Monthly Archives: February 2014

Enterprise users who want to use common file-sharing services like Dropbox and Google Drive have a big problem: their IT guys will always be worried that one hacker will be able to bring down their internal network. A new service called nCrypted Cloud is trying to assuage this fear by encrypting everything, everywhere, and offering an audit trail to see who accessed what files when.

In short, nCrypted is supposed to encrypt everything on your Dropbox, Google Drive, SkyDrive and Box accounts. While that may sound boring to the average user, imagine the importance if, say, you were using your cloud storage as a place to stash business documents or important photos and video?

Founded by repeat entrepreneur Nicholas Stamos and encryption master Igor Odnovorov, the company raised $3M in a seed round from angels at Microsoft, Cisco, Reveal Imaging, and Broadcom. They are currently looking for a Series A.

The system works by first encrypting files on the fly as you add them to your shared drives. You can also encrypt files as needed. It also creates a paper trail so IT departments can see who encrypted and decrypted what during the files’ lifecycle.

“The PCS model nCrypted Cloud implements enables IT to delegate the responsibility of protecting shared data in the cloud to their end users. But with responsibility comes accountability. nCrypted Cloud provides network agnostic, device agnostic, and cloud storage agnostic forensic level data usage auditing, allowing centralized visibility and oversight of user activity,” said Stamos.

They also have plenty of traction.

“Our users have generated over 100M audit events, and encrypted over 10M files. Most customers are large enterprise users, so for security reasons, we do not disclose the actual number of users,” he said.

The company also offers personal versions of its software for smaller users. It is available for free on the site. You can check out the enterprise version here. Stamos says the app is about accountability and not overarching, top-down control.

“For the first time, IT is given a looking glass into where data is going and being used outside the organization, and on non-corporate devices. Anomalies are easily detected and corrected. This is an accountability based model; it’s the only way to scale; and it’s the way our society works. A good parallel is that most states have speed limited to 65 mph. But cars are not limited to 65 mph. Why not? Because we have decided that drivers can be held accountable for their actions, and traffic flows freely. We need the same model to balance the corporate requirements of protecting data, while allowing business users to move as quickly and efficiently as possible. nCrypted Cloud solves this problem and provides that balance,” he said.

Via: techcrunch

Last summer they covered Petzila’s answer to keeping a pet pooch happy when you’re not at home: a remote treat dispenser called PetziConnect which also let absent dog owners view and talk to their pooch while delivering treats from afar. Fast forward a few months and prepare to greet iCPooch: another gizmo aiming for the not-so-stay-at-home dog owner, but one which takes the remote petting to the next obvious level: doggy facetime.

iCPooch, currently seeking $20,000 on Kickstarter to go from prototype to production, provides a plastic housing for repurposing an Android/iOS smartphone or tablet as a video terminal through which you can see and be seen by your dog when you’re not at home.

So, to be clear, you’re going to have to provide the most expensive chunk of hardware required to power this device yourself, fitting it between iCPooch’s adjustable brackets. Although, your old smartphone that’s languishing unused in a drawer is probably going to be perfectly up to the task of treat-talking Fido.

As with PetziConnect, iCPooch holds pet treats (although it’s specifically designed for larger dog biscuits) that the owner can dispense remotely via the ‘drop cookie’ button in the corresponding app.

The differentiator is that because you’re using a smartphone/tablet, the app can also support placing a videocall (via Skype and piggybacking on your home Wi-Fi network) so you can view your dog while you send a treat, and — crucially — be seen by them. That’s one up on PetziConnect which included a camera and microphone so the owner could see and talk to the dog, but no screen to be seen.

Whether your dog will care as much for seeing your remote visage as receiving the tasty treats that materialise in iCPooch’s tray remains to be seen — and judging by the Kickstarter video, the dog’s Pavlovian attachment is likely to quickly transfer to the tray portion of the device, i.e. the place where the treat appears. But at least you get to pretend they’re really happy to see you.

Also remaining to be seen: whether the remote sight and sound of a beloved owner, coupled with the tasty scent of dog biscuits wafting from a box on the floor, drives Fido into such a frenzy of excitement that he systematically deconstructs iCPooch, returning it to the constituent parts from whence it came.

iCPooch was apparently the brainchild of 14-year-old Brooke Martin, who is credited as inventor and spokesman on the Kickstarter project page, with her dad as founder and COO. The idea came to her after the family dog suffered “separation anxiety” as a result of everyone having less time to spend hanging out at home. Ergo she wanted a way to maintain some contact with the dog, when she was out and about.

