LOCKBOX

New Look, New Blog

Kevin Lam — Wed, 01 Feb 2012 19:06:42 +0000

We recently re-launched our Website at http://www.golockbox.com to better reflect the companies strategy and direction. This also means that we’ll be discontinuing our blog at this site, moving everything over to http://www.golockbox.com/blog/. Thanks and please update your RSS feeds!

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service

LOCKBOX SFT 1.5.12 is Released

Kevin Lam — Sun, 25 Dec 2011 06:01:06 +0000

Version 1.5.12 is finally here and pushed out to the production servers. As always, our customers don’t need to do anything to get this update. Happy holidays and let us know if you experience any problems with the latest service at support@golockbox.com.

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service

You Can Still Protect Sensitive Data on Your Computer (Even if it’s Stolen), Know How?

Kevin Lam — Mon, 28 Nov 2011 23:05:20 +0000

A friend sent me this story about how nearly 17,000 patient records were stolen from a laptop that was taken from a consultant’s car. Here’s how you can protect the sensitive data on your computer or laptop (even if it’s lost or stolen) with just the system you’re using right now.

If I took your laptop right now, I could access that data in just a few minutes, probably less. Really I could. And, I wouldn’t even need to know your computer account password. That is unless that data was encrypted …

If you don’t know what encryption is, it’s simply the process of scrambling data so that it’s difficult to read. In order to read the data, or “decrypt” it, you need a secret key that no one else but you knows, such as a password.

Sounds complicated? Expensive? It’s neither. Everything you need is already built-in on the operating system you’re using right now.

Microsoft Windows: If you’re using Windows 2000 or later, you can encrypt file folders using a feature called Encrypting File Systems (EFS). EFS is pretty dead easy to use. All you need to do is right click on any folder that you want to encrypt, select Properties, then Advanced and check the encryption check box. Any data saved in these folders gets encrypted automatically. If you want even more security and you’re using Windows Vista or later, you can encrypt your entire computer drive using a feature called BitLocker Drive Encryption.

Apple Mac OS X: If you are using Mac OS X you have a feature called FileVault which encrypts your entire home folder, similar to Windows EFS. Starting with Mac OS X “Lion” and later, you can also encrypt your entire computer drive using FileVault 2.

Linux: If you are using a Linux distribution, like Ubuntu, encrypting data is a little more involved than on Windows or on a Mac, and requires some IT expertise. Here’s how to create encrypted private folders, home folders and partitions.

Remember that in order for encryption to be effective, the secret used to protect the data needs to be difficult to guess. Many of the tools above uses your account password. This means that 1) you need to have a password in the first place, and 2) that the password you’re using is strong.

Take care, and good luck.

–Kevin

P.S. Stolen laptops are just one of the many ways identity thieves and malicious hackers can get a hold of your customer’s data. Learn how you can put real Internet security experts to work for you and your customers with our affordable, easy to use secure file transfer service.

The Best Tip You’ll Ever Get On Cleaning and Preventing Virus Infections

Kevin Lam — Tue, 01 Nov 2011 20:35:19 +0000

Earlier this month, the U.S. Drone Fleet was hit by a computer malware that appeared to be logging keystrokes sent to the drones. What’s interesting about the report is that the malware has resisted several attempts by the military to cleanse the infection. In other words, as soon as they clean off one instance of the malware, it pops up elsewhere!

Malware comes in all sorts of sophistication flavors, but here’s a small piece of professional advice that will help you the next time your computer gets infected and help you prevent most future infections:

Create an administrative account on your computer that you use only for emergencies. Don’t forget to assign a good strong password to this account.
If your current login account is running as an administrator, change it to a standard or non-administrator account. This is the account that you use day-to-day.
The next time you suspect that your computer has been infected, completely log out of your day-to-day account, and log into your emergency administrator account.
From your emergency administrator account, run your virus or malware scanner and remove the infection.
That’s it!

The secret to the above process is in steps #1 and #2. Step #1 sets up an account that has the capabilities and system security privileges to remove a majority of infections. Step #2 places controls on your account, so that if it does get infected, the infecting program can not compromise the rest of the computer do things like resist removal attempts.

This approach has helped me numerous times, from helping family members remove infections from their home computers to assisting Fortune 500 companies analyze, remove and prevent malware infections on critical networks.

Good luck,

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service

LOCKBOX SFT 1.5.9 is Released

Kevin Lam — Tue, 04 Oct 2011 15:59:41 +0000

After what seems like months and months of gathering customer feedback, code development, testing and then doing it all over again, I am happy to announce that LOCKBOX SFT version 1.5.9 is finally here! Version 1.5.9 is stuffed with a bunch of new features and improvements, but here are some of the key ones we think you should know about:

Login-less access: Now it’s even easier for your customers to access data securely, because now they don’t require an account on our system to do so – this feature is perfect for less technical users!
Full API access: Developers can now quickly and effortlessly build applications that transfer data across the Internet, securely and privately.
2-factor authentication: This feature help prevents hackers from accessing your account even if they know your password
An improved administrator panel: Our Business Premium customers now have even great control of their LOCKBOX SFT instances.
Many performance and UI improvements

Thanks and let us know if you experience any problems with the latest service at support@golockbox.com.

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service

LOCKBOX SFT 1.5.6 is Released

Kevin Lam — Sun, 29 May 2011 20:52:47 +0000

The production servers just got updated to version 1.5.6. Normally we like to release more often, but we have strict software quality release criteria that we just won’t bend on (and that’s a great thing!).

