It's and this year I thought I'd share something relevant from . Cybersecurity awareness month every October my recent trip to cover IT Arena in Lviv, Ukraine While I was there I bumped into some of the team from a macOS and iOS software company based in Kyiv, Ukraine. MacPaw I have met MacPaw employees many times at conferences over the years, and even once visited their wonderful offices in Kyiv where I saw their famous Mac museum and met their equally famous office cats. They are probably best known for , , and . But since the beginning of Russia’s invasion, they also created a handful of small apps designed to help personal and digital security in a time of conflict. CleanMyMac Gemini Setapp Inspired to write your own cybersecurity-related article? and enter ! Use our writing prompt the Twingate writing competition SpyBuster - Unmask data spies First is , a free application for iOS, macOS, and Chrome-base browsers. Its main aim is to identify applications with potential connections to Russia or Belarus. This could be due to developers located there, or due to application data sent or received from those countries. SpyBuster I don’t have an iPhone, so first I tried it on macOS. You download the application, open it, and wait a moment. There are two sections in the application window: static analysis and dynamic analysis. Static Analysis This checks for software you have installed by looking at their binaries and resources. On launch, SpyBuster flagged Telegram and Raindrop. It flagged Telegram for “probable ties to the Russian Federation”. Telegram and its possible connections to Russia are a subject of lengthy discussion, and personally, I have always been a little suspicious of Telegram for a whole host of other reasons. But I continue to use it as it’s what many of my friends want to use to communicate, trusting it more than anything from Meta. it’s also very popular in Ukraine, including by people actively using it to oppose Russia, so that’s an interesting conundrum. It also flagged , a cross-platform bookmark manager I rely on heavily. I think I knew the developer (one person) was based in Russia, and they do seem to have dropped all mentions of this fact from the website. Raindrop However, all the application code is open source . and says it only uses AWS infrastructure Dynamic Analysis This checks the data flow of running applications to determine where they might be sending and receiving data to and from. I left it running for a little while, including interacting with Raindrop and Telegram. The only traffic I saw for Raindrop went to and from the USA, and for Telegram to the UK. I didn’t really anticipate any software I ran communicating with Russia, and I guess this confirms it. Browser Extension Next, I added the browser extension to Brave and thought it would be a good chance to trigger it by heading over to 😅. RT.com That instantly caused a warning in the SpyBuster desktop application, but I continued anyway, just to see what would happen. This instantly caused a service called “ ” to get rather upset with me, and doesn’t have a particularly positive history. dos-guard.net which according to Wikipedia is based in Russia I visited their website, which SpyBuster didn’t flag if I visited the English website, but did if I visited the Russian one. I guess the company used different regional hosts for each language. Of course in both cases, these were sites I knew were based in Russia and I don’t think I am personally that likely to access that many sites unknowingly. Together App Taking a different approach to personal security, focuses on keeping track of the well-being of displaced and far-flung employees. Together App It's open source, self-hosted, and runs as a Slack bot that periodically asks employees where they are and how they feel. This then allows everyone to connect with colleagues that ended up near them and provide support to those who need it. Together App requires a handful of prerequisites including: A Slack workspace and the ability to add bots to it A Postgres database server Google Geocoding and Places API keys A Mapbox public key An SSO or OAuth provider And there are optional requirements for setting up scheduled jobs and deployment. These requirements make Together App complex to set up, but help ensure the data it stores is secure, which essential for an application of this function. Over to You For the rest of Cybersecurity awareness month, we're inviting you to contribute your own tips and thoughts. You can , enter , or of course, write anything else related to the topic you wish and use the "cybersecurity" or "cybersecurityawarenessmonth" tags when you do. use our writing prompt the Twingate writing competition

Flow

Google

Slack

Cybersecurity Awareness Month - MacPaw Supports Ukraine

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

5 Docker Desktop Alternatives

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

5 Docker Desktop Alternatives

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

The Noonification: How the Liver Transplant System Changed Forever (11/25/2023)

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps