Only five years ago, the title of Chief Information Security Officer was likely awarded to an employee that had worked hard and was dedicated to the company. It was an honorific title often given as a reward. Times have changed and companies need a new breed of CISO.

The number, severity, and impacts of cyber threats are continually increasing. Companies now rely on complex highly integrated IT systems whose confidentiality, availability and integrity are paramount. 

The WannaCry ransomware was a good example of how poorly managed security can cripple an organization. The National Health Service in the United Kingdom had up to 70,000 infected devices and was forced to turn away non-emergency patients. (1)

The CISO is now a senior-level business executive who can directly impact the profitability and viability of an entire organization. Instead of being a technical specialist, the CISO must now be a seasoned business leader that can become a trusted advisor to other executives within the organization. 

CISOs can help maintain your brand value, help build relationships with various stakeholders, and are charged with protecting an organization's most important assets (the digital ones).

The job of a true modern CISO is getting harder by the day, and organizations need to ensure they have the best CISO they can find & afford, to guiding them. 

If we agree that the nature of the CISO's role has changed and that the modern CISO is a very different creature than his predecessor, what makes a good CISO?

1 - Problem solvers

A modern-day CISO can solve complex rapidly changing problems under stress and high pressure. A CISO must enjoy solving complex puzzles while being able to juggle day-to-day tasks and driving the organization's long-term vision. The CISO must understand that every decision made today can have dramatic repercussions tomorrow. 

2- The CISO must be a people person

The modern CISO is often a front-line representative of the organization to shareholders, customers, partners, and regulators. They must have the ability to build strong relationships based on trust and respect. The CISO must have the ability to communicate complex security issues to stakeholders that may not understand even basic IT. The modern CISO must be a people person. The modern CISO must lead his team with fervor and engender commitment from the security team. 

3 - The CISO is a citizen of the world

Information flows without respective national boundaries, but companies are being asked to navigate complex global regulations that sometimes contradict each other. The only way a CISO can manage this increasingly complex regulatory environment is with non-traditional skills (for an IT person) that include law, business, compliance and governmental relations. 

4 - The CISO must be business minded

The CISO must make security decisions based on how it impacts the organization or enables the organization to perform its primary business functions. The CISO must weight security decisions against profitability, efficiency and must build a competitive advantage for the organization. A CISO must be obsessed with efficiency and must be resource conscious (people, time and money). Gone are the days when a CISO makes purely technical decisions based on technical need. 

5- CISOs tend to be workaholics

Even if work-life balance is all the rage, a CISO is always on call. Unfortunately, the bad guys never take a break and often neither does the CISO. It is common for a CISO to work long hours and weekends while guiding the organization to where it needs to go. The modern CISO is humble and respects the capabilities of his/her adversaries. A CISO must always be vigilant. A CISO is continually thinking about how he/she will keep the organization one step ahead of threat actors.

6 - Strong team building skills

CISOs work long and hard but so do their teams. A CISO must be self-confident enough to hire the highly skilled professionals the organization needs to succeed. I have met many CISOs who refused to hire employees that were more technically competent than them for fear of being replaced. This is the reflex of a "bad" CISO that doesn't understand his/her new role. A good CISO will hire the best resources he/she can find and them coach them to grow and become exceptional. The stronger the team, the better the CISO.

7 - Your CISO doesn't need to be certified 

Full disclosure, I do not currently hold any security certifications but I believe I can challenge anyone that does. The CISO is a business professional with security experience, not a security professional with business experience. 

You should rely on the proven track record.

Conclusion

The role of CISO is constantly changing, and the ideal candidate must also be constantly evolving.  I have been a security executive since 2001 and have seen the role of CISO morph from a backroom function performed by geeks, to a font of the house leader that can communicate with clients and regulators. The right CISO can drive business growth while the wrong one can sink your entire organization. 

Invest the time, energy and resources required to hire the right CISO for your company. If you have a CISO already, make sure he/she is the right one your organization needs right now. 

---------------------------------------------

(1) Ungoed-Thomas, Jon; Henry, Robin; Gadher, Dipesh (14 May 2017). "Cyber-attack guides promoted on YouTube". The Sunday Times. Retrieved 14 May2017.

The average consumer is starting to realize how much personal data companies collect about them. 

RELATED: How Target knows you are pregnant through data analytics

Consumers should be concerned about what data is collected, how is is used and who it is shared with. 

Canadian privacy laws ( like Personal Information Protection and Electronic Documents Act) allow consumers to access their information (aka companies must respond to a request for personal information held by the company).

PIPEDA section 4.9 mandates that companies respond to Data Access Requests within 30 days of receipt. The information must be made available for free or at a reasonable cost.

Some companies use legally complex wording and vague statements in their privacy policies to hide the level of detail collected and to obfuscate how it is used. The Data Access Request allows any individual to understand (and see) what has been collected and what is being done with their information. 

What is a Data Access Request?

Toronto based Citizen Lab has created and operated a site called Access My Info. The site was created to simplify how Canadian's create and submit Data Access Requests using templates. 

Testing it

I will submit a couple of test requests and see how companies respond. If you are a Canadian, I encourage you to try this as well.

RELATED: The best way to protect your data - images, music, documents

Even with all of the technological advancements we have made, backups are usually overlooked by the "average Joe" until something significant occurs (causing a massive shift in paradigm). 

Why backup

Traditionally we backed up our information in case the physical media we used (hard drive, DVD, ZIP Drive cartridge, Bernoulli Box, etc.) had a catastrophic incident. 

Modern headaches that we add to the justification list now include malware and cryptoware data modification, seizure at a border crossing or shutdown of a cloud service. 

When thinking about backups (as a security conscious individual), you are concerned about:

• Recovering your files in their original format (not some compressed low-quality version of your precious originals)
• Ensuring that only YOU can access your backed up information 

Know thyself

Before we can discuss how to protect your information, we need to know what and where that information is. 

Inventorying your information is not as simple as it first appears... Think of everywhere you have stored digital data. 

• You have one or more email accounts possibly with various providers (Hotmail, Outlook, GMAIL, Yahoo Mail, your ISP, etc)
• You could have contact information on Google, iCloud, Samsung Contacts, etc
• You may have documents in Dropbox, Google Drive, Microsoft OneDrive, various 3rd party apps (diaries, note taking apps, etc)
• You may have information (sometimes even forgotten) on USB keys, SD cards, CD/DVD disks, etc
• This blog has information (articles) going back 7+ years

You get the picture. What first seems like a basic easy to answer question could quickly turn into a monstrous inventory activity. 

Once you know what you have, you then need to figure out which of these sources is the "master" copy. It is not uncommon for people to knowingly or unknowingly load duplicate information across multiple different storage mediums. This of the master as the version that you are likely to keep the most up to date. 

As an example, I recently did a photo duplicate cleanup and realized 15% of my total 1.5TB photo storage was duplicate files I had accumulated over the years. 

RELATED: OPSEC - How to securely delete files

It's time to strategize

In a previous article, I talked about the 3-2-1 backup strategy. The exact entry from my previous article was:

This is a simple way to remember the right way to backup and protect your data. 

