barefoot cybersecurity

security… mobility… cloud… technology… whatever…

Leave a comment

Scrambls gives you control over your personal content online

Increasingly our identities are viewed though what we say and do on the web.

Facebook, Google+, Twitter, YouTube, Yahoo, LinkedIn, Salesforce, Gmail, Skype, AIM, WordPress, Foursquare, Bebo…  (I haven’t even researched yet!)

Whilst these social networking tools are all very nice and, well… sociable, we hear endless warnings about protecting our privacy online. Whilst each of these sites and technologies has a set of privacy controls, if you are a frequent user of several networks the job of keeping these all in check may not be as high priority or as simple as it should be.

The problem with the web is, once your info is out there, you’ll never be able to say with any degree of certainty who is reading it or how to retract it at a later date. Do you trust your data with everyone? If you delete your account, is everything you ever posted going to be deleted and how will you ever know or check?

Scrambls looks like a cool solution to wrestle back some control over your personal content online. It uses a browser plug-in or mobile app to scramble (using, it would seem, some proprietary encryption) your posts so that they may only be read using a key stored on the Scrambls server. The author owns these keys and can set the policy for whom and when to make them available. The thing for me that makes this smart is that when you decide it’s time for your information to disappear, you delete the keys and the info remains scrambled forever even if your account is never deleted.

How Scrambls woks

Whilst this may be overkill for many users’ public discussion about the latest tabloid headlines, I can definitely see uses for more sensitive information like protecting our children’s information, business data and material with personal copyrights.

For more information, go to

Leave a comment

Free SLL Server Test.

Many vendors provide free (freeware, freemium) tools to attract you into trying their product and getting hooked.Trying out these, often unsupported technologies, is a disappointing experience when they either;

  • don’t deliver all they promise
  • ask you to upgrade to the premium product before you get anything useful
  • bombard you with ads (or worse)
  • all of the above!!


However, occasionally it’s possible to stumble across a gem. Here’s one I’ve found useful recently.

Qualys SSL Labs

Ever wonder just how secure that new online shop is you are just itching to pump your credit card details into? Well you should.

This free service performs a deep analysis of the configuration of any SSL web server on the public internet. Simply type in the address of the secure website (https) you want to test. The service will firstly look at the certificate to verify that it is valid and trusted. It then inspects the server configuration for protocols, key exchange and cipher support.

Finally a percentage score is awarded to the individual categories and a total score and grade displayed.

I testing the usually popular services, Gmail, Facebook, Skype etc . as well as a several online banks and, as you’d expect they all achieved a grade A (80% or above). Then I tried the South African revenue service (I need to do my tax return!) at Only 61%.

What other government sites can I test? FBI? Only 57%!

Both were let down by the key exchange phase making them vulnerable to denial of service and/or man in the middle attacks.

Next time my finger is hovering over the “check-out” button, I’ll be sure to test here first.