Magic Cipher Video: Steganography (Hiding Data in Images)

http://www.magiccipher.com

Looking for an App creating for your Windows or Mac Computer? What about an App for your iOS or Android Tablet or Phone, or A Web App? Bespoke, Custom, High Quality Applications. Contact Us

Magic Cipher: Usage Scenarios and Examples

Example 1: One to One Private Communications

Bill and Ted are ready to start making plans for their next Excellent Adventure. Knowing that their email discussions could be intercepted and easily read, they use the Magic Cipher Shared Secret Generator with it’s Strength Meter to create a Shared Secret they can use together.

They type their discussions into Magic Cipher and email the contents as encrypted text directly from within Magic Cipher. They are now secure in the knowledge that no­-one can obtain access to their plans and attempt to put a spanner in the works!

Example 2: One to Many Private Communications

Bill and Ted decide they want to involve the Historical Babes in some of their plans, but not all. The four of them agree a Shared Secret and now Bill and Ted can communicate between themselves using their own Shared Secret and if they wish to include the Historical Babes they use the second Shared Secret previously agreed between the four of them.

Example 3: One to Many Private Communications over a Public Medium

Frodo is setting off on his next adventure and as is the fashion nowadays he wants to update the world with his travels via an online blog. With his new Macbook Pro this will be easy enough, however there is certain information he wishes only to be read and understood by Merry and Pippin who are holding the fort for him back in Hobbiton.

Before he sets off the three of them agree on a Shared Secret and as Frodo updates the world via his blog he uses Magic Cipher to append an encrypted entry on the end of his posts, in a separate paragraph, knowing that the world can see but not read or understand his instructions, which are only for the eyes of Merry and Pippin. Frodo uses the built in Virtual Keyboard to add a little bit of extra security to his posts.

Example 4: The Benefits of Cross Platform

Unfortunately, small, slim and gorgeous though it is, the Macbook Pro is just a little bit too big ­ and let’s face it, expensive ­ to take across Middle Earth, what with the danger from the Orcs and other dark forces.

At the last minute Frodo decides to switch to a small Linux notebook which he obtained free of charge with his mobile broadband card. Luckily Magic Cipher works as well on Linux as it does on macOS or Windows, so Frodo has no need to change his plans, or his choice of encryption software.

Example 5: Magic Cipher, Not Just for Men

While Frodo is off on his travels his wife, feeling lonely, takes a lover. Knowing that the local Hobbiton ISP takes quite an interest in emails to and from the villagers, they both use Magic Cipher to arrange their rendezvous. Even hobbits need loving.

Besides it was rather selfish of Frodo to disappear like that for months at a time ­ and who knows what he got up to with Sam on that epic journey?

Example 6: A Picture is Worth a Thousand Words …

Sat on his sofa safe back at home several months after his epic journey to Mordor, Frodo dreams of his next challenge. With Sam on board, who now lives several miles away in Bree, Frodo and Sam use the Steganography features of Magic Cipher to enable them to swap ideas and plans which they have hidden in pictures which they upload to their Facebook pages.

With no evidence that their pictures are anything more than rather boring pictures of Sams garden or Frodos wine collection, nobody has any clue that there is another adventure being planned. In fact nobody has any reason to suspect Sam and Frodo are even in communication regularly. Problem Solved!

Magic Cipher Video: Text / Email Encryption

http://www.magiccipher.com

Looking for an App creating for your Windows or Mac Computer? What about an App for your iOS or Android Tablet or Phone, or A Web App? Bespoke, Custom, High Quality Applications. Contact Us

A Couple of Free Books :-)

I have the following eBooks that I have written which are available for Free download.

  • Securing the Network: An eBook on Corporate Security Issues for the Non Technical (40 Pages)
  • Oracle Database 10g Exam Cram (70 Pages)

Please confirm your Name and Email Address, and select the book you would like from the dropdown menu, and your book will be with you shortly.

You can also access these books from the Free eBooks Page.

freebooks

 

Software Licensing and Software Piracy: Part 1

Your favourite piece of software was created by someone, or many someones, who used their time and hard won expertise to build something useful or enjoyable, or both. With the exception of Free Software or Open Source Software, that someone is entitled to, expects and deserves to be rewarded for their efforts.

If a price is attached to the software and you use the software without paying the price that is asked, then that is Software Piracy. Many would argue that it amounts to nothing less than theft.

If I sell physical products, lets say Widgets, then if I have 10 and you take 10 without paying for them, then I now have 0, you have 10 and hopefully a guilty conscience as well. That is theft. If however you use my software without paying for it then I am not directly affected by it. I still have it. Would you have bought it if you couldn’t have obtained a pirate copy ? Maybe. Maybe Not. In my opinion that is why Software Piracy differs from traditional theft. What you have actually done is taken away my chance of receiving income from you for that software sometime in the future. It just isn’t clear cut either way, with laws, policies and attitudes being firmly rooted in the ‘pre digital media’ 20th century.

Having established that there is a cost to producing software and that the developer does deserve to be rewarded for their time and efforts, it stands to reason that we have to have a mechanism in place that makes this possible. That mechanism is generally known as Software Licensing.

I’ve been developing software for financial reward for nearly as long as I’ve been using computers, getting on for thirty years, and I have never wavered in my belief that whatever form of licensing you use, you should never punish the genuine, fee paying customer for the actions of the Software Pirate.

Seriously, I have bought software in the past that had licensing schemes so restricting or complex or time consuming (or just plain ridiculous), that I have saved time and effort by downloading a cracked copy of the software and using that instead, all the time cursing the software developers for making me waste my time and effort. In effect punishing me for my honesty.  As a Software Developer or Software Publisher that’s not an experience you want for your customers.

Whatever Software Licensing mechanism is used, there will always be some who do not like it and resent it being used. If as a developer you have done your best to minimise the impact on the genuine customer, whilst making some effort to thwart the Software Pirate, then you have done all you can and any customer who is going kick up a fuss about your licensing mechanism is unlikely to be a customer you actually want. Most customers would actually like you to stay in business and realise that to do that, it is necessary to be paid for the work you do, and / or the products you sell. Sacking your customer can sometimes be a good thing. But that’s a subject for another blog post 🙂

So what is a fair software license, for both the supplier and the customer ?  What is it fair to expect your customer to do to license their copy of your product, and so help protect your product, your sales, your livelihood and the future investment and development in a product that is important to both you ?

Part 2 Soon …

busbanner

Affiliate Links

Some More Book Feedback

 

Steve, I wanted to let you know, really enjoyed reading Securing The Network.pdf [it] was well written and very authoritative. A great reference book, thanks again for making it available. Sincerely - John

Hi Steve. I downloaded and read the book. This is a great book. It explains the details of security at a level clients understand. I’m going to suggest it to clients and other consultants. Thanks for making it available. - Duane

You can get your free copy of 'Securing the Network' from here

Some Book Feedback

I received this feedback via email this morning, it's a great way to start a Monday morning 🙂

John had downloaded my free Computer and Network Security eBook last week. This is what he had to say:

Steve,

I wanted to let you know, really enjoyed reading Securing The Network.pdf [it] was well written and very authoritative. A great reference book, thanks again for making it available. Sincerely

John

Thanks John - glad you enjoyed it 🙂

 

Certified Ethical Hacker: C|EH

I am a Certified Ethical Hacker. I have been for many (8?) years. Hacker in the correct and original usage of the word not the mainstream or Hollywood interpretation. A CEH is trained to harden computers, systems and networks learning the techniques of the ‘Cracker’ or ‘Black Hat Hacker’ in order to protect against them. Similar in fact to the idea behind using a thief to catch a thief.

It is often hard enough educating the general public to understand that a Hacker can be, and often is, the ‘Good Guy’, without images such as this one appearing very prominently recently. Ethical Hackers DEFEND, not ATTACK. Therefore the message ‘Don’t Mess With Me’ is entirely inappropriate.

bewareceh2

Maybe you think I am over-reacting ?  It’s a difficult and complex (and expensive) subject in which to achieve any level of mastery, and to become Certified is not trivial. To me a statement like this undermines the very real value of the C|EH and other Security Experts.

Stepping off my Soapbox now. Rant over 🙂

Blogfooter

 Affiliate Links

 

Heartbleed: This Could Hurt

Heartbleed is the name given to the recently confirmed bug found in the OpenSSL Cryptographic Software Library. This vulnerability affects SSL/TLS encryption which is used to obtain a ‘Private’ connection between your computer and a server located elsewhere on the Internet.

heartbleed

This is a serious vulnerability and you are more than likely to be affected either directly or indirectly.  For further information go to this site: heartbleed.com

 

Blogfooter

 Products and Affiliate Links

 

R10Cipher: New Release and Discount

A new version of my best selling product,  R10Cipher was released earlier today.

R10cipherfooter

This is a free of charge (for Version 5 Customers) interim release of R10Cipher which fixes some issues in Version 5, prior to the commercial release of Version 6.

On the Mac this version is now fully Cocoa which makes this version the fastest and most stable yet. The Clear Text area has also been substantially worked on and no longer feels sluggish when working with larger documents. Performance has also been increased on Windows and Linux.

There is a new Support window, accessible from the Toolbar.

The three available Views; Main, Activity and Keys can once again (as per Version 4) be accessed from the Toolbar as well as the Menus. In addition they are now ‘Toggle’ buttons.

The Encryption and Decryption engine remains unchanged from previous releases.

As an incentive anyone purchasing R10Cipher in the next week can email me and ask for a 30% discount code. They will also receive the Version 6 upgrade free of charge next month.

Here are some images of the new release:

R10cipher55

Blogfooter

Products and Affiliate Links

 

Customer Feedback

All I did was send this customer a new license for R10Cipher after he lost his license during a reformat of his hard disk.  This was his reply:

Thank you, Steven. Looking forward to your next gem. – Joe

www.r10cipher.com

It means a lot to get thanked like that. Cheers Joe.

 

Blogfooter

 

Products and Affiliate Links

 

Free eBooks

I have the following eBooks that I have written which are available for Free download.

  • Securing the Network: An eBook on Corporate Security Issues for the Non Technical (40 Pages)
  • Oracle Database 10g Exam Cram (70 Pages)

Please confirm your Name and Email Address, and select the book you would like from the dropdown menu, and your book will be with you shortly.

You can also access these books from the Free eBooks Page. stevencholerton.com Products and Affiliate Links

Software Help: R10Cipher

Software:            R10Cipher
Author:                Steven Cholerton
Last Update:        July 2013


Registering R10Cipher

After downloading R10Cipher and deciding that you would like a full working copy, you can purchase this directly at the following web address:


Once you have done this we are automatically notified of your purchase and a User Name and Serial Number are sent out to you via email.  The Serial Number is tied to your Name and the two must be used in conjunction.

Note: R10Cipher 5 needs a different serial number to previous versions.  Existing users can upgrade at reduced cost for a limited period.  Please contact upgrade@artenscience.com for further details.

When you receive the serial number email you should follow the included instructions.  In a few seconds R10Cipher will be fully licensed and ready to use.

Our licensing allows one purchase to be installed on two computers that you own, for example your desktop and also your laptop.  Please respect our efforts and purchase additional licenses if you need to install on multiple computers.  We also offer discounted licenses for families, corporations, charities and educational establishments.

Any problems with registration, please email us at: support@artenscience.com


Introduction

R10Cipher is a simple but extremely powerful Cross Platform Encryption / Decryption tool.

R10Cipher takes text or files and encrypts them using up to 384 bit Blowfish encryption.

These files can be Word files, Excel files, MP3 files – almost any kind of file.

These encrypted files can be copied elsewhere, even to a different operating system and unencrypted by anyone in possession of the Shared Secret that was used for the encryption. If encrypting text, the Cipher Text can then be copied into an email, saved as a file and attached to an email or just copied elsewhere.

The recipient can use R10Cipher to open the file and view the encrypted contents, assuming they are in possession of the Shared Secret that was used to encrypt the document in the first place.