• You should always have 3 copies of your important data. This means one primary (aka the one you use on a daily basis) and 2 copies as backups.
• You should always have your backups on 2 different types of media (one of your backups can be to an external hard disk while the other one should be to another type of media like DVD disk or to an online service).
• You should always store 1 copy of your data to "somewhere else". This is to ensure recoverability in case your house or business experience a natural disaster. Now in most cases, this can be one of the popular online backup services or it can simply be you manually storing the media in another location like your office, a bank vault or leaving it in a friends house. To be extra careful, it is recommended to built-in some distance between you and the offsite backup in case a natural disaster eats a good part of your city. 

The reason we create the information inventory in the previous step is so that you can also backup your application datasets. As an example, if you use Google contacts, maybe export the file monthly in CSV format and make sure it is backed up (don't rely on the goodwill of the provider since they always cap their liability in the event of a catastrophic incident). If you use a journaling application, maybe export your entries in PDF and back that up. If you have pictures sitting on your smartphone, make sure a copy is taken and added to your backup strategy (Google Photos is good but it stored an "optimized" version which is not original). 

People often forget to back up basic information like their emails. To do this, you may need to install a "fat" email client on your computer and pull all the emails (or copies of them) from your mail provider then backup the local program database. Google isn't going away but there have been countless tales of users "losing" access to their accounts for months because Google made an arbitrary decision. Unless you are running your own infrastructure, assume the provider can stop your service and hijack your data at any time. 

A couple of years ago, I spent weeks scanning all my paper documents so that I could have digital easy to move, easy to backup versions. You will likely have to do the same.

Where to store your backups

Back to my 3-2-1 backup model, you should have 2 copies of the data you physically control and one up in the heavens we call "the cloud".

The size of your backup will dictate what kind of physical media you store it on. When backups were small, many users could get away with storing them on CD/DVD/Tape drives but these aren't practical for most modern users.

Most of you will likely store your local copies on some type of large local storage medium such as a USB key and/or hard-drive. If possible, store your local copies on 2 different mediums (USB key AND hard drive) or Spinning hard drive and SSD drives. 

You need one copy in the cloud. Local copies are great because you can restore access almost instantly, but if a major incident occurs, you may lose both of your physical copies. That is when your backup of last resort comes in (aka cloud backup). Remember to protect your cloud backups. You can do this by pre-encrypting the information before uploading it (which works if your backup is small and you are uploading to a service like Google Drive, Microsoft OneDrive or Dropbox). The other option is to use a backup service that lets you hold on to the encryption/decryption keys like Carbonite and Backblaze.

Make sure your backup provider has version control enabled. This means they store multiple versions of files. This is useful if you are infected with cryptolocker like malware that encrypts your files, you can go back to a version pre-encryption. This is also useful if you delete a file by mistake and want to go back in time and bring it back.

It's a process

Once you figure out what your backup strategy will be, you need to ensure it is "run" regularly. Nothing is worse than having a plan and then losing six months of data because you forgot to backup. Most cloud services offer near-line backups which is a nice set it and forget it model. 

You will have to ensure your local copies are regularly updated also. On my mac, I use the built-in and free RSYNC command in the terminal to synchronize via a scheduled task. There are also a tone of reasonably priced on device backup apps (if you don't want to fiddle with the terminal). These are examples but not endorsements:

• For MacOS: Carbon Copy Cloner 
• For Windows: Image for Windows

If you have been reading my blog for a while, you know I evangelize the benefits of one bag travel. My go-to bag for the last ten years has been the RedOxx AirBoss, but I regularly get questions about Tom Bihn bags.

My 5-11 Rush 24 work backpack was starting to fall apart, and in my quest to find the "best" bag for me, I spend three months reviewing various bags. Here is my review of the Tom Bihn Synapse 25 backpack. 

The Tom Bihn Synapse 25 should be considered an Every day Carry (EDC) type of bag. While reviewing the bag, I wanted to evaluate :

• the capacity
• will it last
• the look
• daily use experience

The bag

I own many RedOxx products, and they are all made from a super durable canvas like material. RedOxx bags have a particular look and are designed for adventure first and foremost. This comes through immediately when you see the bag's metal clips, crazy strong claw strap, YKK number 10 zippers and the incredible stitching. 

Although the Tom Bihn looks more "conventional", the materials are all high quality, and you see this immediately with the zippers. The main section uses strong YKK #10 zippers Aquaguard, which are water resistant. The other compartments use YKK #8 Aquaguard.  You immediately notice that every component was purposefully chosen for looks, use, and durability. 

Whereas my RedOxx bag zippers' chunkiness is immediately visible, the Tom Bihn Synapse 25 design blends them into the overall bag. 

Most backpack manufacturers throw two external size bottle holders, and the Synapse 25 only holds one bottle, but you realize why. The designers created a special bottle holder pocket in the middle of the backpack (it expands outward, so you don't lose packing space). At first, I found this strange until I realized this was done to maintain the proper balance of your backpack. As you use this bag, you realize a lot of thought has gone into every aspect of it. 

Right underneath the water bottle pocket is a smaller throw anything type pocket. When traveling, this is a great place to throw keys, your wallet, passport, small bud style headphones at the security checkpoint. When you realize how many personal items people forget at security checkpoints, you stop throwing your stuff in those plastic bins, and you want to shove them in these types of pockets. During daily use, I have a small personal first aid kit I carry here. 

Each side has a medium sized longish pocket where I store my beloved Julbo sunglasses. The right-hand pocket has a small organizational sinch pocket. The left one has storage for pens and a small/medium multitool. 

There is a bottom pocket that can be used to store (while traveling) packing cubes, small shoes, snacks, a jacket, toiletry bag or other items you may want quick access to. During my day to day use, I store my laptop power adapter and sizeable OmniCharge battery here with an assortment of cables. 

Loops, loops, and more loops (aka O rings). All Tom Bihn products are made to work together, and these loops are the key. You can use the countless loops to attack their cubes, caches or organizer bags inside any of the pockets. The Tom Bihn laptop sleeve allows me to pull out the sleeve at a security checkpoint for review, without the risk of forgetting my precious laptop at the TSA checkpoint.

The Freudian Slip

First, you have to laugh at the name and acknowledge these designers have a sense of humor. The Synapse 25 was designed to go from an EDC office bag to a travel system but how do you organize your office knick-knacks without permanently sacrificing space when traveling? You make the office organizer removable. 
The Freudian Slip 25 is designed to fit perfectly in your Synapse 25 and has 15 organizational pockets to store all of your stuff. It has two folder pockets, four open top pockets for small electronics, two mesh pockets, two pen pockets and of course a business card pocket. 

It costs $50 but can be a real organizational dream for Every day Carry. I use mine every day to carry papers, a notebook, my Skyroam Global Wifi hotspot and more. There are so many pockets most of mine are empty but still a wonderful add-on I highly recommend.

The lighting

They sell an Action Lights Guardian light on a strap you can hang on the inside of your bag (so you can find your items even at night). I already own a couple of guardian lights and love them for their durability, but I think they chose the wrong light for internal illumination. Don't get me wrong, the Guardian light is good for internal illumination but the GloTube is much better. There is free advice to your Tom Bihn designers. 

