DoGoodSoft's Official Blog

Error Code 5: Access Denied When Decrypt an Encrypted Folder?

During the use of our encryption software, if you cannot decrypt the encrypted folders with error message Error Code 5: Access Denied, which was mostly caused by logic error in disk, what you can do is just to fix the disk.

How to fix disk to settle down the problem:

1. Your encrypted folder, for example, is in H: drive, click Computer/My Computer, right-click on H: drive, select Properties from the pop-up menu. Choose Tools, and click Check now…

2. Choose the first option Automatically fix file system errors, and click Start.

Error Code 5: Access Denied When Decrypt an Encrypted Folder?

3. If there is a prompt that “dismount this volume first”, click the Force a dismount button;

Error Code 5: Access Denied When Decrypt an Encrypted Folder?

4. The time for this operation depends on the size of your drive and files stored in it. After that, it will pop up such message.

Error Code 5: Access Denied When Decrypt an Encrypted Folder?

Once the drive is fixed, you can normally decrypt your encrypted folders, and the message Error Code 5: Access Denied does not appear any more.

Download addresses for latest version of folder encryption software:

Best Folder Encryptor: http://dogoodsoft.com/best-folder-encryptor/free-download.html

Best Encryption Expert: http://dogoodsoft.com/best-encryption-expert/free-download.html

Ease Folder Guard: http://dogoodsoft.com/ease-folder-guard/free-download.html

Ace Secret Folder: http://dogoodsoft.com/ace-secret-folder/free-download.html

Caution needed with anti-encryption tools that dodge data retention surveillance

Hot on the heels of Canberra’s successful push for mandatory retention of telco records about who we call, and how much we web surf, and when we email, we sense a new debate about technologies that scramble the actual contents of our communications, so an investigator may be able to work out who we called or mailed, but never what was said or written.

Recent media articles have noted that the New South Wales Crime Commission has been hindered by phone systems that encrypt conversations that prevent a crime fighter from eavesdropping. While the new data retention laws may alert Batman to the fact that Joker and Penguin have been trading a lot of calls lately, and Commissioner Gordon might be more than willing to authorise a bat-intercept on the strength of that information, the chase comes to naught when the caped crusader’s phone tap reveals nothing more than gibberish on the line.

As Fairfax Media also reports, drug dealers and money launderers are using Phantom Secure, an encryption tool for Blackberry messages, and BlackPhones, a voice encrypter for Android phones, to communicate in code. No doubt terrorists are customers for the same technologies. So, just months after the national parliament reached an accord on mandatory requirements for communications companies to retain details about our calls, messages and web surfing, do we need to decide the even thornier questions of whether a ban on certain voice and data encryption tools is possible and, if so, whether it would be the right thing to do?

That’s a key difference between the existing so-called metadata retention law and any move against products like Phantom Secure and BlackPhone.All the retention law does, and even this much is highly contentious from a civil liberties perspective, is requires comms companies to keep certain transactional records.

A law dealing with encryption technologies would need to go much further, criminalising hardware, software and services that are already in common use including, as New South Wales police readily agree, by legitimate businesses. Mind you, as the human rights movement would point out, you needn’t be a business to have a right to communicate privately.

What might an anti-encryption law look like? 99 per cent of all encryption would have to be excepted. Every time we visit an authenticated website, or buy online using a bank or quasi-bank like Paypal, we unknowingly use automated encryption. These communications are scrambled on their way across the internet, but they begin and end language, and an appropriately authorised regulator that wants to know what information was exchanged can get their hands on it. This isn’t the kind of encryption that investigators need to worry about.

AN ENCRYPTION LICENCE?

One option is a law requiring users of high strength encryption tools to be licensed, like gun owners need a licence. Before guffawing at such a thought, be aware that this is how Team America tried to deal with the issue internationally. The first mass market, effectively unbreakable text encryption tool was called PGP, standing for Pretty Good Privacy. The acronym was an in-joke. The developers knew how good their solution was, and gave it a name that was like calling Adam Gilchrist PGC, a Pretty Good Cricketer.

PGP wasn’t restricted within the USA itself. They have a constitutional right of free speech. But anyone involved in unlicensed export to other countries committed a criminal offence against, believe it or not, a law against unauthorised sale of munitions. That was thirty years ago, and the discussion we may now be about to have about drug runners, money launderers and terrorists will cross ground that was well traversed back then.

Why should we let people we don’t trust access technologies that facilitate conversations that might be against our interests and that we can’t intercept no matter how reasonable our suspicions and how high the stakes?

