" webaides Archives - LuxSci

Posts Tagged ‘webaides’

The 2020 Elections: Why Cybersecurity Matters

Tuesday, September 17th, 2019

No matter which side of the political divide you fall on, everyone needs to prepare for the onslaught of the 2020 elections. Amid the barrage of political ads and hot takes, there are a lot of serious issues that need to be discussed. Cybersecurity is one of the most critical, although it may end up overshadowed amid other distractions.

Why Is Cybersecurity so Important Ahead of the 2020 Elections?

There are two critical reasons. The first is that as our lives and businesses have moved online. We have become more vulnerable to internet-based attacks. In recent years, attack rates have been growing rapidly, and bolstering our cyber defenses is a critical part of protecting our modern way of life.

Secondly, the 2016 election was heavily influenced by Russian cyber attacks and online propaganda. The country needs to improve its cybersecurity to keep its democratic process free from foreign influence.

How Were the Elections Influenced by Foreign Adversaries?

Russian agents targeted the 2016 elections in a multi-pronged campaign. This included setting up fake social media accounts that promoted extreme views of both the left and right. The goal was to sow discord across the country.

On top of this, there were a number of different hacks. The most damaging were attacks against the DNC and Clinton campaign, which resulted in thousands of emails being released. The leaks were prominent talking points throughout Clinton’s election bid, and arguably had an influence on the outcome.

Ahead of the elections, voting systems and databases were penetrated by Russian operatives in 39 states. At this stage, it seems that the probes were mainly focused on seeking out vulnerabilities and accessing data. There is no evidence that any votes were changed.

Russian meddling continued in the 2018 midterm elections as well. At the start of the year, Secretary of State Rex Tillerson and six US intelligence agencies acknowledged that Russia was attempting to influence the midterms.

At the start of the year, thousands of emails from senior aides of the National Republican Congressional Committee were accessed by hackers, however the attacks weren’t reported on until December. Attacks continued throughout the year, with attempts targeting the Utah voter registration database, three candidates for Congress, and others.

There were also a number of propaganda campaigns, including the launch of the new media outlet USAReally, Russian support of the WalkAway social media crusade, and continued coordination of fake accounts.

Why Should We Expect Further Election Interference?

The most obvious reasons are that the interference has never really stopped, and it also seems like the techniques have been effective in working toward the perpetrator’s aims. According to the Guardian, Steven Hall, a retired chief of the CIA’s Russian operations said, “Russia would be remiss not to try again, given how successful they were in 2016.”

As the trade war with China heats up, new election cyber threats could emerge from another powerful adversary. However, according to a 2018 quote from Homeland Security Secretary Kristjen Nielsen, there was “no indication” that China had been directly meddling with election systems at that stage.

What’s Being Done to Protect the Election?

In response to the attacks, there have been a number of different moves to increase election security. In 2018, Congress passed a bill that granted $380 million toward election defenses. Part of the funding was for state grants that covered the purchase of voting machines with enhanced security, election audits, and cybersecurity training.

The HR 1 bill included provisions for enhancing election security and would have required the director of intelligence to examine foreign threats more thoroughly. The Defending Elections Against Trolls From Enemy Regimes Act and the Defending The Integrity Of Voting Systems Act were also introduced. All three of these bills included provisions that are aimed at defending elections, but according to Senator Roy Blunt, it is unlikely that any of them will pass the Senate.

Democratic Senators also introduced a bill to revert back to paper ballots instead of using electronic voting machines. These machines are renowned for their security issues, however the bill also looks like it may not pass.

How Can Elections Be Protected?

At the national level, very little has been done to defend against Russia and other adversaries meddling in US elections. While a number of the above-mentioned bills would have been positive steps for national security, it seems like they won’t be enacted.

One of the biggest threats comes from the notoriously insecure electronic voting systems that many states use. These are difficult to secure, even in best-case scenarios. Given how severe the threat is and that these systems have already been penetrated in the past, moving back to paper-based elections would help to protect the outcome from interference.

Another key priority is to secure the emails of all key targets, including those campaigning on both sides, election officials and other high profile individuals. In the past, email accounts have been a prime target for election-related attacks.

Email attacks tend to succeed because of weak passwords or social engineering. All vulnerable parties need to make sure they are using unique and strong passwords for each of their accounts. An easy way to do this is to deploy a password management tool like LuxSci’s WebAidesTM passwords.

On top of this, politicians, officials and their staff need to be trained to recognize and avoid social engineering and phishing attacks. These attacks can involve hackers impersonating key figures and demanding credentials, emailing convincing-looking links that actually lead to malware, and other clever scams.

These two simple changes would go a long way toward keeping email accounts safe ahead of the election. They would significantly reduce the success rate of email-related attacks, reducing the opportunities that Russians have to influence the outcome.

HIPAA Alert: Contacts, Calendar Events and Tasks may contain ePHI!

Monday, February 3rd, 2014

When health care organizations review their operations to see where electronic protected health information (ePHI) is being saved, transmitted, and viewed, a great deal of time is spent on the obvious candidates: email, chat, stored files, and health records, etc.

Many overlook the fact that ePHI can be embedded in Contacts, Calendars, and Tasks.  Consider for example:

Read the rest of this post »

SecureForm: Web or PDF Forms to Secure Email Service

Wednesday, December 9th, 2009

Secure Forms

LuxSci has released its new “SecureForm” service. Quickly make your web site or PDF forms secure and HIPAA compliant. Receive the form data, including uploaded files, via secure email or download the data securely from LuxSci’s web interface.

What forms types are supported by SecureForm?

  • Web site forms hosted anywhere
    • File uploads up to 50MB and 25 files per post
  • PDF forms hosted anywhere

How can you receive the form data?

Read the rest of this post »

Master Password Encryption in FireFox and Thunderbird

Friday, February 27th, 2009

firefox-logoIf you are allowing Mozilla FireFox or Thunderbird to remember passwords to web sites and/or email accounts in their Password Manager tool, you should know that these passwords are all stored in a plain text file (base64 encoded) on your computer’s disk drive.  This file is accessible to anyone with administrative access to your computer.  If you have any concerns about the possibility of other people accessing your computer and this gaining easy access to copies of the passwords that you are using, you really need to employ the “Master Password” feature of these programs.

Read the rest of this post »

Security Simplified: The Base+Suffix Method for Memorable Strong Passwords

Thursday, February 19th, 2009

keysIt’s the classic problem of having “too many keys”.  You have accounts on many different web sites.  Some are small and relatively insignificant, from a security point of view, like blogs or shopping sites.  Some are large and sensitive, like banking and PayPal accounts.  Since unified login mechanisms like OpenID are not yet pervasive, you must remember the usernames and passwords for every single site.  This is a truly daunting task.

Ideally, you would like to use passwords that are “strong” (i.e. very good, not easily guessable) and different for every site.  However, how can you remember each secure and unique password without resorting to a “cheat sheet”?

Read the rest of this post »

LUXSCI