Month / April 2016

by duff2481

Brave, to be or not to be?

bebrave_board-939244_640
Brendan Eich, founder of JavaScript and one of the former founders of Mozilla Firefox, has set his sites on a cleaner, faster, better web browser.  Brave, is a new web browser that should compete among the big players of Chrome, Internet Explorer, FireFox and Safari.   Brave has a very interesting concept and I for one like it’s stance.  By now, most know that internet advertising is a growing problem.  There are a lot of individuals who have turned to adblocking with the help of Adblock and Adblock plus extensions to name a couple.  The principle here is very easy; block all advertising.  Whew, done, right?  Let’s think about the economics of this.

 

Advertising ‘pays to play’.  They pay websites to advertise their products.  If users, you and I, start blocking all ads, those advertising dollars will eventually dry up, right and then we are stuck paying for each site we wish to read, right?  The problem with internet ads isn’t the existance of them, its the annoyance and placement of them and how invasive they can be.  You visit a site to read the news and all of a sudden you’re immediately attacked by a giant pop-up with some video or obnoxious ad.  This is what I have an issue with and would love to see this greatly reduced!

 

Enter Brave!  Brave has an ideology that I would say is in that middle ground and so far seems to be a good compromise.  They want a cleaner, safer, faster and better web browsing experience.  Have I mentioned they share a portion of the revenue?  Approximately 55% will go toward publishers, 15% goes to Brave, 15% to advertising partner and 10-15% go to the end users.  Wait a minute, ‘end users’ you say?  Yes, the idea behind this is to allow you to then pay publishers that you like a small, okay pretty small, amount but something nonetheless.

 

Brave not only attempts to tackle advertising, but also has security in mind.  With Brave you can enable “https everywhere”.  This will defer to HTTPS, secure websites first, and if the site doesn’t have this enabled, it will redirect to the sites HTTP or non-secure page.  In addition, they have included 1Password integration into their browser.  Those of you who use 1Password as your password manager will like this feature and personally, I hope this relationship flourishes.  While at this point, they don’t have extensions, there is a setting you can check to allow 1Password to be your password manager within Brave.

 

For the last two weeks, I’ve let Brave replace my standard browser for work, home and phone use.  So far, i’ve been quite pleased with it’s performance and feature set considering they have only been out a few months.  Updates flow constantly and I can only hope the enhancements will continue in the upcoming months and years.

 

Brave, to be or not to be?  Only time will tell how their concept plays out.  I have seen that several publishers are already cried foul claiming Brave will replace their ads and touch their content.  Brave has addressed this specifically here and has again said they will not touch ads on publishers websites nor touch first publisher ad content.  Over the couple of weeks I’ve tested, I still have seen plenty of ads, however its been a much cleaner webpage experience.

 

by duff2481

Tresorit – Finally a secure and reliable backup method?  Initial review and thoughts

Screen Shot 2016-04-11 at 6.35.18 PMIn my search for a backup solution that was known for encryption, I have found Tresorit.  They pride themselves in never having been hacked and include a count on their website showing number who attempted with zero success.  This is a current “hot button” topic as I quest to find solutions to protect my own privacy and security. As I think we can all agree – my information, my stuff! As an aside – looking for security in your email environment? Take a look at what Protonmail is up to!
Okay, now that I have said my peace about security, let’s take a look at what Tresorit has to offer. At first look, I was pleased that I was able to pick and choose the files/folders I was interested in backing up. Unlike other backup solutions I’ve researched, where they overtake your computer and backup every file and preference setting, known to man. This solution keeps you in the drivers seat and lets you pick from the start what data you’d like to backup.
Tresorit setup and walk-thru is far different than the nightmare of many other backup solutions.  After signing-up for a plan, and downloading their software on my Mac, the setup was seamless. The look and feel of the product is minimalistic, but powerful and effective. Creating ‘tresors’ or backups was quite simple. Once Tresorit is open, you can easily create a new ‘tresor’ by click on the “+” button.  Simply name the ‘tresor’ and point it to the folder where desired data resides.
Screen Shot 2016-04-10 at 8.27.26 AM
After selecting ‘New tresor’, you need to select the folder to backup and then create a name for your tresor as shown below.
Screen Shot 2016-04-10 at 8.31.58 AM
If that seems like one step too many, you can always right click on a folder within Finder for Mac, or Explorer for Windows, and select ‘create tresor’.  Note: I did have an issue with this once.  When I right-clicked on a folder I wasn’t shown the ‘Create tresor’ option within the menu.  After rebooting, I was able to see this once again.  Not sure if a bug or just fluke, but certainly isn’t a show stopper.
Screen Shot 2016-04-10 at 8.29.45 AM
 Actual backup process:
After setting my initial tresor, I noticed that I had a few items I didn’t need backed up.  Instead of needing to moving them out of my folder, Tresorit allows you to exclude files/folders. Within the treorit main menu, you can click the ‘more’ button and select ’selective sync’.  This then provides you the ability to uncheck file(s)/folder(s) you don’t wish to backup within this tresor.
 Screen Shot 2016-04-10 at 8.48.25 AM
Pricing:
Currently, Tresorit’s Premium package is $12.50USD/mo and includes 100GB of data. There are additional packages for business and enterprises, however my review is solely on the premium package. They aren’t the cheapest solution for online backup storage, however, I definitely cannot argue with the pricing they have in place with the knowing security is number one to them.
Speed and performance:
During my tests, I noticed that while backing up folders, my internet browsing experience suffered slightly. My home internet connection is not the fastest to begin with and I noticed that pages were loading much slower. Perhaps throttling the bandwidth of Tresorit is worth taking a look at when setting up initial tresors.  This can be found under Tresorit / Preferences / Network  Bandwidth, and you are able to select download and upload limits. When creating new files/folders within my documents on my Mac, its was mere seconds later that I received notification from Tresor that a file was uploaded.  I really like this feature!
Suggestions & Improvements:
Looking at support documents from Tresor, I noticed that you could right click any folder and click ‘create Tresor’.  However, when I attempted to do so on many folders, I wasn’t seeing this option.  (log off, reboot? does this fix it?)
During my testing, one setting I couldn’t find that I would like to see implemented is an estimated file transfer time in which a folder will be synced as well as transfer speeds of the folder or file. It does provide a percentage of transferring but we have no reference point.
Audible Notifications:
When uploading a folder initially with multiple files you receive an abundance of audible notifications informing that files were successfully uploaded. While I appreciate a notification, I would like the option to mute the audible portion of the notifications. Hearing audible notifications 12 times when uploading 40 or 50 files gets annoying quickly.  After you have completed a tresor and you log back into your computer, yet another audible notification is sent congratulating you. I would love to see an option for silencing all audible notifications – I just don’t need annoying alerts to upload files!
Security:
Even the most secure sites cannot be too secure. The one concern I have with Tresorit is they are using a lightweight Tresorit javascript package to allow for decrypting of files when sharing encrypted links.  If Tresorit were to be attacked, it’s possible that the hackers could modify the lightweight javascript code and redirect the now decrypted files to them. Tresorit takes this very seriously and continuously monitors their servers and if a suspension of intrusion detector were to occur, they have a shutdown policy in place.
Wrap-up:
All-in-all, I think this is a Tresorit is a sound solution and hope that some of the annoyance can be easily modified.  I look forward to seeing Tresorit grow and enhance their product and invite you to take a look and see if this solution might fit your needs.
by duff2481

