security

CallProtector – Secured Encrypted Voice Calls Hopefully…

Ed: Todays pitch is a fundamentally great idea, however the thing that would scare the hell out of me if I were one of the target customers is the fact that you just can’t know if a provider and their app really has the security smarts they claim.

While this level of security in the hands of individuals may be used for nefarious business, there is also a legitimate use case to evade malicious Nation States who would seek to repress reporters and activists.

I guess what qualifies as a Malicious Nation State is actually just a matter of perspective, all States are malicious to someone.

Encrypting voice calls is in fact the ultimate mission critical security application for a reporter or political activist, if you get this wrong a knock at the door will come in the middle of the night.

Normally the first rule in security is don’t let anyone know anything about how your security strategy, technology and end points, however for marketing purposes this team has chosen to publicise the encryption and security methods they use.

I guess keeping quiet about their security stack isn’t going to help them in the case of a persistent attack from a nation state however I find it a little disturbing that they think this is a good idea to be very specific about their methods.

I note a few weird things about the company, it has both an English and German site, but is located in Monkok in Hong Kong and interesting location given the proximity to China and the fact that there is no constitutional or rule of law certainties.

Also the English is not fantastic on the page, there are spelling and grammar errors.

call-protect-text

It gets a little more disturbing, they list the use of 521 bit encryption (this is an odd/strange number, you would normally expect a multiple of 8 ie 512 bit) which as far as I could tell was not one of the listed key sizes on the Wikipedia entry for AES256.

Not to say that this isn’t a legitimate company and product, but I have to say that if the web copy is sloppy or factually incorrect there is no way I would trust my life to these guys and their security.

 

Startup NameCallProtector
What problem are you solving?Companies/journalists can communicate worldwide over their phones without being scared of someone listening to them.
What is your solution?We are encrypting your voice data with an algorithm for top secret military communication. Be safe on iOS and Android.
Target MarketCompanies, journalists
How will you make money?Subscriptions/Advertisement
Tell us about the market & founders, why is this a great opportunity?We are a young team of 2 developers from Austria who are normally developing enterprise applications for big companies. While developing for them we often got asked how to securely communicate on their iOS or Android devices. There was no good solution so we decided to develop one and 3 years later we are here.
Founders NamesMichael Lukas
What type of funding has the company received?Bootstrap
Websitehttps://www.callprotect.me/
Twitter Handle@CallProtector
[lc-response-form id=1]

Venux – Encrypted Comms Channels + Secure Storage

Regular readers will recall, I am keen for solutions which offer private citizens the option to protect themselves against hackers and their own Governments. Venux is offering both a person to person secure comms channel and secure file storage.

While Im keen on these solutions I wonder how a consumer assures themselves that the service they use is secure, merely using a service like this would seem to be like using a big honeypot where every hacker both private and State based would be trying to attack the users and the platform.

This sort of service is required, especially when constitutional protections or implied rights to privacy have no meaning anymore, we tend to think of hostile Governments being a developing world issue, but increasingly its a Western world problem as well.

If you want to understand why you need a service like this, look at the Fortinet World Threat Map and see the constant barrage of hacking attacks in real time.

Startup NameVenux
What problem are you solving?A big issue is the security and privacy of personal information. Reports of hack attacks and data breaches are constantly on the news. As the amount of digital data in the universe is growing, vulnerability of unencrypted data is growing. Another issue is the complexity of modern OS architecture which produces compatibility and stability issues, creates a loss in performance, and leaves systems vulnerable to attacks.
What is your solution?All of Venux’s products are based on their completely secure Venux Platform. Optimized to increase performance, the simple architecture makes it standards compliant, extremely efficient, lightweight, responsive and virus-free. The user interface design is intuitive and beautifully executed. The tools you use to browse the web, organize your files, play and share your media, communicate and collaborate have a simple, elegant and integrated look.
Target MarketVenux will target anybody that does computing, with a particular focus on those who are seeking digital privacy. Anybody who communicates online, stores digital data, and shares information with others is always at risk, and therefore this segment will be the group that will benefit most from the company’s easy-to-use, all-in-one solution for daily computing.
How will you make money?We will employ the pay-as-you-go and add-on business models. Add-ons expand program functionality while bringing additional revenue streams. Our Add-ons are also competitively priced. The pay-as-you-go model gives users the freedom to make purchases only when they need to without any contracts. Customers can freely use the software and satisfied customers lead to word-of-mouth bringing in additional revenue.
Tell us about the market & founders, why is this a great opportunity?Venux doesn’t store user credentials or personal information and doesn’t use databases or servers. Venux will not have to store important information due to the Company’s proprietary technology, H.I.P.S.™. The Company’s unique encryption service hides information in plain sight, diminishing potential liabilities. Also, Venux offers AVPN (Anonymous Virtual Private Network) that serves competitive advantages in the market.
Founders NamesVlad Kruglyanky, Eugene Nosko
What type of funding has the company received?Angel
Websitehttps://venux.com
Twitter Handle@venux_software
[lc-response-form id=1]

Stay Secure – 5 ways to increase your online security

Photo by ElectronicFrontierFoundation

In the digital age privacy and security are always a major concern, especially since Eric Snowden revealed the National Security Agency’s global surveillance programs. Additionally, in a competitive environment or industry security and privacy are essential. The good news is both privacy and security can be reasonably maintained whilst enjoying the Internet.

Here are a few tips:

  • Use complex and different passwords. If you use the same password for your all your work and personal accounts then your work can access your personal accounts. If your password is ‘password’ or your first name then it can easily be guessed. If you use complex and different passwords do not put them all in a document or note titled, “Passwords,” or use the word “password” in that document. A simple search for the word “password” can be used to find that document and all your passwords – a nondescript or misleading title is ideal.

 

  • Use a virtual private network (VPN) A virtual private network allows your computer, laptop or mobile devices to communicate privately when using the very public Internet. There are a lot of ways to do this, both free and paid. For $70 per year, you can use WiTopia to access a very large number of gateways around the world. Typically you want the closest gateway to you to maximize speed. If you live, however, in an area with restricted Internet access such as Australia or China, then you can just select a gateway in a country without restricted access to “unrestrict” access.

 

  • Use encrypted cloud storage Dropbox recently added Condoleezza Rice to their board and she is a major proponent of NSA’s global surveillance programs. Dropbox claims to respect privacy, but the newest addition to the DropBox board of directors definitely does not. Try SpiderOak for more secure cloud-based storage. 2GB is free, premium subscriptions are the same price as DropBox, UI is fairly user-friendly and offers the same enjoyable features as DropBox along with ‘zero-knowledge” layered data encryption for those who only use the desktop client.  SpiderOak even drafted a comforting statement for those generally concerned with cloud-based storage: “Most importantly, however, the outer level keys are never stored in plaintext on the SpiderOak server. They are encrypted with 256 bit AES, using a key created by the key derivation/strengthening algorithm PBKDF2 (using sha256), with 16384 round and 32 bytes of random data (“salt”). This approach prevents brute force and pre-computation or database attacks against the key. This means that a user who knows her password, can generate the outer level encryption key using PBKDF2 and the salt, then decipher the outer level keys, and be on the way to decrypting her data. Without knowledge of the password, however, the data is quite unreadable.”

 

  • For personal email, find a provider that values your privacy You would not want your neighbours reading your personal mail so why do you let Google and the NSA? MyKolab offers a secure email with servers in a country that respects privacy a bit more than others for about $10 USD per month.

 

Enhanced by Zemanta