Wednesday, August 31, 2016

MEGA cloud storage with 50GB free quota and secured RSA-2048 encryption

Nowadays there are at least twenty over cloud storage service providers. Some of them provides free quota usage, such as the famous Dropbox (2GB), Google Drive (15GB), Microsoft OneDrive (15GB), pCloud (10GB), etc. while some other don't.

If you are looking for large amount of free storage, probably to store your precious videas, photos, disc images, etc., you should take a look at MEGA which generously provides 50GB free quota.

MEGA was founded in New Zealand by Kim DotCom in 2013, who was also the founder of the famous file-hosting website Megaupload. Megaupload was shut down by US government after being accused for copyright infringement. Anyhow, MEGA says Kim DotCom has already resigned as director since August 2013.

MEGA has on 23 August 2016 announced that they've reached a milestone of 50 million registered users with more than 20 billion files stored in their cloud service.

There is an article in Cloudwards posted in 18 September 2015 comparing MEGA with Google Drive, OneDrive, Dropbox, SugarSync and SpiderOak, and concluded with the following comparison table:

(Comparison table from Cloudwards website)

MEGA can be accessed with any one of the following medium:
  • MEGA Sync client for Windows, Mac or Linux
  • MEGA mobile app for Android, iOS, Windows Phone or Blackberry
  • MEGA web browser extension for Chrome or Firefox
Its usage experience is similar to Dropbox, Google Drive, OneDrive, etc. Its upload/download speed for free users is OK, I can get about 2 Mbps speed as shown below.

With its generous 50GB storage for free users, I find MEGA pretty attractive as a cloud storage for my videos, photos, disc images and other big files.

Note that users of Microsoft Office 365 are getting 1024GB bundled quota in OneDrive, which is much more larger than this 50GB. So, if you are genuine user of MS Office 365, you can make good use of your bundled 1TB space in OneDrive too.

HTC flagship smartphone users can also claim for 2 years usage of 100GB free additional storage in Google Drive through the pre-installed Google Drive app in the new phone. Beware that after 2 years, this 100GB additional storage quota will be revoked, unless you buy another new HTC flagship smartphone, and provided this offer is still available by then.

BC-01 multimedia bluetooth speaker with alarm clock and FM radio

I have purchased a BC-01 multimedia bluetooth speaker with alarm clock and FM radio for my kid. This made-in-China gadget is pretty cheap, with the price of around RM60 only, and its quality is not too bad.

The BC-01 has 2 colour options: white and black. It is pretty small, with surface about the size of the palm of an adult. This small footprint, together with its built-in 1,500 mAh Li-ion rechargeable battery, makes it very portable and easy to carry long, especially when travelling.

With a low power consumption of around 3W, the battery is good enough to support for many hours of continuous music playback. It can operate in clock display and alarm mode for a few days at a single charge cycle.

It has a pair of stereo speakers, which is pretty decent with sufficient loudness in volume. Do not unfairly compete it with Hi-Fi speakers, but its sound quality can really beat the speakers of most of the smartphones and tablets nowadays. However, probably due to the use of internal antenna, you'll probably be disturbed with some hissing sound when using it as a radio.

So, what can this small gadget do?

First of all, it is an alarm clock with pretty large LED time display, as you can see from its photo above.

Then, it is a Bluetooth wireless speaker for any multimedia devices that support Bluetooth pairing. It also has a built-in microphone and can act as Bluetooth hands free speaker for mobile phone, able to pick up calls and have phone conversation with it.

The phone recognizes it for phone audio (to handle phone calls) as well as media audio (to play music streaming from the phone).

It also has a micro SD slot that supports micro SD up to 32GB. You can store music files of MP3, WAV, APE or WMA format in a micro SD card, slot in the card into its slot, and use it as a music player.

It comes with a special USB cable with 2 split connectors. One of it is the USB connector used as external power source and for battery charging, another is an audio jack which you can plug into another music device, computer, handphone, etc. and use it as an external speaker for such device.

Lastly, it is also an FM radio with internal antenna. It is able to automatically search for radio stations and remember their frequency.

Despite its multiple functions and features, it only has 6 control buttons, as shown in its photo above. Therefore, it takes some time to figure out how to use it. It comes with a paper User Manual and I highly recommend you to RTFM before you start using it.

One thing I dislike about this device is that, it only uses a single button to sequentially rotate and switch among its functions as Bluetooth speaker, micro SD card multimedia player, FM radio, AUX line-in speaker, and alarm clock. So you need to keep on pressing its right button until you reach your desired function.

All in all, this is a pretty cool device for bedroom radio and alarm. It is a good candidate as Christmas or birthday present too.

Monday, August 22, 2016

GuardKey - your sensitive data protection solution for local storage, portable storage and also cloud storage (ie. Dropbox, Google Drive, OneDrive, etc.)