Many minor updates went into this release, including:

Improvements to Web UI
Improvements to file transport speed
Additional security protection layers, namely a custom module we wrote for PayPal’s HTTP Strict Transport Security compatible browsers like FireFox and Chrome

Thanks and let us know if you experience any problems with the latest service at support@golockbox.com.

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service

Epsilon Email Hack, and What You Can Do

Kevin Lam — Mon, 11 Apr 2011 20:30:41 +0000

Last week email marketing firm Epsilon had their systems breached according to several sources, such as CNN. Customer email lists of major companies like TD Ameritrade, Citi, AT&T, 1800Flowers, and more were reportedly stolen as part of that breach. What this means for you is that instead of receiving random phishing emails from companies that you don’t have accounts with, you’ll likely start receiving more targeted phishing emails from companies that you do have accounts with (which some security folks have termed ‘spear phishing’). Here’s what you need to do to better protect yourself over the next couple of months.

What You Can Do

When it comes to phishing email attacks, we’ve all been taught to look carefully at links before we click them, making sure it’s from a trustworthy source. I want you to shelve this idea for a little while and get into the habit of “manually typing in URLs“. That’s right. If you receive an email, for example, from Bank of America indicating you need to change your password with all sorts of links to click, ignore them (even if they look 100% legitimate and you actually do have an account with that bank), open up a Web browser and manually type in the URL for Bank of America that you personally know and trust.

The reason for this is because of what is known as a open redirection vulnerability. This type of vulnerability allows hackers to present you with a valid URL that you recognize and trust, but when you click on it you’ll still get redirected to a fraudulent site designed to steal your passwords. Get into the habit of actually manually typing in URLs for your important accounts and this problem almost goes away entirely. Your accounts stay safe, and everybody (but the bad guys) wins.

Good luck,

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service

Yet Another Celebrity Gets Hacked, Top Things You Can Do Right Now to Protect Your Online Accounts

Kevin Lam — Wed, 23 Mar 2011 05:14:31 +0000

This came across my desk this morning http://www.smh.com.au/lifestyle/people/natalie-portman-joins-list-of-compromised-celebs-20110322-1c4bt.html. It’s an article about how celebrities are getting their online accounts hacked, and the latest victim being Natalie Portman from the movie Black Swan.

Celebrity or not, we all have online accounts (Facebook, email, bank, etc.) and data we wish to keep private and secure. Here are the top 3 things that you can do right now to help better ensure that your online accounts don’t get hacked into:

Use ~~strong~~ very strong passwords. As someone who professionally and legally hacks into computer systems I can’t stress this one enough. Almost every network we’ve been contracted to assess, weak passwords (passwords that are easily guessed) were a problem 8 times out of 10. Check out this article on how to pick strong passwords. It’s a short read and it will put you well-ahead of the curve.
Don’t reuse passwords. Is your online banking password the same as your Facebook password? Or how about your LinkedIn password? If you’re re-using passwords, you’re putting your online accounts at risk to get hacked into. Get into the habit of using unique passwords for all your important online accounts.
Don’t use public computers to access your online accounts. Whenever I am at the shopping mall, or on business travel I see people make this mistake constantly and that is logging into their online accounts using public computers, such as store display computers or hotel kiosks. Hackers can install what’s called a keystroke logger program onto these computers and record every keyboard key pressed, such as your online user name and password as you are typing them. I once saw someone logging into their online banking account using a display computer at a Best Buy. Very bad idea. I am willing to bet money that his online account is already hacked, in the hands of an identity theft ring and he probably has no idea either. Don’t be that guy — avoid using public computers to access your online accounts.

On the topic of #1 and #2, there are plenty of password manager applications you can use to help you easily create and kept track of your strong passwords. We recently developed a password manager for iPhone, but you could easily achieve the same results by writing them down on a piece of password and keeping that paper in a secure, physically locked location like a safe. Here is the password tracking template (LOCKBOX – Password Sheet – Template) I was using for several years and kept in a safe before I switched to electronic tracking of my passwords. It’s not very fancy, but it will get the job done if you decide to go this route.

Good luck,

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service

LOCKBOX Passwords iPhone/iPod Touch App just went live!

Kevin Lam — Thu, 10 Mar 2011 00:35:28 +0000

And here I thought today couldn’t get any better … I just received an email from Apple notifying me that LOCKBOX Passwords just went live on Apple’s AppStore!

If you’ve got lots of passwords to remember and don’t want the pain of having to write them all down on paper all the time, then this app is for you! Check it out on the AppStore at http://itunes.apple.com/us/app/lockbox-passwords/id420857097?mt=8&ls=1.

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service

LOCKBOX Passwords iPhone App is Releasing Soon

Kevin Lam — Tue, 22 Feb 2011 17:44:49 +0000

In our efforts to continue enabling businesses and professionals to protect their customer’s personal data, we will be releasing our iPhone app called LOCKBOX Passwords shortly on the Apple iTunes store. Until then, here’s a brief description.

— START —

LOCKBOX Passwords is an iPhone and iPod Touch application that enables you to manage your most sensitive passwords. It frees you from the pain of having to memorize multiple passwords and lets you access them conveniently from your mobile device. LOCKBOX Passwords features enhanced security features that add additional layers of protection for your data. Unlike other applications that try to do everything under the sun, this application focuses on being the best at managing and protecting your passwords.

— END —

Stay tuned!

–Kevin

LOCKBOX SFT, the easiest to use and most secure file transfer service