Tag Archives: Internet Security

Panda Security

Cyber safety: one of the major companies concerns

shaking hands

I’m sure you have read about Sony’s latest leaks, the cyberattacks to Medias like The New York Times and the chaos created when cybercriminals paralyzed some banks payment networks. Nevertheless there are many other silent virtual crimes: both big corporations and small and medium businesses can suffer breaches in their data without anyone noticing anything, not even the workers.

Nowadays most banking transactions are conducted online, and almost every company has a web platform where they manage their documents and emails. That makes me wonder why computer security remains an outstanding issue in many organizations. Are they aware of the risks they are taking? Or, is it just that the new types of malware surpass their security measures?

This is not a trivial issue as we saw in the World Economic Forum (WEF), which took place last January in Davos (Switzerland). Many analysts, politicians and CEOs showed their concern and warned the public about this issue.

world economic forum

John Chambers, Cisco’s CEO, could not have said it better: “There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.” Putting into words the issue’s significance at the WEF.

Moreover the situation is echoed by the 2015 Global Risks Report, elaborated by the WEF, and includes the cyberattacks as the futures more pressing dangers. “Innovation is critical to global prosperity, but also creates new risks. We must anticipate the issues that will arise from emerging technologies, and develop the safeguards and governance to prevent avoidable disasters.” said the President of Global Risk and Specialties at Marsh.

Technological Risks according to the Global Risks Report 2015 at the World Economic Forum

Cyber safety is now one of the major companies concerns. The forum had already published another analysis dedicated solely to this issue: “Risk and Responsibility in a Hyperconnected World” in collaboration with McKinsey & Company.

According to the experts, the technology sector, which includes big data analysis and cloud storage, could produce between 9.6 and 21.6 billion dollars of global profits.

Cybersecurity is precisely one of the barriers that ensure the favorable indicators. But if the sophistication of the attacks surprises the defensive capabilities of the equipment, the altercation would cause serious damages. In addition, the implementation of new regulations and limits for the corporations would slow down the economic and technological innovation and progress.

binary code

The report states that in order to protect companies and society in general from the negative effects a collaboration framework between public and private sectors should be stablished. Global cooperation from the authorities in order to develop new strategies that replace the traditional obsolete ones is needed.

The cost of the attacks can conceal the possible profits. Stephen Catlin, president of Lloyd (insurance market) recently claimed that the losses caused by cybercriminals can reach so important sums of money that the governments should take responsibility.

Also, companies need funds in order to research new types of malware and develop new methods that prevent cybercrimes. Chambers ended his speech at the forum expressing his fear of what is about to happen: “In 2014 the issues related to cybersecurity have deteriorated, and 2015 would be much worse.”

So, try our corporate antivirus for best corporate endpoint protection!

The post Cyber safety: one of the major companies concerns appeared first on MediaCenter Panda Security.

Panda Security

Car to car: Internet-connected cars. Will they be the main cause of accidents in the future?

car to car

Smartphones, watches and a thousand home appliances. More day-to-day objects are connected every day. But the Internet of Things also runs on four wheels. Tomorrow’s cars will not be flying cars, as science fiction movies have told us, but their future lies in the Internet.

Cars will connect to one another to share information and they will also be connected to infrastructures to obtain data of interest in real time.

If the next revolution in automobiles will come from Car-to-Car (C2C) and Car-to-Infrastructure (C2I) connections, automakers will need an army of cyber-security experts to safeguard the cars of the future. If they can connect to one another, they will also be vulnerable to cyber-attacks.

car to car map

So far, cyber-security does not seem to be a strong point of the intelligent cars currently on the market. For example, a 14-year-old boy managed to gain wireless access to the brain of one of these cars using a $15 (just over €13) circuit board.

He achieved this feat at a hackathon organized a few weeks ago by Delphi, a US company that makes electronic systems for vehicles.

