Lipani Security LLC

A Security & Privacy Company

Author: admin

Cloud Storage Security

Posted on by admin

I would like to take a second to explain more about cloud storage and the security of the cloud. When data is sent from your computer to your cloud storage provider (Dropbox, OneDrive, Google Drive) the data is sent encrypted across the internet to keep it safe from unwanted eyes. But after the data is on the server at your cloud provider it’s not as safe as you think from wondering eyes.

Let me explain when your data is transmitted and stored at the cloud provider it is encrypted but all cloud storage providers have said they can decrypt all your files and can view them whenever they want in particularly if any law enforcement agency comes calling. While I understand the need for this to me this is not real encryption. Encryption to me means that no one can decrypt the data that’s why I prefer Spider Oak for cloud storage and backups.

SpiderOak

SpiderOak is an online backup and files hosting service like Carbonite that allows users to access, syntonize and share data using cloud-based services. SpiderOak is supported almost all platforms’ Windows, Mac, Linux, Android, and iOS

According to SpiderOak, the software uses encrypted cloud storage and client-side encryption key creation, so SpiderOak employees cannot access users’ information. SpiderOak distinguishes itself from its competition like Carbonite, Dropbox, and others because of its encryption technique. SpiderOak does not have a web interface you must use a client for syncing files and folders across multiple devices. Whistleblower Edward Snowden recommended SpiderOak over Dropbox, citing its better protection against government surveillance.

As secure as SpiderOak is I have tried it and it lacks many of the features that Dropbox, Google Drive, and OneDrive have been known to have and be useful. While companies like Dropbox are focused on bringing you great new features SpiderOak is worried about giving you the most security or features that are the most secure. Unfortunately, sometimes you must sacrifice convenience for security.

takeaway

The big takeaway here is yes, your data is transferred securely to places like Microsoft OneDrive, Google Drive, and Dropbox. But when the data is sitting on their servers it’s encrypted but not from the company employees seeing it if they want to for any number of reasons. This is not true encryption. Encryption means the only person who can see your data is you. While your data is secure it can still be read by other people if needed.

If you have additional questions contact us.

Credit Card Online Fear

Posted on by admin

I have been out to dinner with so many people that say they

“I never put my credit card online”

Then in the next five minutes, they hand the waitress their credit card to pay the bill. This entire situation is miss guided by fear when the waitress takes your card how do you know she not taking it to the back to take a picture of or swipe for apps like Square or PayPal. The answer is you don’t know we have all been conditioned to think it’s ok behavior and safe behavior.

There was a news article a while back about this:

Oklahoma waitress has been arrested for skimming patrons’ credit cards at a Twin Peaks restaurant — and it happened during her first day back on the job after an extended hiatus. Rachael Tyler was arrested on June 7 for computer crimes, as well as several outstanding city warrants after a manager spotted her scanning customer’s credit cards with a skimmer at the lodge-style restaurant’s Oklahoma City location on 6500 SW 3rd St., Fox 25 reports.

The 34-year-old had previously worked at the sports bar within the last year, quit, and been re-hired last week, the manager told police, according to NewsOk. It remains unclear currently if she was skimming credit cards during her original period of employment.

The same applies to people who say “I won’t put my card online” then call up the infomercial 1 -800 number and give the person at the other end their credit card number. How do you know that person is not writing all these numbers they collect all day and going home at night and hitting every card for a bonus dollar or 99 cents times that by 100 cards 5 days a week that’s a very nice bonus?

Listen I know it sounds like I am being paranoid, but the sad part is I have seen it or heard of it happening. For additional information contact us.

Dumpster Diving

Posted on by admin

A very common way to get data from a company is what we call old-school dumpster diving. Garbage picking is the practice of sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to the garbage picker. Garbage picking may take place in dumpsters or in landfills. When in dumpsters, the practice is called dumpster diving in American English and skipping in British English.

Since dumpsters are usually located on private premises, divers may occasionally get in trouble for trespassing while dumpster diving, though the law is enforced with varying degrees of rigor. Some businesses may lock dumpsters to prevent pickers from congregating on their property, vandalism to their property, and limit potential liability if a dumpster diver is injured while on their property.