If encrypting a file the encrypted file can be stored or sent in the full knowledge that the contents are not visible to anyone without access to R10Cipher or cuteCipher and the Shared Secret.

Decryption can be carried out just by double clicking the encrypted file and entering the Shared Secret.

R10Cipher supports batch encryption by drag and drop to make encryption fast and painless, even when dealing with dozens of files.

As R10Cipher does not require installation you can for example copy the Mac, Windows and Linux versions of R10Cipher to a USB drive along with your encrypted documents and files.  Your documents and files are secure ,but available whenever and wherever you require them.

R10Cipher does not make any alterations to your computer and stores the configuration files within its own folder.

Many people do not realise that sending an email is the equivalent of sending a postcard, it’s contents are easily visible. For many companies, individuals and markets this is totally unacceptable and with the potential complexity and setup issues with the Public Key Encryption systems it makes sense to encrypt using R10Cipher.

R10Cipher, like all software, is a work in progress.  We need your feedback to keep R10Cipher the best Cross Platform Encryption Tool available.  Contact us with your suggestions and comments.

R10Cipher 5 is a major rewrite with additional functionality that was asked for by our customers.  5 is also slicker, faster and easier to use than ever before.  Encryption has never been so painless.


Text Encryption

Enter your Shared Secret (this is your encryption key) into the area at the bottom left of the screen.  This can be between 4 and 56 characters.  For example:  yuetrtytpl*565r0.  Enter your Shared Secret again in the area directly below to confirm that you did not make any typing errors.

Important Note:  The strength of the encryption is directly related to the length of your encryption key.

Enter the message or text you wish to encrypt into the large text area to the right.  You can right click and Paste the text, or use Drag and Drop if you wish.

Select the Encrypt button (There is also a Menu Option and a Hot Key Shortcut).  You will see the encrypted text shown in the text area on the left of the screen.

You now have a number of options:

1. Click the Email button and an email will be opened for you with the encrypted text as the message.

2. Click the Clipboard button and the Encrypted text will be copied to clipboard, ready to be pasted elsewhere.

3. Click the SMS button and the Encrypted text will be sent to the phone number you input.  This option assumes you have purchased SMSRelay or subscribed to the SMSRelay service.

4. Use the Save option on the File Menu and save the Encrypted text as a document.


Text Decryption

To Decrypt a message or text use any of the following options:

1. Open an Encrypted document using the Open option on the File Menu

2. Paste the Encrypted text into the cipher text area to the left of the screen.

3. Drag the Encrypted text into the cipher text area to the left of the screen.

Enter the Shared Secret and Select the Decrypt button (A Menu Option and Keyboard Shortcut are also available) to view the Decrypted contents.

You can then do any of the following:

1. Select the Print button on the Toolbar and output the Decrypted Text

2. Select the Speak button on the Toolbat and listen to the Decrypted Text as it is read to you by your computer.


File Encryption

Enter your Shared Secret (this is your encryption key) into the area at the bottom left of the screen.  This can be between 4 and 56 characters.  For example:  yuetrtytpl*565r0.

Drag and Drop your files over the large text area on the right of the window. Your documents will be Encrypted and placed on the Desktop.

The filename for the Encrypted files remains the same but the file extension is changed to .r10Enc.

This activity will be logged to the Activity Log. Following the encryption, this will show you details of the encryption process. The Activity Log can be viewed by using the option on the View Menu.

Optionally the Log can be saved to the database by activating the option within the Preferences screen.

For average size documents and files the encryption will be virtually instantaneous.


File Decryption

There are three ways to Decrypt files with R10Cipher.

Decrypt a File from Within R10Cipher

Enter your Shared Secret (this is your encryption key) into the area at the bottom left of the screen.  This can be between 4 and 56 characters.  For example:  yuetrtytpl*565r0.

The first way is to open R10Cipher and choose the Open option on the File Menu. R10Cipher will then ask you to select the file that you wish to Decrypt.

Once selected R10Cipher will ask you for the name you would like to call the decrypted file, the original name is used as the default.  The decrypted file will be saved with the name, and at the location, you chose.

