Tagsecurity

Testing Wuala cloud storage (with Wuala promo codes!)

In my search for good and secure cloud storage solutions, I’m trying out Wuala. Wuala is a cloud storage provider that I already mentioned in an earlier post. They encrypt your data locally on your computer. This ensures that only you (and not even the people at Wuala) can read your files. This is because your password, used for the encryption, never leaves your computer or is stored (in any form) at the Wuala servers. Other services like Dropbox, Google Drive and Skydrive don’t do this, which makes it possible for other people to read your files and view your photos.

I’ve only recently installed Wuala and I’ll write a review later this month when I’ve used and tested it more. But I can already tell you that they have a nice application interface, very good mobile apps (excellent for photo viewing!), good OS integration with seamless folder synchronization (you don’t have to move your files to a special folder) and excellent platform support (I’ve tested Windows, Linux and Android).

If you also want to give Wuala a try, you can use following codes to get extra storage (13 GB!):

  1. Register using my referral link. You get 1 extra GB for 1 year and I 256 MB ;-).
  2. Enter the following Wuala promo codes (one-by-one) in the application under “Options” > “Options…” > “Storage” > “Wuala Codes”  and click “Redeem” to get extra storage:
    • 1000-ANSWERS (1 extra GB for 1 year)
    • CONNECT-WITH-SUPPORT (1 extra GB for 1 year)
    • I-KNOW-MARKUS (1 extra GB for 3 months)
    • I-KNOW-DOMINIK (1 extra GB for 3 months)
    • I-KNOW-CAROLA (1 extra GB for 3 months)
    • I-KNOW-FABIUS (1 extra GB for 3 months)
    • I-KNOW-LUZIUS (1 extra GB for 3 months)
    • I-KNOW-MARCEL (1 extra GB for 3 months)
    • I-KNOW-MARIUS (1 extra GB for 3 months)
    • I-KNOW-DARIO (1 extra GB for 3 months)
    • I-LIKE-POLAND (1 extra GB for 3 months)
    • SKYFISH-IS-COOL (1 extra GB for 3 months)
    • I-KNOW-THOMAS (*NEW*, 1 extra GB for 6 months)
    • I-KNOW-ERIC (*NEW*, 1 extra GB for 6 months)

Unfortunately all this extra storage is for a limited period only and not for a lifetime (as with other services). So take this into account when uploading a lot of data! If you know other Wuala promotion codes or noticed that one of the listed codes isn’t active anymore, please let me know in the comments below.

Have fun with it!

PS: If you’re installing Wuala on Ubuntu 12.04 with Unity:

*Last edit on 13/11/2012*

How To Encrypt Your Home Folder in Linux

In this post I give a short explanation of how to encrypt your home folder in Linux. Why should you encrypt your home folder? When you use a laptop and you take it with you all the time it’s important to protect it. Unfortunately a good log-in password isn’t enough to stop someone from accessing your data when your laptop gets stolen. Your log-in password can be circumvented with any Linux Live CD. Therefore it’s important to encrypt your data and I will explain how you can do that on your (installed) Linux laptop. This how-to is written for Linux Mint (Debian) but it should also work for other distributions (like Ubuntu). You can use it to encrypt your home folder after installing Linux.

Step 0: Backup your (unencrypted) home folder

Before you start, you should backup the important files in your home folder. You can do this by copying your home folder to an external drive or by using cloud storage. But this shouldn’t be a problem because you should always have backups 😉 (if you don’t, read this).

Step 1: Install the ecryptfs-utils package

You can do this using the command:
sudo apt-get install ecryptfs-utils

Step 2: Configure the ecryptfs module to load at startup.

You do this by adding ecryptfs to the /etc/modules file.

Step 3: Restart your system so that the ecryptfs module loads.

Step 4: Log in as root in a terminal

BEFORE you log in with your regular user name in the (graphical) log-in window, go to a non-graphical log-in terminal by pressing CTRL+ALT+F1. There you log in as root.

