Personal Data Security - PDS
Software to Fight Identity Theft and Cybercrime
USE PDS TO FIGHT IDENTITY THEFT & CYBERCRIME
We believe that no single software product is able to provide all
the protection that is needed to prevent cybercrime. Therefore, it
is our recommendation is that a compliment of products should be used.
In addition, software alone cannot protect systems; the end user of
the system must also be an active participant in fighting cybercrime.
Before reading further, you are encouraged to have viewed the
and also the
of PDS with other software products that create encrypted backups.
It will be helpful to be familiar with: 1)
2) the difference between a
and other exploits that have a patch or workaround available,
and 3) familiarity with
If you are not aware of the threats from cybercrime, you are more likely to become a victim.
FIGHTING IDENTITY THEFT
Fighting identity theft requires a comprehensive approach -
and it's a never ending battle. Some approaches focus on
observing when possible identity theft has occurred, and you
pay them to alert you, and to provide insurance against harm.
With PDS you use a pro-active approach, trying to prevent
identity theft in the digital world by not letting the loss
of one set of credentials lead to a cascade of access breaches
at other accounts that have the same credentials.
This is done by going to the basics:
1. Using secure credentials. The PDS password generator solves this.
2. Not reusing secure credentials. PDS Notes solve this.
Yep, PDS keeps things simple, manageable and effective.
As another example, you know those questions, like "Who was your
Math teacher in the 7th grade?" Well, make something up, put it
in a PDS Note, and forget about it until you need it again (like
you may have done with 7th grade math).
Fighting cybercrime also requires a comprehensive approach -
and it's also a never ending battle. Cybercriminals have many
methods, or vectors, with which to attack a system. Imagine
yourself, if you will, playing the role of the attacker.
Given the choice of attempting a complex attack that requires
research, significant effort and time, would you be more likely
to begin with the sophisticated attack, or instead run a series of
automated attacks that can be downloaded and run with just a few
minutes of effort?
If you said "that depends", you are correct!
Sophisticated systems are hardened against
and may even deploy a fake treasure, or
to help gather information about the attacker.
On the other hand, typical comsumers use well known operating
systems with well known exploits, and thus are easier to attack
with "off the shelf" software, and with much less risk.
Sophisticated attacks are first used against nations and business.
So, the first line of defense is keeping the operating system
and applications updated to fend off the easy to defend attacks.
The best way to do this is to receive notifications when updates
are available. As demonstrated by the exhaustive issues and
updates announced via the
advisories, security alerts and patches are a never-ending cycle.
In addition to software updates, restricting network access to the
system is another necessary step in fighting cybercrime. A typical
network traffic to travel to and from your system. These days,
commodity operating systems provide packet filters, or
that can and should be used to restrict all unnecessary network
As the off the shelf attacks typically start with a scan of
the system, keeping the system updated and the ports closed
will signal the attacker that they should not waste their
time attacking you in this manner.
But the danger from cyberattacks is far from extinguished -
email and websites are fraught with peril.
HOOKED BY A PHISHING ATTACK
Attackers know that usernames and passwords are frequently reused,
as maintaining secure unique authentication credentials without
using a password manager (which not everybody uses) is impossible.
Therefore, if they are able to steal one set of credentials, they
can try to use those credentials at other websites - banking,
email, social media, etc. A phishing attack is one such method
to steal credentials.
Here's how it works: You receive an email indicating that there has
been an event and you need to use the link in the email to change
your password. You read the instructions, and maybe even get
confirmation - but afterward you learn that you fell victim of
a phishing attack. You just gave away your credentials.
WikiLeaks - DNC emails stolen using phishing scam.
With a password manager, secure unique credentials can be tracked,
and if one set of credentials is stolen, only that account may
be compromised. Bad, yes, but nothing compared to having many
FIGHT PHISHING - LET PDS MANAGE YOUR AUTHENTICATION CREDENTIALS
With PDS you can:
- Manage all of your authentication credentials.
- Ensure that each of your accounts uses unique credentials.
- Manage any security questions and answers associated with accounts.
- Maintain the historical record for all of the above.
- Allow PDS to create secure, unique passwords for your accounts.
- Avoid keyloggers by using copy and paste.
- Clear the system clipboard after a copy/paste.
- Know that your credentials will be secure and available for years to come.
PDS provides a secure and easy-to-use solution to manage your credentials. The solution is based on Notes, which are securely encrypted text files. Shown to the right is PDS with four Notes open. The Notes are for banking, bills, social media, and a Note named "dnote."
The easiest way to use Notes is to simply create a single Note, and then enter your credentials into the Note. Then when a credential is needed, reopen the Note, copy the credential, and paste it into the "password" field. The Note is encrypted using a secure cipher, and the Key to unlock the Note is the only credential you need to remember.
One Key may be used for all your Notes, or you may assign different Keys to your Notes. Because each Key in a KeyStore has a unique name (alias), there is nothing stopping you from having a hundred Notes, each with a unique Key and password. Simply enter each Key alias and password into a Note, and all the credentials to all your Notes may be retrieved. The note "dnote" demonstrates just this scenario, where it contains credentials for the banking, bills and social media Notes.
To see if PDS could help you manage your credentials, ask yourself these questions:
If you answered yes to any of these questions, PDS can help!!
- Do you keep your credentials written down on paper?
- Do you keep your credentials in an unencrypted file on your desktop/laptop?
