Trending February 2024 # Is Your Encryption Truly Secure? Truecrypt Audit Effort Smashes Fundraising Goals # Suggested March 2024 # Top 4 Popular

You are reading the article Is Your Encryption Truly Secure? Truecrypt Audit Effort Smashes Fundraising Goals updated in February 2024 on the website Moimoishop.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested March 2024 Is Your Encryption Truly Secure? Truecrypt Audit Effort Smashes Fundraising Goals

Is TrueCrypt audited yet? Nope, but it will be soon. One of the world’s most-used file encryption tools is about to get a full exam that will hopefully give the software a clean bill of health, after an independent effort successfully raised tens of thousands of dollars to peer into TrueCrypt’s deepest recesses.

TrueCrypt’s a free, open-source encryption program available for Windows, OS X and Linux that can be used to encrypt individual folders and whole disk drives alike. The program can also do some amazingly cool things like create a hidden operating system on a PC—essentially an OS within an OS—where you can keep your most secret files.

But while TrueCrypt is an incredibly nifty and widely used piece of software, the program’s nearly 70,000 lines of code have yet to be placed under a comprehensive security analysis—a major problem with a tool that so many people entrust to encrypt their private data.

“I would feel better if I knew who the TrueCrypt authors were.”

Enter IsTrueCryptAuditedYet project, which seeks to fully examine TrueCrypt’s source code via an in-depth security audit.

“There’s a famous saying that ‘given enough eyes, all bugs are shallow,’” Matthew Green, a cryptographer, research professor at Johns Hopkins University, and co-creator of the project, told PCWorld. “But that’s not really true for cryptography software where you don’t just need eyes, you need expert eyes. Unfortunately those are in short supply. What we’re trying to do with this audit is bring a lot of the right people together.”

Encryption, the NSA, and you

The goal of the TrueCrypt project is to do something similar to the University of Washington’s recent analysis of SecureDrop, says Kenneth White, Principal Scientist at Social & Scientific Systems, and co-creator of the TrueCrypt auditing endeavor. SecureDrop is an open-source, Wikileaks-style document submission program originally created by deceased Internet activist Aaron Swartz.

The TrueCrypt audit project began in mid-October as a reaction to the continuing revelations about the National Security Agency’s surveillance activities—most notably, The New York Times’ September 5 report that the NSA had undermined some of the Web’s most crucial encryption protocols.

The revelations inspired Green to urge for a renewed examination of open source encryption software. That call to action was later taken up by White, who together with Green kicked off the TrueCrypt audit project.

Despite its widespread use, TrueCrypt carries an air of mystery, because the developers of the program prefer to remain anonymous. “As [security researcher] Dan Kaminsky puts it, ‘authorship is a better predictor of quality than openness,’” Green wrote in an October blog post. “I would feel better if I knew who the TrueCrypt authors were.”

The FAQ on TrueCrypt’s site says it has been reviewed by independent researchers in the past, but those peeks at the source code were not on the scale of a full public audit.

Beyond auditing the source code, the project also wants to review the program’s licensing and verify that the executables on TrueCrypt’s site are built straight from the software’s source code.

“Many of our concerns with TrueCrypt could go away if we knew the binaries were compiled from source,” the TrueCrypt audit site says. “Unfortunately it’s not realistic to ask every Windows user to compile TrueCrypt themselves. Our proposal is to adapt the deterministic build process that Tor is now using, so we can know the binaries are safe and untampered.”

Now for the good news: IsTrueCryptAuditedYet hit and then surpassed its $25,000 funding goal on the Indiegogo crowdfunding site just four days after launching the project in October. In fact, as of Wednesday morning, the TrueCrypt audit has raised more than $56,000 between the Indiegogo effort and a second effort on the FundFill crowd funding site, according to White.

Auditing TrueCrypt will be a big job, but the project is well on its way to getting ready for action once the funding period is over. “So far we’ve received two proposals from major security evaluation firms and we’re working with other experts who are volunteering their time to get the whole project audited,” Green said.

You're reading Is Your Encryption Truly Secure? Truecrypt Audit Effort Smashes Fundraising Goals

What Is Data Encryption In The Computer Network?

Encryption is a technique to hide data from unauthorized persons by encoding data not to be viewed and modified. Data encryption involves converting the data into encrypted data called cipher text using a mathematical formula called an algorithm.

These algorithms generate a key and then encapsulate the message with this key. There are two types of encryptions as asymmetric and symmetric, are in vogue.

