After the Year of Datasec Fail, in the wake of breach after leak after hack, it’s time to cop to the fact that private data security is Serious Business.
Private sector titans like Google, Facebook and Yahoo, not to mention the actual flippin’ US government, have demonstrated that, if there’s anything in your life you’d rather Vladimir Putin and/or the entire Internet not know about, you’d better spit on your hands, boot up your robot of choice, and take responsibility for your own infosec.
Sounds awful, doesn’t it?
The mere notion of handling your own information security (“infosec” to professional nerds like your narrator) conjures images of command lines, spaghetti code and whatever else it is tech types actually, yknow, do. If only there was an easy fix! A simple, widely applicable one-shot that would make your precious 1s and 0s safe forever.
There pretty much is. It’s Linux.
Superficially, using the famous open-source operating system might seem like the opposite of security. After all, the point of open-source is that anybody can look at and futz with the code. How is that compatible with “make everything hidden?”
But that’s the not-so-secret shame of tech
As we’ve ceded more and more of our lives to internet-enabled services, nothing is hidden. Cloud-based services like Google Docs and online-only offerings like Facebook and whatever Yahoo’s doing these days are accessible to everyone, everywhere. That’s the point. That’s their offer. “Accessible to everyone” is incompatible with “accessible only to nice people.”
The Linux fix is twofold.
First, old-school hackers (cue pounding 90s electronica soundtrack) still trading on invading your personal system generally don’t bother with Linux exploits. Windows and the traditionally safer Apple are bigger, more valuable targets. Second, 5 popular distros – that’s “particular flavors of Linux some noble white-hat nerds put together for you” – incorporate fixes for increasingly common Internet breaches of the kind that felled Facebook and Google.
Tails is a live OS, which means you can put it on a USB stick or disc, run it on any computer, and when you pop it out again the computer goes back to the way it was. Local hacks work by reading your logs, huge quantities of nested information your operating system hangs onto for complicated reasons. Windows does it. Apple does it. Some Linux distros do it. Tails doesn’t. It also roots your internet traffic through the legendary Tor, benchmark of Internet anonymity. Tails’s commitment to zero-footprint computing also has the smaller but just as welcome convenience that, if you do prefer to use it sparingly and stick with your old, less-secure OS, it leaves no souvenirs on your system; your old setup will boot like nothing happened.
If this were a 19th century novel, this entry would be called “IprediaOS. Or, the Trouble with Tor.” Tor prioritizes security above all else and limits Internet access accordingly. There’s a lot of stuff it won’t go near, because it’s just not secure enough. That limits the mainstream usability of Tor, not to mention services like Tails that rely on it. IprediaOS uses a similar but less strict service, I2P, that affords access to the everyday Web with minimal loss of security. IprediaOS also comes with anonymous chat, email and BitTorrent clients.
Whonix is a unique beast. It’s a virtual machine, which is (incredible oversimplification incoming!) a program that thinks it’s a computer and convinces others to treat it likewise. Its big offer is that it can be run as a program on the Windows and Mac OSes, making it a perfect match for anybody who only has a job or three that demand anonymity – cloud-based business records, say, or anonymous blogging – and is otherwise good to go with a by-the-book setup. It’s also a great way to learn the basics of home infosec, since, being based on the venerable Debian distro of Linux, it plays well with Microsoft, Apple and other Linux systems.
Not a typo! This cleverly named beastie discreetly keeps your secrets by building a discrete structure, unconnected to anything else, for you to whisper them in. It’s limited in function compared to the other services listed, functioning primarily as data storage and anti-malware/spyware/Trojan solution, but it is very good at those things. It’s in beta at present, and as is a beta’s wont there’s a bug or two to shake out, but it has real promise as a data security tool.
Qubes is the Whonix solution raised to the level of an operating system. It compartmentalizes your work as separate virtual machines, limiting any compromise in security to one set of services, with no chance of spreading to more vulnerable areas. Qubes even color-codes your machines for you, with colored frames indicating the potential security vulnerability of a given VM. So, if you set up one machine as straight data storage with no access to the outside world, that’s about as secure as data gets and Qubes will tell you so. The machine you do your web browsing in will be coded otherwise. Better still, Qubes provides a secure data-transfer solution that lets you move information safely between machines. Last September Edward Snowden, a man understandably interested in information safety, tweeted “If you’re serious about security, @QubesOS is the best OS available today. It’s what I use, and free. Nobody does VM isolation better.” Can’t say fairer than that.
