plausible deniability

So, you have some photos and/or videos, which are of course legal, and you don’t want anyone to see them without your permission.

Your smart so you decide to put them in something like TrueCrypt – in a hidden TrueCrypt volume.

Now you feel safe, but are you?

What you might not realize is the fact that many people, including possibly the IT department at your company, your friends and of course the authorities, know all there is to know about these programs.

But let’s say you’re smart and you do not install TrueCrypt on your computer so that giveaway is not present. But you do have the volume somewhere on your computer or on another device (USB stick, phone) that is in your possession.

There are tools that analyze file systems and determine what files/file types are present and these tools can identify a TrueCrypt or other encrypted volume.

But let’s remember that you are smart and you created a hidden TrueCrypt volume so when they ask you for the password you can give it to them.

But they notice that the 2 GB volume only contains a couple of MB of files or even a 100 MB of files. If you can convincingly say “sorry, there is no other password” – now they, at the very least, consider you suspicious and you are now a person of interest – not a nice position to be in.

In many countries there are key disclosure laws, also known as mandatory key disclosure, which is legislation that requires individuals to surrender cryptographic keys to law enforcement. However, this is not true in the US and in the United States v. Doe, the United States Court of Appeals for the Eleventh Circuit ruled that forcing the decryption of one’s laptop violates the Fifth Amendment.

So where does this leave you? You cannot be forced to provide the password to the hidden volume, which might not even exist, but you are now on someone’s radar screen.

So, how can you both (1) feel comfortable, and (2) keep your private photos/videos securely stashed and away from prying eyes?

Soon, when SecureSnaps premium product Snaps Elite is released, you will not be required to provide an email address when you register and you will be able to make your purchase using Bitcoins.

Each Snaps Elite license key will allow you to create a random number of accounts (each requiring only a unique username and no other identifying information) and each account can contain a unique/different set of photos/videos.

So, when you login using what we will call your public username (in addition to the associated password and two security questions/answers) your non-private/non-sensitive photos/videos will be available to show your boss, your friends, the authorities, basically anyone who wants to see what you have.

But, when you login with what we will call your private username, your private/sensitive photos/videos will be available, only to you.

If you do not share that username, nobody will know you are the owner of it, because nobody knows how many accounts (usernames) you can access.

What does this mean to you? It means that you can have at least one username that you never need to disclose to anyone. Unlike most systems, which provide a 2nd password to access a hidden partition or file system, you are guaranteed plausible deniability.

don’t believe everything you read

Security at the Western Wall in Old City of Jerusalem

Security at the Western Wall in Old City of Jerusalem

I just returned from a fantastic New Year’s holiday with my girlfriend. One that I had not planned on enjoying – based mainly upon all the hassles I expected to encounter after reading TripAdvisor and other travel and US government websites.

I went to Israel. For my first time and not my last time.

But this post is not about how great my trip was, or how great the food was, or how terrible the weather was, it is about security – or the lack thereof and the people.

Everywhere I had read and from family friends I had heard that (1) we must carry our passports at all times and that we will be stopped many times a day to be checked for identification, and (2) that in Jerusalem especially we will be bothered by overly zealous religious Jews.

So, for our 8 day vacation we spent 2 days in Tel Aviv, 5 days in Jerusalem and 1 day in Bethlehem (a Palestinian city located in the central West Bank).

We landed in Tel Aviv mid-morning and spent about 30 minutes in an immigration line-up (to be expected and nothing out of the norm from any other country that has passport control). Then with the help of some very friendly people (some Jewish and some Muslim) we took the train into Tel Aviv and a taxi to our hotel. Then it was out to see the city. Over the 2 days, we walked around some good parts, some rough parts and some amazing parts of the city – never once being harassed and never once being asked for our identification. Actually we do not remember seeing a single police or military officer that was not just driving by in their vehicle.

Then on the Sabbath (wow what a day not to travel in Israel as nobody is working and literally I mean nobody) we were lucky to find a taxi driver to take us to Jerusalem (slight premium of 50% for travel on the Sabbath).

So now we are in Jerusalem, where I had been informed that security would be tight tight tight and there would be lots of police and military and check after check of our passports.

Well for 5 days we walked the entire city from one end to the other. Through the old city at least a dozen times. In/out back in/out. All over the place. And yes we saw a few military personnel (especially relaxing near the Western Wall) but we were never stopped or asked for our identification (actually we stopped many military persons to either take pictures with them or to ask for directions. And it was not just us, we did not see the military ask anyone in any lineup we were in for their identification either.

