Tag Archives: sync

Digital Currency Concerns: Bitcoin Security in the Cloud

http://farm6.staticflickr.com/5544/10307542203_8ecae47c05.jpg

Bitcoin digital currency has been the focus of some attacks, but will it still gain traction among large enterprises?
Image Courtesy of Flickr User anatanacoins

For tech-savvy early adopters and enterprises seeking to stay ahead of technological innovations, Bitcoin has been presented as if it were a digital gold mine. This decentralized digital currency works through value transfers that are not yet regulated by any country, corporation, or bank. Bitcoin isn’t backed up by solid assets, so value tends to fluctuate with user investment, jumping from $150USD to $1,000USD in just a matter of months. While many enterprises have stayed away from Bitcoin use or investment until the legal issues are all cleared up, those that want to stay ahead of the curve can still take advantage of the currency while keeping their assets safe through private key storage and sync with a secure cloud service.

Continue reading

Hey from QA & how we run sync testing in SpiderOak

Hi people of the internet (and mom!).

My name is Rebecca and I am a quality assurance tester with SpiderOak. This means that I test EVERY aspect of EVERY release on EVERY operating system — catching functional and style issues before the product goes live. I report issues to the developers, who then write a patch or some other sort of tech wizardry. Then, they send me the new builds to test again – this loop repeats until we create a product we’re excited to push live!

Sometimes, testing compatibility across different operating systems can get tricky – especially with syncing. A user can sync any two folders connected to a SpiderOak account, from any operating systems we support, and with any filetype exclusion. Testing this can get confusing, and worse – boring. So we came up with an idea that is fun and very efficient.

Here’s a glance at sync testing in SpiderOak!

First, I create uniquely-themed folders on each operating system in my Virtual Machine. Each folder must contain a variety of image and text files, and at least one subfolder. Pinterest and food blogs are my favorite sites for this. For example, my Windows 8 OS has a folder named “Cupcakes,” with images of cupcakes and some recipes and cookbook reviews, whereas my Ubuntu OS has a folder of cheeses and cheese/wine pairing notes. Each OS has a distinct theme, so I instantly know what files are coming from which location, without even having to track it in the “view” tab in the SpiderOak desktop client!

Second, I test the syncing within one operating system. I create a sync name and description (RecipeShare / sharing recipes for allergies), select two folders (“Cupcakes” and “Gluten-free cookies”), select wildcards to exclude (*.jpg, *.gif), approve it, and start the sync. With this particular sync, only the text files should sync across – if I see cupcake pictures in my my “Gluten-Free Cookies” folder, I’ll instantly know something is wrong. Also, folders that are synced cannot be in another sync (endless sync loop). So if I were to try to sync “Vegan Cookies” and “Gluten-Free Cookies” after the previous sync, an error message should appear.

Third, I test the syncing of folders from different operating systems. Both operating systems need to be running and set for the same – if one OS is set for yesterday, the sync will not complete (and you probably have bigger problems than a sync issue if you’re some sort of fancy time-traveller). I find this type of sync really useful for creatives – you can pull together inspirations and notes from your work, personal, and mobile devices, much more quickly than emailing attachments and texting reminders. I repeat the same steps as syncing within one operating system, and since each OS has a unique theme, I can instantly tell what files originated in which OS.

Finally, I repeat this on each OS to hunt down any anomalies. I also cancel syncs and then add files to one of the folders, to make sure the sync isn’t still active. If I cancel the above “RecipeShare” sync, and add a recipe for almond flour snickerdoodles to my “Gluten-Free Cookies” folder, it should no longer appear in the “Cupcakes” folder as well.

By creating special themes for each OS, I instantly remember where everything originates and ends up. Picking themes I personally enjoy and creating scenarios for why one would need folders synced in particular ways helps me understand the customer experience. This way I can also provide suggestions to make syncing more user-friendly and efficient! I, and the rest of SpiderOak, want to get you your data in the most clear and most secure way possible!

Themed syncs also allow for some silliness, so I’ll test your understanding of syncs with this:

What do you get when you combine a folder from your work computer about bathroom renovations, a folder from your home computer about Ancient Egypt, and a folder from your tablet of 90s hits?

Syncing your sinks with a sphynx and N*SYNC.

Happy Syncing!