The presentation layer deals with the translation, encryption/decryption, authentication and compression, which are explained below−

Translation

It changes the complex data structures used by an application string, integers, structures, etc., into a byte stream that may be transmitted across the network. The message is represented so that communicating machines agree to the format of the data being exchanged. For example, ASCII or EBCDIC character sets.

The translation may be direct or indirect. In the direct translation method, ASCII code is translated as the EBCDIC at the destination machine. In the indirect method, the ASCII code is first translated to a standard format at the source machine before transmission.

Encryption/Decryption

It deals with security and privacy issues. Encryption is used to scramble the data so that only authorized persons can unscramble the conversation data. Decryption reverses the encryption process to translate the message back into its original form.

The sender in the source machine uses an encryption algorithm and a key to transform the plaintext (original message) into a cipher text (encrypted message) to encrypt the data. At the destination machine, the reverse process takes place. The receiver has a key and decryption algorithm to translate back the ciphertext into the original plaintext.

There are two types of Encryption which are as follows−

Asymmetric Encryption

Two mathematically related keys, the name public key and private keys, are generated to encrypt and decrypt the message. Asymmetric encryption is considered more secure than symmetric encryption.

Asymmetric key encryption that involves a key pair as public and private keys involves six major steps−

Plaintext− Plaintext is the text message to which an algorithm is applied.

Encryption Algorithm− It provides mathematical operations to conduct substitutions and transformations to the plaintext.

Public and Private Keys− They constitute a pair of keys that are used for the encryption and decryption of the message.

Cipher text− Application of an algorithm on plaintext produces an encrypted or scrambled message.

Decryption Algorithm− This algorithm is applied to generate the cipher text and the matching key to have the plaintext.

Symmetric Encryption

Symmetric encryption, also referred to as conventional or single key Encryption, is based on a secret key, which both communicating parties share. The sending party encrypts the plain text to cipher text message using the secret key. The receiving party on receipt of the cipher text message uses the same secret key to decrypt it to plain text. Examples of symmetric encryption are the RSA algorithm.

Symmetric Notes encryption method has the following five major parts−

Plaintext− Plaintext is the text message to which an algorithm is applied.

Encryption Algorithm− It provides mathematical operations to conduct substitutions and transformations to the plaintext.

Secret Key− They constitute a part of the algorithm for the encryption and decryption of the message.

Cipher text− This is the encrypted message generated by applying the algorithm to the plaintext message using the secret key.

Decryption Algorithm− This encryption algorithm decrypts the cipher text into plain text by using the cipher text and the secret key.

Authentication

It checks the antecedents of the remote party being the real party rather than an impostor. It defines that the message is received from an authentic person, not from an impostor. A digital signature is one of the several authentication approaches that use the public key encryption method.

Data Compression

It compresses data to decrease the amount of transmitted information, thus saving in bandwidth and money. There are three general methods of data compression. Each method considers that the data stream may be transformed into a more compact representation. This compact data stream is reconstructed back into the original data at the destination machine.

How To Secure Your Facebook Account

With so much personal data contained in your Facebook profile, you definitely shouldn’t take a light approach when it comes to securing your account. The good news is that by taking a few relatively simple steps, users can reduce the risk posed by Facebook security threats. This tutorial discusses how to secure your Facebook account to ensure the account and all its information is well protected.

1. Smart Password Management

Creating a strong, unique password is perhaps the first step towards securing your Facebook account. Even so, some experts believe it’s important to update your social media passwords regularly to keep hackers at bay. As a result, you should know how to change your Facebook password.

PC

Go to “Settings.”

From the left side of the display, select “Security and Login.”

Tap on “Change password.”

Mobile

Open the Facebook app on your mobile device.

Tap on the hamburger menu in the upper-right corner of the display.

Press on “Settings & Privacy” at the bottom.

Select “Settings.”

Tap on “Password and Security” at the top.

Select “Change Password.”

Type in your current password and the new one twice, then tap on “Update Password.”

You can change your password even when you’re not logged in to your account. You’ll need to access the Facebook Accounts Page and use your email or mobile number to identify your account.

Once your account is located, you can have Facebook send you the code to reset your password via your Google account.

Additional Safety Tips

Making sure your password information isn’t readily available to third-parties is also an important part in securing your Facebook. To this end, it’s recommended that you don’t use your Facebook password anywhere else online or share it with other people.

Make your password something hard to guess, so don’t include things like your name, date of birth or other common information. Moreover, if you are known for keeping records of your passwords, take precautions and store them in a safe folder on your PC or notebook that is kept in a private place to avoid others stumbling on this information. Saving your passwords in an encrypted password manager is of course ideal.

