The Adobe Flash plugin as long been the standard for internet video and interactive games. Many sites have used it to distribute video while maintaining some semblance of protection for content. Flash has enabled websites developers to produce beautiful and interactive websites, but that great power is also the problem. Flash can also be used to serve up malware due to its many exploits. Despite Adobe’s constant patching – sometimes weekly – the number of vulnerabilities keeps climbing. HTML5 is the new web standard being used to incorporate video content delivery instead of Flash. Since it is an industry standard instead of a proprietary system, security is placed on the browser and not on plugins.
CVE Details sums up the Flash Player Vulnerabilities:
2015 was a big year for vulnerabilities in Flash. We’re less than three months into 2016 and this year looks like it could be another big year too. If you look at the second graph the tallest line is the Execute Code type. That means that the vulnerability allowed remote code to be run on the victim’s computer. Not all of those were actually actively exploited, but the fact that there have been so many ways to exploit Flash is frightening.
It’s Time to Remove Flash
The consensus among most IT professionals now is that if you haven’t already, it’s time to remove Flash player from your computer. There are several different versions of the Flash player and they all should be removed or disabled. Google Chrome and Microsoft Edge browsers have Flash built into them and so it can’t be removed, but it can be disabled or used selectively. Check out the screenshot tutorial videos below to learn how to uninstall Flash on your computers:
Go to the control panel and then uninstall programs. In the list look for Adobe Flash and uninstall it. That will remove it from all but Chrome and Edge if you are using Windows 10. Also look for
Disable in Edge:
Disable in Chrome
I missed one step in the video. When you first enter the settings screen you have to hit the “show advanced settings” at the bottom.
I personally leave Flash enabled in Chrome but use the “Let me choose when to run plugin content” that allows me to use when needed. By using the Chrome version of Flash I keep Flash as current as possible because it’s automatically updated with Chrome.
On a Mac:
Adobe has a uninstaller that will remove Flash. https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html
If you are using Linux, then I will assume that you know how to remove Flash already. Different distros will handle this differently.
Contact me if you have questions or need assistance: Kent Warden, 913-593-8074.
Most malware doesn’t attack from the back door. Instead it comes right in the front door and creates back doors you don’t even know about. I received three emails today and one a few days later before I finished this blog post, that I am going to share because emails laced with malware is the primary method of gaining access to your computer. Two of the emails are virtually the same email just from a different person. Making mail appear on the surface to have come from someone else is not difficult.
- It comes from someone I don’t know.
- There is no salutation or greeting.
- This one says I filled out my taxes with FreeTaxUSA. I have never heard of them and I certainly didn’t send them any tax info.
- The items listed say Louisiana State Tax Return. I don’t live in Louisiana and certainly wouldn’t be filing a return there.
- The checking account listed is not mine.
- Finally the clincher for this one is the attached file in zip format.
Zip files are common around the internet as they are a container file with other files contained within. The problem with zip files from unknown sources is that they can be used to transport malware past email filters. Most email systems won’t allow you to send an .exe file (executable windows file). So by placing an .exe or other file that can contains malicious code in the zip file they are bypassing some email filtering. If you don’t know who sent the file, don’t open the zip file! The other thing this email is trying to do is get me concerned that I have been charged for something I didn’t order. Obviously I wouldn’t have ordered a tax return from Louisiana; in fact my taxes were done some time ago. The email looks like I am being charged for something, so naturally curiosity will want to see what it is. If you receive an email similar to this, you must fight the urge to look and just delete it. If you just can’t stand it contact your bank or credit card company and check your statement for any suspicious charges.
The next two emails are similar:
Flags to look for in these two emails:
- Someone I don’t know
- No salutation (This in and of itself wouldn’t necessarily be a flag, but taken with the others I would expect to see my name here.)
- They are vaguely requesting information, then referring to the attached document. These emails are usually sent to thousands of people and the goal is to pique curiosity so you will open the attachment.
