ILTA Webinar: Mobile, Secure NetDocuments Workflows: NetDocuments® DMS + LINK Encrypted App

Do you use NetDocuments® DMS today or are you evaluating NetDocuments? If you are looking for an encrypted container app approach for mobile NetDocuments DMS, our LINK app may provide that extra client-side security that you are looking for.

Date and time: Monday, February 11, 2019, Noon EST

Watch a recording of the demo here

Continue reading

What Can You Do With the LINK App?

If a picture is worth a thousand words then a video is worth a few thousand?

Our LINK app is so visual that we like to SHOW what it does. This video shows how LINK enables workflows for lawyers, especially document comparison and annotation.

What Can You Do With the LINK App? 2:22 from LINK App by Mobile Helix on Vimeo.

Our CEO in CSO: Ripped from the headlines – are your messages secure in these encrypted apps?

In the investigations of Paul Manafort and Michael Cohen, the FBI has retrieved messages from Signal, Telegram and WhatsApp. While there are weaknesses inherent in all of these apps, the question remains: What does a good data protection scheme look like?

 

A few days ago, the FBI revealed that Michael Cohen’s messages sent with Signal and WhatsApp are now available as evidence in the on-going investigation into his various dealings. While thousands of emails and documents have already been recovered from Cohen’s devices, home, hotel room, and office, the recovery of data from messaging apps that promise end-to-end encryption is surprising. One would presume that end-to-end message encryption should ensure that those messages are unrecoverable without assistance from Mr. Cohen. However, clearly that is not the case.

Continue reading

Secure Email is Cracked; What Now?

cracked pixabay rotated broken-glass-2208593__480

By Seth Hallem, Moble Helix CEO, Co-founder, & Chief Architect

Secure email using S/MIME and OpenPGP is fundamentally broken. Our CEO explains the EFAIL vulnerability and why our LINK Email is not susceptible to EFAIL. What do we do next to protect email? 

On Sunday night, a team of researchers from Germany and Belgium dropped a major bomb on the world of encrypted email by describing a simple, widely applicable, and wildly effective technique for coercing email clients to release encrypted email contents through “Exfiltration channels.”[1] The concept is simple – by using a combination of known manipulation techniques against the encryption algorithms specified in the S/MIME and OpenPGP standards and lax security choices in a wide variety of email clients, the research team was able to intercept and manipulate encrypted emails such that large blocks of the encrypted text are revealed to a malicious server.

What is most brilliant (and most dangerous) about this attack, is that the attack does not require decrypting the email messages or stealing encryption keys. Hence, the attack can be deployed as a man-in-the-middle attack on the infrastructure of the internet itself, rather than requiring that a specific email server or email client is compromised.

The essential idea behind this attack is simple – HTML emails expose a variety of reasons to query remote servers to load parts of those emails. The simplest (and most common) example of this concept is displaying embedded images. Many marketing emails use tiny embedded images to monitor who has opened an email. This technique is so pervasive that many of us have become desensitized to clicking the “Allow images from this sender” prompt in Outlook. It is common practice for marketing emails to contain embedded images with essential content, which encourages users to allow the client to load all images in that message. However, doing so loads both visible images and tiny, single pixel images that marketing tools use to uniquely determine that we have opened the email message in question.

Continue reading

Hacking is a booming business, and it’s time for a disruption – CSO Online

By Mobile Helix CEO and Co-founder, Seth Hallem

Hackers are siphoning billions from the global economy each year by stealing data for profit. However, in spite of this rising threat, enterprises continue to make the same mistakes over and over again. It is time to change our assumptions and to re-think how we protect sensitive data.

Hacking is a booming business. Business has been good for several years now. Data breaches are at all-time highs. Cyber-attacks are skyrocketing, and ransomware is a growing fad. And the best news of all is that the same old tricks (see XSS, SQL Injection, SPAM ….) are still working just as well as they always have. How is it possible that a business that was estimated to cost the global economy $450 billion dollars is continuing to grow? That is a lot of money diverted to criminals in lieu of legitimate participants in our global economy.

Continue reading

What CISOs must learn from Bitcoin and a research team at Georgia Tech

By Seth Hallem, originally published in HelpNetSecurity, Sept. 16, 2013

It has been an eventful time in the mobile world with two recent breaking stories revealing vulnerabilities in the security infrastructure for Android and iOS respectively. While vastly different in their nature, both point to a fundamental lesson that CISOs in an increasingly mobile world cannot ignore – when it comes to encryption, read the fine print. Otherwise you may find yourself up the proverbial creek without a paddle (i.e., remediation strategy).

Continue reading

Passing Through U.S. Customs and Border Patrol with Your Smartphone? LINK App to the Rescue!

Peripatetic lawyers, take note from Friday, 1/5/2018, in the Washington Post:

“U.S. customs agents conducted 60 percent more searches of travelers’ cellphones, laptops and other electronic devices during the government’s 2017 fiscal year, according to statistics released Friday by U.S. Customs and Border Protection (CBP).

The agency said it searched 30,200 devices but the inspections affected only 0.007 percent of the 397 million travelers — including American citizens as well as foreign visitors — who arrived from abroad during the 12-month period that ended Sept 30.”1

Continue reading