This free open source application will quickly lock your Windows computer while you are away doing something else and do not want to switch off the computer.
WinLockr is an easy to use application that besides locking the screen, it will disable the mouse and keyboard for extra protection, a key combination enables it again. The locked screen is replete of appropriate details, informing the user at what time the computer screen was locked and the failed unlock and shutdown attempts, WinLockr also protects against computer shut-off. If someone discovers your password to unlock the computer it will not be enough, they will also need to know the key combination to activate the keyboard to enter it in the login screen.
WinLockr to lock Windows desktop
If you choose it, you can set up WinLockr to unlock and lock your computer using a USB key instead of a password this makes locking Windows very quick and impossible for others to see what password you typed in since there isn’t one. Windows accounts can be set up with a password and lock the screen while you go away but it doesn’t have all of the features that WinLockr has, if you work in an office environment you will be better off protected using it instead of the default Windows lock screen.
With hard disks getting bigger in size and thousands of files in our computers it is easy to leave behind personal data that could be used for identity theft, Identity Finder renamed Identity Sweeper stops the risk of data leakage by finding and securing private information, it would be a good idea to run something like this on your hard disk before taking your laptop to the repair shop or allowing anyone who is not your family access to your computer.
Identity Sweeper will scan your computer files searching credit card numbers, dates of birth, passwords, bank account numbers, driver license, phone numbers and other personal data that is often used by identity thieves, it can be used to search for country specific data like the Canadian SIN numbers, British NHS identification and Australian TFN account numbers.
After the scan the software will show you all of the data it has found on a detailed preview pane with statistics and it will offer to securely wipe it using US Department of Defense standards (DOD 5220.22-M), any wrongly classified data can be filtered out from future scans by marking it as ignore, if you need to have the data in your computer you don’t necessarily have to erase it and can use Identity Sweeper to encrypt it, the applications integrates with Windows Explorer creating context menu options for easy access.
Some of the locations that will be scanned for sensitive data include the Internet browser temporary files (IE and Firefox), cookies, messenger logs, text documents (.docx, .pdf, .txt, .rtf, .html), compressed files (.zip, .gzip, .rar, .bzip), email messages (Windows Mail, Thunderbird, Outlook Express) and others.
Identity Sweeper credit card protection
Identity theft contains all of the tools that are needed by those not using full disk encryption, a secure data wiper, file encryption and a password manager with the ice on the cake being the hard disk scanning for unsecured data useful to identity thieves. The free edition of this software is pretty basic, it comes with a data shredder and it only scans for credit card numbers and passwords, if you want the whole suite with all of the features you will have to buy it.
A VPN tunnel sets up an encrypted data connection in between your computer and a remote server, any request you make to download or upload data, like viewing a website or making an FTP transfer, will be routed through an encrypted tunnel stopping third parties from eavesdropping on the content, your own ISP will not be able to log and find out what sites you have visited, all they will see it is the address of the remote VPN server your are connecting to and the port used.
Virtual Private Networks are often used by remote workers to connect to their company server and by home users who want to stop third parties monitoring them, VPNs get around Internet censorship, protect your Wifi connection at public computers and give you a different computer IP located where the VPN server resides.
A Virtual Private Network can not speed up your Internet connection, it will limit the available bandwidth to that of the server, you will never get more bandwidth that the one the VPN server has available, if the VPN is located far away from your country the ping rate will suffer, for best performance, always try to use a VPN as close as possible to your home.
Some insecure VPN protocols are used in conjunction with IPSec, a protocol to secure traffic on IP networks, IPSec will implement encryption and authentication in VPN protocols that lack it.
Virtual Private Network different protocols
Point-to-Point Tunneling Protocol (PPTP): Commonly used in Microsoft products, the PPTP protocol specification does not describe encryption and authentication, it simply tunnels the traffic. Microsoft runs an improved version of the PPTP protocol with encryption, supporting 40-bit and 128-bit, but numerous vulnerabilities have been found and PPTP it is not considered secure, this protocol should be used as a last resort.
Layer Two Tunneling Protocol (L2TP): An improved version of PPTP, not secure by itself but often implemented with IPsec, L2TP/IPsec encrypts the data transmission and also provides integrity. Some smartphones like the iPhone will not work with OpenVPN unless it has been jailbroken, you can use L2TP in those cases.
VPN tunnel encryption
Layer 2 Forwarding (L2F): Developed by Cisco, this tunnelling protocol does not provide encryption, L2F was designed to tunnel PPP traffic.