- The attachment is a Microsoft word .doc file – yet another route to infiltrate malware into a computer. Microsoft Word is a very powerful program that is capable of scripting. Because of the scripting and other vulnerabilities in Word you shouldn’t open a .doc file from anyone you don’t know. Make sure all your software updates are done promptly to limit the possibility of infection, but understand there are constantly new vulnerabilities that are found – so again, just delete the email without opening any attachments!
The interesting thing about the last two emails is that I looked up the companies and they appear to be legit businesses. So either someone just copied their information for the email or their computers have been compromised.
One final email that is more obvious:
This one is typical of emails generally caught by spam filters. It appears to be written by someone for whom English is not their primary language. It’s vague and leaves a lot of questions. I also like that the email is from Country court, not County court. I am not sure if that’s a federal court or the Supreme Court. 🙂 Again this email has the attached zip file that you should avoid. The email is just supposed to entice you to try to open the attached documents, and that’s when you could get a virus or other malware launched on your system.
If you have had and used an email address for some time, you likely will receive mail like this. Various entities around the internet collect email addresses and then sell the lists. These emails are probably sent to thousands if not millions of addresses. It’s an odds game. If they send out 10,000 emails and they can get 1% of people curious enough to click on the link or zip file, then they have nabbed 100 people or computers. If they do this every day, all year – that’s 36,500 people or computers that they can do whatever they want since the person opened the document and let the bad guys in. There are enough back doors in computer systems to guard against without letting someone walk through the front door.
If you have accidentally opened an attachment that has caused a virus, please contact me for clean-up services.
Do You Believe This Myth?
There’s a common myth many people believe about WiFi. That myth is that WiFi is a separate network from that of hardwired devices. There’s a common misunderstanding that a phone using WiFi can’t access a hardwired computer or printer. While there are some environments where this may be the case, the majority of the time this is NOT true for most homes and small businesses. The fact is WiFi is just an extension of the same network that hardwired devices are on. Devices on WiFi can see and interact with hardwired devices and vise versa.
You will see how important this is to security when I tell you about my experience over the weekend. We were visiting family in another town, and in two different locations I was able to access the local WiFi of these small organizations because it was open and not secured. Being curious, I scanned to see what devices were on the network, and attempted to gain access to the router. In both cases I was able to use default login credentials and accessed the router. If I had nefarious reasons to gain access, I could have done any number of things to the network. I could have changed the default password thereby locking anyone else out of the router. Then I could have changed any number of other settings that could have wreaked havoc to others on the network or simply locked them out. I had no such intentions and brought this to the attention of my local hosts. In both cases these were older routers with default login credentials. Despite the fact most newer routers come with preset random WiFi passwords they seldom have random passwords for the router login. However, some of the newer cable modem/router combinations I have encountered use a serial number or a code printed on the router itself to access the router. This would have stopped me from gaining access as I didn’t have physical access to the router in either case. The other thing that would have stopped me would have been to lock down the WiFi itself and not allow me on in the first place. For more on WiFi security
Most newer routers provide for guest access, and this can be left open or encrypted with a simple password. I always suggest some kind of password. Otherwise anyone can connect and use your connection for anything. A guest area allows for access to the internet but not to the router settings or any other devices on your network. This is the best way, other than a separate router, to provide guest access. Guests should never be allowed on your private network. The WiFi password should be at least 8 characters and complex, as it is the only thing keeping people out of your network. See my post about passwords
If you have a small business in the Johnson County, Kansas area and would like assistance checking your network for problems please contact me @ 913 – 893 – 1123
I work with a wide variety of people, from home users to various sizes of small businesses. A common issue I see is poor password security. Passwords have been used since some of the earliest computer systems in order to keep people out of areas they shouldn’t be in. They are in essence a padlock on your stuff. The problem is a lot of people use a master key for all their padlocks and their padlocks are about as strong as a little luggage padlock. Perhaps you are also guilty of re-using variations on the same password like your dog’s name, the town you were born in, or even your phone number. The problem with these passwords is that they are fairly easy to guess for a hacker.