During this hackathon, the participants —the majority of them students— demonstrated that intelligent vehicles are not immune to IT attacks. They also showed that some of these vehicles can be opened (or even started) even though they are locked.

Internet-connected cars

The cars of the future will be a clear target for cyber-criminals, as not only will they be able to cause a large number of accidents by hacking the brain of these vehicles or steal them without needing to break the windows and hotwire them; the vulnerability of these cars will allow them to steal large amounts of data and wreak havoc in cities.

car to car accident

C2C and C2I systems will allow vehicles to constantly share information. Sharp breaking, breakdowns, traffic jams or the duration of traffic lights will be some of the data that could circulate through short-range wireless networks or simply through the car’s Internet connection.

A cyber-attack could turn one of these intelligent cars into the gateway to any information network connected to the vehicles, from the power grid to the system used by the police or the traffic light network in a city.

The solution lies in manufacturers of intelligent cars considering security and developing systems that detect which cars have been hacked in order to isolate them from the rest of the network.

There are many suggestions, such as installing security chips like those used on credits cards, or creating new software or hardware that establishes secure connections.

The post Car to car: Internet-connected cars. Will they be the main cause of accidents in the future? appeared first on MediaCenter Panda Security.

Panda Security

Cyber-criminals set their sights on drones

dron flying

More and more cameras are watching us from the sky. And no, they don’t belong to the police or some intelligence agency, but to your neighbors. Unmanned aerial vehicles are becoming a more common sight, and there is no shortage of people wanting to fly their small camera-equipped drones to get the perfect shot.

Despite the many good uses of these flying machines (crop inspection, rescue missions, crime fighting, etc.), drones can also pose a security threat as they are difficult to detect and neutralize.

A few days ago, the U.S. Secret Service opened an investigation after finding a small recreational quad copter in the grounds of the White House. Despite the machine was operated by a government employee and not a criminal, the incident raised a lot of concerns as it came just four months after another incident in which an intruder managed to jump over the perimeter fence of the presidential mansion.

U.S. authorities (who have been using unmanned aircrafts in military operations for years now) are increasingly worried about the fact that drones could be used by criminals or terrorists to launch attacks with explosives or chemical weapons.

dron

At the beginning, drones were restricted from flying near other aircrafts, airports or populated areas (in Spain, for example, drones must stay at least 8 kilometers (5 miles) away from an airport). However, the proliferation of domestic drone use is raising new concerns for privacy and security. Can small drones be used for small-scale espionage?

DJI Technology Co., the Chinese maker of the device that crashed on the lawn of the White House, and one of the leading makers of consumer drones in the world, has announced it has plans to change software on its drones to prevent them from flying over Washington. Additionally, the company also plans to disable its drones from crossing national borders after police discovered a DJI drone that apparently crashed while attempting to carry drugs into the U.S.

But, are drone manufactures taking enough measures to prevent cyber-criminals from manipulating their software? According to ‘The Wall Street Journal’, cyber-security experts have warned that drone no-fly zones are relatively simple for computer programmers to deactivate. “There’s more stuff that the industry can be doing as a whole to improve the overall security,” DJI spokesman Michael Perry said.

There are actually reasons to be concerned, as shown by the appearance of the first ever backdoor malware for drones: Maldrone. Security expert Rahul Sasi has discovered and exploited a ‘backdoor’ in Parrot AR, one of the most popular drone models. A backdoor malware can infiltrate target computers, appearing to be harmless, and take control of a drone by interacting with its sensors and serial ports. Rahul Sasi has even published a video proof-of-concept to demonstrate its efficiency.

“After the connection is established, we can interact with the software as well as the drivers/sensors of the drone directly. There is an existing AR drone piloting program. Our backdoors kill the autopilot and take control,” explained Sasi.

This security expert is not the only one concerned about the existence of security holes in drones. Hackron, a cyber-security congress recently held in Santa Cruz de Tenerife (Spain), challenged participants to hack into a drone, with a 200-euro prize for the winner.

