PC Plus magazine in editions 296 and 297 has covered Cryptography and code-breaking in a related series of articles.

In July's magazine QuickStego is featured (a little) whilst covering Steganography as a complementary aid and area of interest to cyphers and codes. QuickStego employs the same functionality for bitmap steganography as QuickCrypto, though QuickCrypto can also use jpg, gif as image carrier files and also wav and mp3 as sound carrier files. Nice set of articles though - especially the historical aspects and the chance to give some of these legacy ciphers a go yourself using MS Excel.

During the 2nd April 2010 a new version of Quick Crypto will be released for download.

Existing customers should be able to update if they wish without having to re-register or pay anything further.

There are some major improvements to the Steganography and Password Manager features.

The full details can be found here - Version 3.1P QuickCrypto

The Home Edition of QuickCrypto will be going up in price soon.

We can no longer maintain this edition at the current very low price of £9.99 (about $15-$17 USD).

The cost of this edition will be moving to £14.99 (about $22 to $23 USD) from 6th April 2010.

Get it at the current price now !

We'll be launching a QuickCrypto FaceBook page soon.

We're hoping that it will attract a few more customers our way :-).

We'll edit this page with the details when we get it sorted.

Happy New Year to all our customers and, well, everyone!

And here's some good news to save you some money.

Researchers have found that Microsoft's new to-be-free anti-virus and anti-malware system - Microsoft Essentials (MSE) beats paid for internet security suites with regard to anti-virus protection.

Can't be bad!

We're going to switch one of our machines to it when we get a copy and see how we go with it ....

If you use the "Force Field" part of the ZoneAlarm internet suite - it will not allow QuickCrypto to launch.

It blocks QuickCrypto from manipulating the memory it needs to ensure its own system-self is secure.

We couldn't find a way to "white-list" QuickCrypto in this part of Zone Alarm.

We've spotted a new web-site to keep an eye on.

It's got a lot of useful information with regard to encryption and privacy:

Desktop Security Software

Early days for the site I guess, but we'll keep goign back to check, we like the articles style - not too long-winded but gets the point across with a bit of humor here and there.

It is estimated that 1.7 million Brits are using the same password for every web site that requires a registration log in.

And around 1 miilion of these people use easily guessable passwords, first names, pet names, childrens names etc.

It is much easier to remember one password for all, so it's no surprise really.

However, once the password is guessed, it's all open to the guesser.

So with this news, we can't resist a shameless plug for the QuickCrypto Password Safe. The Safe lets you hold a different, long random password (and log-in details) for every and each site.

And even better it holds the web-site addresss and will open your browser at the correct page, ready for an easy copy and paste action for the log-in details.

The safe can also be used to holf different secure passwords for different people, allowing you to send encrypted emails without worrying about remembering lots of passwords.

The Password Safe can also be exported into a portable (stilll encrypted) format that will self-decrypt when required (when the Password Safe pass phrase is entered), so all your password details can be taken with you on a memory stick for example.

Microsoft and the British Psychological Society (BPS) reckon that data can be judged as having "emotional value" and this value can be calculated with a formula.

An 'emotional value' of upto 100 is the equivalent of physically losing an umbrella. Whereas a score of more that 500 is  like losing a treasured family heirloom.

A software 'asset adjuster' is available that can compare the loss of data with the loss of a physical item like a mobile phone.

We can see the sense in highlighting that data can mean a lot ot you, an this isn't always clear until you lose it!

One of the best back-up PC software packages we have come across is Macrium Reflect . If you don't back-up your PC regularly - you really (really) should!

The British come bottom across Europe with regard to keeping their PCs up to date with anti virus software.

30% don't ensure their software is kept current, compared to 5% of Germans and 8% of the French.

Even if you don't want to pay for anti-virus - there are free options and even these can be set to automatically update - here's one example - AVG

The UK government has suggested that the fight against cyber crime and cyber terrorism could be helped by youngsters who are knee-deep into computer stuff.

Security experts have welcomed the move to bring former hackers on board as their scarce skills are valuable to fight online threats.

Sounds like a plot from Diehard!

These people may well be able to help the Office for Cyber Security (OCS) and the Cyber Security Operations Centre (CSOC).

GCHQ (Government Communications HeadQuarters) says it that it is not developing technology to monitor internet use and telephone calls in the UK.

