Software Security for you

WARNING - TrueCrypt has stopped development and issued security warning. Please don't use TrueCrpt. Maintaining this blog for historical purposes. Updated 29th May 2014.  ----------------------------------------------------------------------------------------------------------- You got personal data or photos that you don't want anyone to see ? Got confidential files in your external-HDD/Pendrive and want to share it with your friends?  Or want to create a secure vault to store sensitive data ?  Answer is TrueCrypt TrueCrypt is Open-Source, free disk encryption software available for Windows/Mac & Linux. http://www.truecrypt.org/ Main features - Create virtual disk within the real hard drive - You can create a vault and lock it using a password. You can then see all files within it with password Encrypts entire hard-disk or pen-drive. If your laptop is stolen or you lose pendrive with data then no one can read the content and see your files   Encryption is

How does Wi-Fi works ?  Wi-Fi is preferred wireless way of internet connectivity on mobile devices. We connect to Wi-Fi at home/office/cafe/Hotels and public places to get fast internet connectivity and do all stuff using it. Usage of Wi-Fi has spread fast with smartphones/tablets as compared to laptops couple of years back. Wi-Fi uses network name (SSID) and shared-password to connect and that makes it easy for users to get internet without much hassle. Once you connect to a network, your mobile device remembers the network and tries to auto-connect to it whenever its available. Mobile devices store all this Wi-Fi network info and use to auto-connect on periodic basis so as to provide preferred connectivity; and all that happens behind the scene. May be its your android/iphone/blackberry/windows phone/tablet all work same way. Your phone tries to connect to Wi-Fi automatically. You can see list of Wi-Fi networks connected by your device going to settings > WiFi What i

What is Online Privacy and why anyone should care about it  online?  Online Privacy is about you and personal privacy concerning your data the way its stored and used by third-parties, and displaying that via internet. With internet age, your data is captured every moment with what you do online and is available for companies to use and share with others without you noticing it and that's the reason why you should care. Your identity and data is not only yours anymore. Google the web king:   Every google search you do after login to google is stored. Google exactly know what kind of info you are looking for and what was your search history which it can relate and then show new results. Search done on webpage/tablet will also show up on phone and vice-versa. If you have android then you can also see that "Google Now" will show related blogs/articles around your search. E.g. if you search for a name of place then few minutes later you will see a short map w

Internet Explorer has been there for good long time now and each version has exposed security vulnerabilities.  What that mean to user is that any website that you visit can take control of your computer remotely and can do anything without you noticing it. Microsoft has recently (26th April 2014)  notified users about flaw in Internet Explorer  https://technet.microsoft.com/en-US/library/security/2963983  . Here is why its time to switch to better options for free. As internet has matured new web technologies have immersed. Modern browser has been developed to meet those needs and keep users safe. Google Chrome and Firefox has grabbed market share from IE with due its appealing functionality over IE . Today FireFox has released their new version 29 which has refreshing looks, boost privacy and provides new customization.  Try it!  https://www.mozilla.org/en-US/firefox/new/ Why Google Chrome: Google Chrome has became popular since it launched in 2008 and is the fastest growi

Microsoft has stopped supporting its 14 year old Operating system - Windows XP this month(April 2014). No new updates or fixes and security updates will be released to XP machines (Unless you are in government and ready to pay heavy charges). Here are is Microsoft announcement on XP http://windows.microsoft.com/en-IE/windows/end-support-help While XP was great for personal use, it is one of the least secure Operating System(OS) today.  The most vulnerable OS by Microsoft and this is due to its single-user architecture.  Microsoft has surely moved ahead with lessons learned and improved with Windows7 and Win8+ . Its still is most exploited OS on planet due to its design. Time to switch to Ubuntu Linux: With no updates on XP from Microsoft, its time for you to switch to better OS. Either upgrade to Win7/Win8 if your machine supports and ready to throw away some cash, OR try out new Ubuntu Linux 14.04. Ubuntu ( http://www.ubuntu.com /) is Linux distribution which is FREE for use

Android has been successful due to huge array of apps available and ease of download for users.  Open nature of android helps app developers do develop various kinds of apps and do magic. Installing an app shows permissions required for an app and that gives us a hint what this app can do/access from you smartphone/tablet App permissions are access that an app is requesting before you download and install it. If you grant the access, app downloads and has all required permissions to run. No permissions are asked thereafter unless additional permissions are required to update newer version from Google play. Android platform provide granular permission set for apps. Based on what an app does, it defines which permissions are required and does let android-platform know about those.  As a user you get to know these permissions when you opt to install the app and before you download it. It depends on app what permissions it needs. If you are just installing a game, then it may ideally

Online banking is preferred way for bank transactions and we hardly visit bank building. Most banks do provide android/iphone apps  to take it further. Bank websites are here to stay and do provide rich set of services for customers; and here lies the security issue. You need to protect you identity while logging in and prevent using your credentials on any other fake websites. Use browser bookmarks to open bank website: Always visit your bank using a bookmark on your browser. Simple practice can save your money Never search for bank URL in google or any search engine. You may land up in fake website Never search bank website URL in emails, you might open fraudulent email with URL pointing to site that looks similar to your bank. You may end up entering credentials and give away access to hackers Do NOT bookmark 'Sign in' page as it can change, always bookmark main website of bank e.g. https://www.hsbc.co.in, you can then follow the 'Sign in' page from there. Jus