What would happen if cyber-criminals set their sights on drones? Are drone manufacturers taking precautions? Although we’ll still have to wait before we can answer these questions, it seems clear that cyber-security risks are no longer just limited to computers and smartphones. In the case of cyber-criminals, the sky is not the limit…

The post Cyber-criminals set their sights on drones appeared first on MediaCenter Panda Security.

Panda Security

How to secure the files your company stores in the cloud

cloud

Goodbye CD, DVD and pen drive. When you need to share a document with a work colleague or you have to take work home, you no longer need to use physical storage devices: the cloud has everything you need.

Services like Dropbox, Mega or Box have become more popular recently, gradually sending physical storage drives into oblivion.

More specifically, and according to Eurostat, 21 percent of European Union citizens used the cloud as storage space in 2014. In fact, this figure is only the average for EU countries and in some countries, like Denmark and the United Kingdom, the percentage of citizens who use the cloud to store files greatly exceeds 30 percent.

countries in the cloud

There is no doubt that the business world is largely responsible for the growing use of the cloud for storing and sharing files. More convenient than using physical devices and more economical than installing internal servers, the cloud seems to have gotten into our offices too.

The advantages of services like Dropbox are obvious. However, when using virtual storage spaces to store and share your company’s information their security measures could leave much to be desired.

A few months ago, a vulnerability was discovered in Dropbox that disclosed personal files, and at the end of 2014, 7 million passwords for this service were leaked. If the fact that confidential corporate information is one of the main targets of cyber-criminals is added to these serious security flaws, the conclusion is obvious: your company’s files are not completely secure in the cloud.

However, your company does not need to steer clear of these services from fear that a cyber-criminal will steal its document, but you will have to take certain precautions before using them. The key is in passwords, file encryption, two-step verification and the best enterprise antivirus solution.

In this case, Panda Cloud Fusion can protect, manage and provide remote support for all the devices in your company’s network anytime and anywhere.

dropbox

Firstly, it is essential to follow the tips on how to create strong passwords, like any other service. You know: letters, numbers, uppercase, lowercase, a symbol or two and if possible, never use the same password as the one you use for your email, Facebook and other services.

As regards file encryption, some virtual storage services store our documents encrypted. Although Dropbox does not, Mega, the cloud platform of the controversial Kim Dotcom, does encrypt your files. However, nothing is perfect. Mega stores on its servers a copy of the key for decrypting your files, so it is not 100% secure either. One of the best options is for you to encrypt your files before uploading them to the cloud using one of the services that allows you to do this.

Finally, some of these services (like Dropbox or Google Drive) allow you to enable two-step verification of your account. This system combines the password that you choose with a password that the service sends to one of your devices (almost always to your phone in a text message or an app). This adds a second layer of security that makes it difficult for someone to access your account.

The cloud is convenient, yes, but you have to pay attention to security.

The post How to secure the files your company stores in the cloud appeared first on MediaCenter Panda Security.

Panda Security

The vulnerable Internet of Things: Security when everything is connected

secure mobile

The Internet of Things is here to stay. Soon, all of our home appliances will be virtually linked. Televisions, clocks, alarms, cars and even fridges will be connected to the Internet and will know almost everything about you to make life easier. Cisco believes that in 2020 there will be more than 50 billion connected devices and a report by the Pew Research Center says that by 2025 we will be used to them knowing our habits.

Despite the advantages that they will offer users, manufacturers and even carriers, there is another group that could benefit from the information we transmit: cyber-criminals. If the Internet is no longer restricted to your computer or phone, and even your fridge knows what you have to buy or your pacemaker informs your hospital of how your heart is beating, a new world of possibilities opens up to cyber-criminals.