Rebecca

The Rise of State Sanctioned Hacking

Businesses that compete on the global market have to contend with a wide range of security threats. Hackers could steal intellectual property, disrupt production, and attack digital assets for ideological motives as well as for personal profit. Internal leaks from cloud providers and disgruntled employees could dip into profits by revealing company secrets and leaking projects before their marketed release date. But the latest threat to business security comes from the rise of state sanctioned hacking. Whether under the banner of citizen espionage programs or large-scale coordinated attacks on political enemies and dissidents, instances of state-backed hackers are increasing each year. One of the best ways that companies can proactively protect their data is through exclusive storage and syncing with a secure cloud service that offers data privacy and user anonymity.

Courtesy of privacyinternational.org

Hacking Team

In 2001 a hacking program called Ettercap enabled the proliferation of spying, remote device control, and password cracking technology. Billed as a “comprehensive suite for man-in-the-middle attacks” this open source free program was intended as a security test mechanism for networks. But the program’s abilities quickly caught on in the hacking community. The Milan police department caught wind of the program and soon contacted its Italian developers, Alberto Ornaghi and Marco Velleri, to help them track the Skype calls of suspects. This became the catalyst for the start of the Milan-based hacking company called Hacking Team. This organization boasts 40 employees and offers commercial hacking programs to international law enforcement agencies. One troubling program developed by Hacking Team is Da Vinci. This citizen espionage program allows law enforcement to access more data than the controversial PRISM program conducted by the U.S. National Security Agency. Through Da Vinci, governments can access suspect phone conversations, Skype calls, webcams, computer microphones, and emails.

Courtesy of cisco.com

How Ettercap Works

Such broad trespasses of citizen digital rights come under the auspices of the “war on terror”. Unfortunately, these programs are mostly used to threaten and harass dissidents and political opponents. Back in July, the political dissident Ahmed Mansoor was attacked through malware while in Dubai. Governmental sources are suspected and reveal ramped up efforts to control political opposition in the light of the Arab Spring. The Moroccan activist Hisham Almiraat sought help from the Electronic Frontier Foundation to confirm a coordinated malware attack on journalists. According to Almiraat, “After the Arab revolutions happened, those governments have maybe realized they have to harness the power of the Internet and use those tools to try to scare activists, or try to spy on them and follow their steps.” The attack was traced back to Hacking Team software and resulted in a seven-month-long jail sentence for Ahmed Mansoor.

Ahmed Mansoor

The impression such examples give is that these programs are just part and parcel of living under oppressive regimes. But such state-backed hacking efforts are also prevalent in democracies like the United States. In an attempt to convict suspected child pornographer Eric Eoin Marques, the FBI admitted to hacking into the Tor network, which has been widely criticized for hosting exploitative content on its Freedom Hosting servers. Whether or not state-backed hacking is being used to put away dangerous criminals or to gain a tighter grip on citizen communications, international businesses should be aware of the threat of such governmental security breaches. Know that regardless of what governments claim publicly, recent leaks like Snowden’s revelation of the PRISM program show the huge discrepancy between what the government admits to doing and what they actually do in private.

Securing Data Online With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling safe mobile access.

How to Reduce Your Risk in the Cloud

Small businesses have been somewhat hesitant to switch to cloud service providers, especially after the NSA PRISM program leaks. International backlash threaten many U.S. cloud services, as users are suspicious of governmental citizen espionage. But there are ways for businesses to still leverage all of the cloud’s benefits while securing their data from legal snoops. From better practices onsite to exclusive storage through a secure cloud service, there are plenty of options for SMBs to protect themselves from all sides.

 

Courtesy of risk.net

Cloud Warning

 

Some businesses are already aware of cloud services that protect user data through strong encryption and zero-knowledge policies, but many still don’t know hot to protect data onsite. Encryption should begin at home through Virtual Private Network (VPN) and TLS (HTTPS) tunnels. Through proactively protecting data before it reaches your secure cloud provider you can ensure that you have all of your bases covered. Don’t let government overreach scare you away from capitalizing on the cloud, with a service that offers data privacy and user anonymity, you can reach the right combination of convenience and security.