Well it doesn't have to as all the UK ISPs have to monitor this now anyway (see a previous post about new legislation and ISP monitoring)!

Rumours have suggested though that GCHQ is constructing a centralised database of details. It has said it would only monitor communications in relation to national security, safeguarding economic well-being and the prevention and detection of serious crime. Which is I guess what we need them to do.

ISPs in the UK are now legally obliged to keep a record of all emails (and phone calls) made online for 12 months. So in practice they will be kept for much longer!

Quite a task this - about 120 million emails are sent every hour in the UK alone. But the ISPs have had their costs for this system met by the government.

The government has introduced the law and process to help law enforcement fight organised crime and terrorism.

Privacy advocates have serious concerns about this legislation. Privacy International http://www.PrivacyInternational.org said the new laws were a disgrace and eveidence of the British Governments subservience to the European Union (where the law originated).

This is possibly the world's most comprehensive surveillance system (though I bet the USA's Carnivore etc  is just as good if not better!) and the data held is easily accessible - court orders are not needed.

The Open Rights Group ( http://www.OpenRightsGroup.org  ) is similary unimpressed, they think it is a serious erosion of our fundamental right to privacy.

Members of the public in a recent survey are somewhat against these new laws - 61% saying they disapprove. 

A hacker named Red Virus has  hacked the website of the MP for Gillingham and Rainham.

The hacker left an email address pointing to a Chinese domain. Why? Flaunting or pointing?

Rumours have it that the Chinese government is heavily involved with 'GhostNet' - an electronic spy network.

National Security are apparently worried.

Who is worried about the fact that both the USA and the UK governments spy on everyone everyday also?

Why should the Chinese government be excluded from that party?

A bit hypocritical perhaps of the NS agencies.

Criminals have exposed 19,000 credit card's details on the web.

These have now been removed.

As predicted in an earlier post (adobe reader hacked), other pdf reader's aren't immune either.

Make sure you get the latest version of this reader if you use it.

Credit card fraud is on the increase BUT online banking fraud decreased by a THIRD.

Still, you must be careful as the number of phising incidents has risen.

Phishing (fishing) is done by criminals who set-up an online presence pretending to be a legitimate site to (usually) gain personal and account details.

Jack Straw's email ccount has been hacked. The hackers used his account to request money (while he was on a foreign trip).

Encrypting email wouldn't have prevented this, but it would have stopped the hacjkers reading the existing emails.

But as the UK government actively records all emails anyway ... some sort of irony here.

A security flaw in the very common adobe reader (used worldwide for viewing PDF files) has been fixed, but it took over 3 weeks.

There are other free pdf readers, but I'm not sure that they will be any better from a security point of view - have these free readers got the same incentive to keep on top of security issues?

Yes adobe took 3 weeks to fix the flaw, but they did in the end.

Someone has estimated that 1 in every 12 emails sent was carrying this worm in the few days after it was released in January 2004.

It is 2009 now and it is still turning up!

Monster.com the legitimate job search web site has been hacked.

Personal data has been stolen in January - the data apparently does not include uploaded CVs though.

Credant Technologies is warning people to take better care of their data after they revealed that 9,000 USB drives were found by dry cleaners in 2008.

One London cleaning company found a USB drive every fortnight across 2008.

It shows how easy it is to lose data - and also how popular and affordable USB drives are these days.

A new feature planned for QuickCrypto is to allow the secure encrypted "Password Safe" to be exported to a self decrypting (with the correct pass phrase) archive for storage on a USB drive.

This will allow passwords and user id's to "go portable" for light travellers to keep connected.

Personal medical data belonging to 6,000 prisoners has been stored on a USB memory stick and lost.

It's OK though as the data was encypted.

But not that OK as the password to decrypt the data was stuck on the side of the memory stick.

Using a 'low strength' memorable password is better than writing it down perhaps!

From March all internet service providers (ISPs) will by law have to keep information about every e-mail sent or received in the UK for a year.

The Home Office insists the data collected will not include e-mails' content, but is vital for crime and terror inquiries.

But of course it will, otherwise the very fact this has been revealed means that it is pointless to record just the subject line!

The US Government has a similar but perhaps much more sophisticated system known as 'Carnivore' installed in ISPs that can scan billions of emails a second (all email data!).

Reports suggest the Government has even bigger plans for data retention called the IMP - the Interception Modernisation Programme.

It could involve one central database, gathering details on every text sent, e-mail sent, phone call made and website visited.

