Insights For Success

Strategy, Innovation, Leadership and Security

Chronicle Security launches under the Alphabet family of companies

GeneralEdward Kiledjian

Alphabet Inc., the parent company of Google, has launched a new cybersecurity intelligence company called Chronicle.

The company promises to bring Alphabet's advanced machine learning capabilities and large cloud computing footprint to cyber intelligence. The soft launch was confirmed via a blog post on Medium called "Graduation Day: Introducing Chronicle". A quote from the blog entry says:

Organizations deploy dozens of security tools to protect themselves, and their security teams are highly skilled and extremely dedicated, but they can’t keep up with the growing number, sophistication and ambition of attacks.
— Astro Teller

Another Medium blog article is entitled "Give Good the Advantage".

Based on all the blog entries, Chronicle Security will be some kind of large, in the cloud, data collection and analytics platform that will leverage machine learning to deliver 10X efficiency improvements to security teams. 

Data collection and correlation tech aren't new in the security theater, we call this type of tech a security information and event management platform. Competitors in this space include LogRythm, Splunk, IBM QRadar, AleinVault, McAfee Enterprise Security Manager, SolarWinds Log & Event Manager and more. 

The company says their main differentiators will be :

  • "should be able to help teams search and retrieve useful information and run analysis in minutes, rather than the hours or days it currently takes"
  • "Storage — in far greater amounts and for far lower cost than organizations currently can get it — should help them see patterns that emerge from multiple data sources and over years."

Traditional SIEM technologies are very expensive so it looks like Chronicle Security will dramatically bring down the price, making attainable for small to medium size businesses. In addition to the cost, they promise to add machine learning to help find useful information faster and make that information more actionable. This is the piece currently missing in all SIEM products (regardless of what the marketing material says). If Chronicle can deliver Google grade machine learning that helps reduce the burden on security teams and makes the information analysis more automatic, then this could be a big break for security teams around the world.

It is difficult to peg down the exact offering Chronicle will have very little information about the technology or platform is provided. They have promised to keep customer information separate from other Alphabet companies (namely Google) and will have their own privacy policy.

Obviously, Alphabet believes the tech is good enough to turn an idea incubated in their moonshot factory into a real company. Now we wait and see if it is really as good as they are promising. 

Private Internet Access leaves Korea due to security concerns

GeneralEdward Kiledjian

We learned that Private Internet Access (PIA) has shut down its Korea exit nodes due to concerns about the privacy of its users. It learned through a "close contact" that South Korea law enforcement intended to clone its local data. 

Private Internet Access (PIA) didn't know why they would take these types of actions against it, but took immediate action as soon as it learned about this possibility. 

On the 21st January 2018 at 6.15pm Pacific Time, Private Internet Access was alerted by close contacts in South Korea that law enforcement would be seeking to mirror our servers tomorrow, 24th of January 2018, at 10:00 A.M without due process. Upon learning this information, we decided to remove and wipe the South Korea region from our network immediately.
— Private Internet Access blog

Even if the South Korean authorities did clone the data,  Private Internet Access (PIA) does not log any traffic or session data. 

In addition to removing its South Korea exit nodes, it also rotated its certificates as an additional security control. 

This is a great example that proves that Private Internet Access is committed to the privacy of its users. Good going PIA. 
 

Source: Private Internet Access

The best way to share your location with friends or family

GeneralEdward Kiledjian

Let's say you are meeting friends at a large outdoor concert, how do you provide your location? A street address may get them to the entrance gate, then what? What3words has proposed a solution that solves the issue of finding exact locations on a map?

What3words has divided the entire planet into 57 trillion 3mx3m grids and assigned each grid a unique three-word "address".  

If I want to meet friends at the entrance of Union Station in Toronto, I can search for "Union Station" in Google maps, and it will take me to the building but not necessarily the front entrance:

Or I can give my friends the What3Words address for the main entrance 3mx3m square which is: tens.listed.surviving

The What3Words address takes them directly to the entrance where I want to meet them. No ambiguity and no confusion.

In most western countries, we have mailing addresses but these aren't always easy to find. The most accurate mechanism has been latitude and longitude (which would look like this 43°38'43.3"N 79°22'51.9"W). Obviously, the three-word descriptor is easier to communicate and remember than the latitude/longitude. 

The entire world is mapped using about 40,000 words (it is available in multiple languages including French, Spanish, Arabic and more). Obviously, great care has gone into choosing the words to ensure there is nothing offending and no double meanings.  They have assigned more common words to locations in major centers. 

What3Words claims their tech is being used in over 170 countries by dozens of organizations from delivery companies (Aramex) to disaster relief coordination in the Philipines by the Red Cross. 

The entire mapping can be downloaded for use offline and consumes about 10MB of space. They are partnering with companies to build this tech into third-party apps. 

I really think this is a wonderfully unique approach to a problem everyone experiences and I hope more companies start using the What3Words technology. In the meantime, you can download their free Android and IOS app to get started. You can find the What3Words location address or navigate to any What3Words address (using your favorite Nav app installed on your IOS or Android phone (Google Maps, Apple Maps, Waze).

Android App showing the entrance of Union Station

Once you enter a three-word address, you can click on the navigate app and it will send the exact GPS coordinates to the location to any GPS app installed on your device.

Once you enter a three-word adress, you can share the exact location using any messaging app installed on your smartphone (Google Messages, Facebook, Whatsapp, etc). 