Crypto ransomware infects ads on well-known sites

Cyrptolocker

[UPDATE] How to prevent gpg.exe (crypto ransomware executable) from executing on users machines.  Add this GPO to your necessary organizational units.

Over the last couple of years we have heard about organizations attacked by crypto ransomware.  Earlier this year, we heard about a hospital that was attacked and paid the ransom.  Yesterday, we have found this effort has been stepped up and popular websites are becoming carriers of the crypto ransomware via advertisements.

The original method of attack was via e-mail.  If the person receiving the e-mail clicked on the link, ransomware would attack both the computer and any file servers that computer and user had access to.  Attempting to stop these threats prior to reaching the end-users is becoming increasingly more difficult.

The attackers know that it only takes one user to click on that link and they can effectively render an entire fileserver useless, depending on the rights the employee has for on the server.  For every file and folder that user has access to, ransomware can now encrypt that data.

The latest reports show that e-mail wasn’t good enough.  They are now using popular websites advertising links to inject their malicious code.  This is called malvertising.  Since advertising is often in a place that sees high volumes of activity, this can quickly affect many users and computers in a short period of time.

There are a few  ways to help reduce the risks to you and your organization.  One, reduce the amount of ad clicks, much more difficult to prevent I realize, but reducing or eliminating clicking on advertisements would be highly recommended. Another method is to increase the frequency of your backups.  Doing so would not prevent the attack from occurring but could reduce the severity of the attack.  The last advice and more difficult to implement is reducing the rights users have to file servers.  This isn’t an easy task by any means, but perhaps now is the best time to have a review.

 

 

by duff2481

backup, backup, backup!

password-222331_640

As you might have already guessed, this is all about backups. National Backup Day was just a few days ago, on March 31, and I know that millions of individuals and businesses still aren’t adequately backing up your files.

3-2-1 Rule
As we are all familiar sometimes things just go wrong, no rhyme, no reason its just part of life! Backups are essential for this reason, among other things! Have you heard of the backup method called the 3-2-1 Rule? While it isn’t my idea, I have worked to implement this method both professionally and personally, many times.  The thought process behind the 3-2-1 Rule is relatively simple:  3 copies, 2 formats and 1 of the copies must be off-site.

3 Copies = Redundancy!  
What we are protecting by using this method is your data!  Three copies does seem to be a bit much, but I’m sure you’ve all had a time or two you thought your data was saved or couldn’t find it when you went to restore your file(s).  This ensures that at least one of those backups is still valid.

2 Formats = pick your flavor, any flavor!
DVD, CD, SSD, NAS, SAN…it is completely up to you! But pick TWO! Please do not store two of your copies on the same format.  If that device goes down, you are now down to your last resort!  Speaking of last resort, lets talk about that…

1 Off-Site = Yes, a different physical location!
The 1 is for a single copy of your data to be store at an off-site location.  Whether this is at different geological location or in the cloud is up to you. Whatever you do, make certain you have a single copy of your data backed up in a different location. There are quite a few online backup services out there, and I would definitely recommend something that is known for security, if you choose to go this route!

Even working in this arena professionally, it can be difficult to first implement and then follow through with a backup solution and I’ve recently been reviewing some new online backup solutions. Currently I’m investigating Tresorit  which is a service that prides themselves on security. They have invited hackers to hack into their systems. As of yet, not one has been successful. I will be trying their software out over the next few days to see what I think, and I’ll post an update down the road with my thoughts!

Hopefully this is one more nagging reminder that entices one or two of you to put a backup solution into place that’ll work. If so, then this post is completely worth the time and effort! 🙂

I welcome your questions and comments!

http://www.worldbackupday.com/en/