Category: Security & Privacy

Mullvad

Mullvad VPN adds protections against AI traffic analysis

Posted on by Martin Brinkmann

One of the best things you can do to protect your data and privacy while online is to use a good VPN. Not all VPNs offer equally good protections; some even collect and sell user data.

Mullvad VPN is already offering some of the strongest privacy protections in the industry. This begins with options to buy access anonymously, but does not end there. You may also run Mullvad Browser, a hardened fork of the Firefox web browser.

Also great:

DNS Forge Review: privacy-friendly censorship-free DNS with ad-blocking

Mullvad announced a new protective feature against AI-based traffic analysis in May of this year. Defense against AI-guided Traffic Analysis (DAITA) is designed to protect user data against the growing thread of the use of AI to analyze traffic to identify patterns and users, even when VPNs are used.

This form of traffic analysis works in the following way according to Mullvad:

  • Whenever you visit a website or use a service on the Internet, network packets are transferred.
  • While ISPs and network listeners do not know the content of these packages, they do know a) the size of the packets, b) when and how often they are sent.
  • AI may identify websites, services, and even people you message based on network packages.

DAITA

DAITA is designed to protect against any form of network packet analysis to determine visited websites, services, or communication.

This is achieved in the following way (again according to Mullvad):

  • DAITA changes the size of all packets send over the VPN to be the same size.
  • Random background traffic is added to the communication.
  • Data pattern distortion by sending cover traffic between the client and the VPN server.

DAITA is available in Mullvad VPN for Android already. You need to enable ti manually under Settings > VPN Settings > DAITA.

Note that DAITA works with select servers, Mullvad lists Amsterdam, London, Los Angeles, and New York, at the time.

Do you use a VPN service? If so, which and why this one? What is your take on Mullvad’s new privacy feature? Feel free to leave a comment down below.

KeePass 2.57.1

KeePass 2.57.1 Security Update is now available after a code analysis

Posted on by Martin Brinkmann

Good news for everyone who is using the password manager KeePass. A new update is now available that fixes two minor security issues in the client. These have come to light during a code analysis that was sponsored and run by the German Federal Office for Information Security and MGM Security Partners.

The new is good, because no medium, high, or critical issues were discovered during the audit. Note that the audit focused on the actual KeePass application and not third-party forks or plugins.

Also good to know:

Should you save passwords in a browser?

The full report will be published on this (German) website later on. Previous reports have been in German, and it is likely that the KeePass report will also be available in German only.

KeePass users may want to upgrade the password manager to the new version as soon as possible. The two discovered security issues have a low severity rating.

The official release notes go through the findings and provide notes on the discovered issues. It is unfortunately difficult to understand at this point as the report is not quoted.

Closing Words

The results of the code audit should instill confidence in the password manager. I’m keeping an eye on the download page of the report to read it once it is published.

Which password manager do you use? Is it KeePass or something else? Leave a comment down below to let us all know!

Google removes Kaspersky antivirus from Google Play

Posted on by Martin Brinkmann

Things are heating up for the Russia-based cybersecurity company Kaspersky. After the company’s antivirus desktop version was hit by a ban in the United States, it is facing a second major drawback.

The details:

  • Google removed Kaspersky’s antivirus app from Google Play worldwide.
  • Google confirmed the removal.
  • Kaspersky apps remain available on the Apple App Store, third-party Android stores, and direct downloads.

Related content

Google services dominated web tracking last year

Google confirmed the removal of Kaspersky apps from Google Play in a statement to Bleeping Computer:

The U.S. Department of Commerce’s Bureau of Industry and Security recently announced a variety of restrictions on Kaspersky. As a result, we have removed Kaspersky’s apps from Google Play.

A search for Kaspersky or any Kaspersky app comes up empty on Google Play. Other antivirus apps are highlighted instead.

Kaspersky says that users may download their apps from third-party sources or from Kaspersky directly.

Kaspersky representatives say that the company is investigating the removal of its apps from the Play Store. It seems unlikely that the apps will be reinstated any time soon.

The removal is another heavy blow for the cybersecurity company. While alternatives remain available, the bulk of Android users rely on the Play Store for all-things app related.

Closing Words

Whether you truly need an antivirus solution for Android is up for debate. A good trusted VPN on the other hand is a recommended addition, if you happen to connect your device to public or third-party wireless networks at times.

What is your take on all of this? Do yo use extra security apps on Android or iOS? If so, which do you use and for what purpose? Feel free to leave a comment down below.