Don’t be intimidated
Obviously, as is made clear by the monolith of text above, infosec is an enormous topic.
That said, don’t let it scare you.
Get educated on the subject and in a week of digital futzing you’ll be warm in the knowledge that you do security better than the smartest, richest, most powerful people in the world. Happy (white hat) hacking!
Time is money and Clockify helps you make the most
(TECH NEWS) Tracking your time worked as a freelancer can easily be lost in the shuffle. A new tool has been designed to make this important aspect easier.
After years of searching for a method that works for me in terms of organization and productivity, the answer seemed to be simple: a calendar I can write on and Post-It notes. This method is a little old school, but seems to get the job done for my organizational needs.
However, there are some things that slip through the cracks with this method, but it’s more user error than it is the actual practice. One thing I struggle with is keeping track of my freelance hours this way.
I have a tendency to guesstimate how much time I worked throughout the day and know that I wind up underdocumenting my hours. I would hate to know how much money I’ve missed out on keeping (sometimes inaccurate) handwritten notes.
But, like many other small scale issues, there is a simple solution. And that is found in the form of time trackers.
One of the newest members to join the online time tracker team is Clockify, who operates under the idea of “your time, your rules.” It is a free time tracking tool designed for agencies and freelancers.
Clockify allows users to manage as many team members, projects, and workspaces that you need in an effort to help your business run smoothly. This allows for a complete overview of team productivity.
The tool offers a way to enter time manually as well as clock time automatically. This way you can keep tabs on what you’re working on and assign and label time logs to the appropriate clients.
With this time tracking, you are able to generate weekly, monthly, and annual reports at any given time. These reports can be saved, exported, and shared with clients to give them more information about your work process.
The real-time tracking helps to improve business efficiency and gives more insight into what each team member is spending their time on. Having this information available can give visual representation of how to improve in the future.
Clockify currently exists in desktop format with iOS and Android apps coming soon.
Russia vetoed cryptocurrency and came back with CryptoRuble
(TECH NEWS) Russia put a hard pass on other cryptocurrencies in their country so that they could hop in the crypto-game with their own CryptoRuble.
Just days after The American Genius reported that the Russian Central Bank would attempt to block access to cryptocurrency trading cites, the Coin Telegraph has reported that the Russian government will issue its very own cryptocurrency, the CryptoRuble.
The report cited local Russian papers, who quoted the minister of communications, Nikolay Nikiforov.
Earlier this week, head of the Central Bank, Sergei Shvetsov, said that he would work with the Prosecutor General’s Office to ban Russian citizens from accessing cryptocurrencies like Bitcoin, calling such currencies a “negative phenomena for our markets” and a “pyramid scheme.”
Now it appears that the Kremlin will create its own cryptocurrency – one it can keep an eye on — which, some might argue, defeats the entire purpose of cryptocurrency.
However, like other cryptocurrencies the CryptoRuble will be based on blockchain and will presumably help prevent online fraud.
CryptoRubles will be exchangeable with regular Rubles, although the systems of exchange have not yet been set up. Experts think that Russia is hoping to stimulate e-commerce without the need for foreign money markets, which will allow them to have more independence from the United States.
According to Nikiforov, the Russian government is setting up its own cryptocurrency under the assumption that if they don’t, other European governments will.
Said NIkiforov, “I confidently declare that we run CryptoRuble for one simple reason: if we do not, then after two months our neighbors in the EurAsEC will.”
Traders using CryptoRubles will be asked to provide documentation of retail transactions and services rendered – or pay a 13 percent tax for undocumented transactions, leaving a wide loophole for money laundering.
Critics say that Russia is trying to facilitate, while also profiting from money laundering; that the Kremlin is stealing the market from other cryptocurrencies; and that the CryptoRuble fundamentally defies the spirit of decentralization that inspired other cryptocurrencies.