2. Set Up Two-Factor Authentication

Two-factor authentication (2FA) is a security measure that adds an additional layer of protection to your account, so even if someone knows your password, they still won’t be able to get into your Facebook account, unless they are able to provide a second identity verification. This usually comes in the form of a code that gets sent to your mobile phone via an SMS or an authenticator app such as Google Authenticator.

When it comes to Facebook, you have not one but three options when it comes to adding an extra security method when you log in to your account. Here’s how to enable two-factor authentication (2FA) for your Facebook account.

Desktop

To enable 2FA via Facebook on your computer, follow these steps:

Go to “Security and Login” as shown above.

Facebook will display a QR code and an alphanumerical code.

Go back to your phone and install the authenticator app, if you haven’t already. Open the app and select the “Scan a QR code” option. Alternatively, you can also enter the setup key, but the former option is more convenient. Use the phone to scan the QR code.

This will open an “Account added” page on your phone with the code displayed underneath. Press “Add Account.”

On your PC, press “Continue.”

Input the verification code from the app.

Type in your Facebook account password.

Congrats, your two-factor authentication is now on.

Authorized Logins

Facebook keeps track of your logins and keeps a list of where you’ve logged in the most. The app recognizes these logins as safe, but you may not agree. You’re encouraged to check out this list and decide whether certain devices/browsers should be included. This is an important security aspect you should not overlook, as Facebook allows you to log in to these devices without a code. Here’s how to view the list:

This should bring up the list mentioned above. You can tick the devices you want to remove from the list.

Mobile

On mobile, the process of enabling two-factor authentication is relatively similar. Again, make sure you have an authenticator app installed on your device before you start the process to ensure it unfolds as smoothly as possible.

In the mobile app, open up the “Password and Security” section as explained above.

Find the “Two-factor authentication” section and tap on the “Use two-factor authentication” option.

Select your preferred method (we opted for the authenticator app yet again), and tap the “Continue” button at the bottom.

Facebook will generate the QR code and written code. If you have both Facebook and the Authenticator app installed on the same device, hit the “Set up on same device” option, then “Continue.”

The authenticator app will detect your Facebook account and will add it. Press “Okay.”

You’ll be able to see the confirmation code in the authenticator app. Long-press on it to copy it to your device’s clipboard.

Go back to the Facebook app and paste the code. Press “Continue.”

You’ll be notified that 2FA is now on. Press “Done.”

If you change your mind about 2FA later on, you can easily disable the feature by following the steps described above to turn it off.

Authorized Logins

On mobile, you can also review and remove devices that you don’t want to be authorized for direct login. Tap on the “Authorized Logins” option under “Two-factor authentication.”

From there you can remove devices by tapping on the “X” button.

3. Use a One-time Password to Login

When it comes to logins, Facebook puts another security option at your disposal. You can login in to your Facebook account using a one-time password. It’s possible to use this option anytime you don’t feel comfortable logging in with your real credentials, such as in a public space like a library, hotel, etc. Note that this option will not work if you have two-factor authentication enabled.

Desktop & Mobile

If you’re in the US, use your phone to send a text message (SMS) to 32665 with the message “otp.” If you’re outside the US, check this list to see which carriers support this option and what number you need to use.

Those who previously linked your phone number with your Facebook account will receive a reply containing your temporary password (six characters).

On the other hand, if you haven’t linked your mobile phone to Facebook, you’ll get a mail with instructions of what to do next to get possession of your code.

Once you receive the code, just type that in the password field in the Facebook app or website.

4. Set Up Alerts for Unauthorized Logins

Even with 2FA authentication enabled for your account, you may still feel an additional layer of security is needed. If that’s the case, know that you can opt to add login alerts. These will let you know when someone tries to log in from an unrecognized device or web browser by providing you with info about the device that tried logging in and its location. Follow the below instructions turn on alerts for your account.

Desktop

Go to the “Security and Login” section as we showed you in the sections above.

Mobile

Go back to the “Password and Security” section on your mobile device using the steps above.

Under “Setting Up Extra Security,” tap on “Get alerts about unrecognized logins.”

Select how you want to receive these login alerts.

That’s it. Facebook will send you an alert every time you or someone else tries to log in from an unrecognized device or browser.

5. Look for Suspicious Devices

In correlation with setting up login alerts, you should be aware of which devices and browsers you use. Facebook will send you alerts containing information, such as the device’s name and location. Keeping track of all the devices you’ve recently use to log in may help you uncover any suspicious activity.

You can-cross check your recollections with Facebook’s list that records where you’ve logged in. Here’s how to access it:

Desktop

Under “Security and Login” you should spot the “Where you’re logged in.” Tap on “See More” to see a complete list of where you’ve logged in recently.

