MiniLock: a program to keep your private files private

Image courtesy of  Yuri Samoilov at Flickr.com

The creator of an encryption program that wasn’t successful released another one with a renewed concept: making encryption so easy that anyone can do it, in order to stay protected from the prying eyes that spy on digital communications.

Espionage, a century ago, could be as simple as setting up a copper wire on an official telephone line and start eavesdropping. Today, one hundred years later, that way of spying is something to laugh at, and it may even seem endearing. Current espionage systems are so incredibly sophisticated that few words actually manage to escape the network of technological eyes that are constantly watching the digital messages circulating on the planet: SMS, emails, social networks, phone calls, and so on.

The world’s public opinion is divided between those who justify tracking and those who believe that a compulsively observed population will result in the most barbaric totalitarianism imaginable. Hackers and tech-savvy experts, though, were the first to denounce the machinery that states and governments were setting up to delve into any private space. The best known cases are those related to Julian Assange and Edward Snowden, but there are many more.

This community is also trying, with a lot more courage, to avoid an ultra-controlled future. For years, hackers have been creating encryption technologies to shield messages and making them only accessible to the person who sends and receives them. Many of them called themselves “cypherpunks”. People like Assange spent a lot of time creating free encryption systems for people to express themselves freely on the Internet. The identity and contents of a message are inaccessible except for the sender and the recipient.

For years there have been services that have been trying to stay out of this global espionage network consisting of governments and businesses. As an example we can find web browsers (Tor, Chrome’s incognito mode or Firefox’s private browsing), mail services (Lavabit, Riseup), instant messaging clients (Telegram) or search engines (DuckDuckGo).

But outside of those environments, for the average user, encryption remains a bit of a mystery. Software engineers and similar experts, however, work harder to make it easier and lighten the weight of this unprecedented network of espionage. One of those hard-working people is security consultant Nadim Kobeissi, who created and released a browser plugin that is capable of encrypting and decrypting files in just a few seconds, and was featured in an article from Wired magazine.

The program is called MiniLock. It is free and open source -you can find its source code in GitHub-, and it was presented for the first time in New York’s Hope X hacker conference in July of 2014. Kobeissi hopes to develop software so simple that anyone can use it. “It’s super simple, approachable, and it’s almost impossible to be confused using it”, said Kobeissi to the aforementioned magazine.

Image courtesy of Christiaan Colen at Flickr.com

MiniLock first appeared as a beta version and, according to its creator, it began still in an experimental phase. The extension is capable of encrypting virtually anything, ranging from videos embedded on an e-mail message to photos stored on a USB drive. These encrypted documents can also be stored, safely, on services like Dropbox or Google Drive.

In this desire for simplicity, MiniLock requires no registration or a signup process. The only thing the user has to enter is an extremely secure password, which means that it must be comprised of a combination of at least 30 letters and numbers.

Kobeissi has been working for quite a while on encryption systems. The consultant is probably better known for his Cryptocat chat program. But, according to Wired, that project had security flaws. In a pessimistic view this could mean that the hacker community can view MiniLock with a skeptical eye. An optimistic outlook may focus on something different. Kobeissi himself says that he has learned a lot from Cryptocat and he’ll avoid the mistakes he made back then. One example is the fact that he chose not to release the program right away via Google’s store. Instead, he posted the code on GitHub in order to allow other coders and experts to assess it, check it and correct it beforehand.

Information leaks have turned into a trending occurrence, an especially significant one when it comes to fighting corruption. Certain systems, such as the open-sourced SecureDrop, have allowed citizens to present documents and all kinds of complaints to major news outlets, in a secure and anonymous way, to protect the identities of the whistleblowers.

The controversy that came after Snowden’s revelations about the NSA encouraged the creation of platforms such as Trsst, a microblogging site similar to Twitter, which describes itself as “encrypted, anonymized and decentralized”.

Encrypting information will probably end up being a common practice. And maybe, hopefully before long, it will turn into something as simple as creating a zip file today.

Related contentRead Don Burns’ “Threema, a messaging app that cares about your privacy”

Did You Know Wireless Devices Were This Important in Today's World?

Image courtesy of Jope at Flickr.com

Telecommunication devices have come a long way from the time of smoke signals and notes on a pigeon's foot, but one of the most amazing advances has by far been the possibility of doing all of this without any of the traditional wires needed. Wireless communication does not only refer to smart-phones and Wi-Fi, it is every kind of possible communication where there is a transfer of information or power, but there is no connection whatsoever. The most common and known is the radio, which can be at short-wave and travel only a few meters, or as much as millions of kilometers for deep-space communication. You can find on the list great variety in the different types of communication like two-way radios, PDAs, GPS, garage door openers, wireless gadgets like headphones, keyboards and mice, broadcast and satellite television and of course cell phones and Wi-Fi. If you take a minute and start to really analyze how many of the devices you use on a regular basis are wireless, and not to mention which ones you’ll be using a year from now. Wireless is on the rise while offering consumers a more pleasurable experience without any of the hassle brought on by cables, and receiving the same service. 

We think wireless and of course we immediately think Wi-Fi and the advances there have been with 4G and now 5G communication, which you can read more about on the Don Burns Blogspot page, but it goes beyond that. Wireless communication, believe it or not, started off even before the 1900s when Guglielmo Marconi developed the first wireless telegraph, which started off a wave of other inventions including basic data compression, initial technology behind cellular phones, and radiotelephones during the early 1900s. From there, you could easily list the devices that started popping up in the 50s and 60s from microwave signals and satellites, which were launched into space. Around this time, some associations also started appearing with the purpose of controlling communication as it started to be implemented, among these were: The Federal Communications Commission (FCC), and the International Telecommunications Satellite Consortium (INTELSAT). In the 80s, you could definitely say there was a boom in technology and it can be said this was the birth of the cell phone, since this is when the technology we know today was refined, leading to the beginning of the “technological wars” that would establish the competition grounds for digital cellular standards in 1989. In the 90s, there’s no surprise when records are broken, and the 10 million milestone was surpassed by cell phone users and the size of the internet just continues to exponentially grow.