The US Federal Trade Commission (FTC) has also raised concerns over the privacy problems related to all devices being connected, and has asked manufacturers to make a special effort not to forget the importance of security. “[The Internet of Things] has the potential to provide enormous benefits for consumers, but it also has significant privacy and security implications,” warned FTC Chairwoman Edith Ramírez during the Consumer Electronics Show.

Ramírez advised connected device manufacturers to adopt three measures to make devices less vulnerable:

  1. Implement security from the design of the device using privacy testing and secure encryption.
  2. Design the device to store only the information it requires.
  3. Be completely transparent to consumers so that they know exactly what data is going to be used and transmitted.

smartphones and computers table

These attacks could have various targets: firstly, to steal specific user data and secondly to cause harm to device manufacturers. Similarly, an intelligence agency could be interested in spying on certain information.  According to experts there are various attacks that could become common:

  • Denial of Service. Paralyzing a service is more serious if all devices are connected.
  • Malware-based attacks. Malicious code can be used to infect hundreds of computers to control a network of smart devices or to put their software in danger.
  • Data breaches. Spying on communications and gathering data on these devices (which could also store data in the cloud) will become another more common attack, compromising our privacy. Both intelligence agencies and private companies with commercial purposes could be interested in gathering information on a specific user.
  • Inadvertent breaches. Our confidential data might not only suffer targeted attacks but could also be lost or accidentally disclosed if the devices do not adequately protect privacy.
  • Security attacks on our homes. The majority of manufacturers of these devices have not considered security necessary and many do not have the mechanisms to correctly protect the data. For example, an attacker could spy on the data of our smart meter.

security on the cloud

To improve security, authentication methods must be adequate, adopting stronger passwords so that both the credentials and the data are correctly encrypted. In addition, security problems could arise in the network. Many devices, such as televisions, connect via Wi-Fi and so manufacturers should adopt strong encryption algorithms. Secondly, special care should be taken with the software and firmware on these devices; they should be able to update and each update must incorporate security mechanisms.

The Internet of Things has many benefits, now it just needs to be completely secure for users.

 

The post The vulnerable Internet of Things: Security when everything is connected appeared first on MediaCenter Panda Security.

Panda Security

When cyber-attacks cause physical damage

industry

We are used to hearing about cyber-attacks and the massive damage they cause to those affected. You do not need to go too far back to find some examples, such as the leaking of the photographs of celebrities in a compromising situation last summer or more recently, the mass attack on Sony that leaked several unreleased movies.

The attacks against the integrity and reputation of the production company and celebrities are serious, but we do not often see that the consequences of these crimes result in tangible material damage. Although various cases have been recorded, they have not gone beyond the borders of their countries because they do not have the same public nature as Sony and the Hollywood stars.

While we carefully followed the latest events in the Sony case this Christmas, another event took place in Germany. Just before the holidays, the German government published a report that detailed how a group of cyber-criminals had attacked a steel mill in the country.

The cyber-criminals manipulated the facility’s control systems. When one of the blast furnaces exploded, the detection and extinguishing equipment failed, resulting in massive damage (which is not specified in the document).

The case of Germany is not the first case of a computer attack that resulted in physical damage. Another earlier example is that of Stuxnet, a spy malware that reconfigures industrial systems. It was used by the United States and Israel against Iran at the end of 2007 and the beginning of 2008. They used it to sabotage the centrifuges at a uranium-enrichment plant.

The malware was not discovered until a couple of years later, in 2010. Since then, experts have been warning that something similar could happen again, and perhaps with worse consequences.

Major vulnerabilities have been detected in the equipment and systems that manage not only corporate and industrial facilities but also those that control the power supply of a town,  water treatment plants and even hospitals and government offices.

However, there is some doubt about the veracity of the attack on the German steel mill. The report that attests it, compiled by Germany’s Federal Office for Security Information, says that the cyber-criminals accessed the steel mill’s network and from there, they took control of production and the equipment.

factory

According to the report, the event could have been triggered in two ways: either through an email message carrying hidden malware or a downloaded file that allowed the malware to install itself on a computer. Once it had reached one computer, it was able to spread across the company’s network.