The bag also comes with an external strap that blends in and is invisible when not used, but allows you to strap an external Guardian light for visibility at night (walking, bicycling, etc.)

The details

Tom Bihn offers dozens of pouches, organizers, and straps that you can add to the Synapse 25 to customize it and make it your own. Evey accessory has a strap, hook or locking system that allows you to use it with every one of their products. These hooks are always robust and easy to use. 

It is only after a couple of weeks of use that I started to realize how much thought and care was given to every aspect of the backpack. As you use the bag and realize all of the design decisions they have made to make your life a little bit better, you can't help but fall in love with the product. 

The durability

In addition to very carefully thought out design, this bag is built durable without looking like it came from an Army Surplus store. I carried this bag into executive meetings and never felt out of place. This is especially surprising when you realize the quality of the components they have used. 

Tom Bihn advertises the shell material as 400d Halcyon which is a 420 denier ultra-high-molecular polyethylene ripstop material coated with a light urethane to make it water resistant. 

It feels like a soft high-quality nylon that can withstand being overstuffed and force zipped. The stitching is hidden where possible and where you can see it, it is high quality and you know it is going to be durable.  

The straps are basic and nicely padded. It feels solid and is comfortable for extended use. Many of the tactical bags have more padding but even when loaded, the Synapse never felt uncomfortable. 

This is the type of bag that will probably last for20 years without any issues.

The look

This is a bag designed for techies and not for ultra-modern style conscious turtleneck wearing millennials. Bags like the Minaal are much appropriate for those looking for stylish minimalist bags that can blend into the snobbish New York design scene. 

The Synapse 25 isn't "sexy" because it doesn't have a "modern" look. It doesn't have any waxed canvas or leather accents. 

The Synapse 25 is an ultra-utilitarian functionality first bag. Now to be clear. I carried the 5-11 Rush 24 tactical bag, so I am more concerned with usability than looks. 

Regardless of the "lacking" looks, the bag is so wonderfully designed and put together that I am convinced you will fall in love with it. But look at the pictures and judge it for yourself. You will either love it or hate it. 

When using this bag, you realize all of the small carefully thought out design decisions the Tom Bihn team made aligned with their design philosophy. This doesn't just feel like a $40 bag quickly put together to sell in bulk at Costco. 

Every time I use this bag, it is like having a conversation with the designers and learning how to use it better. As you use it, you will change your carry model and realize they thought of optimizations you may not realize until you've carried this for a couple of weeks.

Daily use

To truly rate the usability of a bag, you have to carry it for at least a month. After a month of daily use, I can tell you that the Tom Bihn Synapse 25 is a delight to use. 

Even when carrying it for hours across busy airports, it was comfortable.

The external organization pockets mean you can easily store and find your items without having to dig into a cavernous deep main pocket. 

The bag is packed with innovation that will make travel and daily use a joy, all packed in a deceptively simple looking bag. 
 

Recommendations

Handles on bags are important when you travel, and although the belt-like carry strap is durable, I wish it was a little more padded. For a bag that is so well designed, this top carry strap felt a little underwhelming. 

Like the carry strap, the belt strap (which is removable) is a thin strap of webbing material IT will definitely last but isn't very comfortable to use. Luckily it isn't something I use often, and I disconnect it and leave it at home

As mentioned above, I would replace the internal light (which is back ordered as I write this) to a GloTube instead.

I bought the chest strap upgrade that includes a whistle but it is a pretty useless whistle. They should have made something that sounds more like a JetScreem whistle than a quacking duck.

Conclusions

Using this bag for a month convinced me that this is my new every day carry backpack (and not just something I test, review and forget about). 

Every couple of days I slightly optimize my storage strategy and realize that this bag was conceived by incredibly talented designers, with strong knowledge of bag design, and that everything was done with intention. 

Using this bag is like having a conversation with the designers. This is the best way I can describe it. 

As long as the look pleases you, you will be delighted with this bag. Over the coming year, I hope to get my hands on more Tom Bihn products so I can review them for you. 

When I bought my first RedOxx product, I felt like I started a relationship with the company because they had a design philosophy I agreed with and subscribed to. 

Most bags since (even the Minaal, Tortuga, AER, etc. ) didn't have this special feeling. They felt like products. 

Having used the Synapse 25 for over a month now, I feel the same attraction to Tom Bihn as I did (and do) for RedOxx. These are companies with strong design principles that permeate throughout their entire product line. If you agree with those principles (and you really should), the Synapse 25 may be the gateway drug that draws you deep into the Tom Bihn line.

So do I recommend it? Absolutely without any reservation.

You should take the time to read my article about why I am switching from an iPhone to an Android device. A summary of the situation is that I have had every iPhone since the very first one ten years ago and the spark isn't there anymore. I have been dual carrying Android phones for the last 5 years but my main personal daily driver has been an iPhone.

Looking at messages from readers, many of you are in the same boat and I will be reviewing a handful of phones for switchers with the requirements of an iPhone users looking to geek out.

The first phone I am reviewing is the Samsung Note 8 64GB North American edition. I mention this because my readers are global and you can find other derivatives (128/256GB storage, dual SIM, etc).

Last year I thought the Note 7 was the best Android phone I had ever used until it wasn't, because of the exploding battery issue. Until the recall, the Note 7 was in a league all on its own, even compared to the Galaxy S7. This year, not so much. The Gap between the Note 8 and the Galaxy S8 Plus has srunk dramatically. 

The Samsung Galaxy S8 Plus

The closest competitor to the Samsung Note 8 is the Samsung Galaxy S8 Plus. The younger sibling has almost all of the features of its big brother except :

• Note 8 dual cameras
• Note 8 Stylus - SPen
• Note 8 has a 0.1" larger screen
• Note 8 has 2 more GB of RAM

For all of these upgrades, you will have to fork over an extra $124 (USA retail based on the unlocked versions). 

The Samsung Galaxy S8 and Note 8 are both rated IP67 which means they are water and dust resistant (compared to the iPhone and Pixel 2 XL's IP 67).

SPen

Ask any note fan and the first thing they will show you is the Note 8's ability to take notes using the SPen even when the screen is asleep. Then they will open a drawing app and show you how you can use the SPen to draw with pressure sensitive brushes.

Most iPhone users look at this and call this cute and they dismiss the pen as nothing more than a parlour trick. 

The truth is that writing on a device this size with a small pen just isn't comfortable to do for long periods of time. This isn't something you will likely do daily and this won't replace your notebook but...  the SPen is useful for specific in-field tasks.

For my day job, I sign letters (PDF) once in a while and being able to do this without having to print and scan is incredibly valuable. The SPen is also a much more precise mechanism to highlight text (compared to my chunky man-fingers). 

I found myself using the SPen to click on tiny touch-targets on web pages, to annotate screenshots or crop with more accuracy and to resize app windows when using 2 apps simultaneously. 

Regardless of all the negative comments made by SPen haters, the SPen is truly an indispensable feature of the Note 8. It is the defining feature of the Note 8. It is what makes the Note a Note and I now understand why. 