Drag and Drop Decryption

Enter your Shared Secret (this is your encryption key) into the area at the bottom left of the screen.  This can be between 4 and 56 characters.  For example:  yuetrtytpl*565r0.

Drag and Drop your encrypted files over the smaller text area on the left of the window. Your documents will be Decrypted and placed on the Desktop.

Double Click a File to Decrypt

R10Cipher 5 attempts to make working with encrypted files as simple as possible.  Therefore any encrypted file can be decrypted just by double clicking the encrypted file.

Following the double click you see the R10Cipher File Decrypt window.

Enter the Shared Secret that was used to encrypt the file and press the Continue button.  R10Cipher will save the decrypted file to your desktop with the original file name.

NOTE:  Before you use this feature for the first time you may need to associate the R10Enc files with the R10Cipher Software.  How you do this depends on your Operating System.  We have instructions in the Manual Addendum for Mac OSX and Windows XP.


Key Creation

The creation of keys is done by selecting the following Menu Option:

     Key Management
          Key Creation and Administration

You will see the Key Creation and Administration window.

This is where you setup your clients/contacts and your/their Shared Secrets.  In addition, for each client you setup you can assign two passwords, a Master password and a Usage Password.  For an explanation of the two passwords see the Key Management Introduction section.

To Insert a contact, just start typing and fill in the five information fields, from Name to Usage Password.  When complete press Save, and Save again to confirm.

To Edit a contact, select the contact from the list on the left hand side of the screen.  You will see the Name and Email Address but the Shared Secret and the Passwords are encrypted and not readable.  To view this data and edit it you need to input the Master Password for this contact into the Decode Password area of the screen and press the Decode button.  You can then edit the information and save it using the Save button.

To Delete a contact, select the contact from the list on the left hand side of the screen.  You will need to input the Master Password for this contact into the Decode Password area of the screen and press the Decode button.  You can then press the Delete button to erase the record.

Note:  Deleted records are gone and cannot be retrieved.

If you intend entering a number of clients or contacts you may already have them stored in a database or spreadsheet somewhere.  If that is the case then you should Import the records which will save you time and increase information accuracy.

Note:  You will need to edit each record later to apply the Shared Secret and Password(s).

To Import records you have three choices which can be selected using the Radio buttons on the bottom left of the window.  When you have selected the type of import you require press the Import button.  The three choices are Tab Delimited, Apple Address Book and the ContaxCRM Database.


Key Retrieval

Scenario 1: Encrypting or Decrypting Text or a File from within R10Cipher

In these circumstances instead of having to remember and enter the Shared Secret for the contact you can instead select the Keys View (from the View Menu) and input the Master or Usage Password for the appropriate contact.  Then choose the contact from the list.  You can search for the contact and filter the list using the search box on the bottom left of the screen.

Select the contact in the list.  If you have entered the correct Password the indicator will change from red to Green and the Shared Secret fields will be populated.

You can now encrypt text or files without having to enter the Shared Secret.

Another Advantage of retrieving the Shared Secret from the Key Management Database is that if you are sending an encrypted email, R10Cipher will know the email address and fill in the email header appropriately.

So instead of having to remember lots of Shared Secrets and Email Addresses, you only, using the Key Management Database, have to remember a minimum of one Password.

Scenario 2: Double Clicking an Encrypted File to Decrypt It

When double clicking an encrypted file you now see the R10Cipher File Decrypt window.

In these circumstances instead of having to remember and enter the Shared Secret for the contact you can instead input the Master or Usage Password for the appropriate contact.

You can search for the contact and filter the list using the search box on the bottom left of the screen.

Select the contact in the list.  If you have entered the correct Password the indicator will change from red to Green and the Shared Secret fields will be populated.

Click Continue to decrypt your file.

###

Security Mistakes [1]

We are constantly told that the most insecure password is one that relates to us directly and is easily remembered. That is not true, the most insecure password is the one that is written down in plain sight.

The only reason to write down a password and make it easily retrievable ( on a postit note stuck under the lid of a closed laptop is common ) is if it is too complicated for you to remember. One way to guarantee you won’t remember it is if it has to conform to someone else’s rules, for example:

stevencholerton.com

This is a screen grab from the installation of Windows 8. 