Mobile

On your mobile device, you can find the same information by going to “Password and Security” and tapping on the “See all” button in the “Where you’re logged in” section.

3. You can also swipe down all the way to the bottom and press on “Log out of all sessions.”

6. Monitor Linked Apps and Websites

If you’ve done so in the past, don’t worry, as you can remove access from these apps now. We show you how below.

Desktop

From the Settings panel on the left side of the display, scroll down until you find “Apps and Websites.”

Mobile

On your mobile device, open “Settings & Privacy” from the app.

Scroll down to the Permissions section and tap “Apps and Websites..

Tap on an app you’d like to remove.

Tap on “Remove.” On the other hand, if the login expired and you wish to continue the session, you can select the “Renew” button.

If you selected the first option, you’ll be presented with the same two options as above. Make your selection and press “Remove” once more.

7. Install an Extension/Add-on

Browser extensions or add-ons can also help with ramping up your Facebook security, such as Firefox’s Facebook Container add-on, which basically isolates your Facebook identity from the rest of the Web. With the extension onboard, Facebook cookies and site data that help identify “you” will be available only in that Container, and only the social site can be opened in that Container.

This means you won’t be tempted to log in with your Facebook credentials anymore, and your Facebook login information will be confined to the specific container.

Chrome users that are worried about phishing attacks can give the J2TEAM Security extension a try. Once installed, the extension will block fake Facebook login pages, thus preventing you from falling victim to scams. It also includes a “Facebook security tester” feature, which shows you your account’s vulnerabilities and provides you with direct links to resolve unsafe situations.

8. Do a Quick Security Check

It’s a simple way to know if you’ve taken the right steps to secure your account and takes mere seconds.

Frequently Asked Questions 1. Does Facebook use secure browsing (HTTPS)?

The answer is yes, and you don’t have to do anything to enable it. Facebook uses HTTPS to automatically encrypt your connection when you use the service. This protects your account from malicious parties. A secure connection is a requirement for connecting to Facebook and can’t be turned off.

2. I don’t recognize a location in the “Where You’re Logged In” section. What now?

If you see a location you don’t recognize, don’t panic. First, check if it’s related to the mobile device that you usually use to browse Facebook. Do note that often when signing in via a mobile device, you’re routed through an IP address that does not reflect your current location.

If you don’t recognize the mobile device either, it could be that you left yourself logged in on someone else’s mobile device. If that’s the case, consider logging yourself out remotely. The other option is that an unauthorized party has somehow managed to gain access to your account. If you think that might be the case, log yourself out from that particular device first, then secure your account by changing the password.

3. How can I avoid getting locked out of my Facebook account?

You can set up a list of trusted contacts (three to five friends), who, in case of emergency, can help you if you ever have trouble accessing your account. They will be able to send a code and URL from Facebook to help you log back in. You can create this list by going to “Security and Login” (or “Password and Security” if you’re on mobile) and tapping on the “Choose 3-5 friends to contact if you get locked out” option under the “Setting up Extra Security” section. From there press on the “Choose friends” button.

Image credit: Freepik

Alexandra Arici

Alexandra is passionate about mobile tech and can be often found fiddling with a smartphone from some obscure company. She kick-started her career in tech journalism in 2013, after working a few years as a middle-school teacher. Constantly driven by curiosity, Alexandra likes to know how things work and to share that knowledge with everyone.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Sign up for all newsletters.

By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.

Secure Your Zoom Calls With End

This post has been updated. It was originally published on April 26, 2023.

Zoom’s end-to-end (E2E) encryption is great news for those who care about their privacy and security online. But the feature is not enabled by default, so you might still be connecting with friends, family, and colleagues through the video calling program’s less-than-perfectly-secure standard encryption protocol.

And listen, that’s… fine, but you deserve the best.

Why should you enable E2E encryption

On their own, encrypted communications are a jumble of incomprehensible characters that require a key to translate that mess into intelligible text messages, audio clips, or video calls. The main difference between types of encryption is where the keys are generated, managed, and stored. 

[Related: How to securely store and share sensitive files]

Zoom’s default AES 256-bit GCM encryption, for example, generates keys on the company’s own servers. This means the contents of your team’s daily staff meeting still travel from your device, through the internet, and to your colleague’s laptops or cellphones in a secure way. But because Zoom controls the key to that communication, they could technically decrypt that “funny” story you told about your cat—and how none of your teammates laughed at it. On a more serious note, it also means anyone who gains access to Zoom’s servers—from a hacker to a government agency—could see what you’ve been talking about.