Don’t think it’s a big deal? Check this out: as a small business owner or even an employee at a business, you probably have an email address @businessname.com so any mail from you is official business communication. If someone could guess your password, they could access your address list, your sent mail, and all your mail in your inbox. Is there any information in those emails you wouldn’t want getting out? Like profit margin information, price list info, buyout or merger info? There could be a lot of damaging information stored in your email. Now suppose the person who guessed your password decided to send mail to your customers as you because they can do that now. What if they sent out an offensive email to your entire address book? While they’re at it, they go ahead and change your password so you can’t get into your own mail. Depending on how your mail is set up, an admin might be able to reset the password for you but it may take awhile and you may have to do a lot of damage control before you can get the hacker out. They could access your Facebook page and reset the password because they have access to your mail. How many other online sites would they now have the ability to access and change passwords because they have access to your email and can hit that “send me a new password button” on sites? With several of your sites in hand what kind of havoc could a hacker cause and how much trouble could they cause? How much work will it take to recover from the hack and do you have the time?
One of the worst places I see poor passwords used is on a registrar like GoDaddy.com. If you have a domain for your business, then you have it registered somewhere. If your password isn’t extremely secure, a hacker could gain access to your domain, take over your website, your email and anything about your domain. They can redirect your traffic to other sites or just stay quiet and glean as much from your information as they can. It all depends on the intents of the hacker as to how much damage they can do.
I completely understand why people want to use the same password and make it simple to remember. The problem with this is that hackers have automated tools that can run through dictionary searches against your passwords. This is basically trying every word in the dictionary, then trying words with 1 or 01 or 02 and so on at the end, or capitalizing the first letter. All of this can be done on a pretty simple computer in minutes. This is why a good password 1. doesn’t contain any words, 2. has upper and lower case letters, with the first letter not being the only one capitalized, and 3. has numbers and symbols interjected. Something like this: vU5ZQ85u7E is a good, strong password and would survive any dictionary attempts.
Just changing your passwords to make them strong won’t fully solve the problem if you use a spread sheet to keep track of them or they are on sticky notes on the side of your computer. Case in point: the recent Sony hack was made much worse because a spread sheet with a number of online account information was found sitting on a server. This allowed the hackers to go even further with ease. Most of us humans can’t remember passwords like vU5ZQ85u7E unless we use it a lot. So what’s the solution? Use a password manager. A password manager uses encryption to securely store all your passwords under the lock of one good password. So you use one good password to open your password vault and then pull passwords for other sites as needed. There are a number of products out there. Some encrypt your data then upload them to cloud storage making them available to any of your devices. Others are for use on a single computer and don’t leave that machine unless you backup the vault. I have used LastPass which is an online service and also KeyPass that is a local only program. There are other options and I may do a review at a later date, but if you have your business locked down with a luggage lock, I highly recommend that you fix it soon!
“Why Would Small Businesses Be a Target for Malware?”
Malware threats are everywhere. Working with various small businesses a statement I hear too frequently is “We don’t have anything anyone would want” or “I don’t care if we get hacked.” Both of these make me cringe. What they mean is “I don’t think anyone would want our stuff.” You hear about big businesses being hacked and may think they are the only ones who have a lot of information that they don’t want out in the public. In reality, most small businesses have computer data that should be guarded – even if it’s just client lists, or company financials. Imagine what would happen if that information was spread around the internet or if your financial data was emailed to your client list. As a small business owner, you may be using your computer for more than just business. Do you have family photos on your computer? Would you want all of them spread around the internet? Would you mind losing them all? Do you store passwords on your computer in text files, word files, spreadsheets, or just in the browser? If someone could gain access to your Facebook or Twitter account, could they get any of your friends to click on a link that supposedly you sent out? What if your computer were being used for illegal activity and you didn’t even know it? Chances are you can relate to one or more of the questions I have asked, and chances are you would prefer not to be hacked and not to have your information spread around the internet. The intent of most malware is to steal information or gain access to computer resources.