 

Courtesy of online-backup.choosewhat.com

Data Encryption

 

Aside from employing a secure cloud and encrypting onsite, there are other ways to help keep your data safe while using the cloud. Gretchen Marx is the manager of cloud security strategy at IBM and recently offered The Guardian six keys steps to protecting your data while using a secure cloud:

1. Know who’s accessing what
People within your organization who are privileged users, – such as database administrators and employees with access to highly valuable intellectual property – should receive a higher level of scrutiny, receive training on securely handling data, and stronger access control.

2. Limit data access based on user context
Change the level of access to data in the cloud depending on where the user is and what device they are using. For example, a doctor at the hospital during regular working hours may have full access to patient records. When she’s using her mobile phone from the neighborhood coffee shop, she has to go through additional sign-on steps and has more limited access to the data.

3. Take a risk-based approach to securing assets used in the cloud
Identify databases with highly sensitive or valuable data and provide extra protection, encryption and monitoring around them.

4. Extend security to the device
Ensure that corporate data is isolated from personal data on the mobile device. Install a patch management agent on the device so that it is always running the latest level of software. Scan mobile applications to check for vulnerabilities.

5. Add intelligence to network protection
The network still needs to be protected – never more so than in the cloud. Network protection devices need to have the ability to provide extra control with analytics and insight into which users are accessing what content and applications.

6. Build in the ability to see through the cloud
Security devices, such as those validating user IDs and passwords, capture security data to create the audit trail needed for regulatory compliance and forensic investigation. The trick is to find meaningful signals about a potential attack or security risk in the sea of data points

Following the six steps laid out above will go a long way in keeping your company’s data safe. Another way that privacy advocates are fighting for your security is in the world of development. Crypton is an open source software project that offers a way for developers to make encrypted cloud-based developments in a collaborative and mobile-enabled environment. According to the Crypton website, “To our knowledge there is no other existing framework that handles all the encryption, database storage and private user-to-user communication needed to build a zero knowledge cloud application.” The company behind this effort to encourage secure app development is SpiderOak, a leader in secure cloud solutions.

Courtesy of irec.executiveboard.com

Security Concerns

Securing Data With SpiderOak

For most SMBs, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides businesses with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, SMBs can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a secure mobile workforce.

NSA & The Rise of Cryptography

You might think that the NSA would back off of their rampant citizen spying programs after the enormous international backlash against the PRISM program. Unfortunately, it doesn’t seem that assuaging public rage is on the NSA’s docket. Recent revelations published by the Guardian indicated that the NSA and UK’s GCHQ have continued to broaden digital espionage programs. Privacy advocates are fighting back through legislation, but the best way to protect your digital rights in the meantime is to exclusively upload to a secure cloud provider that offers both data privacy and user anonymity.

NSA & Cryptography Image from fcw.com

According to files published by the Guardian, the NSA spends over $200 million annually on a programs which seeks to “covertly influence” technology product designs. Additionally, the NSA has allegedly been involved in a decade-long program that enabled Internet cable taps. Over in the UK, a GCHQ team is developing a way to crack the encryption efforts of Facebook, Google, Yahoo, and Hotmail. In a leaked GCHQ document from 2010, the joint intent to crack encrypted data was made public. The document states, “For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used Internet encryption technologies. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.” This has troubled both privacy advocates and libertarians that feel their digital rights are being infringed. According to Bruce Schneier, Harvard fellow at the Berkman Center for Internet and Society, “Cryptography forms the basis for trust online. By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.”

Bruce Schneier photo from Wired.com

Cryptography researcher Matthew D. Green of Johns Hopkins University agrees that attempting to build and implement such backdoor spying programs is dangerous. According to Green, “The risk is that when you build a back door into systems, you’re not the only one to exploit it. Those back doors could work against U.S. communications, too.” Other countries and spies could use these programs against our own national interest, especially given that the Snowden and Manning Leaks show that the government doesn’t quite have a good handle on its sensitive data. As law professor James Grimmelmann says, “Start from the point that if the NSA had competent security, Snowden wouldn’t have been able to do a tenth of what he did. You give sysadmins privileges on specific subsystems they administer. And you do not give them write access to the logs of their own activity. The NSA should be grateful that Snowden got there first, and not the Chinese.”

Other privacy advocates and cryptographers feel disheartened, as all of this just seems like a regurgitation of the same played out debates over the NSA Clipper Chip encryption back door program proposed in the 1990s. Cryptographer and SSL protocol designer, Paul Kocher, expressed his frustration with the current debacle. In regards to the NSA’s attempts at creating an encryption backdoor, he said, “And they went and did it anyway, without telling anyone. The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort. This is the golden age of spying.”