Then on January 7, with snow coming down and a terribly cold wind, we headed to Bethlehem. We took a bus, which whizzed through the Israeli check-point into Bethlehem and we were then dropped somewhere in New Bethlehem. Out the bus and into the hands of many taxi drivers looking for a customer. We selected a driver and off we went to see the Church of Nativity. Driving through the rain/snow in some unknown direction we were a little concerned. But 10 minutes later we arrived at the church and left our smiling and very friendly driver behind. A couple of hours later we left the church to find the town covered in snow and basically empty of people. It was now about 3:30pm. We approached some guys that also quickly approached us and told them we needed to get back to the bus that would take us to Jerusalem. We were told the buses had stopped running – first impression was they were lying – so we told one of the drivers to take us to the bus station anyway. We got into an unmarked taxi and negotiated a fair price (considering the weather and all) and proceeded through heavy snow down some streets, which I was sure was in the wrong direction to where we wanted to go. Then about 15 minutes later we arrive back where the bus was supposed to be. No bus. No people. Dead quiet streets. Our driver said he would go ask another taxi driver that was near the bus stop and he returned minutes later to say “no bus – too much snow and no people”. Ok. It is now 4:00pm in Bethlehem and snowing like mad and we did not want to stay. So we negotiated with our driver to be taken to checkpoint 300, whatever that was. He said it was a checkpoint into Israel. What can I say. The answer was OK, let’s go. He drove through deserted streets and we both had a strange/nervous feeling in our heads/stomachs, especially since there were no door handles on any of the 3 passenger doors. It felt like we were about to be part of Hostel 2 – the remake.

So then we come upon a huge wall, which looked about 30 feet in height and as I now understand is 450 miles in length, the wall separating Israel from the West Bank, and start driving along a very quiet deserted street. He couldn’t make it up a slight grade since he had bald tires so after many attempts he reversed down where we had come from and turned up another street and then a few minutes later he stop. Again the wall was in front of us. He got out and then let us out of the car and told us to follow him. There were two other guys standing near the wall and they were talking very loudly. So then our driver takes us into a walkway (one of three) that resembled something you would send pigs through to get them to the slaughter. Only the walls went all the way to the rooftop and so no escape but to retreat. Our driver was yelling something to the 2 guys that had been by the wall and at the entrance to the walkway and we just kept pushing forward. He in front of us and these guys somewhere behind us. Again it is only 4pm on Wednesday, January 7. But it is really cold and the streets are covered in snow and it is snowing heavily.

After about 50 feet we get to a corner/turn in the walkway, and this is one of 3 walkways, and we are in the middle one. Our driver looks at us and says “I cannot go any further, you go the checkpoint is there.”

First, we are a bit shocked since it seems like we were not to be in the re-make of Hostel 2 and yet a bit concerned as what was in front of us was a turnstile that once through there was no way back. We looked at him and he must have sensed some trepidation on our part, he said “go through there and there will be buses and taxis on the other side.” We paid him and moved on.

We were not sure if we were entering Israel, Jordan, Egypt, who knew.

So through the first turnstile, more walkway, no people, nothing, no noise, nothing. through another turnstile and then we come out into an open parking lot. No people, no cars, no buses. Nothing. There was what looked like a border control checkpoint station where someone should have been, but nobody was to be seen. In front of us were more turnstiles and walkways and behind us no way back.

Two other female tourists arrived after a few minutes and had come from where we had come from and while we were trying to decide whether to enter this next set of turnstiles two Africans came in our direction. We asked them “how do we get to Jerusalem?” They looked at us and walked on past.

So we entered the first turnstile, down a walkway, another turnstile, into an empty building that looked like it could either be the entrance/holding area for a prison or maybe the slaughterhouse for the pigs that had been driven down the walkways. We went through many doors and then reached a dead-end, so we back-tracked and found a huge door that led us to a border processing area. I was calling out trying to see if anyone was nearby. Again, we were not sure (no signage at all) whether we were entering Israel or some other country.

We saw some waist-high turnstiles like when you go onto a subway and some border control checkpoint stations. All the turnstiles had a red X lit up and the border control checkpoint stations were empty. Then we found a turnstile with a green X lit up and looked into the border control checkpoint station to find a man in some uniform who looked at us and waved us through.

We had just left the Palestinian controlled Bethlehem and entered into Israel, our passports safely in my jacket pocket and having yet to be pulled out of my pocket.

Outside we find a taxi driver (one of only three that were outside the checkpoint) who agrees to take us to Jerusalem for a reasonable fee. Again, for all we knew we could have been in Jordan. So 20 minutes later we stop beside the old city of Jerusalem and get out thanking our driver who of course doesn’t have any change so the price went up a bit. But what the hell, we are back in a place we now know very well.