Dumpster diving is often not prohibited by law. Abandonment of property is another principle of law that applies to recovering materials via dumpster diving. Police searches of dumpsters, as well as similar methods, are also generally not considered violations; evidence seized in this way has been permitted in many criminal trials. The doctrine is not as well established regarding civil litigation.

Companies run by private investigators specializing in dumpster diving have emerged because of the need for discreet, undetected retrieval of documents and evidence for civil and criminal trials. Private investigators have also written books on “P.I. technique” in which dumpster diving or its equivalent “wastebasket recovery” figures prominently. If you can get into a dumpster, it’s a great source of information you can find passwords written on paper you can find phone directories financial information. In the modern era of paper shredders, it’s a lot less common but those pieces of shredded paper put together lead to information a lot of patients and some tape goes a long way.

One thing I tell people is don’t throw all your important shredder trash into the same garbage pickup when I clip a credit card it three, I will put 1 piece in each garbage pickup for the next three weeks. When you’re picking out a shredder don’t pick the cheap staples model that just shreds in one direction pick the shredder that does crisscross and up and down the more way the documents get shredded the better. Pick a shredder as well that cut things into small pieces the smaller the pieces the better. It makes putting the document back together much harder.

One thing I see people do all the time is they will shred a document put throw their backup CDs in the garbage remember those are digital documents those CDs should be put through the shredder as well. Most shredders nowadays come with a document, credit card, and disk shredder. When you’re going through your closet, and you pull out those floppy disks remember those still can be read. If you need to dispose of them, get a good scissor and cut them up into pieces or scrape them with sandpaper.

If you have questions about data disposal contact us.

Two-factor authentication

Posted on by admin

Two-factor authentication also known as 2FA also referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Authentication using two or more different factors to achieve authentication include

  • something you know (e.g., PIN, password)
  • something you have (e.g., cryptographic identification device, token)
  • something you are (e.g., biometric)

For example, if you have a Two-factor authentication setup on your laptop you would need to enter your password then you would need to scan your fingerprint to log in. If you have a Two-factor authentication set up on Gmail, you will need to put in your password then you will need to put in a pin code that you got texted to you or by using the code generated by the Google authenticator app.

This need of using two means to authenticate provides extra safety say you are in the car on your way to work and you get a text message from one of your services like Gmail with a login code and you did not just try to login to Gmail this would tell you two things.

One that someone has your password, and you should change it and two since they have no way of getting the code off your phone, they were unable to log in thanks to the Two-factor authentication you set up on your account.

There is software solution in the business world like Duo that before you can log in to your computer you first enter your password on your computer then you must open the Duo app and hit ok on your phone to allow you to log in to your computer. I know sounds at times this sounds like a lot, but password theft is one of the top security issues on the internet today.

For personal use companies like Microsoft and Google provide free authentication apps for iPhone and Android that you can use to secure and add Two-factor authentication to your accounts.

What accounts should you secure? Any important account with a password. Things like email, bank accounts, social media, and any account that has any kind of personal information.

If you need help or think this is something, you or your company want to do please contact us.

Prevent A Windows 11 Install (Never 11)

Posted on by admin

There is an easy way to block Windows 11 from being offered to your PC.

Microsoft introduced a new TargetReleaseVersion specification in Windows 10 1803, which allows you to set which version of Windows 10 you would like your OS to upgrade to or remain at.

To prevent the Windows 11 from being offered to you, you simply need to registry editing on Windows 10 Home.

  1. to press windows + R., type regedit and press log into
  2. Navigate to Computer HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows Windows Update
  3. Create a new DWORD (32-bit) value called TargetReleaseVersion and assign it a value of 1
  4. Create another DWORD (32-bit) value called TargetReleaseVersionInfo and assign it a value of 21H1

If you have Windows 10 Pro or Enterprise, you can do the same via the Local Group Policy Editor.

Simply go to Local computer policy > Computer configuration > Administrative TemplatesWindows components > Windows update > Windows Update for Business and double click Select the target feature upgrade version. Enter 21H1 and hit ok before restarting your computer.

This registry option and or group policy will need to be updated if you want the next build of Windows 10 when its released but at least you will not get Windows 11.