The German office’s report does not refer to the name of the company, when the first attack took place, how long it took for the explosion to occur or if the fire was actually part of the cyber-criminals’ plan. Although the last question shows that, intentionally or not, cyber-criminals can cause significant physical damage.

The experts who reported the findings say that the probability of this type of cyber-attack happening again is increasing and, therefore, measures should be taken to prevent them.

One of them is to separate management and administration networks from those that control production and machinery. In this way, cyber-criminals will not be able to reach the latter via the Internet.

They also warn that a system is only isolated when it is not connected to a computer with an Internet connection. Many companies believe that it is enough to use a firewall as a barrier between the two areas, but it could be incorrectly configured or have security flaws that make it vulnerable.

Everything suggests that more effort should be made not to leave any weak spots. Not only is valuable corporate information at risk of being disclosed, but a cyber-attack could have physical consequences as serious as they are unpredictable.

The post When cyber-attacks cause physical damage appeared first on MediaCenter Panda Security.

Panda Security

This is how a browser saves your password (and it is not secure)

navegadores

It is much more convenient, of course. You are at work, in front of your computer, and the browser offers to memorize the passwords for the services that you use. Out of laziness, you give it the OK. Now you will not have to enter the passwords for your email, social network or favourite online store every day.

It is not only convenient for you, but in principle it is much more secure. If malware capable of capturing keystrokes (a keylogger) ever lands in your computer, it will not be able to disclose your passwords.

However, asking the browser you use at work to save your passwords could be a disastrous idea.

chrome

One of the weak points of storing passwords in your browser is that, obviously, it saves them somewhere. In addition, remember that you are at work and surrounded by colleagues. One of them could be waiting for you to get up from your workstation without locking your computer in order to carry out the famous David Hasselhoff attack on you (taking advantage that you are not there, someone changes your desktop wallpaper to the ‘Knight Rider’ star with very little on). If they can do this, bear in mind that they could do worse things.

Without going any further, anyone could take advantage of your computer being unlocked to access the password file saved by your browser. It is not difficult, in Chrome you just need to go to chrome://settings/passwords to see the passwords that the browser has saved. A couple of clicks and anyone can find out how to access your mail, social networks, and every site for which you have decided to save the password through the browser.

chrome

However, leaving your computer locked does not guarantee that your passwords cannot be stolen. There are other methods.

There is probably a computer engineer working at your company. Do you get on well with him? If you had to think about the answer and you usually save your passwords in the browser, think twice about it. It is not that he is going to search you, but if he wants to give you a fright, he can.

Passwords stored by browsers are, in one way or another, on your computer. Even though they are encrypted and in a hidden place, with enough knowledge it is not so difficult to access them. The right malware could bring them to the surface.

password

Of course, remember too that not just any password will do. Worrying about where your passwords are stored is not worth much if you use the same one for everything and it is ‘12345’. In this case, there is no need for a cybercriminal to attack your computer or a lapse of yours to allow a colleague to use your computer.

The post This is how a browser saves your password (and it is not secure) appeared first on MediaCenter Panda Security.

Panda Security

Parisa Tabriz. Introducing Google’s ‘Security Princess’

parisa tabriz

Neither do princesses only appear in Disney movies nor is there only room for men in technology. There are various women in the ranks of the Mountain View giant but if we are talking about IT security, one of them stands out in particular. She chose her own nickname: she is Google’s ‘Security Princess‘.

She is Parisa Tabriz, one of the 250 engineers responsible for protecting Google Chrome users and the US company’s infrastructure and systems. Tabriz chose her title before a trip to Japan in which she had to give conferences on her work.

Even the White House has hired her services after suffering a cyberattack last October that affected the institution’s IT systems. At least that is what is said on Tabriz’s CV, where it appeared as a top secret mission. But do not look for ‘top secret’ on the document: she deleted this entry after the mission was made public. However, you can read that in November she collaborated with the US Digital Service.