By enabling E2E encryption, your device (and the devices of everyone on the call) generates, manages, and stores the key to your communications. This means that Zoom’s servers only receive a bundle of unintelligible code that they then direct to its final destination. The company never sees what you said, the photo you shared, or that story you wish you could un-tell. 

Why E2E encryption is not automatic on Zoom

As of now, when you enable E2E encryption on Zoom, you automatically lose access to a bunch of other features. This includes the ability to join a call before the host, cloud recording, live streaming, and live transcription. Others, like one-on-one private chats and meeting reactions, are disabled depending on what version of Zoom you’re running. 

The functionality has other limitations as well. Only people using Zoom Rooms, the desktop client, or the mobile app are able to hop on E2E encrypted calls, leaving behind users who dial in or connect through third-party clients like Lync or Skype. 

[Related: 6 secure alternatives to WhatsApp]

When Zoom announced the arrival of E2E encryption back in October, one of the stated benefits was that it would be available for both paying customers and those using the app for free. But there’s a trick here: to use this new encryption, freeloaders will have to have a valid billing option on file, and verify their accounts. This means giving Zoom credit card details and phone numbers, plus a physical address, which may be a high price to pay if you highly value your privacy.

All these caveats are why Zoom is recommending users only turn on E2E encryption for sensitive communications—meetings that truly call for this extra layer of protection. But because E2E encryption is the only online protocol that totally secures your content online, it shouldn’t be optional. It should be the default. 

How to set up E2E encryption on Zoom

When you do, a new option to choose a type of encryption will appear below—check the circle next to End-to-end encryption. If you’re not a paying user, the platform will ask you to verify your account using a valid phone number. 

[Related: The best Zoom tricks and add-ons for your video chats]

Updated on April 27th, at 2:12pm: This post has been updated to reflect that E2E encryption on Zoom is no longer a technical preview.

What Does “Your Connection Is Not Secure” Error Mean? How To Fix It

The “Your connection is not secure” error pops up when accessing a site that has been improperly configured. Usually, this happens due to an invalid, corrupted, or outdated SSL certificate.

Although the issue majorly lies on the server side, there can be times when you might encounter this message due to incorrect browser configuration or internet issues. While you can add an exception and visit the site, you may not get this privilege in some cases.

Well, you do not need to worry as nothing serious has gone wrong. Indeed, you can quickly get rid of this problem either by contacting the site owner or bypassing the certificate. Even though we do not recommend the second option as such sites are potential risks, you can try this if you genuinely trust its owner.

Connection Not Secure Error in Firefox

First and foremost, you’re probably getting the “Your connection is not secure” error because the site you’re trying to view hasn’t been upgraded to HTTPS. This means that it still uses HTTP, which lacks the Secure Socket Layer (SSL) certificate responsible for an encrypted connection.

Basically, an SSL/TLS certificate follows the X.509 PKI (Public Key Infrastructure) standard. And if your site is secured using the SSL protocol, it’s considered safe as the certificate is signed by a trusted Certified Authority (CA). 

Getting an SSL certificate is effortless, but it may need to be subscribed to yearly, depending on your domain host. Hence, sites owned by hackers are generally not secured, and even if a site is upgraded to HTTPS, it will likely expire.

Thus, when Firefox cannot validate the SSL certificate, it throws the warning message, “Your connection is not secure” or “You are not securely connected to this site.” Well, you can find similar errors on other browsers too. For example, Google Chrome may alert you with “The connection for this is not secure,” “Your connection to this site is not secure,” or “Your connection is not private.”

“Your connection is not secure” is usually accompanied by some error codes, SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, SEC_ERROR_UNKNOWN_ISSUER, etc. This may indicate that an entity (possibly a third-party anti-virus) is trying to prevent an unsecure connection (caused by invalid or corrupted certificates) between Firefox and the website. 

When a particular website cannot identify the certificate or the server is not sending an appropriate one, Firefox alerts you with this message. In such a case, you may not be able to add an exception for the desired site.

Invalid or corrupted SSL/TLS certificate

Incorrect configuration of date and time

Corrupted browser data and cache

Third-party antivirus software is blocking the uncertified site or has replaced with its own root CA certificate

Surprisingly, the “Your connection is not secure” error can pop up whether the site you’re visiting is HTTP or HTTPS. If the problem exists only in your network or device, you probably haven’t configured the proper settings. 

Firstly, ensure that you have installed a valid or renewed existing SSL/TLS certificate on your site to upgrade it from HTTP to HTTPS. Usually, some reliable web hosting providers include this on their package, but you may have to contact a Certificate Authority (CA) if yours doesn’t.