This from one of the worlds biggest software companies. Scary. This restriction very possibly causes the following issues for their customers:

  • A difficult to remember password, so written down and insecure
  • A password structure that is some would take as literal, ie: XXxx00## – again, less secure
  • A password structure now standard across gazillions of Windows systems – again, less secure
 
stevencholerton.com
stevencholerton.com
 
 
To summarise, well done Microsoft for participating in ‘Security Theatre’ – On the surface a higher security password is enforced, job done.  In reality, not really !

@stevechol

The R10Cipher Story

Product: R10Cipher

Purpose: Email and File Encryption and Privacy Software

Website: http://www.r10cipher.com

Online: http://www.webappdevelopments.com/artenscience/r10online/r10online.cgi

r10cipher

Overview

A Simple and Easy Method to Safely Encrypt your Email Correspondence and Document Files. It’s like your emails and documents are carried by a SWAT team rather than being written on a Postcard ! R10Cipher is for Individuals. For Businesses. For You. For Me. For Mum and Dad. For Teachers. For Professionals. For Journalists. For Executives. For Everybody. Because our Privacy and Security have never been more important.

Innovation

R10Cipher is unique in that this is the first cross platform end to end encryption product that real people can and will use for day to day encryption purposes.  R10Cipher does not attempt to encrypt a complete volume, R10Cipher does not try and involve the user with complex Public Key encryption, R10Cipher does not need a complicated install, in fact R10Cipher does not need installing at all.  R10Cipher concentrates on being the easiest to use and most reliable End to End, Text and File Encryption software.

The lack of an installation makes R10Cipher unique in that you can copy the Windows (XP, Vista and 7), Mac OSX and Linux versions of R10Cipher to a USB drive or external device, along with your documents and carry your data about with you knowing that a) You can access that data on any computer and b) It is secure, so if you lose it or leave it in a taxi then the information is unreadable and no harm is done.

Because of it’s simplicity and ease of use R10Cipher pioneers new ways of working.  Backup your important data to the web, iCloud, Dropbox or similar – encrypted by R10Cipher, and retrieve the information later,  wherever you happen to be.  Your data is secure – secured by you not by your web hosting company.  If your hosting company is enforced by law to hand over your information, that information is useless to the recipient unless *you* agree to provide access.

The recipient of an R10Cipher encrypted document or file has to do nothing more advanced than double clicking the file and entering the ‘Shared Secret’.  The document or file is decrypted and saved to the recipients desktop using the original file name.  Again, this is one of the features of R10Cipher that helps make R10Cipher an encryption product that can and will be used by ‘Mum and Dad’.

The main innovation of R10Cipher therefore is not in the technology but the way in which the product is designed to be easy and simple to use for everybody – not just IT Professionals.

r10cipher

Success

From an initial release in early 2008 R10Cipher is now at Version 5 which was released July 2012.  Version 1 was build because we needed it and I decided that if we did, then so did others.  Version 1 sold a few dozen copies and using the feedback from these early customers Version 2 was released with some significant enhancements including drag and drop batch encryption of files and documents.

When Version 2 was released, Version 1 was featured as a free edition on the DVD Cover Disks for the UK editions of MacFormat and MacWorld, on consecutive months.  Since then I have agreed for it to be distributed on several foreign editions of the magazines.  Hundreds of new users were gained through the distribution of the free edition, and many of those went on to pay for an upgrade to Version 2.

Direct Sales of Version 2 were excellent, with good feedback and testimonials.  New customers means new ideas and feature requests and so Version 3 was scheduled.

Version 3 released 2nd August 2009 was a major new version that addressed all user requests from Versions 1 and 2.  The main advantages of Version 3 were an increase in encryption strength to 384 Bit, an encryption strength indicator and a full Key Management capability which creates an encrypted local database which contains the ‘Shared Secrets’ that you use to communicate with your different contacts.

With an appropriate password you can recall these and use them for encryption and decryption quickly and easily.