So the morale to my story is. In 8 days in Israel, going into Palestinian controlled Bethlehem and back. Walking around bundled up due to the terrible weather – looking like the camera under my jacket is something else entirely – we were never once asked for identification, we were never once hassled, we were treated with kindness and generosity from people who could have taken advantage of us and the situation we were in.

In my 56 years I must say this was one of the best vacations I have ever had and I look forward to my return to Israel and Palestinian controlled Bethlehem and to both the really nice Jewish people we met and the really nice Muslim people we met.

why kill us

So, after 42 years of smoking a pack a day I quit. Yes, with the help of the patch.

On Thursday, November 27th, I went to a great restaurant with a good friend of mine. That night we had a superb dinner and each of us drank about a dozen 1/2 liter bottles of Budweiser and I smoked about a pack of cigarettes as is the norm on a night of drinks.

I have to digress here, this was not the watered down American Anheuser-Busch Bud beer that we were drinking, but the original and very very tasty Budweiser from Budweis (in the Czech Republic), who’s production dates back to 1785.

So, about 5 1/2 hours later Friday morning came along and wow what a headache. I sat up in bed and the last thing I wanted to think about was either alcohol or tobacco.

So as I was trying to get ready for the day I was reading the BBC News on my phone only to read an article that said:

    half of all regular cigarette smokers will eventually be killed by their habit
    on average, each cigarette shortens the life of the smoker by around five to 10 minutes
    smoking causes more than 50 illnesses and has more than 20 ways to kill
    about a sixth of all deaths in the UK and nearly a third of all cancer deaths in the UK can be attributed to smoking

WOW! I am not an idiot and I did know most of this, but on that fuzzy and painful morning I came to realize it was time to stop.

So, if all this is true, why do we let our governments sell these things? Are we that weak or stupid? Yes we must be!

We spend lots of time and money arguing about guns, for example on NBC News on Jan 16, 2013 – “every day in the U.S., an average of 289 people are shot. Eighty-six of them die …”

But, according to the CDC – “cigarette smoking is responsible for more than 480,000 deaths per year in the United States, including an estimated 41,000 deaths resulting from secondhand smoke exposure. This is about 1,300 deaths every day.”

So we have 1,300 daily deaths versus 86 or 15 times more people killed by cigarette smoking than by guns everyday in the United States.

Now lets take a look at alcohol. Again, we will use the CDC – 2011 Numbers – “number of alcoholic liver disease deaths: 16,749, number of alcohol-induced deaths, excluding accidents and homicides: 26,654.”

So that gives us a total of 43,403 or 119 deaths per day.

Death by bottle @ 119 beats death by lead @ 86, but is a far cry from death by “death sticks” @ 1,300 – PER DAY – JUST IN THE UNITED STATES.

So my question is why do we let our governments kill us?

how to be secure and not forget

I have a simple process to create a password/passphrase which seems to stop brute force hack attacks and dictionary hackings.

This could also be used for answers to security questions. The difference with the answers to security questions is I also make sure the question has nothing to do with the answer.

For example:

Q: Town where I was born
A: ILuv2PlayB@dm1nt()n – (hint: I love to play badminton)

NOTE: According to OnlineDomainTools password checker it would take a medium sized botnet 119 quadrillion years to crack your password.

So, to make an unbreakable password, passphrase or security answer that you can remember:

• Create an acronym from an easy-to-remember piece of information and substitute numbers, symbols, and misspellings
• Make it 12-characters or longer
• Avoid names, places, dictionary words
• Mix capitalization, spelling, numbers, symbols and punctuation

Then if you are really nervous you might forget your password, use my post found here to store it forever where it can not be found.

Mix it up a bit and the botnet and the hackers will not have access to your data.

hard to remember passwords, not so secure

Today I stumbled upon something that made me rethink what a good, secure password is.

A lot of us use password generators that create passwords, which are very hard to remember, like these:

  • KBYd4ie*2
  • $4WN2Kxp
  • IQh58&Yh
  • da1z#VW4

Today, I found a password generator called Pafwert that creates passwords, which are much easier to remember, like these:

  • bone.horse.berner
  • Miss. Undercarriage
  • orangeslapperdotgov
  • Anaxtogrind v2.0

According to HowSecureIsMyPassword, it would take a desktop PC (configuration unknown) 275 days to crack KBYd4ie*2 and it would take that same desktop PC 4 trillion years to crack bone.horse.berner.

  • KBYd4ie*2
  • Length: 9 characters
    Character Combinations: 77
    Calculations Per Second: 4 billion
    Possible Combinations: 95 quadrillion

  • bone.horse.berner
  • Length: 18 characters
    Character Combinations: 45
    Calculations Per Second: 4 billion
    Possible Combinations: 572 octillion

So what if we mix it up a bit?

