Blog

How to share your data with clients, securely

You have confidential data that you need to share with your clients, you can’t send encrypted documents as the client does not have access to, or can’t install a decryption reader program. You can’t send a self-decrypting files via email as many internet services and company policies block attachments that contain Zip or Exe files. The answer is in the Cloud… Read on.

For this Tutorial you will need access to Kruptos 2 Professional and the use of a a Free Dropbox account. If you already have a Dropbox account and have installed the app on your computer you can skip part 1 of the tutorial.

  • First (if you haven’t already got one), you’ll need to create a FREE Dropbox account from here
  • Download and install the Dropbox Windows app
  • Login to your Kruptos 2 Library
  • Select the files you would like to share
  • Optional If you would like to use a different password to your login password you will need to set your library to use multiple password:
    • Click Options then Password Settings
    • Choose Multiple Passwords and click OK
  • Click the Self extractor button

  • Self-decrypting file
  • Enter a name for the self-extracting file
  • Click the location button and select your Dropbox folder then click Create

  • Self-decrypting file

your self-extracting file will now be created in your Dropbox folder. For further details on self-extracting files see here
  • Log into your Dropbox account
  • Navigate to the shared data file you created in part 1 and click the Share button

  • Dropbox Share
  • Enter the email address of your client(s) and an option message then click Send

  • Dropbox Share

Your client will now receive an email from Dropbox informing them of the shared file (clients do not need a Dropbox account). You client will now need to:

  • Download the shared file
  • Open the file by double clicking
  • Follow the on-screen instructions and enter the shared password

Your sensitive files will now be shared

US and UK 'crack online encryption'

US and UK intelligence have reportedly cracked the encryption codes protecting the emails, banking and medical records of hundreds of millions of people.

Disclosures by leaker Edward Snowden allege the US National Security Agency (NSA) and the UK's GCHQ successfully decoded key online security protocols. They suggest some internet companies provided the agencies backdoor access to their security systems. The NSA is said to spend $250m (£160m) a year on the top-secret operation.

it is codenamed Bullrun, an American civil-war battle, according to the documents published by the Guardian in conjunction with the New York Times and ProPublica. The British counterpart scheme run by GCHQ is called Edgehill, after the first major engagement of the English civil war, say the documents. The reports say the UK and US intelligence agencies are focusing on the encryption used in 4G smartphones, email, online shopping and remote business communication networks.

The encryption techniques are used by internet services such as Google, Facebook and Yahoo. Under Bullrun, it is said that the NSA has built powerful supercomputers to try to crack the technology that scrambles and encrypts personal information when internet users log on to access various services. The NSA also collaborated with unnamed technology companies to build so-called back doors into their software - something that would give the government access to information before it is encrypted and sent over the internet, it is reported. As well as supercomputers, methods used include "technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications", the New York Times reports. Read story here

NSA's access to Microsoft's services detailed

Microsoft helped the NSA get around its encryption systems so the agency could more easily spy on users of its services, reports suggest. Papers given to The Guardian newspaper allege there were close links between the security agency and the tech firm. Microsoft said its collaboration with the NSA only took place because legal obligations required it to do so. The revelations come as some technologists start work on services they say will be impervious to spying.

Read more...

Do I Really Need To Encrypt Every File on My Computer?

It's great that you're thinking about protecting your files, with all kinds of snoops out there (from big government to identity thieves). You're right, though—you don't need to protect every single file you store or send (especially the MP3s). Financial records are the obvious types of information you should protect, but there are many other kinds of files you should encrypt as well. Encrypting these files will make sure that even if someone gets through your firewall or if your laptop is stolen and your password guessed your data will still be protected. Basically there are two kinds of sensitive data you should encrypt: personally identifiable information and confidential business information/intellectual property.

Personally Identifiable Information (PII)


Personally Identifiable Information or PII is any kind of information that can uniquely identify you, such as your social security number, driver's license number, or full name. Because thieves can easily steal your identity if they gain access to your PII, it's really important you protect all of the documents you have that contain this information. According to the National Institute of Standards and Technology (NIST), this information includes:
  • Name, such as full name, maiden name, mother's maiden name, or alias
  • Social security number (SSN), passport number, driver's license number, taxpayer identification number, or financial account or credit card number
  • Address information, such as street address or email address
  • Personal characteristics, including photographic image, especially a face image or other identifying characteristic; fingerprints; handwriting; or other biometric data, such as retina scan, voice signature, and facial geometry
  • Information about an individual that is linked or linkable to one of the above categories, such as date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, and financial information
Expanding on the above, you should add to your encryption container:
  • Bank account statements, credit card statements, tax records
  • Medical records like health insurance benefits and medical payments
  • Work performance reviews
  • Educational records, thesis
That may sound like a lot, but when you think about it all of this data boils down to your vital information (health, education, work, finances)—easily organized into folders that you can encrypt. So in addition to your financial statements and tax folders, also encrypt your folders with basic life information (health, education, work) or however you organize them. It may go without saying, but you should also have any security-related things already encrypted: Passwords and PINs, for example.

