertarians and others across the political spectrum consider this to be one of the most important elements to the Bill of Rights. Privacy advocates have invoked the 4th Amendment in a campaign to take citizen privacy rights online for the digital age. The amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Unfortunately, news of the NSA’s continued PRISM program has eradicated the public’s trust in government and reveals just how flagrantly organizations like the NSA disregard citizens’ constitutional rights. But as the legal war for online privacy rages on, be sure to protect your data and identity in the meantime by exclusively storing and syncing with a secure cloud service.

Fourth Amendment Rights

Legislators are divided as to what should be done, if anything, regarding PRISM. According to Representative Peter King (R – New York), “This is a legitimate role of government, and when we’re talking about life and death, and having lived in New York through 9/11 I know what life and death means. We cannot afford to have this become a debating society. We need decisions made quickly, yes or no, up or down, because lives are at stake.” But such aggressive attempts to curb debate only frustrate online users and create even more cause for distrust.

Former governor of New Mexico Gary Johnson recently launched an aggressive attack on such systemic breaches of citizen digital privacy, saying to New Mexico Watchdog, “My blood’s boiling and I want to keep awareness of this at a heightened level. Maybe we can get more disclosures out of this, maybe we’ll get Congress demanding more. What we’re really concerned with is the Fourth Amendment and due process,” Johnson said. “Where is the due process? Who is looking over law enforcement’s shoulder? Who is looking over the NSA’s shoulder? … This is the libertarian cause right here. Libertarians have been out there sounding the warning bell about this issue ever the Patriot Act was signed.” And Johnson is right as this push for greater transparency and constitutionality has garnered large support, unifying parties that are otherwise fiercely at odds.

Gary Johnson

Despite the public backlash, governmental institutions and courts seem to think that business as usual will suffice. Recently, the Fifth Circuit Court of Appeals upheld the right of law enforcement agencies to seize private cellphone location data from service providers without a warrant. Because such digital records have been deemed as “clearly a business record” the courts claim that no Fourth Amendment protections are in order. However, this is disingenuous at best. Warrantless tracking of car location is still protected under the Fourth Amendment, even if the car in question is driven strictly as “a business”. So it is obvious that the court’s logic doesn’t hold water. As Orin Kerr of George Washington University Law School says, “The opinion is clear that the government can access cell site records without Fourth Amendment oversight.” This sets a dangerous precedent that has gotten privacy advocates up in arms all across the digital world. According to ACLU lawyer Catherine Crump, “ This decision is a big deal. It’s a big deal and a big blow to Americans’ privacy rights.”

MIT’s Immersion

To see some of the information that the government has on you, check out Immersion. This new tool taps the cloud to analyze big data for an understanding on what relationships your Gmail account reveals. And that’s just part of what the NSA can see with their notorious PRISM program. Instead of waiting on the government to update its dated privacy policies, it’s time to proactively safeguard your data from legal snoops. One of the best and easiest ways to do that is through a secure cloud service that protects data and shields your identity.

A Secure Cloud Solution

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Picking Apart the EU’s Right to Be Forgotten

International enterprises that rely on European businesses are stuck in a sticky situation. As the Continent turns towards debating digital privacy rights in the wake of the NSA PRISM program leaks, conflicting opinions on how to protect users have left the European Union in a messy hodgepodge of pending legislation. If enacted, such governmental legal protections might make some users more relaxed about using online services, but they still don’t offer true protection from hacking and legal snooping. The only way for enterprises to navigate this murky legal territory is to proactively guard their data, rather than relying on potential legislation. For enterprises of all sizes, SpiderOak Blue offers a range of flexible secure cloud services, from storage to infrastructure.

EU Parliament

The European Union is anything but united when it comes to what should be done regarding citizen digital privacy rights. One MEP had harsh words for America’s violation of international law in spying on the UN (as revealed through the PRISM leaks). MEP Amelia Andersdotter of the Swedish Pirate Party recently said, “I hope that they [EU nations] will have the courage to react very strongly against these revelations because ultimately damaging to the trust free market in the world that the United States is acting like this.” In reaction to such concerns, European nations and businesses are pushing for diverse solutions to the problem of digital privacy rights. One potential solution is in new EU regulations that require ISPs and telecom services to notify the government within a day of detecting a data breach. According to Ross Brewer, vice president of international markets at LogRhythm, “The barrage of data breaches that we are seeing points to an urgent need for organizations to up the ante on data protection. When these regulations were first discussed following the EC’s draft proposals in 2012, many people considered the suggested penalties and timeframes too severe. Perhaps those organizations should have seen this as a warning, and used the last 12 months to really get their ducks – or cyber defenses – in a row. Unfortunately, it seems that this did not happen.”

MEP Amelia Andersdotter

Enterprises that operate in Europe should know that strict financial penalties await those companies that refuse to cooperate with the new disclosure law. According to LogRhythm’s Ross Brewer, “As with any ongoing crisis, there comes a time when less talk and more action is needed – and it may be the case that this impending regulation will be the final call to action for those organizations still lagging behind with lax security policies, Given the well-documented sophistication and readiness of today’s cybercriminals, organizations can no longer sit idly and assume that they are immune to attack. As the risk of reputational damage and customer churn clearly aren’t persuasive enough, maybe the threat of severe, perhaps debilitating, financial penalties will do the trick. While the new regulations are fairly limited at the moment, it is only a matter of time before a universal set of rules is not just proposed, but enforced.”