The problem with that approach in 2015 is that any solution that compromises the rights to free or private speech and the presumption of innocence, and criminalises or licenses existing freedoms, should ring every alarm and flash every red light a modern democracy has to ring and flash.

If drug runners, money launderers and their ilk are using encryption tools, by all means let’s deal with that in a targeted, measured way. But let’s also never forget the thanks the developer of PGP once received from a dissident behind the Iron Curtain, for serving freedom and saving lives.

Privacy advocates and tech giants support encryption, which the FBI director finds “depressing”

There’s a privacy battle brewing between the FBI and other federal government groups on one side, and tech companies, cryptologists, privacy advocates (and some elected American lawmakers) on the other.

Basically, the FBI (circa-2015 edition) opposes the use of encryption to keep data secure from hackers, on the grounds that the government couldn’t get at it either.

So this week, a wide variety of organizations ranging from civil-liberty groups and privacy advocates to tech companies and trade associations to security and policy experts sent President Obama an open letter urging him to reject any legislation that would outlaw secure encryption:

Change of heart

The FBI used to take the same view: encryption is a good way for innocent people to protect themselves and their personal data from criminals, so if encryption is available to you, you should use it.

In October 2012, the FBI’s “New E-Scams and Warnings” website even published an article warning that “Smartphone Users Should be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise.” That article included a bullet-pointed list of “Safety tips to protect your mobile device.”

And the second tip on the list says this: “Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.”

But in September 2013, when current FBI director James Comey took over the bureau, he also took a very different view of encryption: he thinks it only benefits criminals.

“Very dark place”

For example, when Apple launched its iPhone 6 last September, it bragged about the phone’s strong security features, including automatic data encryption. Comey then predicted that encrypted communications could lead to a “very dark place,” and criticized “companies marketing something expressly to allow people to place themselves beyond the law” (as opposed to, say, “Marketing something expressly so people know hackers can’t steal photographs, financial information and other personal data off their phones”).

Comey went so far as to suggest that Congress make data encryption illegal via rewriting the 20-year-old Communications Assistance in Law Enforcement Act to make it cover apps and other technologies which didn’t exist back in 1994.

And this week, in response to the tech companies’ and privacy advocates’ open letter to President Obama, Comey said he found the letter depressing: “I frankly found it depressing because their letter contains no [acknowledgment] that there are societal costs to universal encryption …. All of our lives, including the lives of criminals and terrorist and spies, will be in a place that is utterly unavailable to the court-ordered process. That, I think, to a democracy should be very concerning.”

Get a warrant

Yet despite Comey’s concerns, the idea that encryption would make it utterly impossible for police and courts to stop angerous criminals is not true. Even with encryption, police or the FBI can still get data off your phone; they just can’t do it without your knowledge. As Jose Pagliary pointed out:

That’s what FBI Director James Comey finds “depressing,” or likely to lead to a “very dark place”: the idea that if the government wants access to your personal data, it still has to get a warrant first.

Google Hangouts doesn’t use end-to-end encryption

If you’re using Google Hangouts as your main messaging service, you might want to know that Hangouts doesn’t use end-to-end encryption (E2EE), a must-have feature for messaging services in the post-Snowden world.

This was recently confirmed during a Reddit Ask Us Anything (AUA) session by Google’s Richard Salgado, Director for Law Enforcement and Information Security, and David Lieber, Senior Privacy Policy Counsel.

As far as messaging services go, end-to-end encryption is a method of encrypting data so that only the sender and the recipient of a certain message can make sense of the data being transferred. The main thing to bear in mind is that the provider of an E2EE-encrypted messaging service cannot view the messages itself, as the data is encrypted and decrypted locally by the sender and the recipient.

While the service provider has access to the bits of information that are transmitted between the sender and the recipient, this data looks like complete gibberish without the encryption key. It’s worth noting that Whatsapp, the largest messaging service in the world, uses end-to-end encryption, as does Apple’s iMessage.

The two Google representatives confirmed that Hangouts only uses in-transit encryption, a method that prevents ISPs and telecom operators from peeking at the messages. Long story short, Google can intercept Hangouts conversations when ordered by law enforcement agencies and governments.

Google previously revealed that requests for user data coming in from governments across the globe rose one and a half times over the past five years, although the company did not break down the numbers by service.

Google admits Hangouts doesn’t use end-to-end encryption, opening the door for government wiretaps

If you’re really worried the government may be keeping tabs on your conversations, then you’d best avoid Hangouts.