Consultation on the plans is due to begin later this year.

VirusRemover 2008 is a fake. This software can be found when searching for free anti-virus.

It will report you have a virus that can only be fixed by the paid for version - there is no virus (or at least not a one found by this software).

It is luring you in to get your credit card details.

An annual cybercrime survey has  reported that more than 3.5 million online crimes were committed in the UK alone last year.

WPA (Wi-Fi Protected Access), the better replacement for WEP (Wireless Encryption Protocol), that keeps people out of our wireless networks, has been hacked.

Kind of hacked - the discovered security flaw allows the hacker to see data going one way - from the router to the PC connected to it.

Advice now is to move to WPA2 where possible

Blagging  - the ignoble art of obtaining confidential information about a person, usually through misrepresentation and deceit.

I've also heard it called 'social engineering'.

This would appear to be more about charm, wit and confidence, together with the odd lapse from people with access to confidential data than any particular failure in technology or system.

Web villains are gathering Barclays customer's account details by sending spoof emails to users of the "PINSentry" device.

It tell the email recipients that there software needs updating and to open an attachment and enter account details.

We all know we shouldn't answer this type of query, but sometimes these scams can look awfully convincing. Just don't do any of them.

This is becoming way beyond unbelievable.

We might as well all publish all our details for everyone to see and get it over and done with.

Because the government and private companies are quickly and assuredly doing it for us across the weeks anyway.

Perhaps if we publish all info for everyone, then some other mechanisms will have to be employed to protect our bank accounts (supposing any banks will be left to keep our money in with the on rush of the credit crunch) and privacy.

A computer hard drive which contains the details of 100,000 Armed Forces personnel has been lost.

The hard drive was being held by EDS, which is the Ministry of Defence's main IT contractor.

The MoD said it was told the drive was missing following a priority audit carried out by EDS.

It is also thought to contain more than 1.5m pieces of information, including the details of 600,000 potential recruits.

There may also be some personal information including bank and driving licence details, passport numbers, addresses, dates of birth and telephone numbers.

Is this now a way of getting free publicity? Any publicity being good?

Data loss is so common now, it seems you are missing the party if you haven't lost thousands of your customers details in an unencrypted CD or Memory stick. Cavalier attitude doesn't even begin to describe it. 

At least in this instance it appears the data was encrypted (and "protected by start-up operating system passords" - this is NOT data security). Lets hope the data is encrypted and reliance on start-up passwords is not the real 'protection'.

A laptop containing personal details of at least 100,000 pension scheme members has been stolen from an employee of the accountancy firm Deloitte.

The computer held data including names, National Insurance numbers and salaries of Network Rail and British Transport Police pension scheme members.

So called 'perfect encryption' comes a step closer?

The basic idea of quantum cryptography was worked out 25 years ago by Charles Bennett of IBM and Gilles Brassard of Montreal University, who was in Vienna to see a new network in action.

"All quantum security schemes are based on the Heisenberg Uncertainty Principle, on the fact that you cannot measure quantum information without disturbing it," he explained.

"Because of that, one can have a communications channel between two users on which it's impossible to eavesdrop without creating a disturbance. An eavesdropper would create a mark on it. That was the key idea."

The main advantage is that no-one else can determine (across the network) the secret key (used for encryption) without revealing themselves.

A demonstration showed that when an intruder did try to listen in on the quantum exchange, photons became scrambled, and a rise in the error rate at the node detectors signalled the attack. The system automatically shut down without being compromised.

Some 55,843 mobile phones and 6,193 other devices, such as laptops, were forgotten about and left behind in London Taxis, Credant Technologies has found.

The data protection company, which surveyed 300 taxi drivers, warned users to password-protect equipment amid rising fears of identity theft.

Fraud experts said such devices could give criminals crucial data.

Loss 'disastrous'

Credant Technologies said losing such personal information could be "disastrous" for individuals as well as companies, and advised users to encrypt or password-protect equipment.

Chief marketing officer Michael Callahan said: "If it gets into the wrong hands of a criminal, hacker or opportunist, losing your mobile device can have serious implications, so our advice is always encrypt it and password protect it to stop it ever being accessed by anyone other than yourself."

The survey's findings follow a number of high profile data-loss scandals, which have highlighted the risk of identity theft.

A police force has undertaken an urgent hunt for a computer memory stick after admitting it has been lost by an officer on duty.