The 2000s brought tons of new and interesting advances that now allowed users to interact more than ever. This tech had become such a part of everyday life that in 2009 it was registered that over 6.2 billion minutes were used by clients and more than 5 billion SMS messages were sent per day, all via wireless networks. During these years, was also the creation of the iTunes and the Android Play Store bringing about a brand new way of interacting. Apps on smart phones are now integrated into almost every part of our lives, and it seems that this is not the end of it. From here there was an even more advanced integration, which is the Internet of Things (IoT), allowing users to use the internet networks to communicate with devices around the home, office or city to carry out specific tasks.

Image courtesy of ollierb at Flickr.com

So, even though this was a brief timeline, you need to also realize that there are different types of wireless signals, which will be determined by the device being used. For instance, on a TV you are either using analog video or digital video, whereas on a cell phone you are using voice, be it via analog or digital, 3G, 4G or LTE, Bluetooth, or two-way radio. Satellites can carry all types of signals independent if they carry voice, audio, video or data, or even if they do so through analog or digital. The other consideration is the frequency of the signal, which are all supported by these satellites from 3400 MHz to 23 GHz, or others. Then you Wi-Fi and Bluetooth, and finally radio which synchronizes on AM and FM radio. In this whole mix you’ll find devices that could be transmitters, receivers, or transceivers. Each of these will take on a particular role in the wireless communication service: wireless clients (which are the stations that use the connection to interact), access points (which the host of the signal), and Ad-Hoc Nodes (which allow a network of devices to connect to a specific access point).

The list could go on about devices or wireless tech, but at the end of the day the purpose of all of this is maintaining communication as we have the possibility of going mobile. There’s now doubt that there will only continue to be advances in this field in the years to come.

Threema, a messaging app that cares about your privacy

Image courtesy of Dr. Motte at Flickr.com

Telegram is surely the app that we usually resort to in order to demonstrate how an app can offer a very high level of security and privacy to its users, with certain characteristics such as end-to-end encryption and secure chats that take to the next level the fact that we can feel safe when we take part in a conversation with sensitive information. The developers of Telegram have struck a chord with a need that came from millions of users after the events that took place with Edward Snowden and the NSA.

Now we have another application that follows this path and that presents itself as one of the most secure ones to stay out of reach from hackers, corporations and government agencies, and, once and for all, it can be used in a completely anonymous way.

The app is called Threema and we could say that it's the opposite to the ones that we use everyday -such as WhatsApp- in terms of security and privacy.

Security comes first

Telegram is a big bet, and so is Line with the implementation of end-to-end encryption. WhatsApp would later adopt this method, though a bit later than its competitors. If we want to jump to the next level, we’ll get to Threema. It's not a free app, something that some users may not like, but those who want to have access to certain privacy and security features will shortly find in it a great destination for completely anonymous conversations.

Threema is an app developed by a company in Switzerland that has been endorsed by the German government. The servers are located in Switzerland as well and we could say that it’s one of the countries that cares the most about users’ safety and privacy.


With that being said, these servers will only store the minimal amount of information, and the users’ devices will act as clients and servers. The Swiss servers will only act as intermediaries to transfer information from one device to the other. Said information, will be encrypted.

Anti-hacker encryption

Image courtesy of  Melina Sampaio Manfrinatti at Flickr.com

Without a doubt, announcing that it will be impossible for hackers to access your private information will be an attractive statement to them, but this is due to an encryption method based in the open-source library NACl (Networking and Cryptography library). This is why in order to impede copies of information or unauthorized backdoor accesses, the encryption keys are generated and stored securely in the devices of the users, as we mentioned before. 

Threema has stated that group subscriptions and contact lists are only managed from the user’s device. Once the messages have been delivered, they delete themselves so that the files that remain locally will stay, encrypted, within the smartphone or tablet.

The following are several of Threema’s features:

• Text messages and voice messages 
• Sending of all kinds of files: PDF, GIF, MP3, Doc, ZIP and so on.
• Sending images and video and the ability to share your location.
• Group chats in which new members can be deleted at any time.
• ID verification of contacts through personal QR codes.

It’s also worth noting that Threema doesn't require the use of a phone number or an email address. Each user receives a random ID from Threema to identify themselves.

You may not find many of your contacts with it, but it's only a matter of time. It also has a specific function in terms of privacy which differentiates it completely from other apps.

The company that created Threema is made out of -you guessed it- three employees. The startup managed in just 24 hours to double the size of their user base and the app got to the first place in the charts of paid apps in Germany.

Threema combines components of social networking with some of them coming from messaging apps and, on the other hand, apps aimed towards customization. Anonymity is definitely a key factor around which the app revolves.

The German government endorsed the usage of alternative apps for private communications. The app also allows you to find other users by syncing your contacts, but this step is completely optional. You can also share information such as your location on a map, all without leaving the app. If you want, you can exclude individual contacts from the sync process, it features an internal image viewer, a contact list that can be classified according to your needs, blocking of individual contacts, quick switching between different chat conversations, custom nicknames for unknown contacts and several other useful features that will help you keep your conversations away from eavesdroppers.

Even though it doesn't feature the option of voice calling, users can send voice messages. It's available for iOS and Android, and it’s a little less expensive if you have a Windows phone.

Related content

Read Don Burns' "The importance of cryptography in points of sale"

Some 2016 communication trends you need to know

Image courtesy of  RL GNZLZ at Flickr.com

Etymologically, the words trend and “turn” are closely related: they derive from the same Old Norse root: trendr. Trends are new directions, transformations, changes. If our time could be described with a social phenomenon, the lot of increasingly, frequent and definite trends is the right one. The communications sector is an example of how these trends occur very quickly. Some of these trends, which have had prominence in the current year, will be analyzed in this post.

Related: Find Out What Happens When the Telecommunications Industry Discovers 3D Printing

According to Forbes, communication with Millennials is a priority, and one of the ways this will be achieved more efficiently is through human capital investments in call centers. It will certainly develop the necessary technology to achieve the necessary communication.