Snowden’s NSA Cryptology Leak from Wired.com

This should send anyone who is scared toward proper encryption and secure cloud services. For as Edward Snowden recently asserted, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” Along with proper encryption and exclusive storage and syncing with a secure cloud service, Bruce Schneier offered the Guardian five simple steps to stay secure despite NSA surveillance programs:

1) Hide in the network.

2) Encrypt your communications.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t.

4) Be suspicious of commercial encryption software, especially from large vendors.

5) Try to use public-domain encryption that has to be compatible with other implementations.

Staying Safe With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

The Past and the Future: Taking the 4th Amendment Online

The 4th Amendment to the U.S. Constitution protects citizens from warrantless searches and seizure of private property. Many civil libertarians and others across the political spectrum consider this to be one of the most important elements to the Bill of Rights. Privacy advocates have invoked the 4th Amendment in a campaign to take citizen privacy rights online for the digital age. The amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Unfortunately, news of the NSA’s continued PRISM program has eradicated the public’s trust in government and reveals just how flagrantly organizations like the NSA disregard citizens’ constitutional rights. But as the legal war for online privacy rages on, be sure to protect your data and identity in the meantime by exclusively storing and syncing with a secure cloud service.

Fourth Amendment Rights

Legislators are divided as to what should be done, if anything, regarding PRISM. According to Representative Peter King (R – New York), “This is a legitimate role of government, and when we’re talking about life and death, and having lived in New York through 9/11 I know what life and death means. We cannot afford to have this become a debating society. We need decisions made quickly, yes or no, up or down, because lives are at stake.” But such aggressive attempts to curb debate only frustrate online users and create even more cause for distrust.

Former governor of New Mexico Gary Johnson recently launched an aggressive attack on such systemic breaches of citizen digital privacy, saying to New Mexico Watchdog, “My blood’s boiling and I want to keep awareness of this at a heightened level. Maybe we can get more disclosures out of this, maybe we’ll get Congress demanding more. What we’re really concerned with is the Fourth Amendment and due process,” Johnson said. “Where is the due process? Who is looking over law enforcement’s shoulder? Who is looking over the NSA’s shoulder? … This is the libertarian cause right here. Libertarians have been out there sounding the warning bell about this issue ever the Patriot Act was signed.” And Johnson is right as this push for greater transparency and constitutionality has garnered large support, unifying parties that are otherwise fiercely at odds.

Gary Johnson

Despite the public backlash, governmental institutions and courts seem to think that business as usual will suffice. Recently, the Fifth Circuit Court of Appeals upheld the right of law enforcement agencies to seize private cellphone location data from service providers without a warrant. Because such digital records have been deemed as “clearly a business record” the courts claim that no Fourth Amendment protections are in order. However, this is disingenuous at best. Warrantless tracking of car location is still protected under the Fourth Amendment, even if the car in question is driven strictly as “a business”. So it is obvious that the court’s logic doesn’t hold water. As Orin Kerr of George Washington University Law School says, “The opinion is clear that the government can access cell site records without Fourth Amendment oversight.” This sets a dangerous precedent that has gotten privacy advocates up in arms all across the digital world. According to ACLU lawyer Catherine Crump, “ This decision is a big deal. It’s a big deal and a big blow to Americans’ privacy rights.”

MIT’s Immersion

To see some of the information that the government has on you, check out Immersion. This new tool taps the cloud to analyze big data for an understanding on what relationships your Gmail account reveals. And that’s just part of what the NSA can see with their notorious PRISM program. Instead of waiting on the government to update its dated privacy policies, it’s time to proactively safeguard your data from legal snoops. One of the best and easiest ways to do that is through a secure cloud service that protects data and shields your identity.

A Secure Cloud Solution

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Snapchat Leaves Your Photos & Data Vulnerable!

Most smartphone users and shutterbugs are familiar with the “private” photo app snapchat. The app allows users to send each other instant snapshots that are timed and supposedly deleted forever once opened by the intended recipient. Unfortunately, recent news shows that the mobile application can be easily hacked and that “deleted” photos are actually recoverable. This should worry both Snapchat users and parents of smartphone-savvy teens as sensitive photos and personal information could be hacked and used for exploitation and blackmail. Instead of using unsafe applications, users with sensitive photos and personal information should exclusively upload to a secure cloud that offers user privacy.