The Scrap Value of a Hacked Computer
Below is a list of tasks a “Hacked Computer” can be used for. This information was pulled from this article: http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/ Brian Kreb’s site is a gold mine of security information.
- Your computer could be turned into a Web Server for the following activities.
- Phishing Site
- Malware download site
- Warez / Piracy server
- Child Porn server
- Spam Site
- Your computer could be turned into an Email Server for sending out the following mail.
- Stranded abroad scams
- Harvesting email contacts
- Harvesting email accounts
- Access to corporate email
- Your computer could be used to sell Virtual Goods.
- Online gaming characters
- Online gaming goods/currency
- PC game license keys
- OS license keys
- Access to your computer and your credentials for Reputation Hacking.
- Linked In
- Google +
- Your computer could be used for Bot Activity.
- Spam zombie
- DDos extortion
- Click fraud
- Anonymization proxy
- CAPTCHA solving
- Your Account Credentials could be stolen and used for:
- eBay / Paypal fake auctions
- Online Gaming
- Web Site and FTP access
- Client Side Encryption keys
- Your Financial Credentials could be stolen giving access to:
- Bank account data
- Credit card data
- Stock trading data
- Mutual funds / 401K accounts
- Your computer or data can be held Hostage with the following attacks:
- Fake antivirus
- Ransom ware
- Email account ransom
- Webcam image extortion
How to Protect Your Information
1. Strong Passwords. With so many ways a computer can be utilized for dark reasons it’s important to be vigilant with your security. The reason to use different credentials on every site you visit is if one account is compromised it’s easier to contain the breach. If you have used the same password or a slight variation thereof on many sites, then you could have multiple accounts compromised and you may never get the genie back in the bottle. If you only access a few sites, you might be able to remember a few good passwords but if you have hundreds like I do, then you should be using a password manager. I will do another article on password managers later. Password Managers come in different flavors but they usually will have a master password that gives access to your vault of other passwords so that you only need to remember the one strong password.
2. Be vigilant. Passwords alone will not prevent all malware. You must be vigilant any time you are online. If your computer is on a broadband connection, and most are these days, you need to take precautions. You should have a properly set up router with firewall and secure WiFi. Your computer should have a firewall in place. You should always keep your software patched and updated. You should not have any software you don’t need on your computer. For example, if you loaded java for a job or something and you no longer use it, you should uninstall it when done. You should think about your exposure when uploading files to cloud services. You should have strong passwords protecting any online account where you store data. Think about the pictures you upload from your phone to a cloud somewhere. How safe are they? Do you have passwords stored on your phone or tablet? If those were stolen, what could someone gain access to? Email is one of the simplest ways to get a user to give access to their computer. Phishing emails tempt people to open an attachment that may look benign when in fact it’s malicious code waiting for access to your computer. Resist the urge to see that picture someone has of you. Resist the urge to reply to that guy in Nigeria just needing an account to transfer 6 million dollars to. Resist the urge to look at tracking information for a package you didn’t order. Some of them are very clever but they all have the goal of gaining access to your computer and your information.
If you need help securing data, I can help. With an analysis of your network infrastructure and verifying that credentials are not factory defaults. I provide guidance setting up backup solutions and data protection. I can assist in selecting a password manager and helping you use it correctly. If you have security questions I can help. Call 913-893-1123 and ask for Kent.
What is Malware and How do I Avoid It?
Malware: (short for malicious software) is an all encompassing word for undesirable software used to disrupt computer operation, gather sensitive information, or gain illegal access to computer systems. Malware includes computer viruses, ransomware, trojan horses, adware, and other malicious programs.
Computer Virus: The key to a virus is that it attempts to replicate itself. It is a form of malware that “infects” a host computer with any number payloads. The activities vary from harmless political statements to destructive commands that can wipe out data.
Trojan: A Trojan is a non-self replicating program that may do similar things to a virus. The name Trojan is a reference to a wooden horse used to trick the army of Troy. A Trojan typically requires the user to start the program. This is done by appearing to be something it’s not and then when the program is run, its malicious functions begin.
