The one and only internet <img src="https://ekiledjian2.micro.blog/uploads/2025/b57c63d44e.jpg" alt=""> Edward Snowden is the (now famous) NSA leaker that exposed many of the US intelligence community's most secretive tools to the world. As expected, the public reacted (some would say over-reacted).   There is one internet I believe the Internet will be recorded in history as one of the great evolutionary drivers. With the global availability of human knowledge and the ability to create brand new beneficial services (like the Scanadu home health monitor).

Continue reading →

Since the PRISM revelations, we have seen a handful of "secure" email services shutter their doors or close their email services (Silent Circle, Lavabit, etc). Then came the shutdown of websites dependent on anonymity of sources (Groklaw). With all the turmoil, you may be looking for an email service less likely to bend to the will of the NSA (or other national security agency). I can't think of a better country than Switzerland. The email service recommended by the founder of Groklaw is now offering a less expensive lite of its email service.

Continue reading →

Another day brings news of another popular web service getting hacked and having its data stollen. The victim this time is a popular mobile app called TrueCaller. The Syrian Electronic Army claims to have breached TrueCaller's security by exploiting a WordPress flaw and stealing 7 databases.  Sorry @Truecaller, we needed your database, thank you for it :) http://t.co/fC6ZyYAGTG #SEA #SyrianElectronicArmy — SyrianElectronicArmy (@Official_SEA12) July 17, 2013 The Syrian Electronic Army claims to have gained access to 1 million social networking accounts (Facebook, LinkedIn, Twitter and Google) through this exploit.

Continue reading →

With all of the hoopla around Prism in the US, many Canadians may be wondering what Rogers' policy is about sharing customer data with the government. Here is their position:  @ekiledjian we'd only share information about a customer if a warrant has been issued 2/2 — Nicolas @ Rogers (@RogersNicolas) July 9, 2013   I've reached out to Telus, Bell and Fido & am waiting for their responses  

Continue reading →

The Washington Post claims to ahev gained access to classified documents stating that Chinese hackers compromised systems contrianing information about the USA's highly classified cutting edge defense products (like the F-35 and PAC3 PAtriot missiles). The report goes on to list other critical defense systems like the Aegis ballistic-missile defense system, F/18, V22, etc. Could this report be the reason the US Government has started to take a much stronger and much more public stance against Chinese hackers?

Continue reading →

Even the most careful internet user may find himself/herself on a questionable site that loads the browser with all kinds of "wonderful gifts" like toolbars, new search engines, extensions and the like. Normally recovering from something like this is painful and time consuming. A crafty and detail oriented individual, Francois Beaufort, discovered a new feature in Chromium called reset profile which resets everything back to factory defaults: homepage search engine cookies and disables the extensions Why is this interesting?

Continue reading →

Related Article:  How To Secure Your Online Accounts How to enable 2-factor authentication for Google Sign into your Google account Click the arrow next to your name Choose Account Select Security Click settings listed under 2-step verification You have to start the setup process. You are then asked to supply a telephone number where an authentication code will be sent when you login from an “untrusted computer or device”. A code then arrived that you have to enter when Google login detects something strange.

Continue reading →

What is 2-factor authentication? One of the most common ways to hijack your online accounts is to steal your passwords. The way to prevent this type of issue is to use a technique called 2-factor authentication. The 2 factors are: Something you know : your password which is still used Something you have : a one-time use password that is generated on demand that proves you are in possession of something physical. You use 2-factor authentication everytime you use your bank’s automated banking machine.

Continue reading →

Due to recent attacks again Twitter and high profile Twitter users, Twitter has started implementing new security measured. Now we learn that the official account of Saudi Aramco (the world’s largest oil producer) was hacked by “Mister Rero”.  Saudi Aramco is no stranger to infosec issues and had 30,000 workstations hacked last year. Don’t forget other twitter accounts were also recently hacked from Burger King, Jeep, etc.  

Continue reading →

A couple of days ago, I wrote about Evernote being hacked and the fact that it is the new reality for cloud services. Now we learn that Evernote intends to implement 2 factor authentication. In case you were not aware, Evernote was hacked and it forced its 50 million users to reset their passwords. According to InformationWeek, they will offer some kind of 2 factor authentication for all of their users before the end of the year.  

Continue reading →

It has been a bad week for popular websites (getting hacked). Now Twitter has come forward and acknowledged that 250,000 accounts were hacked. The attacker may have had access to email addresses, encryption passwords and session tockens. What is worrisome is that Twitter has claimed that the attack was "extremely sophisticated" and that they saw this same pattern of attach against other sites. Twitter is being proactive and is forcing users of those affected accounts to immediately change their passwords (those affected should have received an email from the company).

Continue reading →

It seems everyone’s favorite cross-platform Instant Messaging app has is violating Canadian privacy laws (according to the Office of the Privacy Commissioner of Canada). The OPC found that on all devices (except IOS 6), the App requires access to the users address book to function. This means that non WhatsApp user information is being stored on the WhatsApp servers without the permission of these users. WhatsApp is “trying to meet” Canadian regulations by adding encryption and other protections but the OPC believes they are not yet compliant with Canadian law and will continue monitoring the firms progress.

Continue reading →

Facebook has gone to great length to make sure everyone know that Graph Search won’t reveal anything that isn’t already visible to the person conducting the search. However people may be able to find information about you because of privacy setting misconfigurations you may have made. It is a great time to make sure you have properly locked down your Facebook privacy settings. Click on the little gear icon (upper right hand side) and choose “Privacy Settings”. First Then

Continue reading →

As an infosec leader working for a large multinational, a lot of risks keep me up at night. Most execs still believe (mistakenly) that the biggest risks come from the outside. Imagine my interest when I learned that AMD is suing 6 former employees because it believes they leaked over 100,000 documents ("trade secret materials relating to developing technology") to NVIDIA. The complaint says these employees took the info with them when they switched employers. AMD claims to have uncovered evidence of their claim using “forensically revealed data”.

Continue reading →