Several call centers have invested a considerable amount of money on improving communication technologies. The aim has been, for a long time, an effective agent management and a continuous improvement of customer service. Today, the focus of many investments in this sector is real-time communication with users through virtual channels (WebRTC and SMS, for instance), because the Millennials seek, above all, direct and immediate interaction with customer service for solving their problems quickly and efficiently.

Brands will be the new activists. It’s important to keep communities together, but we need to live the experience of living among them and to see them in action. Because of the new kind of consumers, who judge everything based on economic and social policies of brands, we continue to see how brands give more weight to those political and social issues that concern people, placing values at the heart of its communication strategy.

On the other hand, virtual reality as a channel of choice is another important trend this year. While consumers need more experiences and less linear communications, virtual reality will become a key trend in the current 2016. This system has been generally used in the gaming and adult entertainment community, but content creators and communications professionals will use this kind of platforms to help people to assimilate certain realities. Users ask for new experiences in real life every day (or something that closely resembles.) Virtual reality has been very useful in the education sector (driving and flight simulators, for example), to the point that in the future will be a need to impart knowledge of all kind. Since during 2015 the technological advances in this field of communications were tremendous, this year things will move faster. “Brands not only need to ensure that they understand the impact that technology may have on the strategy,” says Don Burns, leader in the telecom industry, “they also must know when to use it and where to turn it into work.”

Image courtesy of  Tyler Pruitt at Flickr.com

In addition, in the flowcharts of companies, Youtubers may have a significant presence to stream content to workers. Companies need to decode new cultural codes, just like Youtubers: a social phenomenon of a decade that started in 2006 and has revolutionized the way information is transmitted at present.

Large 2016 marketing campaigns don’t just make noise to catch attention: they provide a good service. IBM, for example, has protected people from the rain under their ads on the street, and Samsung has set up giant screens in the back of their trucks where they project an image of the traffic through a camera on the front of the vehicle, to show drivers a good view that the truck is blocking. Marketing campaigns will be increasingly active every day.

The traditional model of 'funnel' sales belongs to the past. Consumers go directly to the end point of purchase today. While large online retailers are always seeking the amplitude, brands must seek depth. They guide their ad contents and campaigns to create a good experience with the brand. It makes it possible for consumers not only back, but remember the brand anywhere when purchasing.

The Internet of Things (IoT) is changing the way the global society communicates with itself. This phenomenon of hyper-connectivity will produce a paradigm shift of huge proportions, difficult to foresee (almost like the invention of the steam engine or the discovery of electricity.) Every day, more devices and objects of daily use are connecting to internet and providing useful information for users and businesses. In ten years, the number of smart objects will exceed the fifty billion of units. This year, more and more brands want their products to use IoT technology to improve the user experience and their sales and services as well.

Finally, the Millennials are destroying advertising. iOS 9 has allowed ad blocking, but the market is not ready to react. In 2016, brands will need to improve native advertising, as well as exploring new ways to generate notoriety in the top of the funnel (from sponsored podcasts and agreements with bloggers who are influencers, vloggers and Instagrammers), to a renewed commitment to activities experiences.

The importance of cryptography in points of sale

Image courtesy of hrp_images now at Flickr.com

When we analyze the security of point of sale (PoS) applications, we must keep in mind the necessary presence of magnetic bands and the data of the owners of cards, which are extremely sensitive information, both for the owner as well as for the financial institution that provides them.

In any space in which there’s information that needs to be protected and safeguarded, there lies the imperious necessity of using cryptographic solutions, the ones that originated in battlefields and which today are capable of protecting the confidentiality and integrity of said data. It's not enough to use certain safe protocols, it is also necessary and imperative to make a correct and proper implementation at a software and hardware level.

As obvious as it may seem, cryptography is an essential part of a point of sale, as well as in any other digital forms of payment used today. Complementing the pillars of confidentiality and integrity, authentication and non-repudiation come into play, which means that an operation cannot let itself be unknown to the user.

In terminals, mainly three groups of cryptographic algorithms converge which are used in heterogeneous technologies, where they mix with one another and with many architectures within the point-of-sale devices. Each one of these groups has advantages and disadvantages in relation to one another.
The main point where we will be able to distinguish great differences are linked to resource consumption, speed and even the ease of implementation in the different sections that point-of-sale devices have. The way of storing a password, the way of encrypting the communication between two points or even the degree of safety needed will be the way in which either one of the following algorithms will be implemented.

Symmetric-key algorithms

The same password is shared for the encryption and decryption of information. This algorithm is very fast, but at the same time it is less secure and it definitely needs both parts to have already exchanged their key or password to begin the communication. A couple of examples of symmetric-key cryptography are the 3DES and AES algorithms.

Asymmetric-key algorithms

Image courtesy of MIKI Yoshihito at Flickr.com

They contain two keys: a public and a private one. This way, the same one cannot be used to encrypt and decrypt the information. Both keys are generated at the same time and the private one is safeguarded, which is the one that will be used to read; and the public one is distributed, which is the one that will write, encrypting the communication. Two extensively used examples of asymmetric-key cryptography or public key infrastructure (PKI) are email messages sent through PGP (Pretty Good Privacy), or the network traffic encrypted with SSL or TLS. These are widely used in transactional websites or those that require the user to enter a set of credentials.

One-way algorithm or hash

These functions capture a variable-length information and generate an output commonly called fixed-length hash, based on the input. These functions used in cryptography have the property of being easily calculated, which is why they're widely used to store passwords, since it is difficult -in many cases- to recreate the input if only the value of the hash is known.

When it comes to encryption algorithms, size does matter

A general rule for all encryption algorithms is: the bigger, the better. This is due to the fact that the most simple way of attacking encryption is a brute force attack, testing all the possible combinations of bits, until finally the desired string is found. With the data combination processing capacity of modern computers, it is possible to apply brute force techniques to obtain relatively long passwords made out of several bits or characters.

For instance, DES with a 56 bit combination password can be cracked in less than a day. However, the addition of more bits to the string will exponentially increase the time required for the cracking process to finish. The most widely used hash algorithms are MD5 (128 bits) and SHA1 (160 bits) which curiously are not very robust when it comes to security in comparison with Triple DES or AES, both of which are recommended by the NSA.