Ransomware: A form of malware, usually a Trojan that in some form blocks access to files on a computer. Demands are given to send money for the key to unlock the computer or files.
Adware: A form of malware that seeks to display advertisements to the user and or gather search history on the user. The simplest adware may just change the default search page in browsers. Typically browser windows will pop up or program windows pop up after you search for something. Add-on browser tool bars often fall into this category.
Being vigilant regarding Malware is the only protection. The route taken to infect a system is often called an attack vector. There are many attack vectors and new ones are being found every day. We all are familiar with software updates. Most of them are not to bring new functionality but to patch vulnerabilities that have been found within the code. When vulnerabilities are found in software they are usually kept quiet until an update can be issued to fix the vulnerability. This is why it’s so important to keep up with software updates. If your computer or device is always connected to the internet, it should be updated ASAP. Computers that are not updated are vulnerable and someone with malicious intent can go phishing with emails or a hacked website to try to catch anyone with a vulnerability. Emails promising free money or pictures of celebrities or warning that you might get an IRS audit all garner a few clicks and if the person who clicks has not updated their software, then they can become infected. With so many pieces of software operating in relative harmony on any given computer there are many opportunities for security holes. This is where anti virus and malware protection programs come in. Having these programs running will act as a shield if the user does encounter a virus or malware. The problem with these is that a threat has to be documented and added to the definition list then sent to the computer running the protection program. Some threats are unknown or it can take a while to get the definition updated so there are always times when a system is vulnerable. For the best protection against malware:
- Do not open emails that promise free money or anything else that sounds too good to be true.
- Do not open zip attachments from anyone unless you verify that they sent you a file.
- Beware of screen saver files either in emails or from less than stellar web sites.
- Be very cautious of any program you download from the internet.
- Keep your browsers updated (Chrome, Firefox, Safari, Opera, IE).
- If you have Java on your computer, be sure to keep it updated.
- Adobe Reader, Flash, and Shockwave should always be kept up to date.
- Email clients should be updated if they are not part of the operating system updates.
- When installing updates or any software be sure to read through the installation screens. Even many good software titles will try to load additional software during an install. Java, and all the free Adobe products try to bring along some other title when you install or update them.
- Using an AdBlock program in your browser can also help block some of the phishing advertisements.
Coming soon more information on why you should be concerned with malware, and why would someone want your information.
A Few Simple ways To Personalize Firefox Settings
Personalized Firefox Settings Begin Here
As always if you need more help or you have tool bars and or software taking over your browser experience 12 Stones Tech can help get you back to normal. For help call 913-893-1123
What is a Zero Day Exploit?
Simply put a zero day exploit is a software vulnerability that is found by hackers before the software creator. They can be the worst kind of security hole as they can be exploited until the software creator is made aware and can fix the problem.
Two On The Same Day
This morning I have run across two articles about zero day exploits and the patches that are available. The first is a security flaw in Microsoft Internet Explorer. There is temporary fix for this available from Microsoft until they can get a permanent patch distributed. When available the patch will be pushed out through the normal update channels for Microsoft software.
The second zero day exploit and fix I ran across is Adobe Flash. They have a technical bulletin out describing which versions are vulnerable and which are not. This is the Detail from that bulletin:
Adobe has released security updates for Adobe Flash Player 184.108.40.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 220.127.116.116 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions:
Update Your Software
I work with many people on their computers. One of the comments that I cringe at is “That update window keeps popping up and I just close it.” Most legitimate software vendors out there provide a mechanism to update the software they create. The reason they do is not only for improvements but also to patch vulnerabilities. When a software program you have pops up and says there is a update would you like to install it you should do so. Software producers are not doing this to pester you, they don’t want to be responsible for a breach of your computer.