Cookies

Google services dominated web tracking last year

Posted on by Martin Brinkmann

When it comes to user tracking on the Internet, Google continues to have a firm hold on the top positions. Kaspersky released its annual web tracking report for the past year.

The data comes from a Do Not Track plugin that Kaspersky uses in its software products. It is designed to prevent different forms of tracking, but is disabled by default.

The key findings:

  • Google dominates tracking on the Internet.
  • Other companies that track users are Microsoft, Amazon, and Yahoo.

Note: The data comes from products from a single company. It may not reflect the monitoring landscape as accurately as possible because of that.

Google’s dominance becomes clear when you look at regional tracking. Here in Europe, Google Display & Video 360, and Google Analytics are the dominating trackers with an exposure of 17.27% and 11.93%. Third-placed Amazon sits at 9.13% and fourth placed Criteo at 6.80.

Then it is Google again with YouTube Analytics (5.65%), Microsoft with Bing (5.33%) and Google again with Adsense (5.23%).

In North America, it is again Google Display & Video 360 (16.84%) that dominates. Amazon is second this time (9.08%), but then it is Google again with Analytics (8.42%). Google is also placed fifth and sixth in North America.

The situation is similar in other regions. In Latin America, Google holds the first three spots and the fifth. In the Middle East, Google holds the first four spots. In Africa, it is the top three and the sixth.

It is interesting to note that some Google services lost eyes on users compared to the year before in many regions. Growth was limited to East Asia and Commonwealth of independent states. Google’s monitoring declined in all other regions, but it still dominates by a large margin.

Google Adsense and YouTube Analytics are the two exceptions. They managed to increase significantly in nearly every region.

You can check out the entire report on the Secure List website.

How do you protect yourself from tracking? Do you run content blockers? Other options? Feel free to leave a comment down below.

Defender Teaser

ConfigureDefender: open source tool to manage Microsoft Defender settings

Posted on by Martin Brinkmann

Microsoft Defender is the default security solutions on all modern versions of Windows. Users have to become active to replace it with another security solution. It is probably a safe bet that Defender is the tool on most Windows 10 and 11 systems.

It is different from tools like SuperMSConfig, which provide broader tweaking options.

The operating system offers several options to configure Microsoft Defender. The most common for home users is to use Windows Security. It divides settings on multiple pages and subpages, and may leave out some settings depending on certain factors.

ConfigureDefender is a long-standing open source tool to improve this. Just launch the small app after you have downloaded it from its GitHub repository to get started.

The app displays all settings on a single page.

You have two main options now:

  • Change individual settings directly.
  • Use a preset to change the status of multiple settings at once.

Presets offer a quick way to change settings, but it is rather difficult to understand what each setting does. Max, for example, looks like it would set everything to the highest values, but you still do not know what that actually means.

ConfigureDefender supports four presets: default, high, interactive and max. Default is handy, as it resets all settings to their default values.

A click on the info-button opens a readme with the information. There you find information about each preset. It will take some time to go through the listing though.

The second option gives you full control over the settings. Some users may have difficulties understanding what some of the settings do. While experienced users may understand that PUA Protection refers to “potentially unwanted applications”, inexperienced users may not.

It may be necessary to search for specific terms on the Internet to find out what they do.

The program supports a large number of settings. These are divided into basic, admin and exploit guard settings. Each preference is modified through a simple menu. Click on the menu and ConfigureDefender displays the available options. Pick one and hit the refresh button. The program reminds you that a restart of the Windows PC is required to apply the change.

Closing Words

ConfigureDefender speeds up the configuration of Microsoft Defender on non-managed systems. It is easy to use, especially for users who know what each of the settings do. New users may need to spend time in the beginning researching some of the preferences to understand what they do.

All in all, it is a useful helper app for Windows users.

Which security solution(s) do you use? Is Microsoft Defender one of them? Feel free to write a comment about this.

Bitdefender launches security product promising 24/7 YouTube account protection

Posted on by Martin Brinkmann

Bitdefender Security For Creators is a new security product that the company says helps creators focus on content creation and growing their communities instead of the management of security tasks.

So, what do you get when you sign-up for the product?

  • YouTube channel and account monitoring, alerts for “alerts for mass deletion of videos, alterations to account name, profile picture changes, descriptions and more”.
  • Phishing protection that flags “phishing and scam emails” automatically.
  • Hacking prevention that protects logins and sensitive data against “infostealers, online threats, and hidden malware designed to steal your information”.
  • Account recovery assistance that provides users with step-by-step guides to recover account access or data.

Some of these features are unique. This includes the YouTube channel and account monitoring feature. Others, not so much. Most antivirus solutions offer phishing protections. Unless BitDefender has found a unique way to handle those, you best bet is to stay alert regardless of that. Some phishing emails will bypass protections.