Samsung Note 8 cameras

The Samsung Note 8 (like the iPhone 8 or the iPhone X) has a "standard" camera and a 2x telephoto lens (both 12 MP). The usefulness of the telephoto will depend on what type of pictures you take but most buyers should find this useful.

Yes, the telephoto camera is optically stabilized and the stabilization works well. In my testing, it worked as well as its main competitors. The only phone with better stabilization is the Pixel 2 with its Optical Image Stabilization (OIS) and Electronic Image Stabilization (EIS).

What about portrait mode you ask? It can create a fake depth of field effect that is adjustable post snap (aka you can change how much the background is blurred after the fact). Like the iPhoneX, this feature is driven by software and the performance is hit or miss. To be honest, this works as well as on an iPhone X but not as well as on a Pixel 2. The success of this feature will depend on appropriate lighting, the background and foreground, etc. 

Samsung calls it primary camera a wide angle but it only has a 77-degree field of view which wouldn't really make it a wide angle. For comparison, the LG V30's primary camera has a 71-degree field of view, while it's wide angle has a 120-degree field of view. 

How does the Samsung Note 8 camera compare to the iPhoneX? 

Most iPhone users expect a point and shoot camera that gives "good enough" pictures most of the time in automatic mode. The Samsung Note 8 will meet and exceed your expectations. The Note 8 camera will allow you to take pictures from sunrise to sunset, whether it is sunny or raining (since it is water resistant).  

The camera is good but not as good as the Pixel 2. 

The battery?

Die-hard Note fans love the line-up because the Note always pushed the technology boundaries. It meant Note users always had the best, biggest and flashiest toys to play with. This has always included the battery.

We all remember the issues with the Note 7 battery and looks like Samsung has taken the safe route by using a 3300 mAh battery in the Samsung Note 8. 

I have spoken to a dozen Note fan readers and every single one of them complained that the Note 8 felt like Samsung was "playing it safe" and this isn't why they became Note fans. Remember that the cheaper Samsung Galaxy 8 comes with a 3500mAh battery.

Samsung's official position is that the smaller battery was required because of a lack of space (due to the dual camera system and the SPen slot). 

To help alleviate the pain of a smaller battery, Samsung has efficient hardware and purpose-built software to help conserve power (where possible). In my 2 weeks of testing, the phone got through average days just fine but died when I was travelling (spotty reception and more media consumption). Either the battery should have been slightly bigger or their battery conservation model should have been more aggressive. 

If you need to juice up, you can use the built-in QuickCharge 2 or wireless charging now found in most coffee shops. Again I felt like the fast charging was good but not great. The Huawei Mate 10 Pro, Pixel 2 XL and OnePlus 5 all out-charge the Note 8. Why didn't Samsung go with QuickCharge 3? On a positive note, if you own a USBC PD charger (like the one that comes with the Pixel 2 or the Pixelbook), you will be able to fast charge the Note 8. This was a wonderful surprise.

Samsung does offer fast wireless charging but it costs $125CAD which seems a bit too rich for me, considering you have to buy a couple to make it really work (bedroom, office, kitchen, etc).

What about the fingerprint scanner?

The fingerprint scanner is located in the back next to the camera. This is a horrible location because:

• it is not in a location where my finger naturally goes
• I keep smudging the camera lens when my finger misses the scanner

The alternative is to use the "as secure" Iris scanner. The Iris scanner is wonderful when it works, but frustrating when it doesn't (e.g. outdoors under bright sunlight). 

Nothing more to say here.

The display

The display on the Note 8 is a thing of beauty and easily the best display on any smartphone (iPhoneX included). Its 6.3-inch display is bright, clean, clear and easy on the eyes. The Samsung Infinity Display stretches from one edge of the phone to the other. 

With all the Pixel 2 XL screen issues, it is refreshing to see Samsung release AMOLED screens that are so beautiful. Videos look crisp. Pictures look amazing. Web pages are easy to read.

The screen is everything you expect from the leader in screen manufacturing. The screen is bright, punchy and the size means you are drawn to whatever content you are consuming.

Phone calls

My house is notoriously bad for cell phone reception and compared to other Android devices, the Note performed extremely well. checking cell phone signal strengh, the Note 8 consistently had a stronger signal and calls worked everytime. 

Call sound quality was excellent. The little dinky speaker did the best it could do but I wouldn't use this for multi-person conference calls using it as speakerphone. The phone supports the latest bluetooth 5 wireless technology so you can always pickup a fancy pair of wireless headphones or use wired headphones with its built in 3.5mm headphone jack. But bluetooth 5 isn't turned on yet. We expect this switch to happen with Android 8 (Oreo).

Bixby

I hate Bixby.I hate Bixby. I hate Bixby. I hate Bixby with a passion. I never wanted to use it but did press on the dedicated Bixby button a couple of times by mistake. With the latest updates Samsung will allow you to turn off the button but I would like to remap it for Google Assistant and I can't. 

Conclusion

I went into this review not knowing what to expect. Would this be a suitable replacement for a user switching from an iPhone to Android? Is this device worth the $1,000 price?

The Note 8 doesn't feel like a device built for geeks pushing the technology envelope. It just doesn't. The rowdy teenager has now grown up into a mature adult and more people want to be it's friend now. By becoming more mainstream, the target audience for the Note has grown significantly. In the last 2 weeks, I met grandmothers and other "normal" people that love their Note devices. Normies now love the Note because it is less jarring.

If you don't need the extra 2GB of RAM, the telephoto camera and the pen, the S8 Plus is a fantastic buy. But don't be too quick to dismiss the Note 8. Yes it isn't as special as it once was but it is a wonderful device.

My one major issue is the software. Android 8 (Oreo) has been out for 6+ months now, other smaller Android makers have already released their phone updates to it, but Samsung hasn't given us a release date yet. How can their 2017 flagship phone still not have Oreo? Additionally their custom launcher has dramatically improved but I still want the option to have a "stock" Pixel like launcher (similar to what Motorola does). These two issues may be what makes me switch back to a Google device next time. 

Bell is now offering to unlock all carrier locked devices, even second had devices for users that have never been Bell customers.

Prior to this policy, Bell Mobility only unlocked devices for current and former customers in good standing (you had to be the original buyer of the phone).

Telus and Rogers already have similar policies (unlocking all devices even second hand for non-customers).

There are dozens of sites and services that promise to test your internet speed. The most popular are:

• Ookla Speed Test 
• testmy.net 
• Netflix Fast.com
• Speed of Me

Now you can also add Google to the list.

1 - Go to the Google Search Page (on a PC or Android device)

2 - Enter Speed Test

3 - Choose the Run Speed Test option and ignore the search results

4 - Wait until Google delivers your speed test results

Android Smartphones - This tool also works on Android devices. Just search for Speed Test on the Google search bar on your launcher and it will perform the same test and return results with a similar look & feel.

Some public WIFI hotspots seem to block it while allowing other services to run. Not sure why.

Does it work in other languages?

 I tried the search on the Google Canada French site using both "Speed Test" and "test de vitesse" and I was not given the speed test web applet. Looks like this may be reserved for english language searches only for now.

Conclusion

Nothing special or different here but this could be one more feature in your cap. I do like the fact that Google interprets the results and explains (in plain English) what kind of video streaming performance you should be able to expect from your connection. 