Even after renewing the certificates, your site may still show HTTP. In such a scenario, we recommend verifying that all the assets (images and other media) are also configured to HTTPS.

Set up a 301 permanent redirect on your Content Management System (CMS) and ensure that all the HTTP URLs are pointed to HTTPS URLs.

If you’ve modified any configuration files, you may have to restart the web server (Apache, Nginx, IIS, whatever you’re using).

However, if you’re the site owner and this issue exists everywhere, you might want to follow the below instructions:

By now, you should be clear that you’ll encounter the “Your connection is not secure” error mainly due to server faults. Thus, waiting until the site owner upgrades to HTTPS is the best option as, technically, it’s not possible to fix it yourself.

Nevertheless, you can bypass this error message and get into the site using simple techniques. Likewise, if the error doesn’t pop up on other networks and the address bar indicates the use of HTTPS, you’ll need to tweak a few settings within your system to resolve it.

Check for typos

Check if the error exists in a different browser

Try power cycling your networking devices

Scan for possible malware

Contact your ISP if they’ve blocked it

The first thing we recommend is to check whether some servers have blacklisted the site’s domain or blocked its IP for security reasons. Basically, a blacklist contains details of all the IP addresses or domains that are considered threats to users. 

Thus, if the site is blacklisted, the SSL certificates won’t be validated. In such a case, Firefox might throw the “Your connection is not secure” error even if it is upgraded to HTTPS.

You can easily check a website’s integrity using online tools like MxToolbox, Inmotion Hosting, Site24x7, etc. For demonstration purposes, we have used MxToolbox, which provides a free and accurate network diagnostic feature:

Navigate to the MxToolbox’s official site and switch to the Blacklists tab.

Once you’ve identified the blacklist, refer to the internet to learn more about the problem. If there are critical errors with the site, we do not recommend visiting it.

Then, you can decide whether or not to move forward and try managing exceptions or tweaking other settings.

Note: Checking site integrity can also help proprietors to identify what’s causing this issue. If you believe you’ve followed all the protocols, you can visit their official website or send a direct e-mail requesting them to delist your site.

If you genuinely trust the website and wish to access it, you can bypass this quickly. However, if this is a relatively new site with only HTTP-enabled, we do not recommend providing your private information (name, bank details, e-mail address, etc.).

Moreover, this technique should also fix the error code “SSL_ERROR_BAD_CERT_DOMAIN”. Kindly go through the below steps on how to manage exceptions on Firefox:

In the error tab, press the Advanced button.

Once the Add Security Exception opens up, press the Get Certificate button to let the site identify itself with invalid information.

Now, you may mark the Permanently store this exception option if you do not wish to see the error message for that particular site in the future.

Sometimes, you may not get the option to add an exception. In such a case, press the Advanced option, and you’ll likely get the error code with some additional information. For example, if you encounter the MOZILLA_PXIX_ERROR_NOT_YET_VALID_CERTIFICATE, know that the certificate expired recently.

Basically, every SSL certificate has an issue and expiration date. Hence, if you have a wrongfully configured date and time, Firefox won’t be able to verify this. So, we suggest correcting it, and here’s how you can do it on Windows 11:

Use the combination of Windows and I keys to open Settings.

Now, try re-accessing the website, and you should be successful this time.

Note: If you’re still seeing the error with the MOZILLA_PXIX_ERROR_NOT_YET_VALID_CERTIFICATE code, we recommend tweaking the date and time from BIOS.

Suppose you recently imported any root certificates on the Firefox browser and enabled the “Automatically search for and import CAs that have been added to the Windows certificate store by a user or administrator.” In that case, you’ll possibly end up with the SEC_ERROR_UNKNOWN_ISSUER error code.

Finally, relaunch the browser, navigate to the site, and check if this does the trick. 

Well, the “Your connection is not secure” error can also be triggered due to specific third-party antivirus SSL settings. Reportedly, most users have faced problems where their antivirus software (Avast, Avira, or others) blocks those sites with no SSL/TSL certificates.

Basically, these programs can replace valid web certificates with their own root certificates. Although this is a good thing to prevent possible malware from harmful sites, such a configuration change is also considered a form of Man in the middle attack, and hence, the browser might throw a connection error.

For example, Avast has an HTTPS Scanning setting to protect against possible malware transported by the SSL-encrypted HTTPS traffic. Thus, you can try disabling this setting to see if it solves your issue.

Furthermore, you can also try disabling and reenabling the third-party antivirus software. If this solves your issue, we recommend uninstalling the application permanently, which should permanently fix the connection error.