OPSEC - Security when making calls

GeneralEdward Kiledjian

RELATED: OPSEC - Introduction to Malware

RELATED: OPSEC - How to securely delete files

If you are making calls using a cellphone or landline phone then you should assume that your conversation can easily be intercepted by the carrier (providing the service or a government agency that has control over that carrier). Security researchers have even proven that with $1,500 in parts, they can build a cell phone call interception device by pretending they are a cell tower.

Regular phone calls on your cell phone (including SMS and MMS messages) are easily intercepted and should be considered insecure.

What about VOIP?

VOIP stands for Voice Over IP and any app that allows you to make voice calls is typically using VOIP (Whatsapp, Skype, DUO, etc). Many carriers have started offering Voice Over WIFI and Voice Over LTE. VOWIFI and VoLTE have the same security (or insecurity) as making a regular call using your carrier's normal cell network.

Some VOIP software offers decent or good end-to-end encryption. These require both parties to have the same software and typically callout that they use encryption in their literature. But be careful, not all encryption is created equal. Telegram Messenger advertises that it is secure but a deep dive into its model shows it uses "bad" (my opinion) encryption and shouldn't be trusted. 

RELATED: Telegram Messenger isn't as secure as you think

So some VOIP services offer good reliable encryption and others don't. Here are the ones you can rely on.

Signal

I have written about the free open-source Signal messaging app for years. Signal is the defacto reference on how to build solid end-to-end encryption. Their model was so good, they helped Whatsapp when it wanted to improve its security. 

RELATED: Whatsapp to become more secure than Apple Messages

Signal is cross-platform (Windows, Mac, ChromeOS, Chrome Browser). Signal offers a simple encrypted text messaging service and secure encrypted calling service. 

Signal uses your existing number and address book to simplify your authentication and connection with other users. Therefore there is no separate username or password to remember.

I have to highlight the fact that a motivated attacker can still collect metadata from signal calls because the central management servers are still owned by Whisper Systems. Whisper Systems does not have a way to listen in on calls or read messages but they do know who you spoke to, when and for how long. Having said this though, they still offer the most secure and best build encrypted messaging app around, and it is all offered for free.

Jitsi for encrypted video chats

If you want a free open-source tool for encrypted video chats (does audio too) then take a look at Jitsi. It also supports group chats. There is no requirement to sign-up for anything and therefore your personal information isn't sitting on some third-party server, 

You visit the site, enter a meeting name (without spaces and difficult to guess) and share that link with the other participants. It's really all there is to it. Safe, Easy and Secure.

What about Skype or Google Hangouts?

Most VOIP solutions offer transport encryption (which means a third-party like your carrier can't eavesdrop) but the data is managed unencrypted once it reaches the provider's network. In most cases, I discourage the use of these services for situations where security is the utmost priority. One caveat is that Skype has announced that it will work with the Signal team to implement end-to-end encryption (like Whatsapp did) but that is still many months away.  

There are dozens of products that use security to differentiate themselves and most have not been independently reviewed. I recommend you stick to the 2 products mentioned above.

Conclusion

Good security requires some planning but is well worth the effort. Hopefully, this article helps

OPSEC - How to securely delete files

GeneralEdward Kiledjian

You should also read my previous article "OPSEC - Introduction to Malware". 

Most computer (or smartphone/tablet) users believe that when you use the delete function in your operating system, you have securely destroyed the file beyond recovery, but that simply isn't the case. In most cases, the entry to the file was removed from the index but unless that disk space is needed by the operating system, the file is most likely still on the disk (just isn't normally accessible anymore).  The only sure way to ensure that the information is permanently deleted is by using a special process or tool that overwrites the drive. 

Let's talk about solid state drives

Note :  Deleting files from flash drives is very hard (Solid State Disks, USB keys, SD Cards, etc) The information in this post applies only to traditional spinning disks (what we call hard drives). 

The best recommendation I can make for these types of media is to use encryption as soon as you unpack the medium. 

What about Windows

The most widely recommended tool to securely delete a file or write over empty space to ensure previously deleted files aren't recoverable is a freeware tool called Eraser. Once installed, you can right-click a file or folder and choose Eraser > Erase from the right-click menu. 

You can also delete all the previously delete data from your computer by overwriting the empty space. 

What about Mac OS?

On MacOS 10.4 running on a computer with a normal hard drive, you can

  • open the Trash folder
  • Go to Finder > Secure Empty Trash

Unfortunately, in the El Capitan update, Apple removed this option because it could no longer guarantee that the new SSD disks in its devices would overwrite the files. Their comment can be found here and reads:

An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the “Secure Empty Trash” option.
— Apple blog

Apple's mitigating control is that they encrypt the entire disk using FileVault and thus without your password, the data would look like jibberish anyway. 

What do I do before selling my computer?

Regardless if you use a Windows or Mac machine, or if you use a hard disk or more modern SSD, the key is to remove the storage medium from the machine before you sell it. Then physically destroy the disk. In the commercial space, we use specialized disk shedders but you can drill holes in it then bank the daylights out of it with a hammer. Just remember to be safe.

How do I dispose of CD-ROMs or DVDs?

Most office supply stores sell inexpensive paper shedders that also shred (or in most cases physically destroy the storage medium) of CD-ROMs and DVDs. I recommend you invest in one of those or physically break the disk into hundreds of pieces using pliers.