Alphabet Inc., the parent company of Google, has launched a new cybersecurity intelligence company called Chronicle.

The company promises to bring Alphabet's advanced machine learning capabilities and large cloud computing footprint to cyber intelligence. The soft launch was confirmed via a blog post on Medium called "Graduation Day: Introducing Chronicle". A quote from the blog entry says:

Another Medium blog article is entitled "Give Good the Advantage".

Based on all the blog entries, Chronicle Security will be some kind of large, in the cloud, data collection and analytics platform that will leverage machine learning to deliver 10X efficiency improvements to security teams. 

Data collection and correlation tech aren't new in the security theater, we call this type of tech a security information and event management platform. Competitors in this space include LogRythm, Splunk, IBM QRadar, AleinVault, McAfee Enterprise Security Manager, SolarWinds Log & Event Manager and more. 

The company says their main differentiators will be :

• "should be able to help teams search and retrieve useful information and run analysis in minutes, rather than the hours or days it currently takes"
• "Storage — in far greater amounts and for far lower cost than organizations currently can get it — should help them see patterns that emerge from multiple data sources and over years."

Traditional SIEM technologies are very expensive so it looks like Chronicle Security will dramatically bring down the price, making attainable for small to medium size businesses. In addition to the cost, they promise to add machine learning to help find useful information faster and make that information more actionable. This is the piece currently missing in all SIEM products (regardless of what the marketing material says). If Chronicle can deliver Google grade machine learning that helps reduce the burden on security teams and makes the information analysis more automatic, then this could be a big break for security teams around the world.

It is difficult to peg down the exact offering Chronicle will have very little information about the technology or platform is provided. They have promised to keep customer information separate from other Alphabet companies (namely Google) and will have their own privacy policy.

Obviously, Alphabet believes the tech is good enough to turn an idea incubated in their moonshot factory into a real company. Now we wait and see if it is really as good as they are promising. 

We learned that Private Internet Access (PIA) has shut down its Korea exit nodes due to concerns about the privacy of its users. It learned through a "close contact" that South Korea law enforcement intended to clone its local data. 

Private Internet Access (PIA) didn't know why they would take these types of actions against it, but took immediate action as soon as it learned about this possibility. 

Even if the South Korean authorities did clone the data,  Private Internet Access (PIA) does not log any traffic or session data. 

In addition to removing its South Korea exit nodes, it also rotated its certificates as an additional security control. 

This is a great example that proves that Private Internet Access is committed to the privacy of its users. Good going PIA. 
 

Source: Private Internet Access

Let's say you are meeting friends at a large outdoor concert, how do you provide your location? A street address may get them to the entrance gate, then what? What3words has proposed a solution that solves the issue of finding exact locations on a map?

What3words has divided the entire planet into 57 trillion 3mx3m grids and assigned each grid a unique three-word "address".  

If I want to meet friends at the entrance of Union Station in Toronto, I can search for "Union Station" in Google maps, and it will take me to the building but not necessarily the front entrance:

Or I can give my friends the What3Words address for the main entrance 3mx3m square which is: tens.listed.surviving

The What3Words address takes them directly to the entrance where I want to meet them. No ambiguity and no confusion.

In most western countries, we have mailing addresses but these aren't always easy to find. The most accurate mechanism has been latitude and longitude (which would look like this 43°38'43.3"N 79°22'51.9"W). Obviously, the three-word descriptor is easier to communicate and remember than the latitude/longitude. 

The entire world is mapped using about 40,000 words (it is available in multiple languages including French, Spanish, Arabic and more). Obviously, great care has gone into choosing the words to ensure there is nothing offending and no double meanings.  They have assigned more common words to locations in major centers. 

What3Words claims their tech is being used in over 170 countries by dozens of organizations from delivery companies (Aramex) to disaster relief coordination in the Philipines by the Red Cross. 

The entire mapping can be downloaded for use offline and consumes about 10MB of space. They are partnering with companies to build this tech into third-party apps. 

I really think this is a wonderfully unique approach to a problem everyone experiences and I hope more companies start using the What3Words technology. In the meantime, you can download their free Android and IOS app to get started. You can find the What3Words location address or navigate to any What3Words address (using your favorite Nav app installed on your IOS or Android phone (Google Maps, Apple Maps, Waze).

RELATED: OPSEC - Introduction to Malware

RELATED: OPSEC - How to securely delete files

If you are making calls using a cellphone or landline phone then you should assume that your conversation can easily be intercepted by the carrier (providing the service or a government agency that has control over that carrier). Security researchers have even proven that with $1,500 in parts, they can build a cell phone call interception device by pretending they are a cell tower.

What about VOIP?

VOIP stands for Voice Over IP and any app that allows you to make voice calls is typically using VOIP (Whatsapp, Skype, DUO, etc). Many carriers have started offering Voice Over WIFI and Voice Over LTE. VOWIFI and VoLTE have the same security (or insecurity) as making a regular call using your carrier's normal cell network.

Some VOIP software offers decent or good end-to-end encryption. These require both parties to have the same software and typically callout that they use encryption in their literature. But be careful, not all encryption is created equal. Telegram Messenger advertises that it is secure but a deep dive into its model shows it uses "bad" (my opinion) encryption and shouldn't be trusted. 

RELATED: Telegram Messenger isn't as secure as you think

So some VOIP services offer good reliable encryption and others don't. Here are the ones you can rely on.

Signal

I have written about the free open-source Signal messaging app for years. Signal is the defacto reference on how to build solid end-to-end encryption. Their model was so good, they helped Whatsapp when it wanted to improve its security. 

RELATED: Whatsapp to become more secure than Apple Messages

Signal is cross-platform (Windows, Mac, ChromeOS, Chrome Browser). Signal offers a simple encrypted text messaging service and secure encrypted calling service. 

Signal uses your existing number and address book to simplify your authentication and connection with other users. Therefore there is no separate username or password to remember.

I have to highlight the fact that a motivated attacker can still collect metadata from signal calls because the central management servers are still owned by Whisper Systems. Whisper Systems does not have a way to listen in on calls or read messages but they do know who you spoke to, when and for how long. Having said this though, they still offer the most secure and best build encrypted messaging app around, and it is all offered for free.

Jitsi for encrypted video chats

If you want a free open-source tool for encrypted video chats (does audio too) then take a look at Jitsi. It also supports group chats. There is no requirement to sign-up for anything and therefore your personal information isn't sitting on some third-party server, 

You visit the site, enter a meeting name (without spaces and difficult to guess) and share that link with the other participants. It's really all there is to it. Safe, Easy and Secure.

What about Skype or Google Hangouts?

Most VOIP solutions offer transport encryption (which means a third-party like your carrier can't eavesdrop) but the data is managed unencrypted once it reaches the provider's network. In most cases, I discourage the use of these services for situations where security is the utmost priority. One caveat is that Skype has announced that it will work with the Signal team to implement end-to-end encryption (like Whatsapp did) but that is still many months away.  

There are dozens of products that use security to differentiate themselves and most have not been independently reviewed. I recommend you stick to the 2 products mentioned above.

