PDS LOGO
Personal Data Security - PDS
Software to Fight Identity Theft and Cybercrime
Home | Get Started | Cipher License | Videos | Compare | Threats | Wiki

LET PDS HELP YOU FIGHT IDENTITY THEFT & CYBERCRIME

We believe that no single software product is able to provide all the protection that is needed to prevent cybercrime. Therefore, it is our recommendation is that a compliment of products should be used. In addition, software alone cannot protect systems; the end user of the system must also be an active participant in fighting cybercrime.

Before reading further, you are encouraged to have viewed the Home page, the introductory video, and also the comparison of PDS with other software products that create encrypted backups. It will be helpful to be familiar with: 1) exploits that involve malware, phishing, pharming, and ransomware, 2) the difference between a zero-day exploit and other exploits that have a patch or workaround available, and 3) familiarity with encryption software and data backups.


If you are not aware of the threats from cybercrime, you are more likely to become a victim.

FIGHTING IDENTITY THEFT

Fighting identity theft requires a comprehensive approach - and it's a never ending battle. Some approaches focus on observing when possible identity theft has occurred, and you pay them to alert you, and to provide insurance against harm. With PDS you use a pro-active approach, trying to prevent identity theft in the digital world by not letting the loss of one set of credentials lead to a cascade of access breaches at other accounts that have the same credentials.

This is done by going to the basics:

1. Using secure credentials. The PDS password generator solves this.
2. Not reusing secure credentials. PDS Notes solve this.

Yep, PDS keeps things simple, manageable and effective.

As another example, you know those questions, like "Who was your Math teacher in the 7th grade?" Well, make something up, put it in a PDS Note, and forget about it until you need it again (like you may have done with 7th grade math).

FIGHTING CYBERCRIME

Fighting cybercrime also requires a comprehensive approach - and it's also a never ending battle. Cybercriminals have many methods, or vectors, with which to attack a system. Imagine yourself, if you will, playing the role of the attacker. Given the choice of attempting a complex attack that requires research, significant effort and time, would you be more likely to begin with the sophisticated attack, or instead run a series of automated attacks that can be downloaded and run with just a few minutes of effort?

If you said "that depends", you are correct! Sophisticated systems are hardened against attacks, and may even deploy a fake treasure, or honeypot, to help gather information about the attacker. On the other hand, typical comsumers use well known operating systems with well known exploits, and thus are easier to attack with "off the shelf" software, and with much less risk.


Sophisticated attacks are first used against nations and business.


So, the first line of defense is keeping the operating system and applications updated to fend off the easy to defend attacks. The best way to do this is to receive notifications when updates are available. As demonstrated by the exhaustive issues and updates announced via the US CERT advisories, security alerts and patches are a never-ending cycle.

In addition to software updates, restricting network access to the system is another necessary step in fighting cybercrime. A typical system has many TCP and UDP ports that allow network traffic to travel to and from your system. These days, commodity operating systems provide packet filters, or firewalls, that can and should be used to restrict all unnecessary network traffic.

As the off the shelf attacks typically start with a scan of the system, keeping the system updated and the ports closed will signal the attacker that they should not waste their time attacking you in this manner. But the danger from cyberattacks is far from extinguished - email and websites are fraught with peril.

HOOKED BY A PHISHING ATTACK

Attackers know that usernames and passwords are frequently reused, as maintaining secure unique authentication credentials without using a password manager (which not everybody uses) is impossible. Therefore, if they are able to steal one set of credentials, they can try to use those credentials at other websites - banking, email, social media, etc. A phishing attack is one such method to steal credentials.

Here's how it works: You receive an email indicating that there has been an event and you need to use the link in the email to change your password. You read the instructions, and maybe even get confirmation - but afterward you learn that you fell victim of a phishing attack. You just gave away your credentials.


WikiLeaks - DNC emails stolen using phishing scam.


With a password manager, secure unique credentials can be tracked, and if one set of credentials is stolen, only that account may be compromised. Bad, yes, but nothing compared to having many accounts compromised.

FIGHT PHISHING - LET PDS MANAGE YOUR AUTHENTICATION CREDENTIALS

With PDS you can:
  • Manage all of your authentication credentials.
  • Ensure that each of your accounts uses unique credentials.
  • Manage any security questions and answers associated with accounts.
  • Maintain the historical record for all of the above.
  • Allow PDS to create secure, unique passwords for your accounts.
  • Avoid keyloggers by using copy and paste.
  • Clear the system clipboard after a copy/paste.
  • Know that your credentials will be secure and available for years to come.

PDS NOTES PDS provides a secure and easy-to-use solution to manage your credentials. The solution is based on Notes, which are securely encrypted text files. Shown to the right is PDS with four Notes open. The Notes are for banking, bills, social media, and a Note named "dnote."

The easiest way to use Notes is to simply create a single Note, and then enter your credentials into the Note. Then when a credential is needed, reopen the Note, copy the credential, and paste it into the "password" field. The Note is encrypted using a secure cipher, and the Key to unlock the Note is the only credential you need to remember.

One Key may be used for all your Notes, or you may assign different Keys to your Notes. Because each Key in a KeyStore has a unique name (alias), there is nothing stopping you from having a hundred Notes, each with a unique Key and password. Simply enter each Key alias and password into a Note, and all the credentials to all your Notes may be retrieved. The note "dnote" demonstrates just this scenario, where it contains credentials for the banking, bills and social media Notes.