Encrypt Confidential Business Information/Intellectual Property

If you keep any files on your computer that are work related, you may need to encrypt those as well—especially any that contain individual customer information. (As a former tech director who worked in the field of consumer marketing, I know that protecting personal customer information is paramount.) If you work in an industry like banking or health care, you'll also be subject to regulatory standards for protecting consumer information. Business information or "secrets"/intellectual property may need to be protected too—financial reports, legal docs, patents, product releases, research and development data, and so on. It's often said that when laptops get stolen it's not the hardware that's most valuable to thieves, it's the information on it.

Two Tests for Whether You Should Encrypt Or Not

Here are two questions you can ask about any file you're considering encrypting:
  • If the file was on paper instead of in digital form, would you shred the paper before throwing it out?
  • If this information was leaked or posted to the interwebs tomorrow, could there be terrible repercussions or could someone do something malicious with it?
Keep in mind, too, that you should safeguard all the media and places where these sensitive or confidential files may be found: Your backup files, for example, email PSTs, a portable drive you use for backup, your smartphone. All of this said, you probably have much more data that's not sensitive and doesn't require cryptography. Protect the ones that do, and you can rest easy. And if you want a faster, easier solution, a full disk encryption is a good idea—especially on laptops that can get easily lost; the full disk encryption will protect all your data and ensure no one can break into your Windows computer or your Mac.


Lost USB stick costs police £120,000 ($188,592.)

Greater Manchester Police has been fined £120,000 ($188,592)for losing a USB stick containing data on more than a thousand people - despite a previous incident leading to an "amnesty" on unencrypted memory sticks. The Information Commissioner's Office fined the police force £150,000 - but offered a £30,000 discount for early payment - after an unencrypted memory stick holding data relating to an investigation was stolen from an officer's home in July 2011. The device held personal data on 1,075 individuals with "links to serious crime investigations". While the ICO admits not all of the data was sensitive, the ICO redacted even the description of the sensitive aspects in its own notification document.

The officer in question - who worked mainly in the drugs squad of the Serious Crime Division - was given an encrypted memory stick by the force in 2003, which he used to back up his files and carry key documents with him when out of the office. However, the officer replaced the USB stick himself for a larger capacity one - but without encryption.

Read more...

Why passwords have never been weaker—and crackers have never been stronger

In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes—until he noticed they included specifics that weren't typical of mass-produced phishing scams. The e-mails said that his login credentials for various Gawker websites had been exposed by hackers who rooted the sites' servers, then bragged about it online; if Brooks used the same e-mail and password for other accounts, they would be compromised too... Read story here



This isn’t really anything new, in 2007 world renowned security expert Bruce Shneier wrote about it and concludes there is really only two basic schemes for choosing secure passwords: the Schneier scheme and the KCD scheme

Create almost impossible to break passwords with our free password tool.

Download Kruptos 2 Random

25 most-used passwords revealed: Is yours one of them?

After it was discovered that more than six million LinkedIn passwords had been leaked as well as many at Last.fm and eHarmony, no one has stopped talking about password and passcode security. That's actually a good thing because it's an incredibly important topic that many computer users don't take seriously. Here are the top 25: 'password', '123456', '12345678', '1234', 'qwerty', '12345', 'dragon', 'pussy', 'baseball', 'football', 'letmein', 'monkey', '696969', 'abc123', 'mustang', 'michael', 'shadow', 'master', 'jennifer', '111111', '2000', 'jordan', 'superman', 'harley', '1234567'. Is yours one of them? If so, it's safe to say you should consider changing it to something stronger immediately.

Kruptos 2 Professional includes a database of the top 500 common passwords in use today and will display a warning if you use one of them.


All credit card PIN numbers in the World leaked

There are 10,000 possible combinations that the digits 0-9 can be arranged to form a 4-digit pin code. Out of these ten thousand codes, which is the least commonly used? Which of these pin codes is the least predictable? Which of these pin codes is the most predictable? If you were given the task of trying to crack a random credit card by repeatedly trying PIN codes, what order should you try guessing to maximize your chances of selecting the correct number in the shortest time? If you had to make predication about what the least commonly used 4-digit PIN is, what would be your guess?

Read more...

Short passwords 'hopelessly inadequate

The availability of password-cracking tools based on increasingly powerful graphics processors means that even carefully chosen short passwords are liable to crack under a brute-force attack. A password of less than seven characters will soon be "hopelessly inadequate" even if it contains symbols as well as alphanumerical characters, according to computer scientists at the Georgia Tech Research Institute. The security researchers recommend passwords at least 12 characters long.

Read more...