To sum up, the diversity in the different types of point of sale devices, both in modular and compact machines, will keep rising and the telecommunication technologies will also accompany this constant evolution, generating greater indices of speed and availability. However, cryptographic algorithms in many cases don't go hand-in-hand with the development of point of sale devices from the initial stage of the design, which leaves an open window through which cyber criminals are able to break into systems and extract different types of information.

Malicious codes are able to sort these cryptographic processes in payment terminals or point of sale devices, applied in certain specific layers with the intention of capturing sensitive information.

Recent contents

Read Don Burns' "What Is Encryption And How Can It Work For Me?"

What Is Encryption And How Can It Work For Me?

Image courtesy of Intel Free Press at Flickr.com

We truly live in an era where information has become one of the most traded commodities available. Is it possible to ensure that the information we send, receive, create and store in our devices stays safe and accessible only to those you want to share it with?

The use of encryption software has been associated with paranoid conspiracy-theory enthusiasts who believe the government is out to get them and wants to steal their information. However, as ridiculous as it may sound, they are not entirely wrong. Your information can be at risk but not exactly the way you think. Identity theft, hacking, state-sponsored snooping and even advanced steps of social hacking may take place by violating your electronic privacy accessing your files, pictures and personal computer content.

You’ve probably heard the word “encryption” many times before but are unsure of what it means exactly, how it works and what can you do to take advantage of its benefits.

First of all, encryption is a method of protecting information in a way so that only those intended by you are able to access it. Using encryption is not something new, and the basic concept of it remains the same even if the tools available to encrypt have changed. Rudimentary forms of encryption have existed since the times of the Old Kingdom of Egypt when non-standard hieroglyphics were carved in monuments. It wasn’t until around 800 AD when Al-Kindi invented a frequency-analysis technique for breaking mono-alphabetic substitution ciphers, something that proved to be the most fundamental cryptanalytic advanced until WWII.

Encryption uses algorithms to jumble data into a string of code that is complete gibberish to those who do not have permissions to see the information. Those permissions come in the form of an encryption key that decodes the information and rearranges characters and code so it can be read the way it was meant to and without the key it is impossible to decrypt the data.
Data can be encrypted in transit, meaning when the information is traveling towards its destination; or at rest, when the data is stored at a terminal or server. End-to-end encryption for communication platforms is considered the most secure. If messages are end-to-end encrypted, only the people who are having the conversation have the keys to decrypt what’s being sent.

Software for encryption is very easy to use nowadays and it doesn’t take much to get started. Here you can see a very easy info-graphic showing you all the necessary steps to do basic encryption for folders in different operative systems. 

It is important to choose an encryption key length that is strong enough to withstand any attacks or attempts to decrypt your data. An AES 128-bit encryption key is considered suitable for your security needs as it can have more than 300,000,000,000,000,000,000,000,000,000,000,000 key combinations.  

Encryption software gathers random data before encrypting your files, also known as entropy. The password you use will be part of this random data gathered to cipher the files, this is why it is very important that you choose a long passphrase, in addition, you should not use any dictionary words to avoid brute force attacks. A brute force attack consists of an automatic process where all of the dictionary words are quickly input at the password login window. As computers have become increasingly faster this can be done in a matter of hours or less using cloud computing.

Here are some tips to follow:

Image courtesy of Kevin Spencer at Flickr.com

• Always choose an encryption program that uses a standard cipher that has been approved and tested by experts, like AES for example.
• Do not use common dictionary words as your password, use a long passphrase made up of capital and small letters with punctuation signs and numbers that will remember and try not to write it down anywhere
• Do not use the passphrase you use to encrypt your data for anything else like your email, Facebook or any other computer password.
• Never trust a third party service to store your encryption keys or carry out the encryption implementation, if you store data online encrypt it yourself in your computer before uploading it.
• Watch out for key-loggers and malware in your computer that could capture your keystrokes and your secret passphrase, use an antivirus and firewall and always keep it up to date.
• Never reveal to anyone your password, not even to a support department whose staff could be outsourced overseas or could be impersonating someone else. Always verify personnel before giving out any of your information over the phone

All of your information is valuable and should be protected, so take the necessary steps and get in the positive habit of encrypting your files and your communicated over the web.

If you want to learn more about encrypted communications and more advances in telecommunication technologies, be sure to check out our many articles at our blog at Don Burns’ Blogspot.

Anonymity on the Internet: which is better, VPN or Tor?

Image courtesy of Blue Coat Photos at Flickr.com

Complete anonymity on the Internet is impossible and, in the best of cases, a particular phenomenon unfeasible of being maintained for extended periods of time. However, both the VPN and Tor networks help hide the user's identity from third parties. But which one of them is better? Let’s take a look at the similarities, differences, advantages and disadvantages of using VPN and Tor.

Online privacy has become a growing concern for millions of users worldwide, either due to the fact that they’re sharing all kinds of personal information with third parties such as Facebook, Google or Twitter; or to prevent possible attacks by cybercriminals; monitoring by government agencies like the NSA or to limit access to certain websites.

Even though some still believe that surfing the Internet is an anonymous activity, reality is stubborn. The incognito mode or private browsing offered by browsers like Google Chrome, Mozilla Firefox and others is not an effective method of maintaining your anonymity on the Internet, which is why more users are choosing to use a VPN or connecting through Tor.

Both are two methods of transport to surf the Internet. However, the differences between Tor and VPN networks are considerable: a VPN could be likened to an ultralight aircraft, pretty fast but also expensive; whereas Tor, could be compared with a bus, available to anyone, but much slower.

Advantages of using Tor

The purpose of Tor (The Onion Router) is anonymity when surfing the Internet. To do this, the user’s information bounces between different nodes before reaching its destination, so the last server is unable to know the location and private information such as the IP address of the source.

We said at the beginning that there’s no such thing as complete anonymity, and Tor is no exception. Although it’s one of the best systems to surf anonymously, the network’s end node decrypts the data to access the required destination by the initial user, opening the door to possible vulnerabilities. It is hard, but not impossible.