The price is quite hefty for the product. Bitdefender Security for Creators is available for $15 per month or $180 yearly, and that is already 50% off the regular price.

While that may not be much for content creators who have millions of followers, it is a sizeable sum, especially when compared to regular security services and products.

Also, YouTube is the only service that it monitors right now. That leaves plenty of other services, Twitch, Instagram, Facebook, TikTok, and others. Whether these will be added in a future update is unclear. Bitdefender confirms that it is working on adding other platforms soon. It mentions Instagram and TikTok specifically.

There is a 30-day money back guarantee and also versions for teams of up to three or five. These cost $18 or $21 respectively.

Closing words

Bitdefender Security For Creators is a product for content creators who want to protect their accounts. The monitoring is the key feature that separates it from regular antivirus solutions.

This is limited to receiving alerts, however. When someone mass deletes your videos, you should know. But you receive the alert once the software detects the mass deletion. This also means that someone got access to the account.

I can see this becoming popular with a specific breed of creators, especially once new services do get added to the monitoring and alerting functionality.

What is your take on this? Would you say this is a product designed for a specific audience that could do well, because of that? Feel free to leave a comment down below.

VeraCrypt interface

VeraCrypt: first update of the year improves security and fixes bugs

Posted on by Martin Brinkmann

The developers of the open source encryption software VeraCrypt have released VeraCrypt 1.26.14 for all supported platforms. The new version adds a notification if volumes are affected by the XTS master key vulnerability.

The issue was fixed last year in VeraCrypt 1.26.7, but only for newly created volumes. While unlikely even then, the newly added notification ensures that users are informed if one of their encrypted volumes are still affected by the vulnerability.

Installation or upgrade

The new release installs over existing installations. This should not be problematic for most users. A system restore point is created by default during the installation. Note that a restart is required to complete the process. You cannot mount volumes until the final restart.

VeraCrypt 1.26.24 does not mount TrueCrypt volumes anymore. This was the case for last year’s release as well, but is still noteworthy.

If you still have an old TrueCrypt volume, e.g., on a removable drive you have not touched for years, you may want to use an earlier version of VeraCrypt to decrypt the encrypted volume before you encrypt it again using the software.

Note that you may download older VeraCrypt versions from the official project website. VeraCrypt 1.25.9 was the last to support TrueCrypt volumes.

An overview of the changes of VeraCrypt 1.26.14

The update is a bug fix release for the most part. It does come with updated translations and documentation as well as some compatibility improvements on non-Windows systems.

Here is a short list of the most important changes and fixes:

  • Windows: VeraCrypt Expander: Fix expansion of volumes on disks with a sector size different from 512.
  • Linux: Enhance ASLR security of generic installer binaries by adding linked flag for old GCC version.
  • macOS: Fix near zero width PIM input box and simplify wxTextValidator logic.
  • FreeBSD: Support automatic detection and mounting of ext2/3/4, exFAT, NTFS filesystems.

You can check out the full changelog here. As you can see, it is mostly maintenance related changes and a fix bug fixes.

Closing Words

Still, it is a good idea to upgrade to the new version because of these fixes and the notification if one of the volumes has a vulnerable XTS master key.

Now You: do you use encryption software? Maybe even VeraCrypt? Or do you swear on a different software? Feel free to leave a comment down below!

Firefox

Mozilla removes Adjust marketing integration from Firefox Mobile

Posted on by Martin Brinkmann

Mozilla has used Adjust in Firefox for mobile products for years for a very specific purpose: to determine if the installation of the mobile browser originated from an advertising campaign.

In other words, Adjust helped Mozilla track conversions of its advertising campaigns. It also send anonymous usage summaries occasionally, according to Mozilla.

Starting in Firefox 129.0.2 for Android and iOS, Adjust appears no longer integrated in the Firefox browser.

When you check Settings > Data Collection after upgrading to the latest version, you will notice that the Adjust option is no longer listed.

Firefox Mobile Adjust Marketing
Left side: Firefox with Adjust. Right side: Latest Firefox without Adjust

The Marketing data option is no longer available. It allowed Firefox users to enable or disable the sharing of usage data with Mozilla.

Mozilla did not mention the removal in the official release notes. It is therefore unclear why it has been removed, if you just look at the changelog.

Bugzilla listings confirm that this has not been done in error. Bug 1913363, for example, confirms the removal of the “metric service” and the toggle in Firefox. (via Sören Hentzschel)

Closing words

The removal addresses a major issue that some users have with Firefox: that the browser’s defaults are not ideal for a browser that strives to protect the privacy of users.

