Using Good Encryption Does Not Need To Be Difficult

There are dozens of posts on this site to help you understand encryption, the reasons to use encryption, and how to EASILY begin using encryption.  It makes for long and tedious reading, so I strongly suggest that you don't try to read and absorb all in one sitting.  The posts are broken into sections to help you — read a section then come back another time and keep reading until you have read all the sections.

I am not an expert, nor do I claim to be.  I can't offer you any guarantees that the information I have presented will keep your information safe or keep you out of jail.  Feel free to take the information I have presented and search the internet for related comments.

Good Luck.  Using Encryption does NOT need to be difficult!

Don't be like one of my friends.  He won't do anything until he has "read the manual".  And he will never "get around" to reading the manual.  In fact, it has been over a year since he read my site and thanked me for providing the information on how to secure his computer. 

Yet he has done nothing because he "wants to read more".  Don't get caught up in reading too much.  Follow the instructions and USE the programs.  Don't put it off because you haven't read the manual. 

Set up and implement the security procedures I talk about.  THEN, if you really feel the need, you can read the manual.  But realize, that getting SOME security up and running is better than none.

In a nutshell, this is what you need to make your computer secure:

FULL-DISK ENCRYPTION

CONTAINER ENCRYPTION

CCLEANER

ERASER

Using Encryption does NOT need to be difficult!

Government Agencies Can’t Crack Encryption

On internet forums in which I participate, I always find myself posting against people who wrongly believe that the government (NSA, CIA, FBI, whoever) can "crack" any encrypted file or container "if they wanted".  My argument is "Government Agencies Can't Crack Encryption".  But replying to their posts feel like beating a dead horse.

But for the sake of keeping the information on this site accurate, I want to clearly state that people (including the government) can DECRYPT your secret data *IF* you choose to use stupid passwords.  I probably shouldn't use the word "stupid" — but in many cases it it. 

If you encrypted your files using your child's birthday; your dog's name; your wife's maiden name; your anniversary; or the day you lost your virginity, you have committed the crime of "password stupidity"

And if you wrote your password down (anywhere!), slap your head twice because you have complete compromised your files and your encryption security.

July 8, 2015, from the Daily Beast:

FBI Directory James Comey told a Senate hearing that the TWO purposes of the FBI are being thwarted by encryption: "… Comey told the Senate Intelligence Committee on Wednesday that advances in consumer encryption would allow terrorists and child molesters to communicate beyond the means of the bureau to intercept and read them."

And at a swipe at Television's "CSI", Comey stated:  "We cannot break strong encryption. I think people watch TV and think the Bureau can do lots of things. We cannot break strong encryption. ."   [YES he said it TWICE in the same sentence.]

"… even with a warrant, with these encrypted devices, the warrant doesn't do them any good." [Reference to Apple’s new encryption for the Iphone].

[In a speech last month, Apple CEO Tim Cook said the company would not waver in offering encryption tools to customers and said weakening encryption would have a “chilling effect on our First Amendment rights and undermines our country’s founding principles.”]

"The Tor network, which was developed for surfing the web anonymously, is considered to be a "major" problem, as is Truecrypt, a program for encrypting files on computers."  From theage.  Be sure to read the posts on the FBI's "Plan B" and the involvement of top Universities to provide hacking research to the government.

So how do governments actually break into encrypted files and containers?  Previously on this site, I referenced trojans and hacks that find their way onto your computer.  The government participates in that type of password retrieval — as well as the installation of secret cameras to capture keystrokes.

With widespread encryption, surveillance would require the government to individually select a target and compromise his or her computer, either physically or through software.    (from the Newyorker)

Another set of posts that often appear reference the use of ZIP or RAR, which are archive programs that allow the user to "shrink" the size of files for storage.  They can be "locked" with a password and many people refer to this as "encryption".  THIS IS NOT ACCURATE.  "Zip" and "Rar" files are NOT secure; they are NOT encrypted.  There are many hacker tools that will break the security of these archive files.