Secure Socket Tunneling Protocol (SSTP): It encapsulates PPP or L2TP traffic through an SSL connection, supporting AES encryption, this protocol is only available in Windows since Windows Vista SP 1 version, it has been integrated into the remote access architecture of Windows, SSTP VPN tunnels can be established on top of IPv6 based networks.
What is OpenVPN?
OpenVPN is not a VPN protocol, it is an open source application to establish a VPN tunnel, it uses SSL/TLS encryption and it can get through firewalls.
OpenVPN software uses a preshared key or digital certificate to authenticate with the VPN server, many VPN providers provide their own VPN client, this customized VPN software is based on the original open source OpenVPN program, the typical VPN provider adds some extra features, e.g. server location map, brands it with its name and makes an eye candy interface, the security and inner workings principles remain the same.
Virtual Private Network and Email
Because many VPN services provide a no logs service, some spammers take advantage of it to send mass emails, many VPN providers block sending of SMPT email through the tunnel.
To stop spammers, VPN services allowing sending of email will limit the number of messages that can be sent in a given time, other VPN services will whitelist your chosen SMTP to allow that specific customer to send email through an specific service that it is not an open relay which is what spammers use most, a solution to send email through a VPN is to use webmail.
One of the most used online password managers, LastPass, winner of numerous IT awards, like PC Magazine editor’s choice and featured in IT podcasts like Security Now, is asking all its users to change their main account password after detecting an abnormal data transfer on their servers.
LastPass has noticed unexplained traffic and it is possible that encrypted data was pulled out from their database, the people who would be at risk in that scenario are those users using a weak password to log in, LastPass encryption algorithm is sound but using an easy to guess password makes it crackable using brute force attack, which consists in quickly trying all of the dictionary words in a matter of hours using specialist password cracking software.
Those using a weak easily guessed masterpassword stand a good chance to be affected, LastPass recommends all of its users to change their main password account, the amount of data transferred by the hackers appears to be enough to contain the user’s email and salted hashed (encrypted) password.
Is LastPass still secure?
The company is announcing the roll out of a one-way encryption algorithm even stronger than the one they are using, PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds.
I would be concerned about about storing all of your passwords online, whether encrypted or not, breaking into LastPass, or any other online password manager, would mean a profit of millions of dollars for malicious hackers, just imagine what they could get, email accounts, online banking details, credit card numbers (stored in notes), date of birth and names (stored in profile), forum usernames for identity theft, etc.
I would imagine LastPass is pretty high in the list of targets for cybercriminals, my main concern with LastPass it is that like all of the online password managers out there, their PR claims that their servers are extremely secure, but even the USA Government secret services get hacked, I don’t think any server out there is 100% secure if it is connected to the Internet.
My other concern, with online password managers in general, not only LastPass, is that the company will have a personal interest in minimizing the incident, LastPass for example it is not even admitting they have been hacked.
Password security hacker
I doubt LastPass would come out public with this if they did not believe the chances of someone having hacked their servers were pretty high. Can hackers erase all of their IP traces or is LastPass unwilling to admit they have been hacked for certain? Whichever the case, poor log auditing or a company covering it up, the result it is the same, not trustworthy.
Every time I see a company with its user’s database compromised (Gawker, Sony, Lush, etc), I notice a total lack of transparency, you just have to sit down and trust that the company with a direct economical interest in not making fuss over the incident explains the details of what exactly happened and what security mistakes they did.
You should also be aware that due to all of the people login into LastPass at once to change their password the server could not handle it and it momentarily it blocked some user’s access, a Denial of Service attack locking you out of your password manager is another hazard you are exposed to by using an online password manager.
Online password manager alternative
The obvious LastPass, or any other online password manager, alternative it is an offline password manager, a good choice would be KeePass which is free and open source. By using KeePass you are making sure that you will be in control of you passwords database at all times, if you are a LastPass customer, read the instructions to import LastPass passwords into KeePass.
Nobody knows their exact date of death, as we invest time and money online storing digital data you should write a will including details on how to access your online account IDs and passwords alongside any offline financial bequeaths.
There are dozens of free services offered by third party companies, blogs, social networks, photo sharing, etc, nobody ever thinks about what will happen to that when you die, name in your will what social networks you belong to as this sometimes has sentimental value for family members, they might also have monetary value, email addresses used to recover a password could open the door to a Paypal or Alertpay account.
Hotmail: If you provide a death certificate and proof of power of attorney with a photocopy of your Government issued ID, Hotmail allows relatives to order a CD with all of the messages in the deceased user’s account, the email password account will not be provided.