According to Motherboard, a Google representative confirmed that Hangouts conversations are only encrypted “in transit,” meaning after the message arrives at the intended recipient Google could access it if forced to do so by a government wiretap.

The question arose from a Reddit AMA with two senior members of Google’s public policy and legal team. An ACLU representative pinned them down about encryption, but wasn’t able to get them to detail if all messages were encrypted from end-to-end.

Richard Salgado, Google’s director for law enforcement and information security, and David Lieber, the senior privacy policy counsel, would only confirm the in-transit encryption. Salgado reaffirmed the government’s prerogative to order such surveillance: “There are legal authorities that allow the government to wiretap communications.”

In reality, such wiretaps are rare. Google’s transparency report details only seven wiretap orders for nine accounts in the first half of 2014, the most recent data available because the U.S. government requires a six-month waiting period.

Why this matters: Apple has touted the privacy of iMessage as another advantage to the security conscious over Android. Other messaging platforms, like the Mark Cuban-backed Cyber Dust, also promise secrecy. Google may not see this extra step as necessary until a backlash arises from those who want more privacy from their Hangouts conversations.

Flawed encryption leaves millions of smart grid devices at risk of cyberattacks

Millions of smart meters, thermostats, and other internet-connected devices are at risk of cyberattacks because they come with easily crackable encryption, a study has warned.

A paper by Philipp Jovanovic and Samuel Neves published in late April analyzed the cryptography used in the Open Smart Grid Protocol (OSGP), a group of specifications published by a European telecoms standards body. The protocol is used in more than four million devices, and said to be one of the most widely used protocols for smart devices today.

The results? Not great.

The researchers found that the “weak cryptography” can easily be cracked through a series of relatively simple attacks. In one case, the researchers said they could “completely” defeat a device’s cryptography.

The most common and trusted encryption standards use well-established, peer-reviewed cyphers that are open-source and readily available to inspect. Some have argued it’s the “first rule” of crypto-club. The problem for smart grid devices is that they don’t stand up to the scrutiny of the community.

The OSGP Alliance, the non-profit group behind the OSGP protocol, said last month it’s preparing an update to the specifications to add new security features.

“The alliance’s work on this security update is motivated by the latest recommended international cybersecurity practices, and will enhance both the primitives used for encryption and authentication as well as the key length, usage, and update rules and mechanisms,” the post read.

We reached out to the OSGP Alliance, but did not hear back outside business hours.

Chinese Version of PC Monitor Expert Updated to Version 1.63

PC Monitor Expert is designed to record all the computer activities, which works as a good helper for parents and computer administrators. For some bugs in the version 1.62 that brought the inconvenience to software users, we have upgraded PC Monitor Expert to version 1.63.

Update information of PC Monitor Expert:

File Name: PC Monitor Expert

Version: V1.63

File Size: 3.72MB

Category: Computer monitoring software

Language: Chinese

License: Trial version

Running on: Win XP/ Vista/7/8

Released on: Apr. 23, 2015

Download from: http://www.jiamisoft.com/pcsc/download.html

What’s new in this version:

+ added screenshot support for the ransparent windows;

* refined the email sending data of monitoring information, improved email sent rate;

– fixed a bug in Email Settings;

* improved the generation of computer machine code.

Main features of PC Monitor Expert:

1)Stealth operation: PC Monitor Expert cannot be found on the monitored computer. The monitoring software becomes invisible without any trace after installation, and it can monitor the object monitored computer secretly without letting anyone know. You can launch it by pressing hot key “Ctrl + Alt + U”.

2)Keystrokes Input Records: PC Monitor Expert can monitor all typed keystrokes, including Chinese, English, figures and functional keys. MSN or QQ chats, IMs, e-mail sent, usernames and passwords logged on some websites or e-mail can also be recorded(Warning: please DO NOT use this monitoring software for illegal use. This software won’t record sensitive passwords like QQ or MSN password).

3)Computer Screenshots Capture: Take screenshot of QQ or MSN chats window, active window or the entire compter screen. The monitored screenshots can be played automatically when you view them.

4)Opened Windows Monitoring and Control: Record all titles of opened window and the time they were opened. Prohibit opening windows containing specific block keywords in the title. For example, if you want to keep your children away from some adults contents, you can add adult contents as keyword to the prohibited list. In this way, all windows containing adults contents will be filtered automatically and PC Monitor Expert will forcibly close such web pages. Besides, this software can also record the action you open a prohibited window and opening time.