Snapchat

According to a study conducted by Gibson Security, Snapchat has a large number of glaring security gaps. The popular photo-sharing app only uses two encryption keys for all users, which are kept by the company, meaning that they must be released to the government in the case of a subpoena. According to the Gibson advisory, “Internet trolls and stalkers could use this [personal] information to harass people in real life, unmasking the anonymity and privacy Snapchat provides. The scariest part for us is the possibility of a company utilizing this exploit on a massive scale, only to sell a database of Snapchat names, phone numbers and locations to a third party. With little work, a malicious party could steal large amounts of data and sell it on a private market, and that’s highly illegal.”

Gibson Security’s Discovery

To the dismay of privacy advocates and phone photographers, Snapchat still hasn’t addressed these security concerns. As the security firm told ZDNet, “Snapchat aren’t exactly easy to get hold of,” claiming, “With a couple lines of Python, someone could view all your unread messages, and depending on the situation, modify and even replace the images completely.” The potential for blackmail and harassment is high, which makes consumers question why it is that Snapchat won’t put in the extra effort to keep their privacy safe. The Gibson study goes on further to claim that “Snapchat [uses] a fairly simple (yet strangely implemented) protocol on top of HTTP. We won’t reveal anything about the protocol, only what is needed for these problems, but the rest is easily figured out. We are privacy conscious, being users of the service ourselves.”

How Snapchats Can Be Recovered

Gibson Security isn’t the only company to find problems with Snapchat’s lack of security. Richard Hickman of Decipher Forensics showed a television reporter that his firm had restored allegedly deleted photos hosted by the app. The only response that Snapchat has given at this time is a blog post claiming “if you’ve ever tried to recover lost data after accidentally deleting a drive or maybe watched an episode of CSI, you might know that with the right forensic tools, it’s sometimes possible to retrieve data after it has been deleted.” But this is just false. With strong encryption, user-hosted keys, and the promise to delete photos from servers, the application could offer much better protections from the threat of hacking and recovered photos. Hickman claims, “The actual app is even saving the picture. They claim that it’s deleted, and it’s not even deleted. It’s actually saved on the phone.” Some, like Orem Police Lieutenant Craig Martinez, caution again using the app altogether. The officer recently advised, “Be careful what you do on your cell phone, what you put on your cell phone. Because once it’s there, chances are it’s going to be there for a really long time, even if you can’t see it.”

For parents and people that still want to use Snapchat, the company has offered a simple guide, which has been recently posted to Forbes:

  • Snapchat is not for children under 13. Children under 13 are prohibited but since Snapchat doesn’t ask for age on signup, parents or others need to report if a child under 13 is using it.
  • To send a message to someone on Snapchat you need to know their user name and add them to your “My Friends” list.
  • By default anyone who knows your username or phone number can send you a message, but you can configure Snapchat to only accept messages from people on your friends list.
  • You can block a user by finding their name in your friends list, swiping to the right on iOS or long-pressing in Android and selecting Edit.

While these precautions can be good first steps, it still doesn’t change the fact that the company does little to keep your identity and private photos safe.

Securing Photos Through SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave photos and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

How SpiderOak Shields You From PRISM

Cloud companies have been scrambling to provide consumers with guaranteed protections from hacking and legal snoops after the public fallout occurring as a result of the NSA’s PRISM program leak. As governmental organizations like the NSA continue to snoop on citizens, cloud services like SpiderOak continue to up the ante in privacy protections and data security. SpiderOak shields users from PRISM through strong encryption and the fact that only users host encryption keys. The company also recently rolled out a plan to accept bitcoin and continues to update its celebrated Crypton privacy framework.

SpiderOak & Prism

Recently, reports on intelligence budgets show that governmental agencies are ramping up efforts on citizen spying. Roughly $11 billion is allocated to the Consolidated Cryptologic Program, which Director of National Intelligence James Clapper says is part of an exploration “in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.” The details of the program are still confidential, which has caused much justified paranoia in the online community. Google Cloud Storage is just one company that is trying to fight back against lack of public confidence following the PRISM leaks. With a 128-bit Advanced Encryption Standard (AES) and encrypted keys, the company seeks to win back consumer trust. Unfortunately, this doesn’t go far enough.