Why are there so many updates
Most software we use is very complex as are the computers and operating systems we use. Our computers unlike 20 years ago that occasionally got online are on all the time. Surfing the web is commonplace and because of that attacks are primarily going to come from the web. Software creators try to create a good usable and secure program that you can use for some purpose. There are people out there that are constantly looking for holes in software to gain access to computers. You may be one who says I don’t have anything on my computer of any importance so if someone gained access it would be no big deal. You may not have anything to steal but with the right exploit a hacker could commandeer your computer for their own purposes. They could use it for sending out spam, which will end up getting you in trouble with your
and probably blacklisted so you can’t send out your own email. They could use it to host websites of all sorts including for illegal activities. Which will of course get your into trouble with law enforcement at some level. They could just use it as a bot in a bonnet for attacking other computers. There are many reasons and none of them do you want to be a part of.
So the more software titles you use the more you will need to keep updated. Some occur automatically others require you to do some action. Take a few minutes and get them done. As always if you need help with any of these issues I am available to assist.
Remember the days when chat rooms were new and cool? Reminds me of the movie “You’ve Got Mail” when Meg Ryan and Tom Hanks were so anxiously waiting for messages from each other via email. And then one day…Tom pops in an instant message to Meg and freaks her out. They actually chatted in real time online!
Now there are many different apps and services to instant message, and even voice and video conferencing. Here’s my overview of some of the most popular services as well as a special category of app for couples only.
Ironically, the simple text messaging system has now become limiting compared to what can be done with other apps and services – most of them are free. Sharing pictures, video and or video conferencing is probably the biggest reason to use these apps. The drawback to these messaging programs is that they require specific devices and or software to work. All require some type of account other than simply a phone number, so you may be able to interact with some of your friends, but not others.
How do you decide which app is right for you?
I have compiled a table of some of the most popular apps, what they can operate on, basic functionality and a note on security. Of these in the list I have personally used: Skype, Google Hangouts, Yahoo Messenger, HipChat and Avocado. For those with iOS devices the Facetime and iMessage are very good apps. The drawback, of course, is you can’t talk to anyone that doesn’t also have an iOS device.
From my own experience, Skype works very well – even better at times than Google Hangouts. The drawback to Skype is you have to pay in order to do group conference calls. Google Hangouts handles up to 10 people at a time for free. I have used both of these but lean toward Google Hangouts simply for the ease of use.
In the past I used Yahoo Messenger, even video conferencing with my family while I was traveling in Europe many years ago. It was a life saver to be able to communicate for free when phone calls would have been extremely expensive. Over the years I just quit using it and now after digging into the security I am glad I quit.
Facebook Messenger is really nothing more than an app to keep Facebook in on your conversations. It will work as a SMS replacement program and also ties into the messages that can be posted through the web interface on Facebook. I don’t see that it really brings much to the table unless you use Facebook to do most of your communication. If you do, I would suggest that you quit – unless you like the idea of Facebook knowing what’s in all your messages and keeping all your messages indefinitely. (See this article for more info.)
HipChat is a program that I currently use and it works very well for keeping records of chats for business purposes. If you have a group where you frequently discuss projects and so on, this is a method of recording that conversation along with all files and links that are shared. For a project or business, it has been a good tool and its free for groups of five or less.
Awhile back I was thinking it would be nice to have an app for couples, something to foster better communication with my wife, and give us a place to freely share things. It wasn’t long until I ran across Avocado. It doesn’t do everything that I had in mind, but it’s been fun to have a private area just for us to chat. We can just be ourselves, and since Avocado has a distinct notification, I know when I have a message just from her. Couple looks interesting and is probably just as secure as Avocado. It’s on my list of things to try. The Between app, based out of Korea, doesn’t have a very good description of its features. Details on security were sketchy and didn’t give me a lot of confidence in this app. Just based on what I have seen, I wouldn’t use it myself.
