With the extraordinary revelations coming out of England’s regarding ‘The News of the World’, personal privacy had suddenly hit the headlines; at least in the non-Murdock papers.
But of more concern than having one’s telephone tapped, is the risk of having one’s computer tapped. Private papers, photographs and other files as well as your bank accounts and other ecommerce connections are particularly vulnerable to anyone with direct or remote access to our computers and/or personal devices.
How might we prevent a ‘private investigator’, ‘investigative journalist’, ‘hacker’ or other criminal getting access to our files and invading our privacy?
And how secure is the Internet that most of us use everyday?
Internet security
The very existence of Internet Commerce depends on the ability to send and receive secure messages. Without this the World Wide Web would have advanced little further than a means of sending email and as a medium for moving files insecurely; little better than than the old, totally insecure, telephone banking.
The actual messages sent between secure sites are very securely encrypted whenever you see the https:// prefix and your browser informs you that it is secure. This encryption is more than strong enough to avoid its interception by criminals and its decryption in any short timeframe (needing weeks or months on a super-computer), so criminals apply their efforts elsewhere.
Vulnerabilities are at either end; on your device or machine; and recently on the databases employed by large commercial institutions and in the ’cloud’; for example on Sony’s PlayStation servers.
At both ends of the secure channel devices can be ‘hacked’ by determined and knowledgeable programmers or systematically monitored by Trojan viruses.
Trojan viruses are typically consist of self-replicating code, that insert itself into a computer’s software library and monitors activity such as websites visited and keystrokes sent. Thus your very visit to a secure site denotes some kind of commerce and the key strokes are of interest to the Trojan. These data are periodically despatched under cover of normal internet activity to an often moving post-box collection site; from which they can be anonymously collected by the criminals.
Virus protection
Commercial virus filters quickly identify and remove known threats including Trojans. Viruses are typically spread very widely by capturing email addresses on the infected machines and using these to infect the addressees. They get caught in deliberate 'honey pots' and become known by their code structure – their signature.
But individually written code that is placed on specific target machines by a spy can escape detection and can have no known signature. It is, in effect, invisible to any but a skilled programmer or computer administrator.
Such code is typically designed to allow the spy to gain remote access to a machine so that they can scan or upload documents and files at leisure whenever the target machine is connected to the web. Spyware may well incorporate a key logger that records and saves mouse moves and clicks, in addition to keystrokes, sent to websites of interest; as well as email correspondence.
Password security
Perhaps the greatest vulnerability at the consumer end is the poor management and security of passwords.
Today almost every website (including this one) requires some form of registration prior to conducting any meaningful business; and every one of these requests that you supply a password.
It quickly becomes impossible to remember which one applies to which. So many people simply use the same one over and over. This is fine if you really don’t care if someone gets it or reads your email. But it is really serious if you use the same password for online banking, commerce, share trading or gambling.
Many non-commercial sites do not encrypt passwords (this one does). By using the same password repeatedly, you are potentially revealing your usual password to some unknown site administrator. Even on legitimate business sites the administrator may well be a casual employee or contactor who can make some money 'on the side' by selling password lists.
Similarly, saving passwords in an unencrypted file or database on your desktop or device is inviting a remote hacker, a thief or finder, or even a friend or family member with access to you machine, to use your bank account or buy online without your knowledge.
A useful tool
For many years I have used a little encryption tool I originally wrote as an exercise in encryption in the C++ computer language to protect my easily forgotten passwords.
I have since developed the initial concept further to encrypt any file of any kind and to allow viewing of the file without the hassle of decrypting it every time I wanted to see the contents.
I’ve called it OmniCrypt as it encrypts (and decrypts) any file; including pictures and movies; as well as Excel and of course Word and PDF documents.
I can easily decide which files to hide or not on my hard drive. Further I can securely send an encrypted file to someone else. OmniCrypt, zipped-up it is only 46K, and the recipient can download or install it themselves from this website, anywhere in the world.
If you download Omnicrypt here...
You can view these examples (downloads):
Sample passwords file - here...
Sample cartoon - here...
Sample photograph - here...
Sample movie - here...
OmniCrypt in read-only configuration is free to download and distribute but if users would like to encrypt files I’m making a small charge for a 'Token' that unlocks its full potential.
The Token price is nominally $10.00 but during the initial release, until the end of September, this is reduced to $5.00.
Click here for more information; or go to the download page: Click here