HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation.  The extension encrypts your communications with a number of major websites such as: Google Searches, Wikipedia, Twitter, Facebook, bit.ly, GMX, WordPress.com blogs, The New York Times, The Washington Post and many others. (more…)

Digital Inspiration posted a guide on one method for tracking when an email message has been read.  This technique obviously only works if the recipient has clicked on the embedded link.

Use goo.gl to Know if your Email has been Read

How do you know if your email message has been read by the recipient(s)?

One option is that you embed a tracking image in your outgoing email messages. If that image downloads on to the recipient’s computer, it is a confirmation that your email has been opened and read. Obviously, this technique will only work if the recipient has enabled automatic image downloads and that he or she is reading your email in HTML and not plain text.

There’s another option as well. If your outgoing email messages include one or more hyperlinks, you may even consider taking the help of a URL shortening service like goo.gl for email tracking.

(more…)

Lifehacker’s Hive Five recently asked for reader’s opinions of the best VPN service providers.  The results are in and the leader was WiTopia with just over 19% of the total votes.  Here we take a brief look at WiTopia’s service offerings.

WiTopia offers PPTP VPN service for $3.34/Month (paid annually at $39.99/Year), OpenVPN-based SSL VPN service for $5/Month (paid annually at $59.99/Year) and a combination SSL/PPTP VPN service for $5.84/Month (paid annually at $69.99/Year).  Another interesting product offering is their CloakBox™ product which utilizes a pre-configured, plug-and-play VPN Router to connect an entire LAN to their network via VPN.  The CloakBox™ is $199 and includes one year of VPN service.  CloakBox™ service is $99/Year for subsequent years.  All service offerings come with a 30-day money back guarantee.

(more…)

Security researchers have managed to bypass the iPhone’s password protection in less than six minutes.  This could, obviously, have serious ramifications for anyone who loses their iPhone – particularly if that phone is used to access sensitive personal information or company data.

INSECURITY RESEARCHERS have busted an Iphone’s encryption protection in just six minutes to gain access to passwords.

Boffins at the Fraunhofer Institute for Secure Information Technology (SIT) in Germany devised the hack. The researchers did the tests to demonstrate that passwords aren’t secure on Iphones that have been lost.

They obviously had a point to prove and weren’t happy with just hacking Apple’s shoddy security encryption in six minutes. Within the allotted time, the team also managed to retrieve most of the passwords stored on the Iphone, accessing personal data that could be used to get into bank accounts.

[Read the Full Article at The Inquirer] [Watch the YouTube demonstration]

The Disk Utility application that comes with OSX will wipe free space – preventing most data from being recovered.  However, Apple’s Disk Utility does not wipe “slack space” – which can still be used to recover data from deleted files.  Jetico’s BCWipe solves that problem.

Apple’s Disk Utility can wipe whole disks and free space. One thing it apparently does not do, however, is wipe file slack.

File systems are divided into finite block sizes. File slack is the space after the data in a file ends and until the file systems block finishes. On an average hard drive, file slack frequently constitutes more than a gigabyte of information – information that is not wiped when wiping free space.

Unlike the Windows utility Eraser, for example, Disk Utility does not include file slack when wiping, so in fact it is not a complete wipe of free space. Forensic investigators frequently find interesting information in slack space, so a wipe of free space that does not include slack is in fact incomplete.

There is, however, a way to wipe free space on Mac OS X 10.4, 10.5 and 10.6, including slack space. Jetico’s BCWipe. The program has to be run from the command line, and the process is somewhat complicated if you haven’t done that sort of thing before.

A write-up on using BCWipe is available here and you can download/purchase BCWipe direct from Jetico here.

A while back we had a post showing how to add a strong passcode to your iPhone.  Thanks to the recent release of iPhone OS 4 this feature is now built in!

To enable this feature go to Settings -> General -> Passcode Lock, toggle Simple Passcode to off, and enter your preferred alphanumeric passcode.

Philosecurity.org has posted a real copy of an American citizen’s DHS Travel Record retrieved from the U.S. Customs and Border Patrol’s Automated Targeting System (ATS). This was obtained through a FOIA/Privacy Act request and sent in by an anonymous reader.  The document reveals that the DHS is storing the reader’s:

• Full credit card number and expiration

• IP address used to make web travel reservations

• Hotel information and itinerary

• Full Name, birth date and passport number

• Full airline itinerary, including flight numbers and seat numbers

• Cruise ship itinerary

• Phone numbers, including business, home & cell

• Every frequent flyer and hotel number associated with the subject, even ones not used for the specific reservation

[Article on Philosecurity.org]     [PDF of the original document]

Jaroslaw Lupinski has built a device that will generate magnetic signals to spoof a magnetic stripe reader – you know, the things that open doors and allow you to pay for your groceries.  Instructables has a write-up on a similar device using an iPod but Jaroslaw’s device will allow you to change the data on the fly.  Combine this with Stripe Snoop and you’ve got quite a powerful combination…

[Link]

Whether you’re posting an item for sale on Craigslist or trying to avoid stalkers while dating online, sometimes you need a telephone number that you can use for a temporary time period and then throw away.  Enter inumbr.  You choose a telephone number from a list of major cities and have that number forward to another telephone number or to voicemail.  After a pre-set period of time, the number disconnects and (allegedly) is never reused.

[Link]