"A lot of people use Dropbox.

A lot of people put a lot of valuable, sensitive and personal data inside Dropbox.

A lot of people make the mistake of not encrypting their valuable, sensitive and personal data before they put it inside Dropbox.

Which all adds up to a whole heap of trouble if Dropbox suffers a data breach."

-- Quoted from Graham Cluley's article titled "The huge Dropbox password leak that wasn't".

Yes, your data in cloud storage such as Dropbox needs a second layer of protection despite being well encrypted and taken care by Dropbox.

This is because most of the time, the data in your cloud storage can be easily accessed once your password is obtained or hacked.

Worse still, most cloud services such as Dropbox provides the convenience for you to stay logon once you successfully signed in from their apps, be it from a computer or mobile device. This means that whoever obtained physical access to your computer or mobile device with an active logon session to your cloud service, can easily access to your data without even the need to know your password!

Nowadays, most cloud services like Dropbox do provide option for additional security through 2-step verification which requires second verification through SMS, USB key, etc. beside your password. However, novice users find it difficult to configure and activate, and there is limitation in the USB key method, such as, can only be used when accessing the cloud service with Google Chrome browser. In addition, this 2-step verification doesn't solve the open session loophole as described in the above paragraph.

I found a wonderful product called GuardKey which perfectly fills this gap of needs by offering data encryption and concealing solution to not only your cloud storages, but also your local storage (eg. harddisk, NAS storage, SAN storage, etc.) and portable storage (eg. USB drive, SD card, etc.).

GuardKey is a USB dongle with the following components:
  • A unique AES-256 encryption/decryption key.
  • A Windows software to be installed in your computer to perform seamless data encryption and decryption to your Safebox (an invisible folder in your storage device that everything in it will be protected by GuardKey).
  • 8 GB of free empty storage, for you to use the USB dongle as normal USB drive.
This metallic USB key has a solid and durable look and feel.

There is always a trade-off between security and convenience. The higher the security measure, the more inconvenience for the user it become, and vice-versa. The beauty of GuardKey is it provides a wide range of flexibility level to the user to determine between high security and high convenience.

If user opts for high security, the Safebox can only be opened with the USB dongle and a password. In a more convenient level, it only needs the USB dongle without the need of entering password. Plug in your GuardKey dongle, you have access to your Safebox; pull out your GuardKey dongle, your Safebox will be hidden, and even if found, all the data inside it is encrypted with AES-256 (Advanced Encryption Standard with 256 bits cryptographic key length) encryption, which is a military grade encryption method that recommended by NSA for US government to protect Top Secret grade of information.

Alternatively, you can also make it possible to unlock the Safebox without using the USB dongle, by using the GuardKey Viewer mobile app. The mobile device running GuardKey Viewer needs to be paired with the GuardKey application running in the computer before it can be used as Safebox mobile unlocker.

There are 2 levels of mobile unlock security: by using a six digit one-time-password (OTP) which changes every minute, or by using a combination of random sequence of images together with the six digit OTP.

GuardKey supports the creation and usage of Safebox in local disk (including portable storage) and also in Cloud storage.

Supported cloud storages including Dropbox, Google Drive, OneDrive, ASUS WebStorage, Box, SugarSync, and other cloud storages that sync with local disk, which the user needs to inform GuardKey about the location of the sync folder.

GuardKey supports one Safebox for each of the storage drive. The screenshot below shows I've created one Safebox for local drive D, and another for Dropbox.

The data inside these Safeboxes are encrypted and not accessible until they are unlocked by GuardKey. A virtual drive will be mounted with the Safeboxes now accessible as folders in the mounted drive. Once they are relocked, they will disappear from the virtual drive, and if all the Safeboxes are relocked, the GuardKey virtual drive will also be unmounted and disappear.

By using GuardKey, you can therefore ensure that all your AES-256 protected data in Safebox will remain be unreadable and inaccessible, even though your computer is stolen, seized or hacked. By encrypting your files and folders in cloud storage with GuardKey, you can also protect them from leaking and exposing through hacking or unauthorized access to your cloud storage account.

The same GuardKey USB dongle can be used in multiple computers to access the encrypted data in your cloud storage from different computer, so that you can access to your files from any one of the computers installed with GuardKey by using your dongle. In addition, you can also access your Safeboxes in cloud storages from within your smartphone by using the GuardKey Viewer mobile app.

GuardKey is a well thought product. In case you lost your USB dongle and you have not enabled mobile unlock option, you are still able to unlock your Safebox and rescue the data inside by using the backup AES-256 key residing in your local disk, which requires your password for its usage.

If you are concerned about this "backdoor" measure for emergency data retrieval, you can store your AES-256 key in another USB disk and lock it in a secured physical safe, then delete and wipe out the backup key in your local disk residing in data folder of GuardKey installed path.