Conclusion

Good security requires some planning but is well worth the effort. Hopefully, this article helps

You should also read my previous article "OPSEC - Introduction to Malware". 

Most computer (or smartphone/tablet) users believe that when you use the delete function in your operating system, you have securely destroyed the file beyond recovery, but that simply isn't the case. In most cases, the entry to the file was removed from the index but unless that disk space is needed by the operating system, the file is most likely still on the disk (just isn't normally accessible anymore).  The only sure way to ensure that the information is permanently deleted is by using a special process or tool that overwrites the drive. 

Let's talk about solid state drives

Note :  Deleting files from flash drives is very hard (Solid State Disks, USB keys, SD Cards, etc) The information in this post applies only to traditional spinning disks (what we call hard drives). 

The best recommendation I can make for these types of media is to use encryption as soon as you unpack the medium. 

What about Windows

The most widely recommended tool to securely delete a file or write over empty space to ensure previously deleted files aren't recoverable is a freeware tool called Eraser. Once installed, you can right-click a file or folder and choose Eraser > Erase from the right-click menu. 

You can also delete all the previously delete data from your computer by overwriting the empty space. 

What about Mac OS?

On MacOS 10.4 running on a computer with a normal hard drive, you can

• open the Trash folder
• Go to Finder > Secure Empty Trash

Unfortunately, in the El Capitan update, Apple removed this option because it could no longer guarantee that the new SSD disks in its devices would overwrite the files. Their comment can be found here and reads:

Apple's mitigating control is that they encrypt the entire disk using FileVault and thus without your password, the data would look like jibberish anyway. 

What do I do before selling my computer?

Regardless if you use a Windows or Mac machine, or if you use a hard disk or more modern SSD, the key is to remove the storage medium from the machine before you sell it. Then physically destroy the disk. In the commercial space, we use specialized disk shedders but you can drill holes in it then bank the daylights out of it with a hammer. Just remember to be safe.

How do I dispose of CD-ROMs or DVDs?

Most office supply stores sell inexpensive paper shedders that also shred (or in most cases physically destroy the storage medium) of CD-ROMs and DVDs. I recommend you invest in one of those or physically break the disk into hundreds of pieces using pliers.

TL;DR: If you are using a Chromebook that is actively supported, you are probably fine.

Specter and Meltdown are two significant chip level vulnerabilities that kicked off the 2018 security scene with a bang. Affection millions of devices from almost every manufacturer, many consumers are panicking about what this means for them. 

Since I love Chromebooks, I wanted to write an article about how these two vulnerabilities affect them. 

This isn't a deep technical review about Meltdown or Specter. There are loads of well-written articles about them. Instead, I will just lightly explain it to the general public.

These 2 are bugs in the design of the processor (aka the brain) of your computing device (made by Intel & AMD). These "bugs" have existed for about 20 years and allow an attacker (capable of running code on your system) to break security controls implemented on systems and in apps to steal information. Specter does affect your smartphone (probably). 

Great detailed information about these can be found here for those who are interested: https://meltdownattack.com/

Google has a support article that clearly outlines its plan to ensure all Chromebooks are eventually patched. 

But how do I check my device?

First, check the version of ChromeOS you are running. Most should be at version 63 already and this partially fixes some of the issues. You can check if your product has an update available here.

The good news is that most mainstream devices are patched including:

• Google Pixelbook 2017
• Samsung Chromebook Pro
• ASUS Chromebook Flip C302

Some even say "patch not required" like:

• Samsung Chromebook Plus
• Acer Chromebase

Systems with kernel 3.18 or 4.4 are already patched. you can also use the chrome://gpu flag and search for operating system to find your kernel level. 

Google's position is that ARM-powered Chromebooks and Chromeboxes are not vulnerable but will be patched anyway with future updates. 

How is Google fixing the issue? With something called Kernel Page Table Isolation (KPTI). Basically, they are separating the kernel memory from that of the user processes. 

The moral of the story? Security is a hard computer science problem but you should sleep much better tonight (compared to Windows or Mac users) knowing that Google is working feverishly to protect you from these types of attacks. Just make sure you are using a supported product and reboot when you see the little upward arrow indicating there is an update (in the lower right hand status bar). 

SecureDrop is an open-source project created by (the late) Aaron Swartz with support from Kevin Poulsen and James Dolan. The entire raison d'être of SecureDrop is to create a safe information exchange mechanism between media organizations and whistleblowers. 

The solution requires two servers:

• a TOR facing server to store messages and files
• a private server that monitors the security of the first server

When a message or files are dropped on the first server, the information is encrypted with GPG for secure storage. 

By using the TOR anonymizing network, whistle-blowers can protect their identities from local threats (schools, companies & governments) and from the media organization receiving the information. 

If TOR is blocked from your origin location, you can use the special GETTOR service I wrote about here. 

The SecureDrop system assigns a codename for every whistle-blower. This codename is a means for the media organization to build a relationship with the whistle-blower while maintaining full anonymity. 

It is obvious why the whistle-blower benefits from the anonymity but so does the media organization. The media organization may be given information it otherwise couldn't obtain. Journalists are also protected because they can't "give up" their sources because they don't know who they are. 

The system doesn't use any third party embedded content, and the only information it logs is the codename and the date/time of the last message sent. Every time a new message is sent, the previous date/time stamp is deleted. 

Who uses SecureDrop?

At last count, there were more than 36 news organizations around the world that use SecureDrop. You can find the list here. Some "normal" web links to media organizations that leverage this tool include:

• [AP] https://www.ap.org/tips/ - 3expgpdnrrzezf7r.onion
• [CBC] https://securedrop.cbc.ca/ - ad2ztmbv5vmbj7ic.onion
• [Globe and Mail] https://sec.theglobeandmail.com/securedrop/ - sml5wmpuq7ifq2mh.onion
• [The Guardian] https://securedrop.theguardian.com/ - 33y6fjyhs3phzfjj.onion
• [The Intercept] https://theintercept.com/source/ - intrcept32ncblef.onion
• [NewYork Times] https://www.nytimes.com/newsgraphics/2016/news-tips/#securedrop - nyttips4bmquxfzw.onion
• [ProPublica] https://www.propublica.org/leak-to-us/ - pubdrop4dw6rk3aq.onion
• [Radio Canada] https://sourceanonyme.radio-canada.ca/ - w5jfqhep2jbypkek.onion

I added the last link (Radio Canada) because they are the French sister site to the CBC and accept French submissions.

The above links are the normal internet web pages that explain (for each site) how they use SecureDrop. Links to the TOR SecureDrop for each can be found in the main directory above or on each of the normal web pages.

Tor is an incredible power privacy enhancing tool that every security-conscious netizen should have in their arsenal. It doesn't replace a VPN service, since TOR isn't optimized for high bandwidth usage (like streaming music/videos) but it definitely has a place in my internet usage portfolio. 

To use TOR, you need access to a small kit of software that includes the TOR router and the TOR browser (a locked down customized version of the Mozilla Firefox browser). 

The Great Firewall of China site test tool confirms that the TOR Project website is blocked.

Luckily I live in Canada where we enjoy incredible internet freedom but what if you don't? What if you need TOR (because you live in a zone where the internet is tightly controlled or monitored) but you can't access the website to download the installer kit? The TOR project has create the GETTOR strategy to help those people gain access to its power network.