You got a brand new Android mobile ? Great. Got lots of app pre-installed ? Yeah.  Mobile manufactures (Samsung/LG/Asus/HTC/Nokia and others) pre-install loads of apps by default. They partner with other app developers to promote apps and make money in turn. Great business sense to pre-install and get people use those apps with ease. There are apps that are common and people do install it eventually (e.g. Gmail/facebook/Whatsapp). It make sense to install it by default and make it available for people to start using right away on their new phone.  However there are ton of other apps  that mobile manufactures pre-install and that is annoying to users. As a user you may never use these pre-loaded apps. Just an example, I got Samsung S4 (from phone service provider) and it came with 80 odd apps, out of that I never ever used 40 apps!  That's huge set of apps pre-loaded. It may vary based on which phone you buy, however its obvious that new mobiles does comes with good number

If you are using Windows/Linux/Mac then you would have installed an Anti-Virus(AV). If not then better get one and setup. Its too easy for a machine to get infected and it has been reported that malware and viruses are on their all-time high. Here are some reasons why you need Anti-Virus You connect to internet and download/install files  You exchange data with your colleagues or friends via pen-drives   You connect you machine to different Wi-Fi networks  You use shared folders or use torrent for file sharing    How to know if your Anti-Virus is working ?  Any Anti-Virus product generally operates in three modes to give you full protection.  Here is gist that you need to know before you proceed Real time scanning (RTS) - In this more Anti-Virus product is active under the hood and constantly monitoring files that are open/written/closed/downloaded. AV product will scan them immediately and flag an alert if there is any virus detected On-Demand scanning - User initi

Security is not one-stop shop and you get everything. It’s not about you install a product and forget everything about keeping every things secure. Here are numerous topics around security that you should be aware of to keep up to security. Anti-Virus and Firewall: This is the most common term people think of security. It’s still valid, however it’s not everything. All of us now do things on internet and there has many more things to take care. You still need to worry about what you download/install or connect your friends pen-drive to your machine. Security products does great job here. Web security: Internet is full of good and bad sites. You need to ensure either not to land on those or be careful about those. Good browser plugins do help in to give us rating and categorization. You need to keep an eye and ensure not land-up into unwanted sites.  Security products does great job here. Here is good read on it. Social networking: This has become part of our lives now. You

Global reports on mobile theft has reported 1 in 3 phones are stolen or lost. You lose your photos, contacts, messages, data within apps and expose your identity (email, facebook, google+, banking apps) and importantly your two-factor authenticator app! That’s quite of a risk in addition to value of your phone. Better option is to be prepared in case it happens. It takes less than 5 minutes to setup your phone so that you can remotely locate, lock and wipe it if required. If you have Android phone, here is how you do it. For iPhone users, here is another blog . Android comes with built-in ' Android Device Manager ' functionality that you need to setup. Here is how - Step 1 - Enable 'Android Device Manager' (ADM) Android Device Manager is functionality of Android to allow user to lock or erase a lost device. This is installed by default in android beyond Android version 4.1 (Jelly Bean). You need to tell give permissions to 'Android device manager'

All modern browsers support " Private Browsing " mode or " Incognito " mode as in Google Chrome. No traces are left behind when you browse in private mode. No history, no temporary files, no web cookies to track users and no cache. Files you explicitly download do remain. Private browsing mode shield you only on local machine; your Internet service provider or your company can still know what your are browsing. Private-browsing still make sense from security point as explained below. Here are good reason why you should use private-browsing mode  Public computer usage - You are using a public computer and accessing your email/Facebook or bank accounts. Use private mode. No history, no passwords will be stored back for others to use. Temporary login to friends machine - Logging in from friends/colleagues machine to do a quick email/Facebook/etc. check. Leave no traces for friend to see. Login to bank website - Accessing bank account for any transactio

Using userID and password only to login to your account is old method to ensure security to your account(email, bank, facebook, etc.). It has been reported numerous times that passwords can be stolen, leaked, cracked, captured, sniffed & guessed. Bad guys (may be your own people with bad motives) are trying hard to get your password and get into your account to steal data/money/identity/photos. You need to protect your account with something more than just UserID and password. Strong password is not enough to protect your account and you need to go beyond that to make your account secure. What is two factor authentication ? In simple terms you can consider two factor authentication as "Two Locks" for your account. You need to open both the locks before your get into your account. And to open two locks you of course need two separate keys. Two factor authentication is security process in which you use your userID+Password and physical token. Its "something you

Your browser is the point of contact to internet and *the* most vulnerable spot. In addition to which browser you use, its most important to use it with right set of apps (plugins). Plugins are apps that run within your browser and enhances your browsing experience. Using random plugins can expose all your browsing history and data to external world. Every plugin has access to all your web history and data that you send. All your user names, passwords, emails, and chats can be accessed by plugins. So make sure you monitor your usage of plugins in your browser. Plugins can also ensure your safety online. Here is good list of plugins that improves your online experience and keeps your safe. I am using Google Chrome as reference browser to demonstrate various plugins. Almost all of the below plugins are also supported on other browsers (Internet explorer, FireFox & Safari). Google Chrome claims to be most secure browser plus its fast and comes with great user interface - try s