Unfortunately, there still is no universal standard that enterprises can rely on. Instead, international corporations must navigate different laws that require differing levels of security and disclosure, creating the confused legal mess that many enterprises find themselves in today.

Ross Brewer of LogRhythm

Pending legislation that would enact strict new protections for EU citizen data has recently been stalled in the EU parliament until October, leaving no safeguards in place from continued programs like PRISM. Called, the Data Protection Regulation, this proposal was introduced in 2012 with the addition of a Right to Be Forgotten clause. The bill is currently being debated as some elements have raised concerns over the potential for abuse through censorship. European Union member states currently each adopt some version of a 1995 bill that protects data and online privacy. But without being updated to take into account international citizen espionage programs like PRISM, this outdated legislation does little to actually keep EU nations safe.

Staying Safe With SpiderOak

For most enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive corporate and customer data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that businesses can tailor the service to fit their needs.

SpiderOak Blue protects sensitive corporate data with strong encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data whatsoever. This way, even if programs like NSA’s PRISM continue to stand unchallenged, enterprises can rest easy knowing that their data is truly protected while earning diehard customer loyalty. SpiderOak’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

Snapchat Leaves Your Photos & Data Vulnerable!

Most smartphone users and shutterbugs are familiar with the “private” photo app snapchat. The app allows users to send each other instant snapshots that are timed and supposedly deleted forever once opened by the intended recipient. Unfortunately, recent news shows that the mobile application can be easily hacked and that “deleted” photos are actually recoverable. This should worry both Snapchat users and parents of smartphone-savvy teens as sensitive photos and personal information could be hacked and used for exploitation and blackmail. Instead of using unsafe applications, users with sensitive photos and personal information should exclusively upload to a secure cloud that offers user privacy.

Snapchat

According to a study conducted by Gibson Security, Snapchat has a large number of glaring security gaps. The popular photo-sharing app only uses two encryption keys for all users, which are kept by the company, meaning that they must be released to the government in the case of a subpoena. According to the Gibson advisory, “Internet trolls and stalkers could use this [personal] information to harass people in real life, unmasking the anonymity and privacy Snapchat provides. The scariest part for us is the possibility of a company utilizing this exploit on a massive scale, only to sell a database of Snapchat names, phone numbers and locations to a third party. With little work, a malicious party could steal large amounts of data and sell it on a private market, and that’s highly illegal.”

Gibson Security’s Discovery

To the dismay of privacy advocates and phone photographers, Snapchat still hasn’t addressed these security concerns. As the security firm told ZDNet, “Snapchat aren’t exactly easy to get hold of,” claiming, “With a couple lines of Python, someone could view all your unread messages, and depending on the situation, modify and even replace the images completely.” The potential for blackmail and harassment is high, which makes consumers question why it is that Snapchat won’t put in the extra effort to keep their privacy safe. The Gibson study goes on further to claim that “Snapchat [uses] a fairly simple (yet strangely implemented) protocol on top of HTTP. We won’t reveal anything about the protocol, only what is needed for these problems, but the rest is easily figured out. We are privacy conscious, being users of the service ourselves.”

How Snapchats Can Be Recovered

Gibson Security isn’t the only company to find problems with Snapchat’s lack of security. Richard Hickman of Decipher Forensics showed a television reporter that his firm had restored allegedly deleted photos hosted by the app. The only response that Snapchat has given at this time is a blog post claiming “if you’ve ever tried to recover lost data after accidentally deleting a drive or maybe watched an episode of CSI, you might know that with the right forensic tools, it’s sometimes possible to retrieve data after it has been deleted.” But this is just false. With strong encryption, user-hosted keys, and the promise to delete photos from servers, the application could offer much better protections from the threat of hacking and recovered photos. Hickman claims, “The actual app is even saving the picture. They claim that it’s deleted, and it’s not even deleted. It’s actually saved on the phone.” Some, like Orem Police Lieutenant Craig Martinez, caution again using the app altogether. The officer recently advised, “Be careful what you do on your cell phone, what you put on your cell phone. Because once it’s there, chances are it’s going to be there for a really long time, even if you can’t see it.”

For parents and people that still want to use Snapchat, the company has offered a simple guide, which has been recently posted to Forbes:

  • Snapchat is not for children under 13. Children under 13 are prohibited but since Snapchat doesn’t ask for age on signup, parents or others need to report if a child under 13 is using it.
  • To send a message to someone on Snapchat you need to know their user name and add them to your “My Friends” list.
  • By default anyone who knows your username or phone number can send you a message, but you can configure Snapchat to only accept messages from people on your friends list.
  • You can block a user by finding their name in your friends list, swiping to the right on iOS or long-pressing in Android and selecting Edit.

While these precautions can be good first steps, it still doesn’t change the fact that the company does little to keep your identity and private photos safe.

Securing Photos Through SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave photos and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.