Parisa Tabriz is part of a team of hackers whose job is to basically think like a criminal. They sniff out software vulnerabilities and bugs that could be used by cybercriminals to access Internet users’ data. They have to find them before they do in order to fix them and prevent attacks.

She earned her engineering degree from the University of Illinois, where she discovered her passion for computing. There she joined a special club: its members met up on Friday nights to discuss the ins and outs of Internet security. At that time, Facebook did not even exist and nobody had heard of the ‘blue bird’.

That group of amateurs was particularly interested in steganography, the practice of concealing messages within another item, such as a text or photograph. It is actually a form of encryption used in Ancient Greece (the word comes from the Greek word ‘στεγανος’, which means concealed, and ‘γραφος’, meaning writing). The group used to conceal the information in images of cats that were sent via email.

Parisa joined Google in 2007 as part of the company’s IT security department. Now she is the leader of a team of 30 hackers who, from the US and Europe, prevent attacks related to the Chrome Internet browser.

As soon as the hackers discover a vulnerability, they fix it quickly, so they are constantly updating the software without users noticing their work. They work in the shadows so that your data and Internet purchases are kept secure.

parisa tabriz google

In 2011, they discovered that the Dutch authority that manages Web security certificates (DigiNotar) had been hacked, affecting hundreds of thousands of Iranian Gmail users. All of the signs pointed to the perpetrator of the attack being the Iranian government and the volume of fraudulent certificates was so high that the agency had to close.

As well as leading the security army, Tabriz is responsible for hiring new experts to regenerate the ranks. One way of finding them is through contests and hackathons. Google organizes meetings in which independent hackers can look for bugs in its programs.

However, they must be careful. Some researchers could benefit from their findings and demand money for the information or even sell it to cybercriminals, who would use it for illicit purposes. Governments also use security holes in certain software to monitor companies and citizens.

Therefore, you have to know everything about the steps and advances in cybersecurity. Tabriz attends hacker conferences and meetings worldwide and gives seminars on her work to other members of the company.

The post Parisa Tabriz. Introducing Google’s ‘Security Princess’ appeared first on MediaCenter Panda Security.

Panda Security

The most cyber-attacked city is a model town

cibercityThere’s a city in a secret place in the state of New Jersey where the public services are always a mess. Power cuts, water supply problems and even Internet outages. Then add to that banks, stores, hospitals, schools and public transport that can’t operate normally on a daily basis because their security is continually compromised. In this city however no human being has to suffer any of the consequences. Nobody lives there: the city is just 1.8m wide by 2.4 m long.

CiberCity is a model city created by the Sans Institute, an organization that brings together over 165,000 IT security professionals. Its aim is to show the US army how to hack every corner of a modern city. It’s a 1:87 scale training camp designed to ensure the military is properly prepared for a cyber-war.

Ed Skoudis is the director and instructor of this unusual project aimed at teaching the latest cyber-security techniques. “A lot of computer security over last 10 years has really focused on computers themselves and the data on them… or it’s focused on spying and espionage”. Now there are other types of attacks. “But the threat is changing. It’s still that, but adding to that, it’s now people hacking into computers to cause real-world physical damage“, explains this expert in IT security.

If CiberCity existed in real life, it would have 15,000 inhabitants. It’s a city that has all the typical amenities and features of a real town: garden plants, swings in the parks, urban traffic, bars with WiFi and even a chemical plant have all been recreated in this mini city.

cibercity hacker

Five cameras monitor CiberCity so students have a live stream of everything happening there, and can carry out remote cyber-attacks, thereby learning how to attack and defend a city by hacking its security systems.

In one of the training missions, these security experts assume the role of hackers to cause a complete blackout of the city then reconfigure the power company’s computers so utility workers can’t access them. A city can’t live without power, so the challenge is how to get the system up and running again.

