ENCRYPTED E-MAILS @ DARK MAIL ALLIANCE

1.   How often we keep reading so much about privacy and IT security issues across the web and daily surf's!!!....but we only have more to believe that privacy with times to come will be a matter of past...be it your mobile with loads of applications inbuilt already or your exchange on yahoo or gmail etc..every one is trying to vie for your data in some form or the other...your sms..your mms...your contacts..your stored data on the SD card,your browsing history or your location at various times of the day etc etc.....every one wants all this to make your profile and then in the long run use all this to market or even blackmail you(who knows!!!!!)...future will buzz a lot with our past....

2.  In such times it is good to read about "Dark Mail Alliance". Extract from their website is produced below for general direction of purpose :

" To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email. As founding partners of The , both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind."

3.   Silent Circle’s team as mentioned in the extract is a unique and eclectic mix of world-renowned cryptographers, Silicon Valley software engineers, German VoIP engineers, Latvian system analysts and former US Navy SEALs & British Special Air Service (SAS) security experts....while Lavabit was an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government.So the combo of these two majors can be a force to reckon with provided the policies and strategies do not bar them again in some manner...till then lets give a "good night" to privacy!!!

4.   More at http://darkmail.info/

Need of Encryption : Your files - Your Data

1.   In today's times when every spying eye,every hacker on the web is eyeing your info.... apart from hardening your OS and configuring your system securely what else can you do to secure your info after some one gate crashes into your system?.....I mean after someone gets your root privileges via remote access...what are the options to save your self from sharing your critical data with him?The answer is ENCRYPTION...

2.   Encryption is the process of encoding your information) in such a way that hackers cannot read it, but that authorized parties can.So without getting into the nitty gritties of what is Encryption and how it works..i am focusing here of what all opensource and free applications are available for encryption...

3.   First I would mention about TrueCrypt,this is the one I have been using for years...the reliability of this application can be gauged from the fact that in 2008, the FBI attempted to break encryption on hard drives using a program called TrueCrypt, but the equipment was finally returned after a year of failed tries.(Source : http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html)

4.   The other strong opensource software's available for encryption are :

    - E4M ie ENCRYPTION for MASSES)
    - Free OTFE
    - Scramdisk

5.   TrueCrypt remains the best bet for all present users.The popularity can be gauged from another fact that this is being used by cyber criminals to!!

Anti Keylogger : KeyScrambler

1.   How would u ever know that all your key logs on the PC are not being logged by a key logger working incognito in the background?...if u r not the SMARTEST....m sure u will never know....so what can u do to avoid that when u know u r equally prone like anyone across the web space?...stop typing...or use OSK(on screen keyboard) or use KEY SCRAMBLER....which would encrypt every key stroke that u type on your pc immediately as you type....available in three versions....at this site at http://www.qfxsoftware.com/index.html.The good news is that one version is free that will take care of most of you.....

2.   Something about KeyScrambler.....is an anti-keylogging program that encrypts user keystrokes at the keyboard driver level, deep in the operating system. The scrambled keys are indecipherable while they travel to the destination app so that no keylogger can steal your passwords or other crucial information. Thus it defeats known and unknown keyloggers.The unobtrusive overlay window lets realtime encryption in process so you know how and when KeyScrambler is working. 

Image Courtesy : http://www.qfxsoftware.com/index.html (Click to enlarge)

HOW IT WORKS ?

-   As u type, this simultaneously encrypting your keystrokes at the keyboard driver level. Because KeyScrambler is located in the kernel, deep in the operating system, it is difficult for key loggers to bypass the encryption.

-   While the encrypted keystrokes travel along the crucial path, it doesn't matter if they get logged, or whether the keylogging malware is known or brand new, because your keystrokes remain completely indecipherable the whole time.

-   When the encrypted keystrokes finally arrive at the destination app, the decryption component of KeyScrambler goes to work, and you see exactly the keys you've typed.

3.   Thanks http://www.qfxsoftware.com/

RED PHONE : ENCRYPTED VOICE FOR ANDROID!!!

Here is something every android user would lov to use....AIM IS TO LISTEN AND SPEAK ON YOUR ANDROID HANDSET WITH INBUILT ENCRYPTION OF RED PHONE APPLICATION.......isn't it gr888888!!!

" RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. It's easy to use, and functions just like the normal dialer you're accustomed to. RedPhone uses your normal mobile number for addressing, so there's no need to have yet another identifier or account name; if you know someone's mobile number you know how to call them using RedPhone. And when you receive a RedPhone call your phone will ring just like normal, even if it is asleep. "

Got this info from http://www.anti-forensics.com/blog.More at http://www.whispersys.com/index.html

The weak password problem : Now solved????

1.    We are part of the first phase of IT revolution across the globe where every thing is happening....methods to secure...methods to hack....stronger and powerful servers....patching vulnerabilities....fighting malware....analysing stuxnets genre...and what not....every thing is happening.....now the following text (org from http://lanl.arxiv.org/abs/1103.6219) opens another dimension to make the passwords secure.....

"Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase transitions, CAPTCHA recognition, and computational round-off errors we design an algorithm that strengthens security of passwords. The core idea of our method is to split a long and secure password into two components. The first component is memorized by the user. The second component is transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective. We expect our approach to have wide applications for authentication and encryption technologies."

2.    Thanks http://lanl.arxiv.org

Steganography : Hide in a JPEG/BMP

1. Steganography is the art and science of writing hidden messages in such a way that no one,apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity while Cryptography is the practice and study of hiding information.

2. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages no matter how unbreakable will arouse suspicion,therefore, whereas cryptography protects the contents of a message,steganography can be said to protect both messages and communicating parties.

3. Just for how it works..i tried one free Steganography software "Invisible Secrets" that allows one to encrypt and hide files in other files (carriers) which are not suspect of encryption (JPG, PNG, BMP).The link I downloaded from can be accessed by clicking here.

4. Now this is a small 1.8 MB software good enough to do the job.The file u see below of golden temple is just not a jpeg,it consists of a text file with a message...the password to access the text file is 12_34....for those of u who r interested to experiment

5. The scope of utility involves provisioning solutions to the following queries of any user across :

(a) Are you afraid that someone else can see your sensitive and secret data stored on your computer ?

(b) Are you afraid that hackers or other people can penetrate your system and find your valuable information ?

(c) Your wife, boss and kids can see what you used the internet for?

(d) You have many passwords in your mind or spread all over your computer and you can't organize them?

(e) You want to send a secure email to your friend or partner and you want nobody to read or to access it?

(f) You want to password protect certain applications to be used only by you? Do you want them not to be visible in the Start Menu, but still have quick access to them?

(g) You want to delete an email or a file but you think someone else can restore it and use it against you ?

(h) You want to combine file encryption with steganography (hide files and folders) to better protect your documents and emails?

(j) You want to hide files on your computer so that nobody finds them?

6. Thanks http://www.invisiblesecrets.com