I realize this is a multi-focus post [which my associate likes to call a “rambling” post], but there are a few things that have not been mentioned before, or need to be mentioned again.

Over the next few posts, I will talk about the FBI's "Plan B" against Encryption, as well as stealing more looks at the opposing teams playbook!

Is TeamViewer Safe To Use? How Safe IS TeamViewer?

I mentioned previously about my burglary and my stolen laptop.  As a reminder, I had Teamviewer Remote Access software installed because I sometimes I need to get into my computer when I am physically away from it.  The crooks who stole my laptop didn’t wipe the computer, and didn’t realize that team viewer was still installed.  I noticed my missing computer showing up as “online” on my teamviewer control panel.

So I activated a screen video capture program, and then logged into my stolen laptop.  Within 10 seconds, they saw the pop-up notifications, and closed my connection.  But not before I obtained facebook pages of two of the people who have my stolen computer.

I remembered that there was a setting in teamviewer that allowed you to “black” out the screen on the remote computer so the person in front of it couldn’t see what you were doing.  I decided to […] Continue Reading…

More Security Leaks In Windows

Windows is like a sieve (or a colander, or a strainer, technically different but the same for our purpose!).  It leaks data and information and stores huge amounts of UN-necessary and dangerous data.

I have addressed some of those leaks throughout the long and detailed posts on encrypt-away, but the truth is, there is only one way to secure Windows weak and insecure storage architecture:   FULL DISK ENCRYPTION and rebooting your computer to the lock screen when you are finished using the computer.

In 2006, (Yes! More than 8 years ago from the date this guide was written), the US Government ordered all Government laptops to install full-disk encryption.  In order to make sure that people use the full locking features of the full disk encryption software, the government required the software vendors to “Use a “time-out” function for …  mobile devices requiring user re-authentication after 30 minutes inactivity.”

This prevents the […] Continue Reading…

Truly Deleting Files — Wiping Free Space

The next program has two parts – one you should be using every day; and the other that you should use regularly.  The program is ERASER by Heidi (http://eraser.heidi.ie/).  Always download programs from their official websites!

You should use ERASER:
1.     EVERYDAY, to delete/erase files, images, folders, etc., INSTEAD OF the windows “delete” key.

2.    OTHER TIMES, to WIPE / ERASE / DELETE / SHRED the “free space” on your hard drive.  “Free space” means the space on your hard drive available to store new items.  Eraser will make multiple passes to “shred” the data in this area to make recovery virtually impossible.

Even though this quote was written about an old (discontinued) software, the statement is still true today of Eraser:

“Even though the Computer Investigation Model was diligently followed and due care taken for the proper chain of custody, the wiping tool simply made the data unrecoverable”. (from:  http://www.academia.edu/1342298/Recovering_Deleted_and_Wiped_Files_A_Digital_Forensic_Comparison_of_FAT32_and_NTFS_File_Systems_using_Evidence_Eliminator)

Before using Eraser, […] Continue Reading…

Windows Mess — An Investigator’s Dream

Windows is Messy.  In fact, it is an investigator's dream!  There are so many security weaknesses of Windows that Forensic Investigators are happy to work with Windows-based machines.

In the previous post, we discussed the Hibernate.sys file that can provide too much information about your actions. 

Another file that permanently contains data about your actions is the PAGEFILE.SYS.  Unfortunately, it is not a file that you should turn off.

“Page files are basically an on-disk repository of data that was in memory but not needed right at this moment. The system will page the data to disk, into the pagefile, to allow apps to use more memory than what the system really has.”  (from: http://blogs.technet.com/b/jesper_johansson/archive/2006/02/02/418653.aspx)

“Even though the data in pagefile.sys persists over time, it contains a record of data that was in RAM before the computer was shut down. … , experts can find in the pagefile.sys remnants of programs or files […] Continue Reading…

Making Windows More Secure

There is a report on the internet about a forensics company that recovered information and history from a machine even after running ccleaner.  You should know some of the reasons WHY this was possible.