If you browse via Tor, it is essential for you to be aware of the fact that it is not a bullet-proof system. The security level is very high if you use secure connections (HTTPS), but otherwise it’s low.

To maintain your anonymity it’s essential that you avoid sending unencrypted personal information such as your email address, location or mobile phone.

Advantages of using a VPN

Image courtesy of PhOtOnQuAnTiQuE at Flickr.com

In simple terms, VPNs (Virtual Private Networks) add a private network -tunnel- on the main network of the user. Basically, a VPN grabs your connection, encrypts it and sends it to another server. Instead of your computer going directly to Google, it first accesses an intermediate server and, from there, it goes to Google.

Using a VPN is recommended, for example, when browsing within a public Wi-Fi network because otherwise you’ll be at risk of third parties seeing everything you do online. When using a tunnel, only your connection to the intermediate server will be visible, which is the one that actually makes the requests to Google, Facebook and other sites.

Another advantage of using a VPN versus the usual navigation is that you can “fool” the rest of the world about your location: if you are in New York and the VPN server you use is in London, all of the websites that you visit will believe that you are a user from England, which opens the possibility of skipping geographical limitations in all types of content.

When is it best to use Tor? And a VPN?

Although there are some providers of free services like Hola, most VPN services -the most powerful ones- are paid. By contrast, the Tor network is free by definition, because it employs the user’s connections to establish the nodes.

Anonymity in a VPN network is in any case relative, given the fact that even though they promise not to store information about their users, it is difficult to think that they can keep their promise if a court order comes.

Tor guarantees a higher level of online anonymity, as long as the the user takes some precautions, but it’s not as impenetrable as the NSA has tried to show in recent years. The biggest disadvantage of Tor is that browsing speed is very limited.

When to use a VPN? If you are an intermediate user concerned about online privacy and the use of your data by third parties the recommended option is a VPN. You will have a considerable latency, but the speed of your connection will be enough to play HD videos on sites like YouTube or Netflix.

When to use a Tor network? This system is used in situations that require a high level of anonymity, especially with the threat of governments or intelligence agencies. It’s reliable, for instance, for journalists working with sensitive documents and leaks, but the biggest disadvantage is that the connection speed is quite slow.
Recent contents

Read Don Burns’ “How The Evolution of Sensors On Smartphones Makes Life Easier”

Learn how to defend against the MITM attack

Image courtesy of Blue Coat Photos at Flickr.com

The Man in the Middle attack is also known as a bucket-brigade attack, or Janus attack in cryptography. As its name explains, the attacker keeps himself between two parties, making them believe that they are talking directly to each other over a private connection, when actually the entire conversation is being controlled by the attacker. In a previous article, Don Burns explained all about the Man in the Middle attack, now you can learn about the defense. Since MITM attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other, the two crucial points in defending against it are authentication and encryption. A number of cryptographic protocols include some form of endpoint authentication specifically to prevent these attacks. For example, Secure Sockets Layer (SSL) can authenticate one or both parties using a mutually trusted certification authority. However, SSL is still not supported by many websites yet. Fortunately, there are three effective ways to defend against a man-in-the-middle attack even without SSL.

Virtual Private Network

A VPN extends a private network across a public network, e.g., the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network while benefiting from the functionality, security and management policies of the private network. You can start creating a virtual private network (VPN) by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols or traffic encryptions, such as PPTP (Point-to-point Tunneling Protocol) or Internet Protocol Security (IPsec). All data transmission is encrypted so that even if being intercepted, the attacker will have no idea about the content of the traffic. As a transfer station, the safety and reliability of the VPN server are very crucial to the security of your whole communication system. So, if you do not have a dedicated VPN server yourself, you are advised to only choose well-famed VPN server provider.
After establishing a remote VPN server, either manually or using some reliable online tool, you can follow these steps to create a Point to Point connection: First, Click “Control Panel” in the startup menu. Then, select “Network and Internet”. Go to “Network and Sharing Center” and Click “Set Up a new connection or network”. Once in the “Set Up a new connection or network” dialog, select “Connect to a workplace” and then press “Next”. In the “Connect to a Workplace” dialog, click “Use my Internet connection (VPN)”. Then, input the IP address of the VPN server and press “Next”. You will have to input your username and password, then press “Create”. And finally, Click “Connect Now”. After following these steps, all data transmission is encrypted so that even if being intercepted, the attacker will have no idea about the content of the traffic.

Proxy Server with Data Encryption

Image courtesy of Defence Images at Flickr.com

Use a reliable proxy server and encrypt the transmission between you and the proxy. If you only want to conceal your IP address for a specific amount of time and are not concerned with the security and performance, go for the free web based proxy services. But if you have the necessity to hide IP address on a regular basis, need high security and performance, go for paid VPN services like HideMyAss VPN (one of the most popular and trusted VPN service that allows people to easily conceal IP address and protect their online privacy) or VyprVPN (world’s fastest VPN services that allows people to easily conceal their real IP)

If you want to make sure your IP is changed, type “my IP address” on Google before and after using any of the above services. Just compare both the IP addresses and make sure they are different. If yes, that means you have successfully changed your IP address.

Secure Shell Tunneling (Linux/Unix)

SSH tunnel consists of an encrypted tunnel created through SSH protocol connection. SSH tunnel can be used to transfer unencrypted traffic over a network through an encrypted channel. You can use SSH tunnel to securely transfer files between an FTP server and a client even though the FTP protocol itself is not encrypted. SSH tunnels also provide a means to bypass firewalls that prohibit or filter certain internet services.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections. A Secure Shell (SSH) tunnel consists of an encrypted tunnel created through an SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel. Using a tool like OpenSSH on a Linux/Unix system you can tunnel all of the traffic from your local box to a remote box that you have an account on. SSH tunneling can be thought as a poor-man’s-VPN. It is handy in situations where you would like to hide your traffic from anybody who might be listening on the wire or eavesdropping. You can use such tunnel between your computer and your Unix/BSD/Linux server to bypass limits placed by a network.

