The Cocoon Blog
The Internet as it should be: private, secure and virus free

The typical user has very little control over security and privacy settings of mobile devices. Many users are drawn to jailbreaking their devices so that they can manipulate tightly restricted and locked-down mobile operating systems. This comes at the cost of voiding device warranties.

One US company, Flurry Analytics, tracks 1.4 billion app sessions a day from more than 600 million smartphones and tablets. It offers more than 70,000 companies the chance to ”identify your best segments by demographics, interest, geography, usage and more”.
Advertisement

US-based researcher and consultant Ashkan Soltani said people are most valuable to advertisers when they have a baby, a house or a spouse. –SMH

I recently signed up for beta testing a new privacy tool; Mobilescope [a limited beta], and currently am awaiting the invite. The idea behind Mobilescope is to monitor your mobile apps and what they do behind your back. According to GCN, Mobilescope will tell you what type of data leaves your phone and which apps are responsible for the traffic.

MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps:

We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows. –Schneier on Security

Remember earlier this year when Path apologized for uploading user’s entire iPhone address book without user permission?  With a tool like Mobilescope – we would quickly become aware of what mobile apps are doing  behind our back.

I’m a coffee shop connoisseur; the most frequent mistake I see with fellow java-lovers is the ease with which they leave their iPhones or iPads lying on the table when they go to retrieve their order. My iPhone is like a third hand when I am in public space; I never let it out of my sight.

When I am in the city (or a high crime rate area), all my devices are carefully concealed. I never give criminals an open invitation to mug me. My Jeep never announces that any semblance of technology exists within.

The lucrative secondhand market for today’s niftiest handsets has produced an explosion in “Apple picking” by thieves. A used iPad or iPhone can fetch more than $400. –ROLFE WINKLER | The Wall Street Journal

After pressure from Congress, regulators and police departments-  the FCC and four major US carriers (AT&T, Sprint, T-Mobile & Verizon) have agreed to form a national joint blacklist database so that stolen devices will not be able to obtain new service. This service should be available sometime in October 2012.

Verizon currently does not allow devices that are stolen to be operated on their network. Sprint cuts off phones that have been reported as stolen and T-Mobile suspends accounts that report stolen phones. AT&T was slow to jump on the bandwagon – but was pleased to join the blacklist initiative.

iCrime

There is a certain mindset that dances to the tune “This could never happen to me!” Get over it already because iCrime could easily happen to you. Gadget theft is big business. My daughter recently experienced the bitter reality of iPhone theft when Siri danced away from a neighborhood BBQ in the arms of a stranger. She was devastated. I couldn’t say “I told you so,” because sometimes people think that the world is made up of entirely nice people.

How can you beef up your security?

Within one hour, Mat Honan of Wired lost his entire digital life to hackers – why? Through the use of social engineering tactics, hackers tricked Apple service reps into granting access to Mat’s iCloud account. Unfortunately, two of his online accounts was daisy-chained – enabling the hackers to gain access to his Gmail and Twitter account. It was a difficult and extremely harsh lesson for Mat to learn and many of us on Twitter sympathized with his pain.

I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. I shouldn’t have daisy-chained two such vital accounts — my Google and my iCloud account — together. I shouldn’t have used the same e-mail prefix across multiple accounts — mhonan@gmail.com, mhonan@me.com, and mhonan@wired.com. And I should have had a recovery address that’s only used for recovery without being tied to core services. –Mat Honan | Wired

Learn from Mat.

Security comes with a price

You are going to have to make a choice between security and convenience. I have learned that inconvenience is one giant step toward fighting iCrime. Backing up data, using complex passwords, disabling services that could open the door to stolen devices – is mandatory when it comes down to proactive versus reactive.

I never want to place myself (or my devices) in a “reactive” position!  I am the type of person that often plans ahead for security disasters. It is the same reason that I use digital surveillance (to upload real-time office images to a remote server) – I take the necessary time to configure and manage my digital assets in order to make life miserable for a potential thief or hacker.

 The Top Ten

1- Backup your iPhone and check the option to encrypt data. You won’t know how much you miss until your iPhone becomes wiped or stolen…

The simplicity of iPhone is that all you have to do is connect your iPhone to iTunes and let it do it’s magic. I use a Windows laptop to back up to the cloud and a Mac to backup locally. I don’t take any chances that either the cloud or the local backup is going to screw me over. Be paranoid – it’s worth it.