To see if PDS could help you manage your credentials, ask yourself these questions:
  • Do you keep your credentials written down on paper?
  • Do you keep your credentials in an unencrypted file on your desktop/laptop?
  • Do you reuse credentials among important accounts?
  • Have you ever needed a set of credentials after leaving your laptop behind?
  • Would you use a random password generator if you could securely copy/paste credentials?
If you answered yes to any of these questions, PDS can help!!


"Disk" encryption does not guard against malware (malicious software).

MALWARE ATTACKS

Remember the tale of the Trojan horse, and how the unsuspecting men of Troy brought the "gift" inside?

The computing version of the Trojan horse is a malicious computer program that has been, and continues to be, an all to common way to successfully attack systems. It can slip by the hardened systems and closed down network ports because it is the end user that brings it in, wittingly or not.

Software solutions that encrypt your disk, volume or file system are usually very helpful if your computer is stolen. However, this type of protection does not prevent malware from stealing, deleting or even modifying files. One form of modifying files is encrypting them, and then demanding a ransom to obtain the unique key to decrypt the files. This new form of malware is called ransomware.


EUROPOL - Ransomware Has Become The Most Prominent Malware Threat.

RANSOMWARE

Ransomware is a form of malware that gets on to your system, but instead of destroying your information it makes your information inaccessible - until you pay a ransom. It does so by encrypting your files, and only after you pay the ransom do you get the key to decrypt your files. You may not be very familiar with ransomware, but according to recent reports from the United States Department of Homeland Security (DHS), the National Security Agency (NSA), and also the European Police Office (EUROPOL), ransomware is fast becoming a significant problem.


Mitigate the risk of ransomware by having a robust and regular backup routine.

FIGHT RANSOMWARE - LET PDS SECURELY BACKUP YOUR INFORMATION

If ransomware strikes, there are few options:
  • Recover the files from backup.
  • Recreate the files.
  • Do without the files.
  • Pay the ransom.
PDS FILES Clearly, the best option above is the first option, recover the files from backup.

In order to do that, the backups can't be saved on the same system - otherwise, they would be unavailable also. So, where can they be both accessible and secure?

Since PDS backups are encrypted, they are secure virtually anywhere. Burned to an optical disc, uploaded to free cloud storage, shared with friends or colleagues, or a combination of these.

In the example to the right, Donner is encrypting his "Top" directory and its contents, creating an encrypted directory named Top.PDS.

PDS backup capabilities include:
  • Performing a read-only verification of the backup.
  • The ability to recover a subset of the backup.
  • The ability to run multiple backup and/or recovery tasks in parallel.
  • Confidential backups protected by prying eyes by highly secure encryption.
  • The option to append a configuable time stamp to the output filename. Time stamps in the name of backup quickly indicate whether the backup was from last week, or last year.
  • The option to append a configuable time stamp to the top level directory, thus supporting extracting multiple versions of backups to the same directory without overwriting files restored from other backups.
  • Instead of backing up to a file, PDS supports IO with tape drives, from BOT as well as subsequent tape marks.
Let PDS help you before ransomware gets you!!


Creative hacker breaches Linux, Mac, and Windows file system encryption.

ATTACKS ON PDS

PDS is a Java application, which makes it very easy to decompile the executable and literaly read the code, line by line. Per the EULA, you are encouraged to do just that, to verify that there is no malware within the application.

As for attacks on the application, which is namely the ability to decode the cybertext produced by the application, the security is contained in the Java source code (which is open source), as well as the way that PDS has implemented the cryptography (which is also open source).


Joint Analysis Report on Cybercrime Reveals Phishing and Malware (DHS / FBI)

PDS KEY MANAGEMENT

PDS differs from other consumer security products by providing robust management of encryption Keys. With PDS, you create a KeyStore to hold your Keys, and when you create an encrypted Note or backup, you select which Key to use. This adds an extra step or two, but we believe this is the most secure way to proceed.

Key management in PDS includes the ability to create, view, modify and delete Keys. Metadata associated with all PDS-encrypted items tracks which Key was used as well as where to find it, including unique search paths for each operating system when PDS is used in USB mode.

In addition to security, PDS also adds flexibility. Every Key created with PDS has a password, so every crypto operation requires you to provide the password associated with a Key. You may choose to use the same Key for all of your crypto operations, or you may use multiple Keys - the solutions provided within PDS support both scenarios.

PDS USB MODE

PDS runs as a Desktop application installed to the system drive, but it also will run directly from a USB "flash" drive. This means that you can plug in your "thumbdrive" to a supported Java-enabled system, and securely access Notes or backups on your thumbdrive. Being Java, the same PDS installation will run on Linux, Mac or Windows.

PDS SIMPLICITY

Though the details of securely creating encrypted Notes and backups are fairly complex, PDS again helps by providing an intuitive graphical interface that allows you to easily implement highly secure encryption without having to be an encryption guru.

PDS DATA PROTECTION PLANS

From very simple to very complex scenarios, PDS may be used in different ways to protect your data.

At the most simplest, you may choose to keep all of your information securely protected with one Key and thus one password. This is a simple, yet secure, method to protect your information. And all you have to do is remember one password.

By using two or more Keys to protect your data, with each Key having a unique password, you may group your data by which Key protects which data. In this type of scenario, isolated information may be shared with different groups. Using PDS Notes to track the password for each Key will allow you to use as many Keys as you wish.

In another scenario involving multiple people or groups, a data set could be encrypted using two (or more) ciphers. If each group held the password to each cipher, the shared data would remain encrypted until all parties were present.

FIGHT CYBERCRIME - TRUST PDS


Valid HTML 4.01 Transitional