Moment lenses for iPhone: a Little review to get acquainted

Image courtesy of  Warren R.M. Stuart at Flickr.com

Technology right now is amazing everybody everywhere at all times. Every day we see a new advance and a new breakthrough that amazes us in every way possible. For example, mobile phones and their applications. We see new things come out every day and new apps that help people get entertained or organize their lives or even start a new business. 

Well, there are some other devices out there that can be considered as accessories for the iPhones that are also getting very trendy. One of those accessories is the lens that can be attached to the iPhone and used as a regular camera.

These accessories make the camera on your iPhone have all the variations that any other camera has when you apply the lenses. These accessories appeared in the market due to the demand form users to have more option to pictures when they were in trips and vacations. Also, professional photographers wanted more options to the camera that already had amazing applications for their back up pictures.

Two of those lenses are the Moment Wide Lens and Tele Lens that offer the users something a little different, something especially practical: unlike other iPhone camera lenses that sit on top of your phone, Moment’s lenses attach to your iPhone’s lens using a special plate which is specially good for travelers and people that want to have variety on the go for their iPhone pictures. This feature is a thin, strong piece of metal that adheres to the back of your phone like a sticker and has a screw that works just like the lens screw that you can find in DSLR camera and that allows you to screw on different lenses. The brand Moment went live in Kickstarter to look for funding for this pair of lenses in 2014. Yes, the lenses help the users take better pictures, but the mounting system is the state of the art that attracts so many buyers.

This system sticks to the phone and has the hole that will receive the lenses. Installing the Moment lenses’ adhesive plate is not a big deal and does not require a great amount of time. This plate-based installation system is an amazing advantage for techies that love to have the latest iPhone model because they can use the same lenses in their new IPhones without buying new lenses, but by buying a new mount for 10 dollars and installing it in their new phones

It is not all peaches and cream because you have to semi-permanently attach the mounting plate to your iPhone. You really have to be committed to having lenses and to using your phone as a camera more often than regular people. If you decide later on that you really don’t want the mount any more on your phone, you will have to heat the mount system up using a hair dryer in order to get it off your device. Also, special occasions are a key thing. Neither lens is very big as compared with other lenses but they are bulky and not comfortable to have around all day. So you have to choose the moment to put them on. Attaching the lenses isn’t exactly a quick process, either. When you see something you want to snap a shot of, you have to reach into your bag, pull out the pouch, take out the lens, and then line the lens up just right so that it locks into place. 

Image courtesy of  Warren R.M. Stuart at Flickr.com

When you use the lenses the difference in the photos is amazing. For example, the telephoto lens allows you to capture close up pictures of things that are very far that you could never get with your regular iPhone camera. There was a very happy user that took a close-up photo of Alcatraz from a dock where she could barely make it out with her eyes, and she could actually see it in the picture. When using the telephoto lens along with the iPhone’s built-in zoom she was able to get close enough to read previously unreadable signs and get a good look at people who were once just small figures in the frame.

On the other hand, with the wide angle lens users can take pictures that cover crowds and that include as many things possible into the frame at very closes distances. For example, you can take pictures of buildings when you are standing in front of them or across the street. There’s a bit of frames on the corners of the images, but nothing that couldn’t be easily removed in a photo editor or with a little cropping.

Take a look at this amazing article to understand more about gadgets for smartphones and how they are changing the way we use mobile technology.

How The Evolution of Sensors On Smartphones Makes Life Easier

Image courtesy of Ian Lamont at Flickr.com

Smartphones have truly evolved the way we interact with technological devices. To the point that we no longer have to press buttons, but instead they can interact by simply looking into the camera. At the same time, we sometimes touch the screen or parts of the device but technology has allowed this contact solely to identify users based on fingerprints. Sensors on phones has also promoted the use of cellphones in many everyday activities like doing exercise, traveling journals, or even to keep track of the temperature. All or at least some of these are common on most smartphones nowadays and the way they seamlessly make our lives a bit easier is amazing. Phones have come a long from advances in 4G networks, which you can read more about on the Don Burns Blogspot, to high camera definition. Sensors have evolved along with smartphones and that’s why today we can enjoy easy to use and practical tools for our everyday life. 

Today’s smartphones have a variety of sensors that expand the applications we give to smartphones themselves, ranging from the user interface to environmental ones. The user interface has the very recognized touchscreen and gesture recognition that allows us to zoom in and out. The display, with its sensors, can identify ambient light, proximity and RGB or color balance. In terms of health and fitness, smartphones now have sensors that can measure your heart rate and its variability. Motion tracking is a popular feature on smartphones allowing people to use services like GPS, accelerometer, gyroscope, and magnetometer. The camera also has sensors allowing it to capture HD images, Laser auto focus and automatic RGB lighting adjustments. Cell phones can also measure the environment keeping track of humidity, air quality, and UV lighting. The newer models are almost all coming with integrated biometric features like fingerprint and a new one the iris scan. Many people are now carrying around only their cell phone instead of their wallet with different advances in payment methods with NFC and magnetic features. Finally, the audio also has special sensors that allow the active noise cancellation and the microphone, which of course we are all familiar with.

Display sensor’s evolution

Ambient light sensors (ALS) measures light to determine how the human eye reacts to the light that is visible in a 390-700 nm wavelength range. Since this piece of equipment is able to sense light similar to the way the human eye does, it is critical for the cell phone to have an accurate light measurement. So these are the sensors that are used to adjust the brightness of your screen, they determined power saving modes and improved the overall experience of the users. From here touchscreens brought new challenges that these sensors needed to help with. Since when a call is placed the screen has to be disabled, now it was necessary to include IR proximity features. This would be the most cost effective and reliable solution and the growth of the smartphones proved that these solutions truly optimized them in a big way. From here on, more needs emerged like the necessity of recognizing RGB lights and its different varieties to make for more realistic and vibrant images. The sensors that allow all of this have evolved from photodiodes and phototransistors all the way to future solutions like aperture reduction, biosensors and advanced color sensors. The evolution of the light sensors has truly brought to life the interaction of smartphones with any environmental lighting.