Gmail: To get a copy of all of the messages in the user’s account you will need a death certificate, proof of power of attorney, photocopy of you Government issued ID and a copy of an e-mail the deceased has sent to the person making the request.
Yahoo Mail: Yahoo’s policy states that they will not grant access to a deceased users’ accounts unless there is a court order from a judge but the deceased user’s next of kin can ask for the account to be closed emailing them the death certificate.
Facebook: It will follow a family’s wishes to take down a deceased user’s profile or keep it in a memorial state removing status updates and only allowing those whom he/she had befriended to view the profile and post comments on it.
Flickr: If the account is open to the public Flickr will keep it up, any photos marked private will remain that way and family or friends will not be allowed to access them.
Gold treasure legacy
Many companies do not have a policy for when someone dies, it is always best that you always write in your will details of your valuable online assets, for example, if you have an online Casino account with money inside, or a Paypal account make sure your relatives know about it and they will be able to access the funds when you pass away.
To find more information about what requirements companies ask to access an online account of someone who has died visit the site below.
Digital cameras have a unique serial number, many cameras will embed this number in the digital photographs you take, more specifically it is included in what it is know as the EXIF (Exchangeable Image File Format) data, other data is also included there like geolocation, camera model, data and time, author,etc.
Not all digital cameras store the camera’s serial number in the photographs, this will not work for everyone, it is also possible to erase or fake the EXIF metadata, Facebook for example, will automatically strip the EXIF data from pictures uploaded to your account, erasing EXIF data takes times and many people do not bother with it or just don’t know how to do it.
Stolen Camera Finder is a website that will search pictures on the web taken with your camera, they do this by looking at the camera’s unique serial number stored in the pictures.
An Eye-Fi card is composed of a memory card with wireless capabilities, it will upload all of your photos online automatically as soon as it detects an open Wifi access point in range, best of all, an Eye-Fi card will automatically tag your pictures and videos geographically with the details of the exact location where they have been taken.
If your camera has been lost or stolen look at your online photo account, e.g. Flickr, SmugMug, to see if any pictures have been uploaded there recently, then look at the metadata (EXIF) and you will have not only the thief photographs but also the location of where the photos where taken, you should facilitate this information to the police for them to follow it up.
One problem you will find is that most Wi-fi access points need a password and if your Eye-Fi card has not been configured to use it it won’t be able to access the Internet, it can be solved buying a high end digital camera with built-in 3G the latest Eye-Fi cards can be made to work with it an upload the photos using your camera built-in 3G Internet.
Journalists and bloggers living in dangerous places will also appreciate the ability to upload their photos online instantly while erasing the pictures from their digital camera memory card just a couple minutes after they have been taken.
Death it is not a possibility but a certain fact that only depends on when and not if, it makes sense to prepare a list of all your valuable online accounts like Paypal, Google account, Flickr, eBay, Amazon, Hotmail, domain registrar accounts, etc, for your loved ones.
You could store all of your digital accounts user names and passwords inside an encrypted file and tell your next of kin what the password is, with instructions to open it up and seize your digital accounts after you die, or you could use an online trustee that will take care of all of your digital assets and pass them on to your selected beneficiaries.
The companies managing your online accounts will verify that you have died before carrying out any instructions, you can leave a last email to be sent after your death, including attachments with photos or documents, some trustee services can be directed to update your social media accounts (Facebook, LinkedIn, Twitter, Flickr, etc) announcing you have died.
Online legacy companies
AfterSteps: They will send you a detailed planning guide to understand how everything works, you can upload any digital document and receive reminders about your progress completing the whole process. The company guarantees that your end of life plan will be received by your designated verifier, usually a family member or loved one, after you pass away.
Digital legacy services AfterSteps
Legacy Locker: After human verification process of your death or incapacitation, Legacy Locker will grant access to your loved ones to your digital accounts and digital documents or photos stored with them, until then, all of your stored data is kept encrypted and nobody can access it, not even the company can view your data.
Legacy Locker online trustee after death
SecureSafe: Any online account with a password and a username can be left with SecureSafe, there are various plans available, the basic one transfers your passwords and usernames to your designated person after death verification.
SecureSafe online legacy services
AssetLock: It will organize all of the data you would like your family to know about if anything happened to you, this is not an online will but a digital assets manager that will pass on everything to your loved ones when you pass away, data is encrypted using AES 256bit. You should create various accounts and write down the credentials on your paper will for the benefactors to be able to log in and read the data.
AssetLock online digital assets
MyWonderfulLife: This service will help you plan your funeral online leaving letters for your loved ones and notes telling them where everything is located and what your last wishes are, you can even write your own orbituary after sharing stories and memories.