You can:

• Send an email to [email protected]
• Send an XMPP message to [email protected]
• Send a Twitter request (via DM) to @Get_tor

The system will then share with you a secret list of links to download the installer from GitHub, Dropbox or Google Drive.

Once you install the TOR package (after checking the validity to ensure it hasn't been tampered with), you can also use a TOR Bridge if your country, school, company or ISP performs deep packet inspection to block TOR. A TOR bridge is a relay to help circumvent censorship. 

You are now ready to enjoy private, anonymous and secure web browsing. Once installed, all future updates to the TOR software will be delivered via the TOR browser itself so you don't have to worry about performing these steps again.

When the average consumer thinks about TOR (which isn't very often), they imagine that it is the ugly, damp & rancid underbelly of the internet. 

Reality is that TOR is a US government-funded project to create anonymity on the internet. It is a platform that allows everyone to have a voice without fear of punishment or even death (think political activists).

No technology is perfect, but TOR is a very powerful tool for human rights activists and other dissidents. 

In a 2015 The Intercept article, Edward Snowden goes as far as saying "I think Tor is the most important privacy-enhancing technology project being used today. " & " What Tor does is it provides a measure of security and allows you to disassociate your physical location."

Proof that TOR isn't just for drugs and counterfeit goods is the fact many reputable organizations have started to create their own TOR presence. 

The New York times launched it's TOR Onion Service website (in late October) as a secure way of making its content available to people around the world that may otherwise not have access to its content (China, Iran, etc.)

When companies moved to the web 15-20 years ago, sites were less reliable as companies tried to figure out how this "web thing" worked. TOR is the same today. Sites Like the New York Times are still trying to figure out how to efficiently use TOR, and therefore you should assume these sites are all in beta status. 

You can access The New York Times TOR ONION Service site here : https://www.nytimes3xbfgragh.onion/ [remember this doesn't work via the "normal web". 

Open a magazine, newspaper, your local nightly news or almost internet blog, and you will be confronted with news about another security breach. Breaches, breaches everywhere. 

Concerned netizens are trying to find ways to protect themselves when online and to protect their privacy. In response, I have written a bunch of articles (such as):

• KeepSolid VPN Unlimited Review
• Review of Private Internet Access (PIA)
• Honest review of the ProtonVPN service
• Honest review of the Tunnelbear VPN service
• VyprVPN Review
• Review of HideMyAss VPN (HMA)

The above reviews were VPN services, but what if you wanted a piece of hardware that was portable and could be used with any WIFI enabled device?

• Invizbox GO Review
• Anonabox Pro Review

A new player in the hardware category is LTE WIFI Hotspot service provider Karma. 
Karma is releasing a new LTE hotspot (for the US market) called Karma Black LTE hotspot. This device costs $149 now (will go up to $249 after the January 15 pre-order closes). In addition to the initial cost, you will have to plunk down $20 a month for its security services. Karma promises to encrypt your internet traffic and to hide other privacy-invading markers like location, browser identifiers, etc. 

It looks like you will be able to use this service with your own WIFI networks (home, office, hotel, etc.) Karma is also promising to add additional features in the future like TOR, network antivirus, ad blocking and parental control. 

In addition to the monthly security service fee, you will have to spend more money if you want to use the device's LTE connectivity feature ($3/month + $10/GB on the "drift" plan). 

Is it worth it?

I have not had a chance to test the device so everything written here is based on the documentation. 
 

I believe the goal is noble but the question is "should you spend $20 a month for this level of security?".

A technical user knows that sites, threat actors, and government intelligence agencies have multiple ways to identify and track users. Even with all of the security measures deployed by Karma in its Karma Black hotspot, there are fairly easy ways to identify and its track users [here is an article that talks about TOR deanonymization].

As an example, a site that uses TLS encryption (aka most sites these days) is able to set up a secure connection between your browser and its site. They can drop a supercookie in your browser then track you as you browse the web. Facebook and Twitter did this.

There is an easy to implement technique called browser fingerprinting that would allow an online actor to create a unique fingerprint for your machine using nothing more than the information your browser willingly hands over to any site that asks. You can test this yourself here. 

Using a secure tunnel (aka a VPN), Karma can mask your internet traffic from your local ISP but they can see where you are going. We know very little about what they log. VPN providers like TunnelBear have clear & easy to understand privacy policies. Tunnelbear has had independent audits to confirm that they are living up to their policies. ProtonVPN has a technology that they call SecureCore to prevent privacy breaches if any of their VPN termination endpoints are compromised. 

Unfortunately, there is insufficient information about how Karma Black is actually (technically) delivering these security services, and therefore I have to take every claim with a grain of salt. You can probably buy similar protection from the Invizbox for $190 (hardware plus 12 months of IP Vanish VPN service). You then use the Chrome browser with the uBlock Origin plug-in and you should have equivalent or better protection. 

Most security professionals will tell you tech is easy and that the biggest security weakness is the user. Users normally don't have good security hygiene and even the best security tools can easily be broken why careless users.

My professional recommendation would be to hold off buying one of these devices until a "real" security professional has a chance to test one in a lab and determine how good the security controls actually are. It is easy to mess it up and unintentionally leak metadata. So caveat emptor.

A little history

Early 2017, a security researcher (Andrew Ayer from SSLMate) discovered that three certificate authorities (Symantec Trust Network, GeoTrust Inc., and Thawte Inc), owned by Symantec, had improperly issued 108 TLS certificates. It is important to understand that these improperly issued certificates would allow a threat actor to spoof or impersonate a website that was using HTTPS.

9 of these certificates were issued without the knowledge of the domain owners. 99 were issued without proper validation of domain ownership. 

This improper issuance of certificates directly contravenes the strict (prescriptive) guidelines of the CA/Browser Forum and raised the ire of internet giants like Google, Mozilla, and Microsoft. 

These guidelines and controls underpin the entire trust model of the encrypted internet.

There is no way to verify if these certificates were ever used in the wild but we also cannot verify that they were not used. 

You can see the list of certificates here. 

Chrome to distrust Symantec TLS Certs

Very quickly after this second incident was made public, the developers of the Chromium project announced their intention to distrust all Symantec issued TLS certificates. Since Chromium powers Google Chrome, the most popular browser in the world, this was a punishment for Symantec's mismanagement. So started the two-year roadmap to achieve this goal. 

You can read the blog article on the Google Security blog entitled "Chrome’s Plan to Distrust Symantec Certificates".

As you can see above, the process is broken down into 3 distinct phases:

1. Certificates issued after December 1, 2017, from Symantec's legacy infrastructure will not be trusted
2. Certificates issued before June 1, 2016, from Symantec's legacy infrastructure will not be trusted
3. All certificates issued from Symantec's legacy infrastructure will not be trusted.

The first phase is rolling out with Chrome beta version 66 on March 15, 2018. Domain admins still using Symantec certs issued before June 1, 2016, are encouraged to replace them ASAP. 

The full roadmap will come to fruition with Google Chrome beta 70 (due October 16, 2018). 