5)Running Programs Monitoring and Control: Prohibit software you specified (PC Monitor Expert has pre-configured over 30 game software). If a prohibited program is detected, PC Monitor Expert will forcibly shut it down and record this breach;

Prohibit chat software like MSN, QQ or Skype;

Prohibit using web browsers to view web pages;

Prohibit using download software to download;

Prohibit modifying system time;

Prohibit Task Manager(to prevent from ceasing active programs illegally), Registry or Control Panel etc.

6)Enhanced Functions: PC Monitor Expert can sent all monitored record (keystrokes, screenshot captured, active windows, and breaching behaviors and etc.) to a specific E-mail. You can conduct network monitoring as you wish. You can also set a password for this software and thus no one can modify settings or delete this software without the valid password. This software offers timed shutdown function with which you can schedule to shut down your computer at a certain time.

In addition, PC Monitor Expert supports disk control, which can better protect your important content.

New technology to help users combat mobile malware attacks

As mobile phones increase in functionality, they are becoming increasingly ubiquitous in everyday life. At the same time, these devices also are becoming easy targets for malicious activities. One of the primary reasons for such malware explosion is user willingness to download applications from untrusted sources that may host apps with hidden malicious codes. Once installed on a smartphone, such malware can exploit it in various ways.

For example, it can access the smartphone’s resources to learn sensitive information about the user, secretly use the camera to spy on the user, make premium-rate phone calls without the user’s knowledge, or use a Near Field Communication, or NFC, reader to scan for physical credit cards within its vicinity. Such malware already is prevalent, and researchers and practitioners anticipate that this and other forms of malware will become one of the greatest threats affecting millions of smartphone users in the near future.

“The most fundamental weakness in mobile device security is that the security decision process is dependent on the user,” said Nitesh Saxena, Ph.D., the director of the Security and Privacy In Emerging computing and networking Systems (SPIES) Lab and an associate professor of computer and information sciences in the College of Arts and Sciences at UAB. “For instance, when installing an Android app, the user is prompted to choose whether or not the application should have permissions to access a given service on the phone. The user may be in a rush or distracted, or maybe it is the user’s kid who has the phone. Whatever the case may be, it is a well-known problem that people do not look at these warnings; they just click ‘yes.'”

Current operating systems provide inadequate security against these malware attacks, putting the burden of prevention upon the user. The current anti-virus systems are ineffective against such constantly evolving malware. UAB pursued research to find a mechanism that would defend against mobile malware that can exploit critical and sensitive mobile device services, especially focusing on the phone’s calling service, camera and NFC.

This study from researchers within the UAB College of Arts and Sciences Department of Computer and Information Sciences and Center for Information Assurance and Joint Forensics Research explains how natural hand gestures associated with three primary smartphone services — calling, snapping and tapping — can be detected and have the ability to withstand attacks using motion, position and ambient sensors available on most smartphones as well as machine learning classifiers.

If a human user attempts to access a service, the gesture would be present and access will be allowed. In contrast, if the malware program makes an access request, the gesture will be missing and access will be blocked.

To demonstrate the effectiveness of this approach, researchers collected data from multiple phone models and multiple users in real-life or near real-life scenarios, simulating benign settings and adversarial scenarios. The results showed that the three gestures can be detected with a high overall accuracy and can be distinguished from one another and from other benign or malicious activities to create a viable malware defense.

“In this method, something as simple as a human gesture can solve a very complex problem,” Saxena said. “It turns the phone’s weakest security component — the user — into its strongest defender.”

The research team believes that, in the future, transparent gestures associated with other smartphone services, such as sending SMS or email, also can be integrated with this system. The researchers also aim to commercialize this technology in the near future.

UAB graduate student Babins Shrestha, a researcher in UAB’s SPIES Lab, co-authored the article and is presenting the paper at PerCom. The other members who co-authored the paper include UAB doctoral student Manar Mohamed, UAB undergraduate student Anders Borg, and doctoral student Sandeep Tamrakar of Aalto University, Finland.

Key management is the biggest pain of encryption

Most IT professionals rate the pain of managing encryption keys as severe, according to a new global survey by the Ponemon Institute.

On a scale of 1 to 10, respondents said that the risk and cost associated with managing keys or certificates was 7 or above, and cited unclear ownership of keys as the main reason. “There’s a growing awareness of the security benefits of encryption really accrue from the keys,” said Richard Moulds, vice president of product strategy at Thales e-Security, the sponsor of this report. “The algorithms that encrypt the data are all the same — what makes it secure is the keys.”

MORE ON CSO: What is wrong with this picture? The NEW clean desk test

But as organizations use more encryption, they also end up with more keys, and more varieties of keys.

