Encryption Backdoor Endorsed by Attorney General Jeff Sessions

Andrew Orr From our Perspective

Jeff Sessions, President Trumps new Attorney General for the United States, has recently shown that he supports an encryption backdoor. President Trump seems to support this as well, lambasting Apple when the company wouldn’t unlock an iPhone for the FBI. What Is An Encryption Backdoor? A backdoor is any method, usually secret, that bypasses the usual authentication process in a product, computer system, cryptosystem or algorithm. In encryption, a backdoor would mean that agencies like the NSA could design an encryption algorithm in such a way that they could easily …

One Man in the Middle Compromises 76 Popular iPhone Apps

Andrew Orr In the News

An iOS app analysis service has found that 76 popular iPhone apps are confirmed to be vulnerable to the silent interception of TLS-protected data. Beware of these popular iPhone apps During testing, developers of verify.ly a mobile app analysis service found issues with many popular iPhone apps. Here are the details we have so far: 76 popular iPhone apps let a secret man-in-the-middle attack to be performed on connections that should otherwise be protected by TLS (HTTPS). This MitM vulnerability lets data be intercepted and manipulated. According to Apptopia, there has been …

Should Apple Build their Own iPhone VPN?

Andrew Orr From our Perspective

Recently, Apple website 9To5Mac published a feature request article; the author suggested that Apple should build an iOS VPN network and VPN app for iPhone. However, is this a good idea? Apple’s VPN on iPhone is Very Bad for Privacy Last year Google released an Android feature called Wi-Fi Assistant. It lets Android customers use Google’s free VPN service when they connect to insecure public Wi-Fi hotspots. However, on iOS, Apple users do not have this option. Instead, they have to buy VPN service from a third-party. 9To5Mac author Greg …

How Secure Is Your Android VPN App?

Andrew Orr In the News

A research paper [PDF] from the University of California and Commonwealth Scientific and Industrial Research Organisation (CSIRO) analyzed a group of Android VPN apps. They found that these particular apps had privacy and security issues. Further Reading VPN On Chromebook: How To Set It Up Why Switzerland is a great place for a VPN More people are starting to realize the benefits of using a virtual private network. But without a lot of tech knowledge, it’s easy to assume that all VPNs are created equal. They are not, and this …

NSA Contractor Faces Espionage Charges For Data Theft

Andrew Orr In the News

Government lawyers charge a contractor for the National Security Agency with espionage. The charge? Stealing massive amounts of data about the Shadow Brokers group. Further Reading Google Removes Ban On Personalized Web Tracking VPN Passwords Recovered From NSA Hack The Shadow Brokers In August,  a hacker group calling themselves the Shadow Brokers revealed that they stole a huge cache of hacking tools belonging to the NSA. In a document called Equation Group Cyber Weapons Auction – Invitation, the group, released some files for free and put the rest up for auction. …

How To Stay Safe Browsing From Public Wi-Fi Networks

Andrew Orr Informative Internet Guides

Earlier this week we told you about a public Wi-Fi threat called Evil Twin Hotspots. Even if you do not encounter these, using insecure public Wi-Fi is risky. Here’s how to stay safe. Further Reading Use A VPN To Defeat Evil Twin Hotspots Public Wi-Fi Hotspots More of a Threat Than You Think Insecurity You might be surprised at all of the wicked things that hackers can do to someone connected on an insecure Wi-Fi connection. There are three general ways in which an attacker can exploit public Wi-Fi: Man-in-the-middle …

Use A VPN To Defeat Evil Twin Hotspots

Andrew Orr Informative Internet Guides

An evil twin is a malicious Wi-Fi hotspot that pretends to be a legitimate one. Hackers use them to steal your information if you connect to it. Here’s how a VPN can help. Further Reading Are You Infected with Malware? Here’s How To Find Out 8 Common VPN Myths And Why They Aren’t True Man-in-the-Middle Connecting to public Wi-Fi can already be risky, but now you have to worry about “evil twins?” It’s a crazy world, and some people want to make it even crazier. Next time you connect to …

Email Credentials Stolen, Here’s What You Can Do

Andrew Orr In the News

In a stunning leak, a Russian hacker known as “the Collector” has published millions of stolen email accounts for Gmail, Yahoo and Microsoft. The total amount of records reaches 1.17 billion. Further Reading InfoSec 101: How To Set Up Two-Factor Authentication InfoSec 101: How To Create a Secure Password Security Breach A report by Hold Security says its cyber security team looked at over 272 million accounts so far. Of that, the team had never seen 42.5 million of these before. A large number of accounts came from Mail.ru, Russia’s most …

8 Common VPN Myths And Why They Aren’t True

Andrew Orr Informative Internet Guides

Interested in using a VPN? Maybe you already use one, but you don’t know much about them yet. Here are some common myths about VPNs and why they aren’t true. Further Reading 10 Reasons To Use a VPN in 2016 – What Are You Waiting For? The Future of Freedom: Building a new TOR Myth #1: You only need a VPN if you’re doing something illegal A common misconception surrounding issues of privacy and security is accountability. That is, you might say “I have nothing to hide, so why should …

Quicktime for Windows has a critical vulnerability

Mathew Sayer In the News

Cyber security company Trend Micro has uncovered two critical vulnerabilities in Quicktime for Windows. The intra-OS version of the program is being phased out. Apple has announced that there will be no more security patches. OS X versions of Quicktime are not affected.   Trend Micro chose to release the advisories by following their Disclosure Policy. When a vendor does not issue a security patch they send an advisory. Zero Day Initiative released two bulletins, ZDI-16-241, and ZDI-16-242 setting out the vulnerabilities. No attacks exist at the minute, but users …