With Adjust gone, there is one less thing to worry about in this regard.

Which browser do you use on your mobile devices? Why do you use that browser and not another? Feel free to leave a comment down below.

Advertising

Oh look, Google ads are again used to scam Google Search users

Posted on by Martin Brinkmann

Threat actors have launched another malvertising campaign on Google Search. While that is not really anything to write about anymore in this day and age, this time is special.

Not only did the threat actors manage to plant scam ads on Google, they did furthermore impersonate Google’s entire product line and used Google domains for the scams. If that is not something to write about.

The story comes from Malwarebytes. Security researchers at Malwarebytes discovered the campaign.

Here are the details:

  • The campaign was run on Google Search.
  • The threat actor used Google’s Looker Studio service to show the google.com domain as the address.
  • The ads targeted Google {product}, e.g., Google Translate or Google Flights.

Even after Malwarebytes reported the ads to Google, ads that impersonated official Google products continued to show up on Google Search.

Locker Studio is a service by Google that creates “interactive dashboards and beautiful reports” from data.

The scammers used the service to display a copy of the Google Search homepage. The homepage is just an image with a hidden link. When the victim clicks on the image, the link is triggered.

The user is then redirected to fake Microsoft or Apple alert pages. These go into full screen mode and play a recording according to Malwarebytes. The alerts suggest that something is not right.

They display a number to call for support and also a form to type the Microsoft account name and password.

Calls land in overseas call centers that try to scam the callers into purchasing gift cards or logging into their bank accounts to pay for the support.

The URL used in this case is on a Microsoft Azure domain, which is designed to instill further trust.

Closing Words

There is not much to like about ads nowadays. They slow down web browsing, use additional bandwidth, collect data about users, and may be distracting. If that is not enough, they may also push ads, as seen over and over again.

The only thing that is positive about ads is, in my opinion, that they allow certain services or publications to exist. There are not viable alternatives. While subscriptions are picking up, this won’t work for everyone as users seem to be fed up already with the ever increasing list of services that is asking for a monthly or yearly payments.

More safeguards need to be in place to prevent blatant abuses like the one discovered by Malwarebytes.

What is your take on this? Feel free to leave a comment down below.

Encryption

Windows 11: Device Encryption will be enabled automatically in these cases

Posted on by Martin Brinkmann

The next feature update for Windows 11 enables automatic device encryption for users of the operating system. This happens automatically in the background and for most users, but there are exceptions.

What is Device Encryption and how does it differ from BitLocker Drive Encryption?

Device Encryption is based on BitLocker, Microsoft’s encryption technology. It is an automatic system that will encrypt the Windows partition and other fixed drives.

In other words: most drives that are internal will be encrypted by Device Encryption.

Encryption protects data on the drives to prevent unauthorized access.

BitLocker Drive Encryption on the other hand is only available for Pro, Enterprise, and Education editions of Windows. It gives administrators control over the technology and needs to be enabled manually.

The change in Windows 11 24H2

Starting with the release of Windows 11, version 24H2, Windows 11 will encrypt drives automatically using Device Encryption in the following cases:

  • During first sign-in with a Microsoft account, or work or school account.
  • During first set up of the device, if a Microsoft account is used.

Windows 11 will start the encrypting of the drives immediately in the background.

Windows users who create a local account during set up won’t have their drives encrypted. Microsoft notes here that it is possible to do that manually though.

Note: Microsoft is making it harder and harder to set up Windows without a Microsoft account. It is still possible, but most users are probably unaware of this.

Enabling or disabling Device Encryption manually

Device Encryption setting in Windows 11
Device Encryption setting in Windows 11

You need to sign-in with an administrator account to manage Device Encryption. Also, it is possible that the feature is not supported on the device.

Here is how to find out and manage it:

  1. Select Start and then Settings to open the Settings app.
  2. Go to Privacy & security > Device Encryption.

If you do not see Device Encryption on the page, it is either unavailable on the device or you are signed-in with a standard user account.

Device Encryption offers a simple toggle to turn the feature on or off.

How to find out why Device Encryption is now available

Here is a step-by-step guide on finding out why Device Encryption is not supported.

  1. Open the Start menu.
  2. Type System Information.
  3. Select Run as adminstrator.
  4. Scroll down to Automatic Device Encryption Support or Device Encryption support.
  5. Hover over the entry to see the reason why it is not supported.

What is your take on Device Encryption? Do you use BitLocker encryption on your devices? Let us know in the comments below.