In this week’s episode of Ask Floh, we learn why most email encryption tools won’t play nice with mobile and what you and your company can do about it. Takeaways: A lot of email encryption tools are old or were built for very specific use cases Because of the way mobile operating systems work, these tools don’t work well on mobile Infrastructure: bridging between different email platforms is hard to do in a secure way For technical reasons, it’s difficult for email encryption tools to work across multiple devices What to do?
The lack of design identity and representation in end-to-end encryption The most exciting part about working for a startup company with a niche service product is that I often have to build my own tools in order to do my work. And tools, either digital or IRL (in real life), have always fascinated me. For an app that functions in a completely end-to-end encrypted (E2EE) environment, the time came at Peerio when we needed to put a (tiny) face on this most important feature.
In this week’s episode of Ask Floh, we learn about security fatigue and what to do when you’ve been stricken by this affliction. 3 takeaways: Security fatigue happens when you consume too much info about security and lose all hope What to do? Evaluate what your actual security risks and threat levels are Focus what it is that you’re trying to protect, don’t get overwhelmed by every possible threat A study from the National Institute of Standards and Technology (NIST) found that security fatigue can lead to people taking cybersecurity risks at work and in their personal lives.
Ever try finding one file in the torrent of work files shared in chat? Unless you’re some kind of Search Samurai, it can be a nightmare. If you’re like most people, you’ll end up wasting half the day digging through your old chats. What was that file called again? Which channel was that convo in? That’s why (unlike other team messaging apps) Peerio lets you store and organize all your files in folders.
In today’s episode of Ask Floh, we learn about why two-factor authentication (2FA) with SMS is still better than no 2FA at all. Key takeaways: Authenticator apps and authentication keys were designed for two factor authentication SMS might be a convenient way to do 2FA but it wasn’t designed for 2FA and security It’s not hard to compromise a phone number and gain access to someone’s SMS for 2FA Security is always about cost, 2FA is an extra step an attacker has to overcome 2FA using SMS isn’t ideal but it’s better than not using anything Peerio offers 2FA in the form of two-step verification (2SV).
Software updates can be inconvenient or annoying for a lot of people. Sometimes the process is problematic or the update itself is a step backwards. Then there are the stories of updates installing malware or breaking things. Developers who care about the people who use their software, should take an interest in making the process safer and less painful. A short history of software updates A long, long, time ago people updated software by going to their local shop, buying a box of diskettes or a disc, and launching a long installation process.
On today’s episode of Ask Floh, Floh dives into some technical territory and explains what man-in-the-middle (MiTM) attacks are and how you can protect yourself. Key takeaways: Generally, a MiTM attack means an intruder has intercepted a conversation between two parties. There are many ways a MiTM attack could happen in the network. Use HTTPS; it’s the #1 thing you can do defend against MiTM website attacks.
By far the most exciting days at Peerio are Wednesdays. We not only gather to internally test the product update that’s about to ship, but we do it playing trivia. That’s the essence of our testing approach: an accessible activity where everyone participates.The tools allowing us to do so are the Gherkin language and the Cucumber testing framework. A language for collaboration Gherkin enables us developers to communicate with designers, project managers, stakeholders, and users.
In this episode of Ask Floh, we dive into the pros and cons of using G Suite, what to watch out for, and when you may need to use a more secure product. 5 key takeaways are: Google has a world-class security team and handles a lot of different kinds of compliance. Google has a huge ecosystem that wasn’t built for privacy. They let the developers of the third party extensions access your data so there are lots of security holes and attack surface.
Worried about Facebook’s recent data breach? Wondering how it could affect you? To wrap up Cybersecurity Awareness Month, we’ve got a special Halloween spooktacular edition of Ask Floh. In this episode, we learn why the latest Facebook breach is so spooky, how it could haunt us for years to come, and a couple tips on what you can do to protect yourself. Got a question? AskFloh@peerio.com In a business context, there is a strategy you could use to mitigate your vulnerability to highly personalized phishing and business email compromise.
Too many “restrictive” security rules at work messing with your productivity? Having a bad security culture is not only harmful to workflow, it can also be bad for security itself. In this week’s Ask Floh, we take a look at what makes a security culture work well, why building a good workplace security culture is important, and three ways to make your security culture better. A good security culture means that everyone owns security and everyone understands what the security risks are.
Do you really need to change your passwords every month? Nope. This common “password security tip” has been debunked. In fact, frequent password changes can actually make things worse. In this week’s Ask Floh, we learn why you should stop changing your passwords and make stronger ones instead. We at Peerio believe in strong passwords. Our Peerio app uses computer generated passwords (account keys) because we need users to have strong passwords to generate strong cryptographic keys, and to ensure users are protected from any attempts to guess their account keys.
Has your company ever shared sensitive data on team chats like Slack? In this week’s Ask Floh, we hear about the risks and learn how to securely share sensitive data on chat. Transcript: Alright, hello. Welcome to Ask Floh. I’m here to answer all of your security questions and help you survive in the digital world. So today, there’s a question from Ajay in Toronto. And he asks:
Yesterday, a Bloomberg Businessweek article exposed a possible supply chain compromise on many cloud platforms. Attackers embedded hidden spy chips into server hardware during the manufacturing process, which allowed them complete control of the server and access to data passing through and stored on those servers. The provider of our server infrastructure denies that any of their servers were compromised in way mentioned in the Bloomberg’s article, but even if they were compromised, this should not worry Peerio users.