2- Use a complex password and set auto-lock on. Strong passwords are still key…

Strong passwords are the first roadblock against thieves and hackers. Don’t bother using a “simple passcode (4-digit numeric) – though there are 10,000 possible combinations for a simple passcode, the complex password offers the strength of 77 to the 37th power.

How do I do it? Navigate to your Home Menu > General > Passcode Lock On > [enter your 4-digit passcode]  Select Turn Passcode off > [enter your 4-digit passcode] Enter Your New Passcode > Click on  Next > [Re-enter your new passcode] and click on DONE.

Also, be sure to Set Auto-Lock to ON: Settings > General > Auto-Lock > Choose 1-5 minutes. Auto-lock is not a strong security function by itself, but when combined with a strong password – it becomes part of a strong security feature.

3- Enable Erase all data on this iPhone after 10 failed passcode attempts. Go to Settings > Passcode Lock > Enter Your Passcode > Click on Done > Erase Data = ON > Enable

If someone steals your iPhone and tries to brute force it, they will be out of luck on the tenth attempt, (when trying to break your passcode) and your phone will be wiped and returned to factory defaults.

4- Enable Find My iphone.  You can download Find My iPhone from the app store or access it through iCloud. You will need to enter your Apple ID and password to access it.

5- Keep your iPhone updated at all times! Simply plug it in to iTunes or download Lookout Mobil Security from the app store.

6- Download apps that come from reliable sources - Such as the App Store. If your phone is jailbroken, Cydia might be the only answer.

7- Disable Bluetooth. Only turn it on when you need it.  Go to Settings > General > Bluetooth > Off

8- Turn off SMS preview. This option is not critical but it can stop a thief from viewing your incoming messages!

9- Manage location settings. Use location settings on a per-application basis only. Go to Settings > Location Services > Turn off all unnecessary apps.

10- Secure your Internet connection . Public Wi-Fi may appear convenient but an unsecure connection can leave you vulnerable to attack. Never allow your iPhone to automatically connect to a wi-fi network. Go to Settings > Wi-Fi > Ask To Join Networks > OFF

Risky behavior on potentially unsecure wifi

67% access personal email
63% access their social network acct
31% shop online
24% access their bank account

Cocoon and its iOS app GetCocoon create a barrier between the user and the Internet, leveraging secure, SSL-encrypted connections to each Internet activity (similar to what banks use). Cocoon eliminates tracking, “man-in-the-middle” attacks, and WiFi sniffers.

The potential for you or me to become the next victim of cybercrime is something that we both need to think about. I’ve been a victim a few times and I can tell you that it is frightening to be on the short end of the cybercriminal stick.

My heart was pounding…

Late one afternoon (in early 2011) my bank balance appeared to be dropping fast, and the only connection I could see was that it involved Megaupload Limited and PayPal. I contacted both PayPal and the 800 number to my bank, but I honestly did not feel as though they were doing enough to resolve my situation. The theft was happening in real time! So I did the next best thing and jumped on Twitter and tweeted that an account using  Megaupload Limited was draining my bank account via paypal! (At that time my main bank account was still back east in New Hampshire).

Twitter can be used as a powerful forum to get your point across if you know who to tweet to and the correct hash(#) tag(s) to use. It wasn’t long before I was on the phone with managers from PayPal and the bank and all was made good again. A story like mine does not always end as sweetly.

The victims of cybercrime suffer…

For victims like Michelle Marsico who owns a small business based in Redondo Breach, California; logging into her bank account one day turned into her own personal horror flick when she realized that half a million dollars was hauled off by money mules. Cybercriminals will stop at nothing to get what they want and they do not care if they take your grandparents life savings or rob your child’s college fund. If the money is there and they can find a weakness in security, a vulnerability in a web app, or an open door that lets them in – your money will become their money.

According to Bloomberg Businessweek: Online banking fraud is primarily carried out in two ways. In a phishing attack, criminals impersonate bank websites in order to get unsuspecting users to provide their login credentials. The other modus operandi of online banking frauds is to install keystroke-logging malware.