Sometimes, unconfigured browser settings might also trigger the “Your connection is not secure” error message. Thus, you can try clearing the cache, deceptive content settings, and HTTPS-only mode to see if this fixes the problem:

From the left pane, navigate to Privacy & Security.

Now, restart the browser and move to the site again. This should solve your problem.

While most causes of connection errors are due to invalid or corrupted SSL certificates, your internet connection can also play a significant role here. If you’ve configured manual proxy settings on Firefox, you may encounter unexpected errors, like “Your connection is not secure.” Thus, we highly recommend changing this to Auto-detect:

From the hamburger menu, open Settings and go to General.

Then, press Ok and restart the browser, which should fix the issue.

Basically, cert8.db and cert9.db are the database files that store intermediate certificates you receive from websites. Hence, deleting can fix any issues within them, and here’s the correct way to do it:

First of all, close the running Firefox browser.

Moving on, the error can also be triggered due to Firefox add-ons or other customizations. Thus, the last option is to try refreshing the browser and fixing the relevant issues:

Now, your browser will shut down, and the Import Wizard will open. Simply press the Finish button to continue.

Finally, get to the site, and you should no longer see the “Your connection is not secure” error message.

How To Secure Your Social Media Accounts

Social media scams have become quite common nowadays. Hence, it’s now critical for users to start educating themselves about the risks, while learning how to protect themselves against these ever-growing threats. This article offers a series of tips on how to minimize cyber crime-related dangers on social media.

Why Protecting Your Social Media Accounts Is a Must

We tend to post everything on our social media accounts. From pictures with friends and family to the locations we’ve recently visited or we’re currently at. Unless we’ve switched our profiles to private, all this info is laid out for anyone to see. What’s more, our accounts aren’t even isolated, as they are often connected to other apps we use. For instance, you can link your Instagram or Spotify to your Facebook account.

The good news is that by taking action early on and changing some of your social media habits, such as using the same password for various social media accounts, you can secure all your private data and discourage cybercriminals from targeting your account.

1. Set Strong Passwords

Passwords are usually the first line of defense against social media hacks. Unfortunately, the number one mistake a lot of people make is use the same password for all their social media accounts. This is a practice best avoided, even if remembering all your online logins can be challenging.

For this reason, we recommend that you install a robust password manager on your device. It will help you track all your credentials with ease as well as generate strong passwords when you need them.

Image source: Freepik

Even if you’ve set strong passwords, you should be prepared to change them any time your social media app announces any kind of breach or notifies you of any suspicious activity on your account. Also, setting up a new password is a good idea if you find a virus or malware on your PC or if you’ve recently shared your password with someone else.

Finally, while you definitely shouldn’t change your password once a month, at least not unprompted, an additional security measure can be to generate a new password once a year.

2. Enable Two-Factor Authentication (2FA)

One of the most reliable ways to secure your social media accounts is to enable two-factor authentication (2FA).

Image source: Freepik

The way this feature works is that when you log in, you will be required to enter a randomly generated code to verify your account. By doing this, you will add an extra layer of security to your account and make hackers’ job harder, as they would have to have direct access to your phone or authenticator app in order to retrieve the code.

The vast majority of social media apps offer this option, and we show you how to enable 2FA in popular social apps such as Facebook and Snapchat. If possible, opt for an authenticator app over SMS to receive your login codes.

3. Add a Recovery Email and Phone Number

You’ll need an email address to sign up for most social media apps, but adding your phone number is usually optional. However, make sure that you add an email as well as a phone number to your account. It will help with account recovery in case you get hacked or if your account becomes inaccessible to you for any reason.

For instance, on Facebook you can enlist the help of a friend to recover your account through their profile. Once you follow the appropriate steps, you’ll be able to reset your password via a code that can be sent by SMS.

Image source: Freepik

Moreover, checking that your email information is up to date is also important. Most social apps will send email alerts in case something goes wrong with your account, and it’s crucial that you pay attention to these official emails. Don’t ignore them or you may miss out on some urgent information regarding your account. When you finally decide to investigate, it may be too late.

4. Set up Login Alerts (Where Possible)

Login alerts is a feature that’s available on various social apps, but not all. For example, you can enable it on Facebook. This way, you’ll receive a notification each time someone tries to log into your account, allowing you to take action quickly if something is amiss. On Instagram, login alerts are enabled by default, and you’ll receive an email whenever a suspicious login happens (for instance, if Instagram detects a login from a new device).

Image source: Freepik

Some apps also put a feature called “Login activity” at your disposal. If available, it should be checked frequently, so that you can easily identify any logins that don’t belong to you and log out of there fast. When you do that, most of the time you’ll be asked to change your password. Go ahead and do so if you have reason to believe that someone might have been meddling with your account.