Step 5: Start the encryption of your home folder

In the terminal where you logged in as root, enter the following command where you replace USERNAME with your own username:
ecryptfs-migrate-home -u USERNAME

The script will ask you to fill in the password of your normal Linux account (of which you want to encrypt the home folder). After that the encryption starts. This can take a while depending on the number of files you have in your home folder. Wait for the encryption to complete.

Step 6: Log in with your username and password

DO THIS BEFORE REBOOTING YOUR SYSTEM! Go back to the graphical log-in window by pressing CTRL+ALT+F7. Log in and verify that your files are still present and that you can read them. If this is not the case, you should restore the backup you made in step 0 or the backup generated by the script that looks like USERNAME.d5JafeTE (in the home directory).

Step 7: Backup your randomly generated mount passphrase

The ecryptfs utility generated a mount passphrase that is necessary to mount your encrypted data. The mounting happens automatically when you log-in but not when approaching the data from another Linux installation (like a live CD). Then you need to give the mount passphrase and that’s why you should save it on some external medium. You can display your current mount passphrase using the command:
sudo ecryptfs-unwrap-passphrase

Step 8: Restart your system and verify your data again.

Just to be sure, restart your computer again and verify that you can read your data after logging in.

Step 9: Remove the backup folder generated by the script

After you made sure that your data is alright, you can remove the backup of your home folder that was generated by the script. This folder is located in /home and looks like USERNAME.d5JafeTE

Step 10: Enjoy your newly encrypted home folder.

I would like to end this post with some remarks:

  • The encryption of your home folder has a noticeable impact on the performance of your system. The impact is minimal and your system stays absolutely usable. Just take it into account when doing this.
  • Make sure you have unencrypted backups of all your data for when your Linux system breaks and you lost your mount passphrase (or the encryption went corrupt). When your data is encrypted, there is no way of retrieving it with a live CD.
  • Dropbox and SpiderOak have no problem with the encryption and your data is readable when you access it from another SpiderOak or Dropbox client (on a different computer). It is possible that they start uploading after the first reboot, but they only upload information about the ‘last-modified’ meta data of the files (and that changed since the files where encrypted). I haven’t tested with other could storage solutions, but I expect that they’ll behave in a similar way.

Happy encrypting!

Improving the Security of Your Online and Mobile Life

The past few days I’ve been busy working on the security of my online and mobile life and in this post I want to share the things I learned while doing so. I will also discuss some great apps I discovered that can help you improve your security A LOT! These are the apps that I personally use or think that are worth mentioning. If you have suggestions of your own, please feel free to leave them in the comments bellow. Some of the links mentioned in this post are referral links. When using that link to register to the corresponding service, we both get some benefit ;-).

Passwords, Passwords and More Passwords

Do you also have a ton of accounts on different websites and forums? And do you also use only one to seven passwords you know by heart? If you do, than you’re in the same situation I was almost two years ago.  The problem with having only seven passwords you (can) remember is that on a lot of sites you use a duplicate password. And if one of those sites isn’t that securely protected or if your password wasn’t that strong, then you have a problem.

Another issue with passwords is that they are hard to remember. If you want to properly protect your personal email, PayPal or even Facebook and Twitter account, you better create a long password containing more than 15 characters. Plus your password should contain small letters, capitalized letters, numbers and symbols and should not be easy to reconstruct. A rule of thumb is that the more ‘random’ your password is, the more secure it is.

But remembering a random password of more than 15 characters isn’t easy. It’s even more difficult to remember one for each different website (or social network) you register. And here is where a good password manager comes in. Before I always felt like that a password manager limited me because when I use a friend’s computer, I don’t have my passwords with me (because he doesn’t have the same, or no password manager). But then I realized that in 98% of all the sites I log in to, I’m doing it on my own computer. So I only have to remember passwords for those other 2% which I do access from other computers and this is what convinced me to use LastPass!