The family startup is aiming to raise $20,000 on Kickstarter by March 4 to get iCPooch to market, with an estimated shipment date of this May. Early backers can bag the device for $99. But as noted above, that price-tag does not include the cost of the smartphone or tablet you’ll need to turn iCPooch from dumb plastic to working gadget.

(Petzila’s rival PetziConnect, which incorporates its own HD camera and Wi-Fi connectivity into the treat-dispenser, has not yet shipped but is due to arrive in early 2014. It’s available for pre-order costing $170.)

Via: techcrunch

A variant of the data-stealing Zeus Trojan – best known for targeting online banking – is using a new technique to bypass security systems, researchers have found.

By encrypting the executable file, cyber criminals are sneaking GameOver Zeus malware past web filters, network intrusion detection systems and other defences as a non-executable .enc file.

On 1 February 2014, US-based Malcovery Security alerted the security community and law enforcement agencies after its researchers identified the technique and observed its use trending upwards.

The attackers are using email messages that appear to come from HMRC, HSBC and other well-known brands to trick recipients into opening an attached .zip file, according to a Malcovery blog post.

If the attachment is opened, it launches a new version of the application called Upatre, which downloads and decrypts a .enc file, which is GameOver Zeus executable.

“If you are in charge of network security for your enterprise, you may want to check your logs to see how many .enc files have been downloaded recently,” said Gary Warner, CTO of Malcovery.

Before Malcovery raised the alarm, its researchers found none of the 50 security products used by online virus scanning service VirusTotal were blocking GameOver Zeus distributed in this way.

In a blog update, Warner notes that researcher Boldizsár Bencsáth, from CrySys Lab in Hungary, has published details of how the encoding works.

The researcher found the file is first compressed and then XOR’ed with a 32-bit key. Upatre then reverses the process to create the .exe file.

Malcovery has observed several malicious email campaigns, using this technique, that researchers believe are being distributed by the cyber criminals behind the Cutwail malware delivery infrastructure,” said Warner.

“It is likely that many different criminals are paying to use this infrastructure.”

Via: computerweekly

The company says a list of user names and passwords ‘was likely collected from a third-party database compromise.’

Yahoo recently announced that it had “identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts,” and had responded by resetting the passwords of all affected accounts and requiring some users to implement two-factor authentication (h/t Graham Cluley).

It’s not clear from the announcement how many accounts are affected.

“Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise,” Yahoo senior vice president for platforms and personalization products Jay Rossiter wrote in a blog post detailing the breach. “We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts.”

“The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails,” Rossiter added.

As Graham Cluley notes, it’s crucial when choosing a password to select one that’s hard to guess, and never to use the same password on more than one site. A password manager like LastPass, 1Password, RoboForm or KeePass can make that process far simpler.

I ama fan of LastPass myself.

Via: esecurityplanet

There are now countless lost and found devices based on Bluetooth LE technology, and the Puppy from BeLuvv fits that description. It’s a pendant for your dog’s collar, which talks to a companion smartphone app via Bluetooth LE and alerts you when your pet gets too far away (a subjective measure you can change yourself).

That’s not too different from existing devices out there, many of which, while not pet specific, could be easily adapted for their use. But the difference here is that once your pet escapes the range of your own Bluetooth-enabled smartphone, you aren’t stuck with zero options for tracking it further: you can essentially rights-manage your dog, giving permission to trusted friends and neighbors to help you find it when it ventures further afield.

When your dog goes beyond your network, the idea is that it might enter into the Bluetooth range of the devices of your friends, neighbors and family nearby. If they’ve been granted permission, those contacts will get pinged on their phone when it picks up the Bluetooth LE signal put out by the Puppy tracker. This way, your connections call let you know they’ve seen Sparky or Rover, and you can hopefully make your way out to grab them before they run off again.

Puppy doesn’t have GPS or RFID onboard, which could make it harder to find it once it’s lost, but the idea here is to provide a convenient, cheap (it retails for $29.95) and small way to keep track of your pet and alert you before you get into a situation where you have to trek all over the city tracking them down.

BeLuvv has some experience in providing this kind of device and service: it created the Guardian tracker for kids which we covered back in October, which is essentially the same thing but for toddlers instead of poodles. Right now, the Puppy is available for pre-order, but it’s going to ship a first batch of devices on February 21st, the company says.