I’ve talked a lot about HTTPS (and we talked about it in podcast Episode 054), but no one really explains how to make sure your connection is really valid. In some situations I have wanted to look beyond the green padlock icon. This concern has grow with reports of various public Wi-Fi services intentionally breaking HTTPS connections. Hardware manufacturers have shipped devices with what amounts to pre-installed malware for the same purpose. I’ve written about this before but I thought it was worth doing a video on HTTPS certificate fingerprinting.
HTTPS – What it is and Isn’t
Before we go into that, let’s talk briefly about why HTTPS is important. Most people know that it’s important, but not many people know why. An HTTPS (Hypertext Transfer Protocol [Secure]) connection is one that is encrypted from your device to the website you are visiting. The encryption is ridiculously strong AES-128. These connections, if established properly, are (currently) impossible to break…assuming the correct “handshake” has been made and and you haven’t been served a bogus certificate. Making sure you haven’t been served a phony cert requires HTTPS certificate fingerprinting as described in the video.
The encryption a proper HTTPS connection offers is excellent. I always recommend using HTTPS versions of sites and running HTTPS Everywhere in your browser. It is not a substitute for a VPN, however. HTTPS does not protect your packet headers. The URLs to which your browse to are completely exposed in these headers, as is your true IP address. I consider this a strong layer of security, but only a layer in a much bigger picture.
Without further ado, check out the video!
HTTPS Certificate Fingerprinting
The website I talked about in the video: https://www.grc.com/fingerprints.htm
VeraCrypt volume level encryption is perhaps one of the most common ways in which this program is utilized. It is also how I first became acqauinted with this TrueCrypt, it’s predecessor. If you are just starting with VeraCrypt, creating a working with a few volumes is a great way to ease into using encryption. If you don’t already have VeraCrypt, your first step will be to download and install it. Continue reading “VeraCrypt Volume Level Encryption”
A little known feature of FileVault is the ability to create encrypted volumes. Volumes are essentially encrypted file containers that can store a file or set of files. Volumes can be copied, emailed, burned to a DVD, or just set up as an additional layer of encryption for especially sensitive files. FileVault volume level encryption allows you to do this without needing a third-party application like VeraCrypt – assuming you don’t need to share these volumes with other operating systems.
Continue reading “FileVault Volume Level Encryption”
Encrypting external media is important. During the next part of this series on encryption I am going to discuss encrypting external media like USB flash drives or external hard drives. Because these drives are used as backups or to store sensitive data, and becaus they are easily lost, encrypting them is just as important as encrypting their hosts. Today’s post will cover using BitLocker external media encryption or as it is officially known, BitLocker To Go. Continue reading “Bitlocker External Media Encryption”
Encrypting external media is important. During the next part of this series on encryption I am going to discuss encrypting external media like USB flash drives or external hard drives. Because these drives are used as backups or to store sensitive data, and because they are easily lost, encrypting them is just as important as encrypting their hosts. We will begin again with FileVault external media encryption. Continue reading “FileVault External Media Encryption”
If you are a Linux user, you probably already know that you have excellent full disk encryption built-in. This is offered through the “Linux Unified Key Setup” or LUKS. Enabling LUKS full disk encryption when setting up a new machine is incredibly simple. Continue reading “LUKS Full Disk Encryption”
Windows users looking for a free full disk encryption option should consider VeraCrypt full disk encryption. VeraCrypt seems to have become the de facto replacement for TrueCrypt. Most former TrueCrypt users I know have migrated to it, including me. VeraCrypt is an important software because, as of now, it is perhaps the most trusted free full-disk encryption programs available for Windows machines. Continue reading “VeraCrypt Full Disk Encryption (Win7)”
Bitlocker is Windows’ OEM full disk encryption software. Though VeraCrypt 1.18 now advertises support for Windows 10/UEFI machines, I recently have had issues with it. And since I couldn’t make it work, I’m not going to recommend it to you as your sole option. This means that BitLocker may still be the best viable full disk encryption option for a good percentage of Windows users. This is unfortunate but since it’s currently the best option, I’m going to cover BitLocker full disk encryption for Windows 10. Continue reading “BitLocker Full Disk Encryption”
FileVault is one my favorite out-of-the-box features of Mac computers. FileVault is Apple’s built-in disk encryption utility. Recently Apple has been publicly leading the way in encryption and privacy issues, and when digging into the features it becomes obvious that this focus is not a mere afterthought. While on the surface it seems simple, FileVault provides far more robust capabilities than you might imagine. Unfortunately, some of these options are not immediately apparent. I recently began exploring some of these options. Due to the amount of information, this will be another multi-part series. Today we will cover FileVault full volume encryption. Continue reading “FileVault Full Volume Encryption”
Readers of the Your Ultimate Security Guide series and the Complete Privacy and Security Desk Reference know that I am whole-heartedly in favor of full disk encryption. Throughout this month, National Cyber Security Awareness Month, I have promised to bring you a daily blog post. A huge focus of those posts will be on disk encryption. I will cover specifics for the following operating systems: Mac (FileVault), Windows (Bitlocker and VeraCrypt), Linux (LUKS), Android, and iOS. Before we delve into specifics, I would like to first discuss what full disk encryption is and why it matters. Continue reading “A Full Disk Encryption Primer”