It would take 4 trillion years to crack bone.horse.berner, but if we get a little creative and also not use dictionary terms, what do we get?

Mi1Wife2Iz3Grate4 would take 23 trillion years for a brute force attack and since it uses non-dictionary words, it would also not fall prey to a dictionary hacking.

Well, it seems I have been keeping track of difficult, hard to remember passwords for far too long. Those days are over! :)

where to store passwords

The problem with really good passwords, passphrases and secret question/answer pairs is where to keep them.

For the past decade or more I have been using Wikipedia. It is free. It will keep your passwords forever. And it is difficult for someone to find where you put it or prove it is yours – if you use something like TOR while doing what I explain below.

So what we are going to do is:

1. Using our head or something like xkpasswd, create a password – here is mine [*61=milk=LINE=train=BEAN=51*].

2. Then we go to Wikipedia and search for something that we will not forget – RICHARD BRANSON for example. Notice on the top right to the left of the SEARCH box is an EDIT link. Now search for BILL GATES and you will NOT see this EDIT link and you will see a lock. This means you cannot do what needs to be done on the BILL GATES page but you can on the RICHARD BRANSON page.

3. Click the edit link and insert your password somewhere in the main body of the page.

BEFORE
At the age of sixteen his first business venture was a magazine called ”Student”.McKenzie, Sheena (25 April 2013) “[http://edition.cnn.com/2013/04/25/business/richard-branson-virgin-atlantic-challenger-ii/ Back to the future for Richard Branson’s retro 80s speedboat]”. CNN Retrieved 30 April 2014. In 1970, he set up a mail-order record business. In 1972, he opened a chain of record stores, Virgin Records, later known as [[Virgin Megastores]]. Branson’s Virgin brand grew rapidly during the 1980s, as he set up [[Virgin Atlantic]] and expanded the [[Virgin Records]] music label.

AFTER
*61=milk=LINE=train=BEAN=51*At the age of sixteen his first business venture was a magazine called ”Student”.McKenzie, Sheena (25 April 2013) “[http://edition.cnn.com/2013/04/25/business/richard-branson-virgin-atlantic-challenger-ii/ Back to the future for Richard Branson’s retro 80s speedboat]”. CNN Retrieved 30 April 2014. In 1970, he set up a mail-order record business. In 1972, he opened a chain of record stores, Virgin Records, later known as [[Virgin Megastores]]. Branson’s Virgin brand grew rapidly during the 1980s, as he set up [[Virgin Atlantic]] and expanded the [[Virgin Records]] music label.

4. Click the SAVE PAGE button.

5. Click the VIEW HISTORY link, to the left of the SEARCH box.

6. Your changed page should be at the top of the list, at the end of the line is an UNDO link, click the UNDO link. On the next page click the SAVE PAGE button.

7. The RICHARD BRANSON page is now back to the way it was.

8. AND, whenever you want to retrieve your password you go back to Wikipedia, to your memorable search item, click the VIEW HISTORY link and find the date you made your change.

Simple (especially if you do it on a easy to remember day like the 1st of a month), there forever, and hidden from everyone.

secure snaps launch

SecureSnaps beta is only a few weeks away.

All platforms will be released simultaneously – Windows, Mac and Linux desktops – iOS & Android phones and tablets.

SecureSnaps is an extremely easy-to-use app that stores all your personal, private photos – not the ones you share with the rest of the planet, the other ones – the important ones that need to be securely stored and kept away from prying eyes.

All your photos are military grade encrypted when in SecureSnaps. This means that both at rest (on your devices and the cloud) and in transit to the cloud, your photos cannot be decrypted and viewed. If you follow our guidelines for password and passphrase quality/complexity, you can be assured that nobody anywhere (even the North Koreans) can every get access to your photos.

SecureSnaps gives you an unlimited number of personas, you can be who you want, when you want, where you want. What does that mean?

At home with the wife and kids you can show them all the family photos that you have, which photos are not to be shared on Facebook®, Instagram®, Pintrest®, etc. Those ones, you can store anywhere, who cares, the world has complete access to them.

Then, when the kids are in bed you and the wife can see all the photos that are just for the two of you.

And then, when you are alone, you can see all the photos that are just for you.

my life will never be the same

My life will never be the same. Today is the day I broke down and decided to be social.

I will write about what I like, hate, love, desire, despise, crave, need, want, and most importantly what makes me laugh.

I am not sure whether you should be wasting your time reading what I have to say, but what I write will be entirely honest and derived solely from my experiences that have shaped who and what I am today.