Another scenario asks students to work out how to simultaneously turn all traffic lights in the city to red, to prevent terrorists from escaping from the city. Derailing a train hurtling towards the town and laden with radiological weapons; reprograming a rocket launcher aimed at a hospital and hacking a water treatment plant so that clean water appears to be dirty are just some of the entertaining challenges that students will have to tackle.

According to Skoudis, the fact that the model is so realistic makes the project more meaningful to military leaders than if the missions were simply in virtual environments. “They want to see physical things. They want to see the battle space, and what’s happening there”.

Some 70% of Americans say they fear cyber-attacks from other countries, and would no doubt approve of their military acquiring such advanced system hacking skills in order to be better prepared to defend them. And it’s a fair bet that the students enjoy themselves too. Who wouldn’t with such a realistic Lego set?

The post The most cyber-attacked city is a model town appeared first on MediaCenter Panda Security.

Panda Security

Security tools that are safe from the NSA

U.S. Intelligence services have shown on numerous occasions how adept they are at accessing our data without permission. Nevertheless, there is still hope that you can keep your confidential information safe from the prying eyes of the NSA: Its expert spies still haven’t been able to crack all encryption systems.

Security tools NSA

Encryption tools are frequently used to safeguard the privacy of all types of confidential information, from simple chats to personal data. Yet no matter how careful we are with the data we transmit across the Internet, it is important to bear in mind that a supposedly private conversation may not be quite so private (whether you like it or not), particularly if your chat touches upon certain delicate issues.

Skype is a good example. Despite their reassurances that their video calls were the most secure, the documents leaked by Edward Snowden confirmed that the NSA had been accessing this tool since before 2011.

Luckily for many, or perhaps for everyone, a recent report published by Der Spiegel thanks to the Snowden leaks has revealed that, at least two years ago, there were still programs and security tools that could resist the technological weapons of the US security agency. Tools like Zoho, TOR, TrueCrypt and Off-the-Record are some of those causing headaches for the NSA, which has been unable to crack their encryption or at least encountered major problems in doing so.

zoho NSA

According to the German newspaper, US spies normally classify attempts to breach the security of a program from “trivial” to “catastrophic”. Decrypting email messages sent with Zoho is defined by the NSA as a “major” task, and users can rest assured as the agency has not yet been able to crack its security.

The US spy agency also found it difficult to break TOR encryption, the free and open source software that allows users to surf the Web through a network of thousands of linked volunteer computers. One of the benefits offered by TOR is that it is difficult to trace the location of a user visiting a specific website, making it an essential tool for activists in countries with strong censorship.

tor NSA

TrueCrypt on the other hand is a useful program for encrypting and hiding data and files. It uses algorithms like AES, Serpent and Twofish -either on their own or in combination- keeping it safe, according to Der Spiegel, from the prying eyes of the NSA.

While the NSA rated the breaking of the encryption of these tools as a “major” task, it defined as “catastrophic” its attempts to crack the combination of TOR with the CSpace secure instant messaging system, and a system for Internet telephony (voice over IP) called SRTP (a security protocol that adds confidentiality to voice messages).

Security tools that are safe from the NSA

The Pretty Good Privacy (PGP) program is also NSA-proof. This program was developed in 1991 to ensure secure conversations between its creator (Phil Zimmermann) and other intellectuals of a similar political leaning. Given it has now been twenty years since the creation of the program, it’s quite a surprise that experts from one of the world’s most advanced security agencies are yet to penetrate its defenses.

Although the information in this report talks about the data analyzed in 2012, experts believe that it is unlikely that the spies have progressed much since then, and that it is quite possible that these tools are yet to be breached.

For the moment, if you use any of these programs, you can breathe easy. If not, perhaps now is a good time to think again about your security.

The post Security tools that are safe from the NSA appeared first on MediaCenter Panda Security.