» Home >

Tag Archives: privacy

TrueCrypt & file encryption

Thursday, June 26th, 2014 | Jim Cheetham | Comments Off on TrueCrypt & file encryption

TrueCrypt is dead

We used to recommend TrueCrypt as an effective file encryption solution, suitable for exchanging data sets over untrusted networks as well as for medium-term offline storage or backups.

Unfortunately, over the last few weeks it has become clear that the TrueCrypt authors have withdrawn their support for the product; and while the source code is available (and is actively being audited), it is not Open Source licensed, and should not be used in the future. TrueCrypt is effectively dead.

What should I do?

What does this mean for people who are currently using TrueCrypt? I’d recommend that you migrate your data out of TrueCrypt and into some other format; not in a rush, because there are no currently-known attacks or vulnerabilities in the product, but in a well-planned way. You should not start any new storage schemes using TrueCrypt.

What alternatives are there?

There doesn’t seem to be any useable and “free” software that does everything that TrueCrypt did, but most people we talk to don’t actually need all of those features at the same time anyway.

We are currently recommending the 7z archive format with AES encyption as a solution to :-

  • Cross-platform support
  • Protection in transit (email, dropbox, etc); sharing
  • Medium-term storage on untrusted media

Please be aware that University-owned data should always be accessible by the University itself; so if the only copy of your data is encrypted in this way, the passphrase used as the key needs to be made (securely) available to the appropriate people (usually your employment line management).

7z?

7z is the file format originally implemented by the Open Source 7-Zip file archiver, it is publicly described and there are now multiple software implementations available. It is currently regarded as the ‘best’ performing compression software available. Read more on the Wikipedia entry. Command-line users might like the p7zip implementation, packaged in Debian and the EPEL repository for RedHat.

7z applications usually do not use encryption by default; make sure that you select this option for secure storage.

 

Sealand, the Data Haven

Thursday, March 29th, 2012 | Jim Cheetham | Comments Off on Sealand, the Data Haven

There’s a nice and very detailed article over on Ars Technica covering the history of the micronation Sealand operating as a Data Haven …

Written by James Grimmelmann, Associate Professor at New York Law School, http://arstechnica.com/tech-policy/news/2012/03/sealand-and-havenco.ars covers the history, motivation and inevitable failure of the HavenCo business, as well as a good part of the history of Sealand itself. There is a significantly longer and much more detailed paper (80 pages) published by Mr Grimmelmann in the University of Illinois Law Review journal for those who enjoy more in-depth discussions.

And no, WikiLeaks is not going to be able to move servers to Sealand in order to avoid prosecutions, sorry.

Netograph

Thursday, December 8th, 2011 | Jim Cheetham | Comments Off on Netograph

Dunedin-based security researcher Aldo Cortesi has just launched netograph.com, a project that analyses the data websites store on your machine when you visit them.

It reports on the off-site resources that make up a page, things like remote images and third-party JavaScript. It also identifies persistent storage in the form of browser cookies, HTML5 cookies and Flash object storage.

Sample Netograph website report

Plugins are available for Chrome and Firefox that allow you to preview the Netgraph report for a site before visiting it. Currently the project is scanning all links mentioned in submissions to Reddit, Hacker News, Delicious, Pinboard, and Digg.

Privacy Monitor

Wednesday, December 7th, 2011 | Jim Cheetham | Comments Off on Privacy Monitor

The Information Security Office is dreaming of a White Christmas this year.

Especially now that we have a Privacy Monitor …

Following on from the post on Instructables.com that showed how to hack an old LCD monitor by removing the polarised film and re-inserting it into a pair of glasses (http://www.instructables.com/id/Privacy-monitor-made-from-an-old-LCD-Monitor/) we did pretty much the same thing to create our Christmas Decorations this year :-

Direct Link: https://blogs.otago.ac.nz/infosec/files/2011/12/ISOwhitescreen.flv