5. Use the Built-In Security Checkup

Some apps such as Instagram and Facebook offer a built-in security checkup feature that helps you gauge the security of your account. On Instagram, the feature will check whether you’ve enabled 2FA or added a phone number to your account. If you haven’t, you will be prompted to do so for maximum protection.

Keep in mind that not every social app offers this option, but do check their individual security settings to see if you’re in luck. The built-in security checkup is a quick fix for an account that’s a little bit shaky on security.

Phishing represents a real threat on social media, which has become a fertile ground for all kinds of bots and scammers who are tirelessly trying to access your sensitive data. Many phishing attempts these days come in the form of a link sent either via email or through someone contacting you online. In some cases, even friends can be the source of such dubious emails.

Image source:

Pexels

We suggested above that it’s in your best interest not to ignore official emails from various social media sites you’ve signed up with. However, you should tread carefully here, as many of these phishing emails are sent from addresses that can mimic official ones. If you need some help in this department, we have a guide that can help you decide whether you’re dealing with a phishing scam or not.

7. Report Scammers

If you’ve received a suspicious link from someone, don’t just ignore it. You should immediately report the account and the shady activity associated with it to the app in question. All social media apps allow users to do that, and being proactive will help hinder spammers’ efforts in gaining unlawful access to users’ data.

8. Share Less About Yourself Online

While we may get the urge to share as much as possible about ourselves online, it would be wiser, not to mention safer, to refrain from doing that too much.

The thing is, the more information hackers have at their disposal, the easier it becomes for them to get you to fall for their scams. To counter this, we encourage you to make your social media profile private, if the app offers that option (and most of them do).

While many use social media to make new friends, it’s best if you don’t befriend people you don’t know. Social media is teeming with fake profiles and dubious individuals who are all too willing to spread malware, initiate catfishing attempts, or help propagate phishing scams. So be wary about whom you allow access to your profile.

9. Always Sign Out Once You’re Done Using an App

This is a good habit to form. Even if you’re using your social media accounts at home, don’t forget to sign out of them once you’re done browsing on your PC or mobile apps. This will help avoid scenarios where members of the household or guests can gain access to your account inconspicuously.

Image source: Freepik

It’s especially important that you remember to sign out if you’re using a public computer or wireless connections. If you can, abstain from accessing your social media accounts on public or shared computers. It’s extremely easy to eavesdrop on internet traffic on public wireless networks. If you must check your account, never enable the “remember me” or “keep me logged in” options when logging in to your app of choice.

Alternatively, opt for using social media apps within your browser rather than using the dedicated apps. This may make it easier for you to remember to log out once you’re done browsing. Unfortunately, using a browser isn’t possible with all social apps. For example, Snapchat exists only in the form of an app.

10. Secure Your Mobile Device

If you’ve logged in to social media on your mobile device, make sure you’re taking measures to protect the device. Add a passcode or enable face unlocking, to prevent others from accessing your device when you’re not paying attention.

Image source: Freepik

As we recommended above, logging out of your social accounts after each session is also a good practice. Even if your device gets stolen or lost, your private account will be safe.

Frequently Asked Questions What are the signs of a hacked account?

You can tell that your account has been hacked if you notice suspicious activity going on. Here are a few red flags to look out for.

Messages or content that you don’t remember posting

New friends who have been added to your Friend list without your authorization

Emails alerting you of various unknown logins to your account

Suspicious devices showing up in your login activity

Inability to log in to your account though the credentials are correct

What can I do if I suspect that my account has been compromised?

The first thing you should do is change your password. Then, remotely log out of all the devices you don’t recognize. Depending on the social app you’re using, you can report your concerns via official channels. Finally, don’t forget to also alert your friends to ignore any potential links coming from your account while you sort out the matter.

Should I create a dedicated email address for my social media accounts?

It can be a good idea to do so. If any of your social accounts end up being compromised, hackers won’t have access to the valuable information contained in your primary email account. If you think keeping track of multiple email accounts is too much work, we suggest that you learn how to check multiple email accounts from one inbox or consider installing a password manager app.

Image credit: Pexels

Alexandra Arici

Alexandra is passionate about mobile tech and can be often found fiddling with a smartphone from some obscure company. She kick-started her career in tech journalism in 2013, after working a few years as a middle-school teacher. Constantly driven by curiosity, Alexandra likes to know how things work and to share that knowledge with everyone.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Sign up for all newsletters.

By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.

Update the detailed information about Is Your Encryption Truly Secure? Truecrypt Audit Effort Smashes Fundraising Goals on the Moimoishop.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!