Interest in Version 3 was phenomenal, it far exceeded our expectations.  We have had many upgrades from Version 2 to Version 3 and as we offered an upgrade policy even from the free edition, we have had a few upgrade from Version 1 to Version 3 also.

For Version 3 the decision was made to give NFR, Free of Charge, copies of R10Cipher to employees of Apple Computer Inc.  We also offered our desktop security product MonitorMyMac http://www.monitormymac.co.uk/ on the same terms.  Interest from Apple employees has been excellent with over 1000 licenses already applied for and sent.  Who knows how many licenses sold since have been a result on recommendations from Apple employees ?

In April 2010 in conjunction with MacFormat Magazine we offered a free Version 2.5 SE on the DVD Cover Disk with a discounted upgrade to Version 3.  This promotion was not as successful as earlier promotions, possibly because 2.5 SE was a ‘designed to be free’ product, rather than an actual previously sold version.  In addition Version 3 had at this stage been out for a while.

June 2010 brought R10Cipher IV.  An exciting new release of R10Cipher. Fast becoming a standard for cross-platform text and file encryption.

This brings us neatly to July 2012 and R10Cipher 5.  Many new features including automation.  You can read about these changes on the website.

Commercially R10Cipher has been a great success for Arten Science with several thousand users and it is a product I am very proud of.  Just as importantly, our customers have had immediate and measurable benefits through the use of R10Cipher, previously they knew they needed something to protect their communication and documents, but they could not find a product that seemed easy and simple enough for them to use.

IT Security and Data Protection are high on many peoples agendas at the moment, or at least they should be, and yet the majority of people are left exposed because until R10Cipher came along there was not a product simple and easy and complete enough for them to consider using it.

Customer Satisfaction

Some of the feedback we have received for R10Cipher recently:

R10Cipher is a fantastic cross platform tool which has given us the peace of mind that our patient sensitive research data can be transmitted electronically in a secure manner on site or with collaborators around the world.  The ability to encrypt and attach files to emails or simply encrypt the email text between Apple Macs and Windows PCs without the need for complicated software installations means that our users are happy to use this great bit of software.  The developer’s proactive approach to their software development requesting and rapidly incorporating users feedback has turned a good encryption tool into and excellent one.  Paul McGrath, Computer Manager, Cancer Research UK Clinical Centre

 

My Sony USB Microvault is so much easier than lugging my laptop through airport security, yet again.  The nightmare of the lost or stolen USB stick is only too real, with the Staff Salary Reviews and the Acquisition Financials modeled in embarrassing detail.  I use R10Cipher for Mac as a simple and reliable way of exchanging financial models and private placement memorandums across platforms as well as for secure storage on my USB sticks and portable hard drives.  Simple, reliable and easy to use. Karl Mattingly, Partner, slowCapital

 

R10Cipher is simple, easy to use and powerful. It is the best encryption program for the Mac we have found.  Paul, OnTravel.Com

 

R10Cipher has been an excellent product for ensuring the safe and secure transmission of files in a cross platform environment.  As an independent Strategy Consultant using Apple Mac, but with a client base using mostly PC platforms, I need to find a way to easily send sensitive market and financial data to clients with no hassle for my clients.  R10Cipher does the job simply, easily, and with no problems at all, and causes no difficulties with clients firewalls. Enough said!… great product.  Peter M. Scott

 

For NetFoos I am lucky enough to travel around the USA and parts of Europe to bring live streaming foosball tournaments to the foosball community. For the live streaming there is a lot of information needed to keep the server running and secure. Now, while on the road with R10Cipher, receiving this information from the home office is much easier as we can simply encrypt and email it while feeling confident that our data remains private. Although we are constantly finding new uses for the software, this one capability has made R10Cipher a great investment for us.  Mark Winker, NetFoos.com

 

If you need to make company or private info available on a need to know basis, them R10Cipher is the tool for you. There are other encryption packages but I haven’t found an easier to use cross platform software than this one.  Paulo Pires

 

Developed in the UK

R10Cipher was designed and developed entirely in the UK by Steven Cholerton, a Chartered Information Technology Professional awarded by the BCS, Fellow of the Institution of Analysts and Programmers, Certified Ethical Hacker and holder of several Security and Technology certifications.  http://www.stevencholerton.com

The encryption technology used by R10Cipher was also developed in the UK.  Blowfish is a keyed symmetric block cipher which was invented by ‘Security Guru’ and renowned author, Bruce Schneier, Chief Security Technical Officer at British Telecom, in 1993.  It provides excellent encryption and will continue to do so for the foreseeable future.  Blowfish is free of patents, and back doors, and Bruce has placed Blowfish in the public domain. 