Of course there are other banking attack vectors such as man-in-the-middle attacks, man-in-the-browser attacks, cross-channel attacks and pharming (Trojan horse/virus on the victim’s computer). At times Internet  threat possibilities can become quite overwhelming.

Time for the geek-gal stuff…

I use desktops with Vista and Windows 7, an iMac, a laptop (Win 7), a Linux server, an iPhone and an Android. I find myself layering different operating systems with whatever flavor works for me. On Windows and iMac I generally use Cocoon in varying capacities and also use Cocoon on my iPhone as my primary browser of choice. On my Linux machine I am mainly inside my terminal and rarely use a browser. If I am on public Wi-Fi – Cocoon is my top choice for browsing the Internet.

I also find times that I use other services such as TorProject, Abine, and Hotspot Shield. It all depends upon the nature of what I need to do online when I am away from home or traveling. I am a very strong advocate of Internet security and privacy and appreciate having a multitude of online tools to choose from!

In a nutshell…

 There is no all-in-one solution for online privacy and security. 2012 is the year of layering. We are at a point in our digital lives where we need to steer the ship away from the hacker-reef. We need to take account of all of the solutions that are currently available to us for online security and privacy and utilize them via layering so that we can enjoy our online experience instead of fearing it.

A little bit of Cocoon history…

Cocoon began in 2008 with co-founders Jeff Bermant and Brian Fox. Jeff had a really bad experience when his server was toasted by a virus that spammed friends and colleagues with 30K messages a day. CTO, Brian Fox – (we all know him as the original author of the GNU Bash shell) teamed up with Jeff and founded GetCocoon from Virtual World Computing (VWC). In October, 2011 – Vernon Irvin, became the President and COO of VWC – and continues to nurture and lead the Cocoon service into avenues that will protect us and the most vulnerable  among us- our children, teenagers and grandparents.

How did ‘Teksquisite’ enter the mix…

The VP of Marketing, David Washburn approached me on Twitter in early 2011, possibly around the time I was tweeting about my PayPal account dilemma! I agreed with their company vision and have consulted with them since January 2011. They are a great team and work really hard to bring online privacy and Internet security to everyone. It is not always an easy endeavor.

Stay tuned for more cybercrime blog posts soon

My question to you: How do you stay safe online?

AppPicker’s mission is to provide a better way to discover iOS and Mac apps that are best for you…

You can read their full review here and you can also follow AppPicker on Twitter and like them on Facebook.

We’re very excited to announce that Cocoon is now available on Apple’s iPad and  iPhone devices! Now you can enjoy the same level of privacy and protection that Cocoon has brought to your computer, while on the go! With smartphone malware, public wi-fi sniffing, and mobile identity theft on the rise, it’s essential that Cocoon users are able to browse securely from any location.

Why it’s Important

A recent survey by Javelin found that 7 percent of U.S. adult smartphone owners have been victim of identity fraud. Furthermore, it is said that as much 24 percent of mobile devices reported malware infections in 2011 (PC Advisor). Mobile malware, like its desktop counterpart, has been known to send malicious text messages, location, or even log keystrokes. The Cocoon app will help protect users from a growing mobile concern: the drive-by malware download.

Perhaps the most alarming issue posing a threat to those browsing from a mobile device is the man-in-the-middle attack. This type of attack is carried out on public wi-fi networks, where users generally browse the Internet over an insecure network with a roomful of strangers. Any one of those strangers could potentially intercept sensitive data and information through what is called a man-in-the-middle attack. In addition to intercepting bank login info, email messages, or credit card details, the attacker may hijack your online accounts; giving them access to all of your personal information.

This is why Cocoon has brought it’s encrypted browsing technology to the mobile platform. With the amount of mobile browsing increasing at the rate it is, it’s becoming very important that we protect ourselves wherever we go.

Fun Tip

Did you know that the Cocoon app will allow you to create disposable email addresses on the go? Just think, you’re signing up for something online, but you really don’t want to be barraged by all that spam mail. When prompted to enter an email address on your iPad or iPhone, simply tap the email field a second time and the “Mailslot” option appears. Hit the button and voila, Cocoon has presented you with a disposable, fully anonymous email address just for that website. Now all the mail that site sends you will be delivered to its own Mailslot box available on all of your Cocoon apps, wherever you go!