Microsoft’s overseas email storage piqued the Supreme Court’s interest
(TECH NEWS) Microsoft has been in a pretty large dispute about storing user emails abroad and the Supreme Court has taken an interest in it.
The U.S. Supreme Court announced Monday that it will hear a case that will decide whether or not U.S. law enforcement officials can force tech companies to turn over emails and data stored in overseas servers.
The case will review a lower court decision made in 2013 after federal officials attempted to obtain emails from Microsoft that would provide evidence for drug trafficking cases.
At that time, Microsoft refused to comply with the government, even though they had a warrant, instead taking the case to court, claiming that the U.S. government did not have the right to access data stored in servers in Ireland.
The court of appeals ruled in favor of Microsoft, citing a 1986 digital privacy law that allows law enforcement to obtain warrants for electronic communications, but not if the data is stored outside of the United States.
Judge Susan Carney said of the law, “Neither explicitly nor implicitly does the statue envision the application of its warrant provisions overseas.”
The Trump Administration and the Justice Department say that this ruling has majorly blocked efforts to prosecute criminals.
“Under this opinion, hundreds if not thousands of investigations of crimes — ranging from terrorism, to child pornography, to fraud — are being or will be hampered by the government’s inability to obtain electronic evidence,” said Deputy Solicitor General Jeffrey Wall.
Because Microsoft stores data and communications closest to the user’s location, Wall said that the lower court’s decision made it all too easy for terrorists and other criminals to hide their communications by claiming to live in a foreign country when signing up for an account.
Microsoft argues that, instead of handing this decision over to the Supreme Court, legislators should update the 1986 law.
“The current laws were written for the era of the floppy disk, not the world of the cloud.” wrote Microsoft President and Chief Legal Officer Brad Smith in a blog.
“We believe that rather than arguing over an old law in court, it is time for Congress to act by passing new legislation.”
In Congress, Senators Mike Lee (R-Utah) and Patrick Leahy (D-Vermont) are pushing for just such an update with a piece of legislation called the Stored Communications Act.
Microsoft further argued that allowing U.S. law enforcement to obtain data from other countries was an “incursion” on those nations’ sovereignty, which would make U.S. citizens more vulnerable to foreign governments.
“If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what’s to stop the government of another country from getting your emails even though they are located in the United States?” said Smith.
The Justice Department says that, along with Microsoft, Google, Verizon, and Yahoo have all stopped complying with search warrants since the lower court’s decision.
The Supreme Court will hear the case early in 2018 and hope to have a decision by June.
9 ways to be more LGBTQIA+ inclusive at work
A real life robot battle: America vs Japan
“Starting a business is easy,” said only one guy ever
Time is money and Clockify helps you make the most
Cowrkr gives you accountability while you work solo
A few smarties are trying to create space cryptocurrency via Bitcoin
Microsoft’s Autism Hiring program really is driving innovation
LL Bean just stole the show with their invisible ink ad in the NYT
iPhone 8 Plus devices allegedly split open while charging #splitgate
Does creativity die as we age? Science says sorta
Amy’s Ice Cream founder on Austin’s business risks and rewards #WhyAustin
Turns out a lot of people are in between introverted and extroverted
P. Terry’s founder on the booming economy in Austin #WhyAustin
Ladies and gentlemen, the U.S. National Anthem
Indeed President, Chris Hyams tells us #WhyAustin [video]
News neatly in your inbox
Join thousands of AG fans and SUBSCRIBE to get business and tech news updates, breaking stories, and MORE!
Thank you for subscribing.
Oh boy... Something went wrong.
Business Entrepreneur5 days ago
The top 10 startup cities in America
Tech News6 days ago
Who’s kissing who? Self driving cars edition
Business News6 days ago
Zuckerberg used VR to highlight hurricane Maria destruction
Tech News1 day ago
Russia vetoed cryptocurrency and came back with CryptoRuble
Business News2 days ago
Ending a dismal year, Samsung says goodbye to CEO
Business News5 days ago
Identity-protecting roller stamps are a must for any office
Business News1 day ago
These stores refuse to start Black Friday early
Tech News6 days ago
Be My Eyes app offers eyes to those that need ’em