Availability

The publisher of R10Cipher is Arten Science, a small Derbyshire based enterprise dedicated to providing quality and innovative software, security and business solutions.  http://www.artenscience.com

Award

r10cipher

r10cipher

Summary

The success of R10Cipher is primarily down to one thing:

The fact that R10Cipher provides much needed security and encryption functionality in a way that makes it accessible to anybody and everybody. Having listened to the users and let them guide the development of the product has meant that R10Cipher does what it needs to do and no more.

The R10Cipher website states:  ‘Security For All. It Just Works’ and goes on to say ‘It’s like your emails and documents are carried by a SWAT team rather than being written on a Postcard !’.  Those two statements mention nothing about 384 Bits or Blowfish or Symmetric Block Ciphers, instead they appeal directly to the man in the street who has information that needs protecting.

The fact that we listen to our users and incorporate their changes as well as the ability of R10Cipher to work on all popular computer platforms without requiring installation, that is all icing on the cake.  Very tasty icing we think.

r10cipher

@stevechol

101: Penetration Testing

Computer and Network Security 101: Penetration Testing

 

Introduction

 

Penetration Testing is an attempt to break the security of a computer system or network, under instruction from the owners or maintainers of that facility. It is an attempt to simulate an attempted break in by a computer savvy criminal. A Penetration Test gives a snapshot of the security at a moment in time, and is not a full security audit.

 

If a criminal attempts to breach your computer network they will generally follow a sequence of five steps:

 

  • Reconnaissance
  • Scanning
  • Gain Access
  • Maintain Access
  • Cover Tracks

 

It therefore makes sense that a Penetration Test follows a similar, although obviously not identical, sequence of events.

 

Planning and Preparation

 

This stage involves a meeting between the Penetration Tester and the Client. Key areas to be covered are: Scope, Objective, Timing and Duration. In addition documents must be signed to cover the Penetration Tester and the Client, generally in the form of a Non Disclosure Agreement (NDA).

 

Information Gathering and Analysis

 

This next stage involves the Penetration Tester finding as much information as possible about the company he will be asked to target. His first stop will probably be the companies own website, from there he may then consult additional online services and references. The information he is looking for is Domain Names, Server Names, ISP Information, Host Addresses and anything else that will help him build a picture of the target. The second part of this process involves Port Scanning and OS (Operating System) Fingerprinting.

 

Vulnerability Detection

 

If Stage 2 has been successful then the Penetration Tester now has all the information he needs to make the decision as to what hosts to target, and with what vulnerabilities. Some techniques he may use at this stage include Password Cracking, SQL Injection, Rootkit, Social Engineering and Physical Security.

 

Analysis and Reporting

 

This is where the Penetration Tester reports back to his Client. The information he is going to present to the client, includes the following:

 

  • An Overview of the work done
  • Detailed Analysis of all Vulnerabilities
  • Summary of Successful Penetration Attempts
  • Suggestions for the next step

 

Finish Up

 

This is where the Penetration Tester makes sure that anything he has done in the course of his work will have no effect when he has finished. For example he will remove any backdoors and additional user accounts that he has created, leaving the system how he found it.

 

The above is a quick overview only of the procedures that may be followed by a Penetration Tester while undertaking their assignment.

 

@stevechol

Online Decryption

The Online Web Edition of R10Cipher has moved and can now be found here:

http://www.webappdevelopments.com/artenscience/r10online/r10online.cgi

If you receive an R10Cipher Encrypted Message and you do not own a copy of R10Cipher, and do not wish to download and license as DECRYPT ONLY (which is FREE!), then you can use this site to decode your message.

r10cipher

@stevechol