The UK West Midlands Police would not confirm or deny reports that the data stick contained information on terrorism.

The Home Secretary has been informed of the blunder, as has the Independent Police Complaints Commission (IPCC).

It is the latest in a line of high-profile losses of sensitive equipment by public bodies.

A force spokeswoman said searches are being conducted to recover the item and added: "We will not comment in relation to the contents of that memory stick."

'Careless regard'

Chris Mayers, chief security architect at applications delivery firm Citrix, said businesses needed to think more carefully about what sensitive data employees were carrying around outside the office and what they should be be doing to keep it safe.

"In many cases that data doesn't even need to travel. Laptops don't need to contain sensitive data," he said.

"Print-outs don't need to be ferried from pillar to post, yet it seems too many people regard sensitive data with the same careless regard they have for their umbrella."

The personal details of thousands of prison staff working in England and Wales have been lost by a government contractor in the latest data security breach to embarrass the British government.

Justice Secretary Jack Straw has ordered an inquiry into the data loss that involves up to 5,000 prison staff members after a hard drive was lost by technology company EDS in 2007.

Tapes containing Social Security numbers and other personal data for current and former SAIC (Science Applications International Corp.) shareholders were lost in February while being transported to a storage site in New Jersey by Mellon Bank of New York.

The SAIC shareholders were among more than 12 million investors in an undisclosed number of companies whose personal data were contained in several unencrypted tapes enclosed in a metal box.

Mellon serves as a stock-transfer agent for Science Applications International Corp. and other firms.

The bank announced last week that it had discovered that the lost tapes contained data on 8 million individuals in addition to the 4 million shareholders initially identified.

One expert expressed a pessimistic view.

“I would say that the odds that it was stolen or that it is now in the hands of someone who has malicious intent slightly outweigh the probability that it's just lost,” said Linda Foley, founder of the nonprofit Identity Theft Resource Center in San Diego.

She said thieves could sit on the information for years, waiting for the story to cool off before using the data.

This week, it emerged that computer equipment containing sensitive data, such as addresses and dates of birth, of an estimated 1m customers of Royal Bank of Scotland and NatWest was sold for £35 on Ebay, the auction website.

Last year, Nationwide was fined nearly £1m and Norwich Union was fined £1.3m for not taking enough care with their customers' data.

Though HM Revenue & Customs has managed to mislay computer discs containing details of 25m child benefit recipients - how much should they fine themselves?

An inquiry into military security has been launched after the Government admitted the unencrypted personal details of hundreds of thousands of people had been missing for more than a year by way of a Navy laptop stolen in October 2006. This contained most of the same data that was on a computer taken from an official's car in Birmingham this month. 

Official statistics showing more than 600 MoD laptops and PCs had been stolen since 1998.

Companies in the UK that collect and store personal data face higher costs and criminal sanctions if the government adopts recommendations from an influential group of MPs.

The Justice Select Committee said people who recklessly or frequently lose personal data in their care should go to jail.

Leeds Building Society has mislaid information containing the personal details of its 1,000-strong workforce.

The West Yorkshire-based mutual, the seventh largest in the UK, has warned its employees to be vigilant as the data includes bank and salary details.

The Driver and Vehicle Agency in Northern Ireland has lost the personal details of 6,000 people.

The data was on two discs and went missing after being sent to the agency's headquarters in Swansea.

The DVA said the data was being provided in response to a safety recall by a number of manufacturers.

The head of the agency said the information was not encrypted. It included details of 7,685 vehicles and more than 6,000 vehicle keepers

An ex-contractor at the Department for Work and Pensions had two discs with thousands of benefit claimants' details for more than a year, the DWP says.

The unencrypted discs revealed the type of benefits paid, but a DWP spokesman said they did not contain bank details.
 

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.

The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people.

Chancellor Alistair Darling said there was no evidence the data had gone to criminals - but urged people to monitor bank accounts "for unusual activity".

The Conservatives described the incident as a "catastrophic" failure.

Prime Minister Gordon Brown has said he "profoundly regrets" the loss of 25 million child benefit records.

He apologised in the Commons for the "inconvenience and worries" caused and said the government was working to prevent the data being used for fraud.

But Conservative leader David Cameron said the government had "failed in its first duty to protect the public".

The Revenue and Customs data on the two missing discs includes names, dates of birth, bank and address details.