LastPass is a password manager that works almost literally on every platform and every Internet browser. It also provides seamless synchronization but the one feature that makes LastPass for me the best password manager is the way they store and secure your passwords. All your passwords are locally encrypted on your computer using a key based on your master password and then sent to the LastPass servers.  So the people at LastPass can never see your (unencrypted) passwords (or the website where you have an account) and your master password is never sent to LastPass. This makes LastPass very secure to use and I’m not the only one who thinks that. A drawback of this is that there is no “forgot my password” function. They also give you other cool tools like a generator for secure passwords, mobile applications, a security check tool to keep you sharp, multi-factor authentication… And almost all these features are completely FREE! But LastPass is just my favorite, there are also many alternatives.

Backups, Backups and Synchronization

The next thing I would like to this discuss is backup software. Everyone should make backups of their files but I know too many people who still don’t. And this while, with the emergency of cloud storage, making backups has never been so easy!

Another problem I have is that I use many different devices and platforms. I use my laptop which runs Windows and Linux. I also own an old desktop computer which I use  now and then and I have my smart phone. If you also use multiple devices, you know that having all your files in one place is difficult and that they’re always in the wrong place.

But luckily there are two (and more) great applications that solve both problems: Dropbox and SpiderOak. I don’t think Dropbox needs any introduction and I recommend it to most (inexperienced) friends because of its ease of use. But I want to give some more attention to SpiderOak that I discovered after reading this article on Ars Technica. SpiderOak is a bit more complicated to use and setup than Dropbox and it isn’t that feature rich (like uploading files through the web interface, a mobile photo and file viewer…) but it has one big advantage over all other cloud storage applications: security and privacy. Very similar to LastPass, SpiderOak encrypts your data locally with a key based on your password and then sends the encrypted data (in different blocks) to the SpiderOak servers. Your password is never sent or stored at the SpiderOak servers so they have no way to actually read or use your data. In this way they guarantee your privacy. SpiderOak also handles local backups, synchronization, sharing and online access. They also offer a nice educational discount which is very convenient in my case. If you want an alternative to SpiderOak, there is Wuala. They do about the same as SpiderOak but I haven’t tried it myself. So let me know what you think about it in the comments below if you used it.

I’m currently using both SpiderOak and Dropbox. I use Dropbox for easy synchronization and sharing with friends who exclusively use Dropbox. And I’m using SpiderOak to back up and synchronize more personal data (like pictures, videos, contact details, thesis, research stuff…) because of it’s added security and privacy.

It’s small, smart and when you lose it, you have a problem

To finish this post (before it gets too long) I want to tell you about something I realized only a few days ago. I have an Android smart phone with a lot of different apps. I use it as my phone but also to check my email, manage my calendar, update my blog… But then I suddenly realized that my phone knows a lot about me. And with all those apps, it has access to a lot of my online accounts. It startled me even more that the only protection that my phone offered is an unlock key or pattern.

I started my quest to find an app that fixes this issue and there are actually a lot (strange that I didn’t saw them earlier). These are the ones I selected: Kaspersky Mobile Security, Lookout Security & Antivirus and Norton Antivirus & Security (these are links to the Android apps, but most of them have iOS versions too). All these apps offer antivirus scanning but also, and more relevant to my problem, remote locking and wiping of your phone. So if you lose your phone, you can send a message to it (either by SMS or the Internet) and then the application will lock your phone and/or wipe all personal data from it. When you locked your phone and you find it again, you can unlock it with some secret code.

Conclusion

LastPass is really a must-have because having different, secure passwords for every account is very important and LastPass helps you with this for free and in a very secure way. Having (off-site) backups of your data is also very important but privacy is a major concern here. I think SpiderOak and Wuala are the only cloud storage providers that offer you complete privacy and security, so I recommend that you give them a try. Your smart phone probably has access to a lot of your personal data so protecting it is very important. Therefore you better install a remote locking and wiping application so losing your smart phone doesn’t end in a personal catastrophe.

That’s it for today! I hope you discovered some new, interesting applications and that you use them to improve the security of your online and mobile life.

© 2017 Tom's Webspace

Theme by Anders NorénUp ↑