- Do you reuse credentials among important accounts?
- Have you ever needed a set of credentials after leaving your laptop behind?
- Would you use a random password generator if you could securely copy/paste credentials?
"Disk" encryption does not guard against malware (malicious software).
Remember the tale of the
and how the unsuspecting men of Troy brought the "gift" inside?
computing version of the Trojan horse
is a malicious computer program that has been, and continues
to be, an all to common way to successfully attack systems.
It can slip by the hardened systems and closed down network ports
because it is the end user that brings it in, wittingly or not.
Software solutions that encrypt your disk, volume or file system are
usually very helpful if your computer is stolen. However, this type
of protection does not prevent malware from stealing, deleting or
even modifying files. One form of modifying files is encrypting them,
and then demanding a ransom to obtain the unique key to decrypt the
files. This new form of malware is called ransomware.
EUROPOL - Ransomware Has Become The Most Prominent Malware Threat.
Ransomware is a form of malware that gets on to your system, but instead
of destroying your information it makes your information inaccessible -
until you pay a ransom. It does so by encrypting your files, and only
after you pay the ransom do you get the key to decrypt your files.
You may not be very familiar with ransomware, but according to recent
reports from the
United States Department of Homeland Security
National Security Agency
(NSA), and also the
European Police Office
(EUROPOL), ransomware is fast becoming a significant problem.
Mitigate the risk of ransomware by having a robust and regular backup routine.
FIGHT RANSOMWARE - USE PDS TO SECURELY BACKUP YOUR INFORMATION
If ransomware strikes, there are few options:
Clearly, the best option above is the first option, recover the files from backup.
- Recover the files from backup.
- Recreate the files.
- Do without the files.
- Pay the ransom.
In order to do that, the backups can't be saved on the same system -
otherwise, they would be unavailable also.
So, where can they be both accessible and secure?
Since PDS backups are encrypted, they are secure virtually anywhere.
Burned to an optical disc, uploaded to free cloud storage, shared
with friends or colleagues, or a combination of these.
In the example to the right,
is encrypting his "Top" directory and its contents, creating an encrypted
directory named Top.PDS.
PDS backup capabilities include:
Let PDS help you before ransomware gets you!!
- Performing a read-only verification of the backup.
- The ability to recover a subset of the backup.
- The ability to run multiple backup and/or recovery tasks in parallel.
- Confidential backups protected by prying eyes by highly secure encryption.
- The option to append a configuable time stamp to the output filename.
Time stamps in the name of backup quickly indicate whether the backup was
from last week, or last year.
- The option to append a configuable time stamp to the top level directory,
thus supporting extracting multiple versions of backups to the same directory
without overwriting files restored from other backups.
- Instead of backing up to a file, PDS supports IO with tape drives, from BOT
as well as subsequent tape marks.
Creative hacker breaches
file system encryption.
ATTACKS ON PDS
PDS is a Java application, which makes it very easy to decompile
the executable and literaly read the code, line by line. Per the EULA,
you are encouraged to do just that, to verify that there is no malware
within the application.
As for attacks on the application, which is namely the ability to
decode the cybertext produced by the application, the security
is contained in the Java source code (which is open source), as well
as the way that PDS has implemented the cryptography (which is
also open source).
Joint Analysis Report on Cybercrime Reveals Phishing and Malware
(DHS / FBI)
PDS KEY MANAGEMENT
PDS differs from other consumer security products by providing robust
management of encryption Keys. With PDS, you create a KeyStore to
hold your Keys, and when you create an encrypted Note or backup, you
select which Key to use. This adds an extra step or two, but we
believe this is the most secure way to proceed.
Key management in PDS includes the ability to create, view, modify
and delete Keys. Metadata associated with all PDS-encrypted items tracks
which Key was used as well as where to find it, including unique search
paths for each operating system when PDS is used in USB mode.
In addition to security, PDS also adds flexibility. Every Key created
with PDS has a password, so every crypto operation requires you to
provide the password associated with a Key. You may choose to use
the same Key for all of your crypto operations, or you may use multiple
Keys - the solutions provided within PDS support both scenarios.
PDS USB MODE
PDS runs as a Desktop application installed to the system drive, but
it also will run directly from a USB "flash" drive. This means that
you can plug in your "thumbdrive" to a supported Java-enabled system,
and securely access Notes or backups on your thumbdrive. Being Java,
the same PDS installation will run on Linux, Mac or Windows.
Though the details of securely creating encrypted Notes and backups are
fairly complex, PDS again helps by providing an intuitive graphical
interface that allows you to easily implement highly secure encryption
without having to be an encryption guru.
PDS DATA PROTECTION PLANS
From very simple to very complex scenarios, PDS may be used in different
ways to protect your data.
At the most simplest, you may choose to keep all of your information
securely protected with one Key and thus one password.
This is a simple, yet secure, method to protect your information.
And all you have to do is remember one password.
By using two or more Keys to protect your data, with each Key having a
unique password, you may group your data by which Key protects which data.
In this type of scenario, isolated information may be shared with different
Using PDS Notes to track the password for each Key will allow you to use
as many Keys as you wish.
In another scenario involving multiple people or groups, a data set could
be encrypted using two (or more) ciphers. If each group held the password
to each cipher, the shared data would remain encrypted until all parties
FIGHT CYBERCRIME - TRUST PDS
(C) PDS Software Solutions LLC, 2016
We value your privacy