Biometrics made phones safer

Image courtesy of Vernon Chan at Flickr.com

The constant need for upping the security on our smartphones, which now carry more and more information about ourselves and our families, gave way to biometric tech and this integration seems to have been a match made in heaven. In its evolution, it has not been without inconveniences. It mainly faced two big obstacles: seeing biometrics as an isolated piece of technology and the habit of not recognizing identity and security as a vital part of the future in technology. The Internet of Things, IoT, is yet another application that could bring together all of our information and personal data. As integrations of biometrics become more common there will be a need to make security and identity a priority. This helps us move beyond the traditional password security measures and helps us turn our smartphones into a larger part of our lives, generating more confidence for financial transactions, promoting healthy lifestyles, and at the end of the day access to our data in an easy way.

What will the future bring?

The future will only continue to bring more integrations of sensors that will allow smartphones to offer more features that make their users become more dependent on them due to their ease and security. The expansion of ultra-wideband radio, WiFi and Bluetooth into a slow transition towards 3D radio imaging. This will easily allow people location, even inside a building, along with information like what’s actually going on inside around the person.

Beware the man in the middle attack

Image courtesy of Charis Tsevis at Flickr.com

MITMA is an attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. The attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. The attack is a type of eavesdropping in which the entire conversation is controlled by the attacker. Sometimes referred to as a session hijacking attack, MITM has a strong chance of success when the attacker can impersonate each party to the satisfaction of the other. Man-in-the-middle attack is also known as a bucket brigade attack, or sometimes Janus attack in cryptography. One way that an attacker can pull-off a MITM attack in a place where public Wi-Fi is available is to create a fake Wi-Fi hotspot, which uplinks to the public place´s Wi-Fi. Then, the attacker can use a tool to intercept SSL connections. To protect against a MITM attack, the client should check that the server's certificate. This can be done by way of certificate pinning.

MITM attack could involve distributing malware that provides the attacker with access to a user’s Web browser and the data it sends and receives during transactions and conversations. Once the attacker has control, he can redirect users to a fake site that looks like the site the user is expecting to reach. Online banking and e-commerce sites are frequently the target of MITM attacks so that the attacker can capture login credentials and other sensitive data.

Don Burns found this clear illustration of a MITM attack:

There are 3 characters in this story: Mike, Rob, and Alex. Mike wants to communicate with Rob. Meanwhile, Alex (attacker) inhibit the conversation to eavesdrop and carry on a false conversation with Rob, behalf on Mike. First, Mike asks Rob for his public key. If Rob provides his key to Mike, Alex intercepts, and this is how “man-in-the-middle attack” begins. Alex then sends a forged message to Mike that claims to be from Rob, but including Alex’s public key. Mike easily believes that the received key does belong to Rob, when actually that’s not true. Mike innocently encrypts his message with Alex’s key and sends the converted message back to Rob.

In another common MITM attack, the attacker uses a Wi-Fi router to intercept user’s communication. This technique can be work out by exploiting a router with some malicious programs to intercept user’s sessions on the router. Here, the attacker first configures his laptop as a Wi-Fi hotspot, choosing a name commonly used in a public area, such as an airport or coffee shop. Once user connects to that malicious router to reach websites such as online banking sites or commerce sites, attacker then logs user’s credentials for later use.

An attacker can also exploit vulnerabilities in a wireless router’s security configuration caused by weak or default passwords. For example, a malicious router, also called an evil twin, can be setup in a public place like a café or hotel to intercept information traveling through the router. Other ways that attackers often carry out man-in-the-middle attacks include Address Resolution Protocol (ARP) spoofing, domain name system (DNS) spoofing, Spanning Tree Protocol (STP) mangling, port stealing, Dynamic Host Configuration Protocol (DHCP) spoofing, traffic tunneling and route mangling. When we need to pass information along to someone, different things help us verify with whom we’re speaking. To verify the identity, you can follow some of this precautions:

Image courtesy of Sarah at Flickr.com

SSL creates this virtual trust and establish a secure communication between devices. The idea behind SSL is to protect the communication between the sender and receiver in order to prevent eavesdropping. To achieve this, the parties must be able to validate that the remote party to which they are connected is the intended party. After this validation, the parties create a key that’s used to encrypt all data between them for the session.

Web and non-web applications use certificate validation to establish trust. Unfortunately, some applications skip validation and end up as easy targets for MITM attacks. The primary reason validation is skipped is that the host does not have a signed certificate from a trusted CA. These service credentials are typically used to authenticate the user but could also be used to validate the service. We can use the certificate to create a fingerprint and package this along with both a random and fixed magic number and then encrypt this package with the user’s password. The encrypted file is sent to the server, which can use the stored password to decrypt the file, validate the magic number and check the fingerprint against its certificate. If the fingerprint matches, the server increments the random number and sends that to the client along with the peer certificate’s fingerprint.

Find Out What Happens When the Telecommunications Industry Discovers 3D Printing

Image courtesy of  Malene Erkmann  at Flickr.com

3D printing, or additive manufacturing (AM), has gotten a lot more attention lately, but not from the consumer market. Manufacturing companies are starting to see what kind of applications this new material could have, and of course the low costs, easier manufacturing processes and time efficiency it could bring. A 3D printer can basically print anything that can be made as a 3D digital model, and is being seen like the successor of the production line assembly. Many industries are catching on fast and finding the benefits of using this tech, including the telecommunications industry.

What are 3D printers all about?

The origins of 3D printing can be traced back to the 1980s where many contributions were made including STereoLithography (STL), which is used mainly to create models, patterns, prototypes and productions parts by printing layer by layer using photopolymerization. This process links material with light causing chains of molecules to link together and form polymers. In this time, STL also became the widely recognized file format for 3D printing, which is native to CAD software. 3D printing basically requires three principles: modeling, printing and finishing, and uses a series of processes that give it different end results. In terms of the printers themselves, you’ll also find some variety from industry use printers to consumer ones, and large 3D printers to microscale and nanoscales ones. The applications that it has been used for is where it has grown the most in the last couple of years. This includes manufacturing applications with cloud-based AM, mass customization, rapid manufacturing, research, food and medical applications. In industrial applications you can find products like apparel, vehicles, construction, firearms, medical equipment, computers and robots and space. It has also been included in some sociocultural applications like art, communication, domestic uses, education and research, environmental use, specialty materials and cultural heritage restoration. The objects made from 3D printers are slowly changing the world in more ways than one.