Although the metallic GuardKey dongle is solid and looks durable, you might have the question of what if it is faulty and no longer usable. Without the key, how are you going to access to your valuable data protected by GuardKey? This situation has also been thought about, and there is a mechanism within the GuardKey software to allow you to duplicate the dongle to another USB disk.

As a conclusion, GuardKey is found to be very flexible between security and convenience, which you can adjust according to your need. In high security mode, I believe it is fit for commercial and industrial use. While in high convenience mode such as unlocking on the fly with USB dongle without the need of password, it can still protect your data, provided that your USB dongle does not fall into the hand of other people who at the same time also has your computer with them.

Tuesday, August 9, 2016

OCBC 360 Savings Account with up to 4.1% interest rate

I have opened an OCBC 360 savings account, which is statement based and without passbook.
ATM card can be applied at the cost of RM8 one time payment for convenience of account transaction using ATM machine.

This account has a fixed interest rate of 0.5% per annum. On top of that, there are 3 categories of additional interest of 1.2% per annum each to be earned for deposit amount up to RM100k.

The 3 categories are:

  • Deposit: to deposit a minimum of RM500 into the OCBC 360 account within the month.
  • Bill Payment: to perform at least 3 bill payments from OCBC 360 account using Internet banking or mobile banking within the month. This includes payment to OCBC credit card, payment to OCBC housing loan, and payment to any of the participating billing organizations available in OCBC Internet banking or mobile banking service.
  • Credit Card: to link an OCBC credit card to this 360 account, and to charge at least RM500 aggregated retail transactions to the credit card within the month. The calculated amount is excluding credit card fees and charges, balance transfer, instalment plan, cancelled transactions, etc.
Therefore, the maximum possible interest rate is 0.5% + (1.2% x 3) = 4.1%, for the first RM100k of deposit. The interest rate for additional amount above RM100k remains as 0.5% only.

This interest structure is pretty attractive and comparable to fixed deposit accounts.

OCBC 360 is an adult savings account for individual above 18 years old, and its 4.1% possible interest rate is even higher than most junior and/or teens savings account, which in turn higher than most normal savings account.

This account is insured with the Malaysian Deposit Insurance Corporation (PIDM) for deposit amount up to RM250k.

Apparently, this is a tactic for OCBC to attract working people to centralize their banking with them, which include monthly salary deposit, monthly bill payments, and credit card spending.

OCBC has been famous to give attractive offer with innovative products, such as their previous famous Titanium credit card. However, they also have the track record of making such attractive offer unattractive after a few years.

This OCBC 360 savings account was introduced somewhere in December 2015, which is considered still new. I think this attractive offer will stay around for quite some times, and if OCBC plays the trick to make it unattractive again, we can always pull out and deposit our money at other more attractive bank account.

Wednesday, August 3, 2016

The hacking of Telegram app and the vulnerability of relying on SMS as authentication method

Yesterday (2 August 2016) there was news about 15 million Iranian Telegram users mobile phone number exposed and more than dozen accounts compromised by hackers.

A chain is only as strong as its weakest link. This incident exposed that SMS, which is currently commonly used as authentication method in many online services including online banking systems, is vulnerable to security breach and could be the weakest link in the security measure.

Coincidently, Focus Malaysia Issue 191 dated 29 July 2016 has also just discussed about this vulnerability in its featured article titled "Overcoming The Two-Factor Vulnerability: When it comes to securing your web accounts, two-factor authentication using SMS is safer than just a standard password. But recent cases have shown that it might be time to move away from that."

Why is it not a good idea for online service providers to make use of SMS as security measure?

Firstly, the sending and receiving of SMS is depending on the telco service, which is totally out of control of the online service providers. Therefore, it is vulnerable to listening, hijacking, impersonating, replicating, and other kinds of security breaches along its sending and receiving process.

Secondly, technically speaking, personnel working in the telco can also easily manipulate the SMS as the control is with them. This is very likely the case as happened to Telegram users in Iran.

Thirdly, as mentioned in the article in Focus Malaysia, the code sent by SMS can be obtained using social engineering.

Fourthly, as SMS is sent to the phone, in the event the user lost his/her phone with the mobile apps of online banking, online stockbroking, etc., if the mobile apps are using SMS for authentication, whoever who got the phone can easily take control of the user's accounts, unless the SIM card in the phone is immediately barred, which then disables its SMS function.

As for the case of Telegram app, you can further secure your Telegram account by activating two-step verification, which will require your password to login beside your mobile phone number.

To activate two-step verification in Telegram app, go to Menu > Settings > Privacy and Security > Two-Step Verification and set your recovery email there. Your email can then be your last resort to safeguard your account from hijacking.

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.