128-bit encryption is relatively weak when more secure companies like SpiderOak can offer 256-bit encryption. Furthermore, the company keeps a master encryption key that is supposedly rotated. According to Google, “We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don’t follow the correct process. When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to pull data directly from our servers or network.” But this explanation falls flat on its face when considering the fact that a simple subpoena would allow the government to access files using Google’s master key. With SpiderOak, users hold their keys so that the company can’t access your data even if it was asked to by the law.

Wikipedia Security Measures

 

Another company fighting back against privacy breaches is Wikipedia. The free research site promises to protect user privacy through HTTPS security protocols. According to a statement, the company “believes strongly in protecting the privacy of its readers and editors. Recent leaks of the NSA’s XKeyscore program have prompted our community members to push for the use of HTTPS by default for the Wikimedia projects.” While this is a promising step in the right direction, it’s just one example of a company proactively doing the right thing by protecting user privacy.

SpiderOak CEO Ethan Oberman

Another way to protect privacy online is through the use of the secure digital currency, bitcoin. Very few cloud companies accept bitcoin, which makes SpiderOak’s recent efforts to allow for bitcoin payment all the more revolutionary. According to SpiderOak spokesman Daniel Larsson, “The potentially anonymous and proof-centric nature of cryptographic currencies certainly ties into our overall messaging. Based on all of the above, it seems rather natural to at least start experimenting with cryptocurrencies as a form of payment. The choice of bitcoin was easy as it is the most widely adopted cryptocurrency and is also the only one directly exchangeable for fiat (USD), should we decide that we want to move towards larger scale acceptance.” While the bitcoin program is just in its initial pilot stages, security concerns are sure to push consumers towards the private currency.

One of SpiderOak’s strongest selling points is in its privacy platform. The company’s Crypton framework allows for private storage, sync, and development. CEO Ethan Oberman says, “Previously, privacy could only live in the belly of a downloaded client which limits adoption and creates obstacles — especially as the world shifts toward the web. Now armed with a way to push privacy further into the web than previously possible, the Crypton framework can serve as a necessary cornerstone in the development and continued advancement of this new privacy platform.”

How to Guard Your Privacy & Shield Your Identity With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

The Economic Impact of Russia’s New Anti-Piracy Laws

Recently Russia awarded NSA leaker Edward Snowden with a year of asylum. But at the same time that officials were granting the whistleblower a temporary from the U.S., the country enacted new anti-piracy laws that jeopardize online liberty, freedom of speech, and economic growth in Russia. Enterprises that work in the country or target Russian consumers should be aware of what these laws entail and how they might impact future business. And in the midst of cyber warfare, legal surveillance, and breaches of privacy, all organizations should proactively guard their data through secure cloud services. With strong encryption and a guarantee not to host encryption keys or plaintext, the secure cloud is quickly becoming the last bastion of privacy on the net.

Russian Anti-Piracy Laws

One of the recently enacted bills blocks any site that is deemed to support or aid in copyright infringement. This strict measure even applies to posting links to torrent sites like PirateBay. Nicknamed the “Russian SOPA”, the bill was ironically ushered in to law the same day that Snowden was granted asylum, indicating to what extent the whistleblower is being used by major nations for this dramatic episode of international political theatre. Other proposed legislation, such as the one sponsored by State Duma Deputy Yelena Mizulina that seeks to ban sites featuring curse words.

Another bill allegedly protects children by giving the government authority to blacklist any site with exploitative material. Critics of this proposed legislation claim that it is being used a way to handover more censorship rights to the government and that it is unclear as to what would be deemed exploitative. As Yelena Kolmanovskaya, chief editor of Yandex, says, “ The need to fight child pornography and illegal content are as important for civil society as the support of constitutional principles like freedom of speech and access [to] information.” But she adds “The proposed methods provide a means for possible abuse and raise numerous questions from the side of users and representatives of Internet companies.” But the bill’s sponsor Mizulina has harsh words for critics, claiming that “The online community initiated the need for adopting this law themselves, that’s why I’m sure not all of the online community is against it – just certain circles that can be associated with the pedophilia lobby.”