How did a “Nigerian Prince” trick businesses out of millions? With Business Email Compromise (BEC). This scam is on the rise, up 80% according to a recent report by Mimecast. In this episode of Ask Floh, find out how this threat works and how to protect against it. Transcript: Hello and welcome back to Ask Floh where I share some tips and tricks and answer all your burning security questions.
Need to protect yourself from cyber attackers at work or in your business? Overwhelmed? Wondering how you even get started? You’re not alone. We’re kicking off Cybersecurity Awareness Month with Ask Floh, a new video series that offers practical advice on cybersecurity and cyber hygiene in the workplace. In our premiere episode, Floh (CTO of Peerio) gives you the first step you need to take in evaluating your digital security needs and your cyber threats.
The latest WhatsApp vulnerability could let hackers impersonate you and gaslight your chat group buddies. Should you be worried? In the video below, our CTO Floh explains how the flaw works and why using end-to-end encryption is still a good thing. Transcript: Right. So WhatsApp has a gaslighting problem. Or rather, they have a vulnerability. That means that messages can be tweaked in a way that makes them seem like they’re possibly something other than what the sender intended them to be.
Within the next thirty years, there’s a 99% chance that California is hit by an earthquake so strong, it’s classified as “major”. How can 40 million Californians possibly deal with such a forecast? One possibility is to design earthquake-proof buildings. The strongest aspect of any structure designed to withstand a natural disaster of that magnitude lies it’s foundation. A properly engineered base transmits the charges of each seismic wave to the nearby land; this allows the building’s structure to adapt to the shaking earth, ensuring safety and stability even through tremors.
We use passwords to defend our banking information, medical records, and personal communications, but how much do you really know about this little string of characters you trust to protect your data? Most people’s familiarity is limited to what they are told when signing up for a new service, something like “must be at least 8-characters long”, “include a number”, and “mix upper and lowercase characters”. And why would you want to know more?
Following the publication of How To Build A Billion Dollar Password, I spent an embarrassing amount of time diving deeper down the password rabbit hole. I conducted very deep research, ended up presenting at a conference dedicated to passwords, and then motioned to remove passphrases from Peerio entirely. Here’s how that happened and why passphrases are still pretty useful. Our passphrases worked. Originally we allowed users to select their own passwords.
“I have no special talent, I am only passionately curious.” – Albert Einstein Hi, I’m Jennifer, an ex cruise ship aerialist who has major FOMO working at a tech startup. Being a non-technical n00b working in cybersecurity gives me the opportunity to discover a whole new world. As the Community Advocate for Peerio, my job is to build and maintain long-lasting relationships with our users, ensure flawless onboarding experiences, and acting as a lifeline between you and the rest of the Peerio team.
Last week, researchers from the Ruhr University Bochum released a paper revealing weaknesses in WhatsApp’s security design. Specifically, they discovered that WhatsApp’s servers have complete control over the user list in a group chat, meaning a malicious server could add members to the group. This effectively defeats the goals of end-to-end encryption, as anyone who’s able to access the servers — attackers, WhatsApp staff, or authorities able to legally prompt action from WhatsApp — could discreetly add whoever they want to an existing group.
We’re approaching the final countdown, the end of a year and a legacy. On January 8th, we will be shutting down Peerio Legacy permanently and launching into the future with Peerio 2!
In addition to being a true end-to-end encrypted collaboration and communication platform, Peerio is also an effortless secure cloud storage solution for your personal and work files. Whether you are at work or play, your data belongs only to you. Here’s why you should consider upgrading from your current storage solution provider. 1. Never Lose Your Files Keep a secure backup of your files in Peerio. Anything you upload will be encrypted on your device before being transferred, then stored, in at least three separate data centres.
In today’s globalized economy, online communication has become indispensable for businesses. But online communication platforms also bring unprecedented risks that can seriously endanger your company. Business owners bombarded with the growing number of news reports about data breaches can often feel like they need to choose between communication and security. And for a long time, those sacrifices were unavoidable. But now, with end-to-end encrypted Peerio Rooms, you can finally create a secure space for your team to collaborate and work together.
"When you send something to your friend Rabbit, your message doesn't actually go directly to him." Lots of companies say that they encrypt data, but it’s important to know just what type of encryption they use. Unless companies specify that they use end-to-end encryption, they’re most likely only encrypting data in-transit and at-rest. Here’s how messaging apps generally work. When you send something to your friend Rabbit, your message doesn’t actually go directly to him.
Last week we released a complete rewrite of Peerio — our end-to-end encrypted messaging, email, file management and team collaboration platform. Our team has been working extremely hard over the past months to bring you a better, faster, more secure application. After touting the exciting benefits of our new architecture, we have now also published a detailed whitepaper. This document contains a deep dive into the keys and permission schemes of our KegDB system.
It’s been an exciting few months for Peerio as we approach our second anniversary this summer. We’re preparing to launch mobile clients for Android and iOS, professional plans for our heavy users, and we have a slew of features in the pipeline to improve overall user experience. As our team continues to grow, we’ve been accelerating development of a collaborative end-to-end encryption tool to ensure that everyone has access to a simple and secure platform to share private messages and files in the cloud.