In an October 2017 Symantec security blog entry, we learned that Digicert will takeover certificate updated as of December 1, 2017. 

The Sultan of Search, Google, announced in June that it would introduce ad blocking tech in an upcoming version of the Google Chrome browser (and Chromebook). 

We can now confirm that this feature will make it into our browser on February 15 (2018). Chrome 64 will be delivered on January 23 and Chrome 65 on March 6. Either this feature will be part of Chrome 64 and turned on with a remote trigger, or it will be a server-side function. We will have to wait and see how Google implements this feature. 

Google will deliver this functionality simultaneously to desktop and mobile clients.

Why would an advertising company block ads?

To be clear, the blocked will only prevent ads that don't meet the standards set by the Coalition for Better Ads. 

• What kinds of ads will get blocked? 
• Ads that pop-up when you open a website
• Ads that fill the entire screen
• Ads that automatically play a video
• Ads that trick you into clicking on them by pretending to be a close button
• and many more

A single violation won't move a site into the blocked list. There are thresholds Google will be looking for and a site can come off the "bad" list if it removes the offending ads.

Google probably realized that these ads are forcing users to install aggressive ad blocking add-ons which are having an impact on its revenue. 
 

Link: Google blog post

What is the best outdoor knife?

Those who know me well know that I love the outdoors and I love knives. If I were stranded on an island and could only bring one home comfort, it would be an outdoor knife. Having many outdoor enthusiast readers, I am regularly asked what knife I like best. 

When I first started studying survival skills, I had the misguided belief that the more expensive your equipment, the better it must be. I quickly learned that this wasn't always the case and sometimes even the most basic tool, used correctly, could be a lifesaver. 

Nowhere is this more true than outdoor (camping or survival knives). I say outdoor because my choice for an everyday carry knife is very different. 

Outdoors you say?

I have been camping for 30+ years and have been interested in wilderness survival and native survival skills for the last five years. I have been fortunate enough to have participated in training camps with some of the industries most recognized names in forests hours from the nearest city. 

While camping or during a survival event, a knife could be the difference between life and death. It can help you catch & process food, build shelter, start a fire and much more. In the wild, I can

• make a natural "sleeping bag" with logs and leaves
• make utensils and plates from logs
• use rocks as cookware on a fire

What I can't make in the wild is a knife. Sure you can use a sharp rock, but that won't allow you to batton firewood or perform any of the hundreds of tasks a real sturdy knife can.

Let's be clear, a knife without training won't save your life. But with decent knowledge, a bit of practice and a good knife, you can save your life even in the most treacherous environment. 

What about a multitool?

I carry a Victorinox Swiss Champ with me every day (EDC). I wouldn't leave home without it. I own and carry various dependable leatherman multitools, but in the wild, I want a knife. A multitool just wouldn't be able to take the abuse of real outdoor survival. You try batoning a log with a multitool and see how long it lasts. 

Aren't all survival knives the same?

The answer is No. Just in case you were confused, the answer is no, no and no. Go to any Walmart, and you will find a dozen knives marked as survival knives. Most are garbage, but unless you are an experienced user, you will undoubtedly be overwhelmed with conflicting marketing messages and the sheer number of possible options.

An excellent outdoor knife will:

• Be a multi-use item but not a multi-tool. You will have to stay away from the specialized products (e.g., blades with hooks to help gut a catch, a tanto point to stab, etc.)
• Be durable in the field. You need a tool that is designed to last and won't fail you when you need it most. Remember "that which can fail will fail." This is why I stay away from folding knives when looking for the ideal outdoor knife.
• Be built for survival and hard use. The ideal knife must be full-tang which means the blade's steel runs into the handle. Some knives have a long thick tang in the handle (typically more expensive), while others use a skinnier metal body in the handle (typically less expensive). 
• Be budget friendly. The more expensive your knife, the less likely you are to use and abuse it. The knife must be "expensive enough" to be well designed and crafted using quality materials, yet cheap enough that you will use it in the wild (you can't cry every time you baton logs with it). 

What characteristics should I look for?

Blade: My preference is the Scandinavian grind (SG). The SG is a wide flat bevel (V) that wind to the end of the blade. There is no secondary bevel. This produces a knife with excellent cut control. It is slightly more fragile than over edges and can be strengthened with a slight secondary bevel. This is a blade edge that is easy to maintain in the field with a single sharpening stone and sharpening requires less skill [compared to other edges]. 

Length: Blade length is a very personal decision, but I have found 4-6" to be the sweet spot. Too short and the knife's usefulness is greatly diminished. Too long and the blade will be difficult to control and will be on your way when hanging on your belt.

Price: As mentioned earlier, it has to be expensive enough to be well built from quality materials. It shouldn't be too expensive causing you to avoid using it in the field. 

What is the best outdoor knife?

If I had to pick one knife right now that I would want in a survival situation, it would be the Morakniv Garberg MultiMount. Anyone interested in camping or survival has probably heard of MoraKniv. The poster child for Mora knives (Mora is a region in Sweden) is Cody Lundin from the Aboriginal Living Skills School and TV personality.

The Garberg meets all of my requires. It is durable, versatile, easy to maintain in the field and affordable. I have used the cheaper $20 Mora knives in the early days, and most of them are still in my collection today and are regularly used.

The MoraKniv Garberg has a simple but comfortable plastic handle which means you have better control and won't have hand pain after extended use. 

It is a full-tang knife, which means it can withstand the abuse of batoning. You can easily baton 3.5-4inch pieces of wood with ease.

The Morakiv Garberg uses 14C28N stainless steel which does not rust, hold's an edge relatively well and is easy to sharpen in the wild with a stone. Surprise surprise it has a Scandinavian grind. 

The back end of the blade has a 90-degree spine so you can use it with magnesium or a feral rod to start a fire. 

The Garberg comes with a nice sheath that works well for righties or lefties. Mora also included Velcro straps that allow you to easily hang the knife on a free or a backpack (Molle attachment). The blade is made from rust-resistant stainless steel but Mora still included drainage holes in the sheath (a nice touch). 

To make a good knife deal even better, Morakniv offers a lifetime warranty that covers defects. As long as you have maintained the knife according to their guidelines and haven't abused the product, Morakniv will fix or replace the product if you have any issues (this is their Knife for Life guarantee).

The price

This is not a sponsored post so I won't link to any specific retailer but you should be able to buy a Morakniv Garberg Multi-Mount (make sure you pick up the multi-mount version) for $70-$80 USD (~$125CAD). Online retailers, you can check out include:

• USA: Amazon, KnifeCenter, Cutlery USA, MEC, etc.
• Canada: Adventure Pro Zone, Canadian Outdoor Equipment, Bushcraft Canada, etc
• Europe: Bushgear UK, Knives, and Tools, Amazon, etc. 

Make sure you shop around because prices can be $10-30 different per site for the same item.

You sure?

I have tested over 50 knives in the last 3 years and conducted hours of research before choosing this knife. I take this type of review seriously and put in the hours, so you don't have to. As I write this (December 2017) The Morakniv Garber multi-mount is the best deal on an outdoor knife available. The offers the biggest band for the buck and has the least negative characteristics. 

Link to Morakniv

Note: This is not a sponsored review.