Yelena Mizulina

The reason that the demonized critics of such legislation are so strongly opposed to a bill that would purportedly protect innocent children is that there are no transparency measures or checks and balances set in place to rein in the government from censoring anything they deem unfit for public viewing. Through such legislation the government could silence dissent and usher in a new era of Russian oppression. The law allows censors to blacklist IP addresses instead of the URLs that are allegedly the source and hosts of banned content. This results in collateral damage as many sites are brought down without having committed any crimes or having anything to do with the questionable content under investigation.

As Russian reporter Alexey Eremenko notes, “About 150 websites were on the blacklist as of July 1, but another 6,800 unrelated sites fell victim to the ban because the government is using a flawed blocking mechanism… according to independent internet watchdog Rublacklist.net”. This puts enterprises at risk of Russian espionage, censorship, and even blacklisting.

Protests in Russia

The good news is that some national and international enterprises are fighting back. The top Russian global investment firm, VTB Capital sent a letter to clients regarding the law, which partially states, “The new law makes it possible to shut down unwanted Internet resources by linking any piracy video to the website and submitting a lawsuit.” Russian websites have also banded together in the thousands to deliver a petition to the Russian parliament. But instead of relying on the Russian government to get its house in transparent order, enterprises should shield their sensitive data from all sides through the secure cloud.

Secure Cloud Solutions for Enterprises

For most enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive corporate data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides SMEs and Fortune 1000s with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a hybrid cloud, so that businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

Catching Your Favorite Shows Inside the Cloud

The state of television today varies widely depending on whom you ask. In the opinion of actor Nicholas Lyndhurst, “There used to be something every night of fantastic quality, be it a sitcom, a drama or current affairs. Now it’s maybe once a week, which is a shame. The golden age has gone.” While that might be true in regards to traditional syndicated television shows, online watching is completely changing the game. Shows like House of Cards and Orange Is the New Black have gained cult followings almost overnight with cloud-enabled online viewing. Instead of waiting around for next week’s episode and potentially losing interest, viewers can binge-watch new seasons all in one sitting. This new strategy is an attempt to stave off online piracy, which has eaten into the profits of the entertainment industry for years. But the only way to truly safeguard data from piracy is to exclusively store and sync to a secure cloud provider that offers data privacy and user anonymity.

House of Cards

Recently, Kevin Spacey addressed the audience at the Edinburgh International Television Festival. While speaking on the benefits of entertainment tax credits to local economies, the actor also touched on the necessity of moving away from the syndicated model to an instant streaming model. According to Spacey, “Clearly the success of the Netflix model – releasing the entire season of House Of Cards at once – has proved one thing: the audience wants control. They want freedom. If they want to binge – as they’ve been doing on House Of Cards – then we should let them binge.” It seems that the actor has touched on a growing revolution in television. House of Cards, a Netflix original drama, made history by becoming the first show on television to release its entire season online all at once. Netflix has already earned the business of about 1.5 million fans in the UK while the BBC’s journey into online streaming amounts to roughly 40% of its monthly viewership.

Online Media Growth

Kevin Spacey also made wave by suggesting that syndication is on the way out and that both film and television will soon adopt on-demand models. He claims that piracy will continue until the industry makes the switch. According to Spacey, “Why is Game of Thrones the most pirated show in the history of TV? Because people can’t get it fast enough, that’s why. I believe if you go to a movie theatre and you see something you think is incredible, if you walk out of the theatre and there was a bin in the lobby of DVDs of the film you just watched, you would buy four of them – one for you and three for your friends.  I believe the notion of being able to convince theatre owners that we can open a movie online, in the movie theatres, on DVD on the same day; that is probably where it is leading. That would be a huge bite out of piracy; if it is all available no one is stealing it before someone else gets it.”

Regardless of the relative marketing merits of piracy, stealing intellectual property always hurt businesses and cuts into profits. Piracy would even disrupt Spacey’s strategy of on-demand streaming, because if pirates can hack and leak a season a month before its released, why would viewers sign up for a subscription service? The true solution to piracy, whether the industry goes on-demand or not, is in exclusively storing and syncing with a secure cloud provider.

Netflix Growth

Cloud Solutions for Production Teams

For most production teams, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave company data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides production teams with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a hybrid cloud, so that users and SMBs of all sorts can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and storage while on the go.