If you have questions or comments please feel free to leave them and I’ll do my best to answer any you may have.
|Facetime / iMessage||No||Yes||Yes||No||No||Facetime does video iMessage does messaging||End to End encryption iMessage to non iOS devices may not be encrypted|
|Skype||Yes||Yes||Yes||Yes||Yes||Voice, Chat, Video Conference||End to End encryption|
|Google Hangout||Yes||Yes||Yes||Yes||Yes||Voice, Chat, Video Conference *SMS *MMS||All Content is encrypted, but does transition through Google servers. Voice/Video is not stored but text chats are stored and available through gmail account.|
|Yahoo Messenger||Yes||Yes||Yes||Yes||Yes||Voice **Video Chat SMS||Passwords are encrypted when sent but other communication is open.|
|Facebook Messenger||Yes||Yes||Yes||Yes||Yes||Chat, SMS||It appears that most communication is encrypted but it’s also stored indefinitely on Facebook servers.|
|No||No||Yes||Yes||No||Chat, Images, Video and audio messages||Data is encrypted although possibly not with the highest security. Data is stored for a maximum of 30 days or less dependent on messages being picked up.|
|HipChat||Yes||Yes||Yes||Yes||Yes||Group / room based chat. Targeted to business for storing chats. File sharing||All communication is encrypted. Data stored on servers is not encrypted and can be viewed|
|HeyTell||No||No||Yes||Yes||No||Push to Talk||Data transmission is encrypted, messages are stored on Voxilate servers until the messages are retrieved then they are purged. They don’t recommend transmitting any confidential data through their service.|
|Avocado||No||No||Yes||Yes||Yes||Chat, share photos, videos, lists, calendars. Two people are liked upon account creation.||All chat text and personal data is encrypted for transmittal and storage. Media is stored in raw format separately from other data using a generated URL equivalent to an extremely long password.|
|Couple||No||No||Yes||Yes||No||Chat, share photos, calendar, lists, sketch, thumb kisses, Video calls on iOS||Data transmission is encrypted. Details on storage security is not given they say for security reasons.|
|Between||No||No||Yes||Yes||No||Chat, photos, calendar||Data transmission is encrypted, No information is given on how data is stored.|
* Google Hangout SMS is very new (Nov 2013) MMS is supposed to be added in the near future
** Yahoo Messenger Video chats are only available with the desktop app on Windows or Mac.
Texting has become the go to method of communication for a lot of people. SMS stands for Short Message Service and development on the standards began in the early 1980’s. For more about this, see Wikipedia. The first text message ever sent was in 1992 from a computer to a handset and read “Merry Christmas.”
Most systems handle SMS’s in a “store and forward” methodology. This means that the message is stored and attempts are made to send the message. If the message doesn’t go through, it is queued for later delivery. Some systems use a “forward and forget” method that once the delivery is attempted, the message is forgotten. There is no guarantee that a message will go through; in fact, studies show that between 1% and 5% of messages never get delivered. Others are delivered long afterwards. Most of us have experienced a message we sent and the receiver never got – or they got it a day or two later. When sending a message that just has to get there, a follow-up may be a good idea to be sure it arrived.
Why the curious 160 character limit? SMS’s are sent via an informational protocol that is used to determine signal strength. This protocol is limited to 140 octets or 1120 bits. If a 7-bit character set is used then the limit is 160 characters, and if an 8-bit set is used then the limit is 140 characters. Longer messages either use multiple messages to send or change the method of the send to a MMS or multimedia message that uses an entirely different send method.
How Secure is texting? The communication between your phone and your network provider is secured but it is also traveling through the air via radio waves and can be intercepted. Gaining access to your data stream is probably not something your average hacker is going to do but at some level the capacity to intercept and decrypt your calls and texts from the radio signal is there. Text messages are not encrypted while on the servers of the network provider and they can be accessed as long as they are stored. According to a document from the Justice Department, the content of text messages are only stored for the time it takes to deliver them. On average that is 3-5 days for Verizon and zero days for T-Mobile, AT&T and Sprint. Text message details or meta data on the other hand is stored for much longer periods of time, Verizon 1 year, T-Mobile 2-5 years, AT&T 5-7 Years and Sprint 1.5-2 years. This data is the who, when, and where but not the what.
With the revelation of snooping by the NSA, there is a lot of clamoring for methods of securing communication. A company named Wickr has developed apps for both iOs and Android that allow for encrypted texting. If you need a secure method of texting you might want to check out their product.