The users of the program make mistakes.  First mistake: they did NOT enable secure file deletion.  That means that the files were "deleted", but not "securely erased".  Because of this oversight, investigators were able to use file recover techniques to recover the original files.  This would not have been possible if the original user had enabled secure file deletion.

Second mistate, they didn't turn off the power to the computer when not in use.   The article refers to "recovering from RAM".  RAM is emptied when you turn off the power or reboot your computer, something we already said needs to be done when you are not using it.

The two other areas where they discovered weaknesses are in […] Continue Reading…

Ccleaner — the Evidence Eliminator

Have you ever watched a “spy” movie where an “accidental” murder occurred, and the spy had to call his or her boss and request a “clean-up” crew?  That "cleaner" would put everything back to normal, just like it was prior to the accident, and would make sure there was no “trash” or evidence left that could be found.

As a side note, if you like the new TV Show "Black List", you might remember that James Spader's character "Raymond Reddington" has a "cleaner" on retainer — "Mr. Kaplan", who, contrary to the title, is a female!

In the computer security world, we have our own “clean-up” crew – It is called “CCLEANER”.  CCLEANER’s official website for downloads is (https://www.piriform.com/CCLEANER).

CCLEANER is a SUPER-EASY program to run and is free.  Depending on your perspective, EITHER it cleans up the junk left in your computer and may make your computer run faster; OR it […] Continue Reading…

Full Disk Encryption Secures Your Computer

Next, we will discuss FULL DISK Encryption:

Full disk encryption prevents unauthorized access to ANY part of a computer, its operating system, and hard drives.  The files and operating system only become readable and usable when the proper decryption key has been entered BEFORE THE COMPUTER BOOTS!

Full disk encryption protects data in all areas of the disk drive, including areas outside the file system. Such data are the hidden files, swap files, file metadata, temporary files and caches, registry files, hidden data, temporary program data, stored passwords, and boot sector data.

YES, including stored passwords.  How many times have you clicked “Remember this password”?  You probably did it when accessing your facebook, your email, your favorite discussion forums, Amazon or Ebay, and many more!  With full disk encryption you can rest easy that no one will be able to access these sites using your stored passwords.

Why should you use full disk […] Continue Reading…

Google and Microsoft are Scanning Your Emails and Storage

"Police say Google detected explicit images of a young girl in an email that [he] was sending to a friend, the company then alerted authorities". … "He was trying to get around getting caught, he was trying to keep it inside his email," … [See comments bottom of this page] (From::  http://www.khou.com/story/news/crime/2014/07/30/houston-man-charged-with-child-porn-possession-after-google-cyber-tip/13378459/)

That was the news report that got my attention.  And as I read, I realized that I needed to dedicate at least one post to this subject.

GOOGLE AND MICROSOFT ARE MONITORING AND SCANNING YOUR EMAILS AND STORAGE. 

[COMMENTS ADDED FROM GOOGLE EMAIL INCIDENT:  You might not get upset because the guy was caught sending child porn.  But the point is that YOU DON'T KNOW what Google can scan your email for:  keywords, locations, phone numbers — we don't know. 

Google modified its terms and conditions:  "Our automated systems analyse your content (including emails) … "  … a class-action lawsuit […] Continue Reading…

Understanding Container Level Encryption

The next “type” of encryption I will discuss is CONTAINER Level Encryption:

In container level encryption, you dedicate a portion of your hard drive to be used as an encrypted “container” – almost like you are creating another hard drive on your existing hard drive.  The accepted word is really “partition”, but I don’t like it as much as “container”.

You can choose the size of your new container based on how much disk space you think you will need in the container.  The software then “creates” the container using your decryption key.  When that process is done, you will access your new container with a drive letter – just like accessing a new drive.

When the encryption software is running, AND you have entered your decryption key, you will be able to use this new container (a “secure container”) to copy files, delete files, view files, etc.  This is referred to […] Continue Reading…

Older posts «