Daily Archives: February 10, 2022

News

Why Everyone Needs a VPN

Read Time:3 Minute, 27 Second

You may hear corporate cybersecurity experts hail the benefits of a VPN, or a virtual private network, to keep company information safe from ransomware attacks and cyber criminals seeking to steal valuable business secrets. It’s unlikely that everyday people, such as yourself, will be targeted by a ransomware scheme, so you may be stumped on how a VPN can help someone like you be safer online. Luckily, a VPN is very easy to install and use, so you can experience these three everyday benefits to keep your browsing activities safe from eavesdroppers seeking to profit from your online comings and goings. 

1. Stay Safe on Unsecure Networks

The most widely known benefit of a VPN for daily use is to safeguard your device when it’s connected to a public Wi-Fi network. Coffee shops, libraries, hotels, transportation hubs, and other public places often provide courtesy internet service to visitors. Shifty characters often lurk on unprotected networks to lift personally identifiable information (PII) from people handling sensitive emails, making banking transactions, or shopping online. Public Wi-Fi eavesdroppers can lift credit card numbers, addresses, birthdays, and Social Insurance Numbers. 

When you connect to public Wi-Fi that doesn’t have a lock icon, that’s a sign that you should toggle on your VPN. Also, even if you’re required to enter a password, be wary of any network you share with strangers.  

2. Hide Location Data

A VPN can also hide your location data. How does this help you protect your browsing history? First, when you scramble your location, you’re likely to confuse ad networks trying to send you targeted ads. This will free your social media feeds and search engines from targeted ads that often are so accurate they seem like an invasion of privacy. 

Second, hiding your location can protect you from cybercriminals looking to mine PII. VPNs make it impossible for criminals to discover your IP address. (The internet protocol address is what ties your device to a specific local network.) When they’re visible, criminals can trace IP addresses to reveal home addresses, full names, and phone numbers: all of which are key pieces of PII that, in the wrong hands, can jeopardize your identity. 

Plus, there’s the bonus that hiding your location may allow you to access TV shows and movies on streaming services that aren’t available in your region. Also, you may enjoy savings when online shopping, especially for plane tickets. Airlines can see where in the world you access their site from and may jack up prices according to your location. Consider connecting to a server in a country that is neither your departure nor destination to see discounts. 

3. Restrict Data Snooping by ISPs

While Canada and the European Union don’t allow ISPs (internet service providers) to even collect the browsing data of their customers, keep in mind that in some countries, like the U.S., ISPs can collect, store, and sell customer data. While advertisers are often the buyers of customer data, in the case of a breach, the more places your PII lives, the more likely it may be involved in a security incident. The goal is to limit the extent and number of places where your browsing history is stored. 

VPNs can scramble your online movements to the point where not even ISPs can track it. Plus, when you log out, your device doesn’t keep a record of what you did while connected to the VPN. Incognito mode on your internet browser hides your IP address, but the websites you visit still collect cookies and store data about your online whereabouts, meaning that it’s not truly private browsing. 

Protect Your Privacy With McAfee 

McAfee Safe Connect VPN encrypts your online activity to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once with bank-grade Wi-Fi encryption. Feel more confident whenever you hop on the internet across all your connected devices with just one quick and easy step. 

The post Why Everyone Needs a VPN appeared first on McAfee Blog.

Read More

News

Bunnie Huang’s Plausibly Deniable Database

Read Time:2 Minute, 29 Second

Bunnie Huang has created a Plausibly Deniable Database.

Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. This allows specific and enforceable demands to be made: “Give us the passwords for these three encrypted files with names A, B and C, or else…”. In other words, security often focuses on protecting the confidentiality of data, but lacks deniability.

A scheme with deniability would make even the existence of secret files difficult to prove. This makes it difficult for an attacker to formulate a coherent demand: “There’s no evidence of undisclosed data. Should we even bother to make threats?” A lack of evidence makes it more difficult to make specific and enforceable demands.

[…]

Precursor is a device we designed to keep secrets, such as passwords, wallets, authentication tokens, contacts and text messages. We also want it to offer plausible deniability in the face of an attacker that has unlimited access to a physical device, including its root keys, and a set of “broadly known to exist” passwords, such as the screen unlock password and the update signing password. We further assume that an attacker can take a full, low-level snapshot of the entire contents of the FLASH memory, including memory marked as reserved or erased. Finally, we assume that a device, in the worst case, may be subject to repeated, intrusive inspections of this nature.

We created the PDDB (Plausibly Deniable DataBase) to address this threat scenario. The PDDB aims to offer users a real option to plausibly deny the existence of secret data on a Precursor device. This option is strongest in the case of a single inspection. If a device is expected to withstand repeated inspections by the same attacker, then the user has to make a choice between performance and deniability. A “small” set of secrets (relative to the entire disk size, on Precursor that would be 8MiB out of 100MiB total size) can be deniable without a performance impact, but if larger (e.g. 80MiB out of 100MiB total size) sets of secrets must be kept, then archived data needs to be turned over frequently, to foil ciphertext comparison attacks between disk imaging events.

I have been thinking about this sort of thing for many, many years. (Here’s my analysis of one such system.) I have come to realize that the threat model isn’t as simple as Bunnie describes. The goal is to prevent “rubber-hose cryptanalysis,” simply beating the encryption key out of someone. But while a deniable database or file system allows the person to plausibly say that there are no more keys to beat out of them, the perpetrators can never be sure. The value of a normal, undeniable encryption system is that the perpetrators will know when they can stop beating the person — the person can undeniably say that there are no more keys left to reveal.

Read More