Pages

Thursday, September 24, 2015

An interview with Andy Yen (Creator of ProtonMail)



I was recently given the opportunity to correspond with Andy Yen, creator of ProtonMail, regarding his encrypted email service and the current state of internet privacy. ProtonMail, which has been posted about multiple times on this blog, is growing at a rapid pace and is one of the most popular encrypted email services available. Through our correspondence I was able to ask Andy his opinion on internet privacy and what’s in store for the future of ProtonMail. Also, make sure to add a donation towards ProtonMail and spread the word about his company. Here’s a few questions Andy graciously answered for us:

What prompted you to start your own email service based on privacy? Was there a defining moment you can remember?

“The defining moment was two years ago when I tried to find a good way to keep my email communications secure and private. All of the existing solutions (mostly involving PGP) were simply too difficult to use, and since a good service didn't exist, the only solution was to create it ourselves.”

In your opinion, besides email, what is the largest threat to privacy on the internet today?

“The biggest threat is actually cultural. Nowadays, we have the Facebook, Snapchat, Instagram generation, which are young people being trained from a young age to share everything online without giving it a second thought. This trend can permanently alter the definition of privacy within a generation or two.”

What are your suggestions to a new generation coming up that see's privacy as more of an afterthought?

“I always joke that it will be very interesting to watch a US presidential election in 20 years where the old Facebook posts and instagram photos of the candidates resurface. I think it's important for the new generation to remember that what goes out onto the internet is permanent. Once you share a photo, you can NEVER take it back, and it could mark you for the rest of your life.”

Honestly, protecting privacy can be bad for business. Have you had push back from large organizations or governments regarding your service?

“Actually no, businesses large and small now understand that privacy is important. This is because, what businesses need more than ever is actually security, and encryption technologies like ProtonMail bring the security which ensures that cyberattacks like the Sony hack are a lot harder to pull off. Security is the goal, but privacy is the end state that comes with security.”

Over the past year I've personally noticed the increase of the ProtonMail service. Will ProtonMail always be free?

“We know that many of our users who need privacy the most (activists in Russia, China, etc) are also those that most cannot afford to pay. Thus, we are committed to keeping the basic version of ProtonMail free for as long as possible.”

Do you foresee any additional privacy services spawning off of ProtonMail in the future? I've heard rumors of a mobile app. Would you ever branch off into secure storage?

“Actually, our mobile apps have already been released in beta and we have several thousand beta testers using the apps today. In the future, we also intend to expand into storage since that is a commonly requested feature from our users.”

In what ways can our readers help assist continue making ProtonMail the best private email service out there?

“There are several ways in fact. The first is to get the message out about how bad the current surveillance state is. Many people simply don't realise they are being constantly tracked, monitored, and recorded online. Secondly, it is important to encourage others to also use ProtonMail because the most secure email system in the world cannot turn the tide if we don't get the world on board. And lastly, for uses who are interested in assisting us directly, it is possible to donate to the project here: protonmail.ch/donate

Tuesday, September 22, 2015

Protect Healthcare Data Now!



Healthcare data has become “en vogue” for hackers and it’s no secret that they’re looking for it. The risk to the patient and the cost a hacker can get for the data is much higher than any other record that can be stolen now.  I wrote the following blog describing this issue, why it’s important to protect the data and how the industry is taking this problem head on. Hope you like it.

Tuesday, September 8, 2015

When Encryption Can Hurt You

I wrote this article after seeing too many companies NOT performing SSL interception on their internal networks. Attackers are using encryption to protect stolen data within your network. If you don't have a way of detecting this traffic, you're leaving the door wide open for an attacker to walk out undetected.

Here's the full article:

http://blog.algosec.com/2015/09/is-encryption-one-of-your-biggest-network-security-holes.html

FireEye 0-Days for Sale

Two security researchers, Kristian Hermansen and Ron Perris, found four zero-day vulnerabilities within FireEye's solution. They've blown one of the vulnerabilities on the internet to prove that what they have is a big deal and that there's more to come. Shortly after they leaked the first 0-day the researchers announced that the remaining vulnerabilities are now for sale. This comes after 18 months of frustration from the researchers attempting to have the vulnerabilities fixed, without no avail. This is either an exaggeration or they weren't submitting the vulns to the FireEye bug bounty (which I seem highly unlikely).

This becomes a major concern for FireEye, and it's customers using their products, since they pride themselves on finding 0-Day vulnerabilities as part of their offering and now have multiple ones available for sale against their product. You can read FireEye's White Paper and view on why finding 0-Day threats are so important on their website.

Vulnerabilities are found every day against major software vendors, but when it comes to 0-day vulnerabilities  being found against the largest security company detecting these attacks, it starts getting some attention.

We'll see how this plays out.