“In some companies, you might have millions of keys,” he said. “And every day, you generate more keys and they have to be managed and controlled. If the bad guy gets access to the keys, he gets access to the data. And if the keys get lost, you can’t access the data.”

Other factors that contributed to the pain were fragmented and isolated systems, lack of skilled staff, and inadequate management tools. And it’s hurting worse than before. “The proportion of people that rate it as higher levels of perceived pain is higher than last year,” said Moulds.

One reason that pain is increasing could be that encryption is becoming more ubiquitous, he said, embraced by industries and companies new to the challenges of managing keys and certificates.

According to the survey, which is now in its 10th year, the proportion of companies with no encryption strategy has declined from 38 percent in 2005 to 15 percent today. Meanwhile, the share of companies with an encryption strategy applied consistently across the entire enterprise has grown from 15 percent to 36 percent. The biggest growth last year was in healthcare and retail, two sectors hit by major public security breaches.

In the health and pharmaceutical industry, the share of companies with extensive use of encryption jumped from 31 to 40 percent. In retail, it rose from 21 to 26 percent. However, for the first time in the history of the survey, the proportion of the IT budget going to encryption has dropped. Between 2005 and 2013, it climbed steadily from 9.7 percent to 18.2 percent, but dropped to 15.7 percent in this year’s report.

The biggest driver for encryption was compliance, with 64 percent of respondents saying that they used encryption because of privacy or data security regulations or requirements.

Avoiding public disclosure after a data breach occurs was only cited as a driving factor by 9 percent of the respondents. Data residency, in which some countries allow protected data to leave national borders only if it’s encrypted, didn’t even make the list.

“It didn’t rank as high on the list of motivators as you would have thought,” said Moulds. “But data residency is an increasing driver, and I think it’s going to be a big driver in the future.”

DHS Chief Says Encryption Threatens National Security

Department of Homeland Security (DHS) secretary Jeh Johnson wants the government to work more closely with tech companies on security issues, but it also wants them to dial back their security encryption efforts. Johnson made his comments Tuesday in front of a packed house at the RSA conference in San Francisco, one of the world’s largest annual cybersecurity gatherings.

Johnson defended the Obama administration’s ongoing stance, maintaining that tougher encryption by tech firms imposed in the wake of the National Security Agency’s spying scandal will make it tougher to stop crime.

“The current course we are on, toward deeper and deeper encryption in response to the demands of the marketplace, is one that presents real challenges for those in law enforcement and national security,” he said. “Encryption is making it harder for your government to find criminal activity, and potential terrorist activity.”

President Barack Obama has spoken out in support of strong encryption, but has also advocated for a legal framework that gives government access to data. Officials at the FBI, DHS and the National Security Agency have been more direct about limiting encryption. They fear encryption has created situations that prevent government agencies from accessing digital data even when armed with warrants.

“Let me be clear,” Johnson said. “I understand the importance of what encryption brings to privacy. But, imagine the problems if, well after the advent of the telephone, the warrant authority of the government to investigate crime had extended only to the U.S. mail.”

Nightmare Scenario

We reached out to John Kindervag, vice president and principal analyst at Forrester Research Inc., who told us Johnson’s proposal was a “nightmare scenario.”

“In the digital age everyone is going to have to live with the reality that most data should be encrypted,” said Kindervag. “It is too dangerous to try to figure out ways to put back doors into systems that only governments can access. Shouldn’t we have learned something from the Snowden debacle?”

Justice Department officials warned Apple last fall that children will die if police aren’t able to get into suspects’ iPhones because of the company’s encryption. As Johnson told the RSA crowd, “Our inability to access encrypted information poses public safety challenges.”

The White House is preparing a report that will outline various options to ensure law enforcement can bypass encryption during criminal or national security investigations. That report is expected later this month.

“We in government know that a solution to this dilemma must take full account of the privacy rights and expectations of the American public, the state of the technology, and the cybersecurity of American businesses,” Johnson said.

An Old Story

Kindervag said similar tension has existed since the early days of the widely used e-mail encryption software Pretty Good Privacy, when co-founder Philip Zimmerman had to fight the government regarding encryption. That’s because the government held that U.S. export restrictions for cryptographic software were violated when PGP spread worldwide. The government dropped its investigation into Zimmerman’s practices in 1996.

“The assumption of some governmental entities that they can gain omniscience through surveillance just doesn’t work anymore,” said Kindervag. “There is massive amounts of data that belong to private citizens that should not be read by other entities without the citizens’ direct permission.”