How is 3D printing changing telecommunications?

Fiber Optics

Today’s world would be nothing without fiber optics. It allows us to have internet data, telephone communication and even UAV and military uses by bundling cables across the ocean floors. The role of fiber optics in our world is definitely a huge deal and while traditional fiber optics have been around for decades, there are new technologies that are leading the pack. Making fiber optics can prove to be very expensive to make due to its complexity, but now with 3D printing that might all change. Although 4G is gaining a lot of strength, fiber optics still continues to be the way we communicate from our homes and office. On the Don Burns Blogspot, you can take a look at the future of 4G networks, but for now this new technology of 3D printing is a look into the future. One of the types of new fiber optics that would allow 3D printers to improve on manufacturing times and costs is called Photonic bandgap fiber, which seems to have many benefits overs the traditional fiber. 3D printing will not only open the door to printing these new fiber cables, but also ones that were unimaginable before 3D printing tech came along.

Cell phones

Image courtesy of Creative Tools at Flickr.com

Besides the fiber optics cables, there are now ways to even print yourself a cell phone, the case as well as other accessories. For example, a German telecom agency has now launched a 3D printing website that allows their clients to print their own customized cell phone cases. Similarly, there are sites that allow users to create their own open source cell phone or smart watches. They are printed out layer by layer, with the exception of the circuit board, and can be personalized with its own shell and and skin. 

Other uses

In general, you can use 3D printing to supply materials, software, services and devices in the telecommunications industry in a way that more and more companies are looking to AM to manufacture new technology.

How easy is it to print in 3D?

Nowadays, it has gotten easier to print in 3D than it was before, especially with products like OLO, that even let you print from your phone. By using pre-designed files, or using software to design to your own 3D models, you can make your own products easily. You can also get your company an industrial printer which can get the job done when you need to print a lot of prototypes, products or parts for specific industries. Depending on the type of industrial printer you decide to get the prices can range from less than $49,999 to greater than $1,000,000. It is important to research extensively because today there are many options and it will depend on what you interested in printing. Most industries will find some use for 3D printing and telecommunications is not the exception. Now, it’s just a matter of time while more products start reaching consumers that are made with 3D printers, offering easily customizable products at cheaper prices.

Using Location-Based Services to Make Your Life Easier

Image courtesy of 2Tales at Flickr.com

Today’s apps are all about making our lives easier. You can find apps to do, find or make almost anything. But one of the most popular ones lately have been those that interact depending on your location. Location-based services have been around for a while now, since its origins in 1989 when the first research began that lead to the location-based services that we know today, it has been groundbreaking tech that has allowed people to know exactly where they are located at any given moment. There are many different types of location-based services that are used in the various apps depending on their uses. Although the most known one is GPS, there are other ones that also just as effective. Location-based services can vary from recommending events in a city or knowing what services are nearby to receiving advertisements based on your location. Many apps also use this system to send their customers alerts when they are nearby or if there is important news about surrounding events. The uses can vary greatly, and the reality is that companies are finding more and more ways of using this service to make apps, services and products that can use it to their advantage. We know the internet has changed the game in many aspects from how the Internet of Things has changed how cities work to location-based services, and many other technological advances, which you can always read about on the Don Burns Blogspot page.

First of all, let’s analyze how your phone knows where you are in the first place. The first and most known is GPS, or Global Positions System. This system has been around since the 1990s as an integrated part of cellphones and to this date it is still the best way to know your location when you are outdoors. Since GPS works with satellites, and only once it has connected to three or four will it give you an exact location. In many cases this may take too long, or may simply not happen due to the fact that you are indoors or in the middle of the city where buildings interrupt your satellite signals. In these cases, you could use Assisted GPS. This is basically just a series of tools that are set up to help you get a GPS signal. Although nowadays the same location data can be sent over cellular or Wi-Fi networks, so it becomes a lot faster for the GPS to start up. Assisted GPS still requires data network and time, while it transmits the information to the satellite. Another way is using Synthetic GPS, which uses computing power and forecasts where the satellites will be located days or even weeks in advance. By having this information at hand, a phone can identify its own location in a matter of seconds. All of the above mentioned need at least three satellites to give you your location. Another way of doing it without relying on GPS is to use Cell ID. A phone company can figure out the cell that someone is using and how far they are from other cells. Basically it can use nearby cell towers to pinpoint a person’s location, and is much more precise in urban areas than rural due to the amount of cell phone towers in the area. In the same way, Wi-Fi can also pinpoint a location without the need of GPS. With Wi-Fi you could either use RSSI (received signal strength indication), which is the most common, makes use of your signal strength and the information provided from the Wi-Fi networks’ database to determine your location. The other way to use Wi-Fi is wireless fingerprinting. It basically uses stored information that offers profiles on given locations. You can use this the best when you are located in places that you go to often. This way the fingerprint can be taken and your location can be found very easily. Even though there are more, these are the most popular ways to find your location from your phone.

Image courtesy of slgckgc at Flickr.com

Now, location-based services are used in tons of different types of products, services and apps. So let’s take a look at a few of the most popular ones. Of course, you’ll find social media at the top of the list with apps like Foursquare, GetGlue, Facebook Places and Instagram, just to mention a few. These basically let you share your location with others and let them know where you are and what you are up to. If you’re into shopping, then you’ll love apps like Groupon and Shopkick that will point you in the right direction to get the best offers depending on where you are. If you’d rather get instant information on restaurants or a good movie to watch you’ll really enjoy Open Table, Fandango and Yelp. By checking in at a location and sharing your thoughts on it, your helping other users make up their mind about what they want to do. Finally, location-based services also let you get fit, by including it in wearable tech it can keep track of the distances, speed and other metrics that can help you get into shape in no time.