Full Disclosure mailing list archives
Stealthier Internet access
From: Bipin Gautam <bipin.gautam () gmail com>
Date: Wed, 26 May 2010 01:25:25 +0545
Following is a linkedin posting from a discussion group. This is just a random note for archive purpose. I lack interest to write this article in details. The article and content are of poor quality so ignore...... :) thanks, -bipin ____________________________________ Stealthier Internet access I wrote a small tutorial on something related. This doesnt reflect anything update topics or cover any current knowledge or belief. I lack the motivation to improve it so for the curious few, here is it; www.mail-archive.com/foss-nepal () googlegroups com/msg04248.html [On Wed, Feb 20, 2008] ---quote--- On Wed, Feb 20, 2008 at 11:45 PM, Bipin Gautam <[EMAIL PROTECTED]> wrote:
Firstly, please don't expect this reply as a walkthrough on the topic... just a small push in the right direction to the curious few, if any. As said earlier, this topic is very vague and beyond the scope of this text for an in-depth explanation. Nevertheless anonymous and secure communication in the world today is still possible, it's just that the bar has been slightly raised… ;) Rule 1: hide everything you can, best you can all the time and of create decoys in things you are intentionally revealing… Let's begin: Topic: Anonymous Communication (web, mail) 1). Os of choice a). anonymos-shmoo.iso, live CD. It is a hardened OS and transparently tunnels all your communication via TOR. OS in r/w medium it leaves back track of your activities in details in the storage. b).Check and disable self updating components (softwares, plugin etc) in your OS that might bypass proxy rules, leak confidential information. It includes disabling self updates from your hardware firewall. At OS use application level firewall. Use snifters to monitor your tools of choice over time and ensure they are following proxy/vpn rules. 2). Place/means a).behind NAT. better someone else/different MAC address, auth, IP b). Free hotspot : hotel, office, …..? c). Cyber, public computer If it's not the place you own, better. Check for cctv or other logging / monitoring device around. Appear common. Too many unfamiliar screens on your computer screen draw attention of side by. Get the idea… Technology: Consider chaining anonymous technologies listed below (google about it in details). Always insure 1 or few layers of encryption on content you are trying to hide using different tools that follow different protocols and use different encryption algorithm to secure your data as you may not want to relie the confidentiality of your entire procedure on the strength/weakness of just one tool, one protocol and one algorithm. Is performance and work overhead of using these multiple layers worthwhile? If you are selecting multiple encryptions and hashing algorithm make sure your choice is redundant… i.e. don't just use algo approved by American standard, consider using European standard as well (eg: Whirlpool hashing algorithm adopted by NESSIE, SHA512 American Standard, NIST. Rijndael (latter to be chosen as AES) was chosen over Serpent (despite added security in serpent) for performance reasons. Though both algorithm are similar and has no known attack that has broken them till date. You may want to use other algorithms as well. In properly designed software encrypted output doesn't leak the name of algorithm used to produce the content which means attacker can just assume tools, protocols and algorithms used to produce the content to start brut forcing. Considering 'just this fact' as stated above Truecrypt is better over PGP disk encryption suit. Make sure to hide trivia things like file extensions, meta-data, timestamp (?) even with encrypted output. -For some ssh tunnel to the private mail server listening on loopback to access gpg encrypted mail is enough security... but it might not guarantee enough anonymity. Route your traffic through f2f and TOR and proxy chaining. Use port knocking to temporarily redirect port 80 to 22 locally(example) so that you can access port 22 via proxy chaining will add a layer of anonymity. Think creative. Research on these terms: -F2F network (example: Freenet, anoNet) -TOR (run in server mode if you use it too often, some plausible deniability feature as it is difficult for the attacker to insure if the traffic being transmitted is generated locally or being relayed from another node) TOR servers don't relay standard SMTP traffic by default. But many mail providers/ servers listen to different except the standard. -Proxy Chaining -Open SMTP relay, have email account on servers in third world -Open Proxy Servers Though above technologies are vulnerable to traffic analysis from observers who can watch both ends of a user's connection and it has no defend against timing analysis. If you can enforce a particular routing of your data across predetermined servers, better. Though routing table can change often. Its better if you can insure your anonymous data is routed across several countries with different legal and political jurisdictions (rivals!.... better ;) Establish strict protocol between sender and receiver in a way... what to use to communicate, how to use, in what order and change it every few month including secret key, private/public key, passwords etc and medium and pattern of communication including changing of email address etc. Destroy everything you send/receive unless NECESSARY to store. -Data destruction would mean shredding the storage medium to not larger than 1mm and smelting (NIST standard for secure data disposal) -Software disk Wiping: Wipe KEY, header of your encrypted storage volume (first few mb, ref specific manual) Ref using Peter Gutmann standard of data wipeing (35 wipes) And wipe entire storage using U.S. DoD 5200.28-STD (7 wipes) OS keep multiple copies of partition header and store it in different places of hdd to insure recovery incase of data corruption, virus infection etc. This fact depends on the file-system use. (ref FS and OS specific manual) Avoid solid state memory for data storage when possible, prefer magnetic storage. Note: Though, pen drives (solid state memory) can be quickly hammered to pieces and flushed. They are economically very cheap too. Your choice of cost vs level of security for data disposal depends on what is the value of information you are trying to hide and how far would you go to assure what are you trying to accomplish? Don't choose passwords that matches with your interests, backgrounds, music, bike, sports, quotes etc This information can be used to create specific password dictionary for brutforce. Using password (something you know) + key (something you have) better. i.e. two ways token for authentication. Some ideas generating/using a secure key: • Generate SHA hash and MD5 hash of two-three secure passwords that is easy to remember and XOR it simultaneously, then append or delete some characters on the output. Use this final output as your password. • Or how about using hash of Google's logo as password starting from byte x to byte y… (avoid file headers, footers) If the logo of the search engine changes ref search engine cache, archive.com etc ;) This way you have a secure key but you don't have to store it locally.Just remember few things. Get creative about choosing your password. See, you can easily create passwords easy to remember but difficult to predict/ brutforce. Be cautious while choosing a key/password. If a attacker cant attack a design flaw he second thing they will try to attack is the key. - WASTE (ref unofficial release) it is a chat and file sharing f2f network and support some degree of anonymity even on standalone use. It has the some capability of evading Traffic Analysis by masking the channel by sending dummy encrypted traffic keeping the channel 100% busy. Using different browsers per unique work is good. Say, using safari to access web mail and online transaction, internet explorer for trusted site, firefox for regular searching, and opera for browsing etc. Maintaining separation of duties per browser ensures cookie information even when leaked can be confined to particular work/interest. Embedded contents like audio, video, flash, pdf, docs, java, js, exploits :P may-or may not follow proxy rules. Some applications cant be forced to follow proxy rules. They leak vital and unique information about your system, browser activity and internal network. So know what you'd installed, know what is running. Tracking plug-in and their activity can be difficult so be it for your browser, or your media player or your word processor or your IM. Example how anonymity breaks: Suppose you are searching something anonymously in google and meanwhile you logon to your GMAIL that has your actual identity. Now your web search, this gmail account, and the webpage you visited from Google add sense can all be tied to point a single person, you! The anonymity of your activity is blown right away. Further your web browsing patterns, your topic of interests, bookmarks, time you come online, internet speed, browser and OS fingerprint, plugins and features your browser support, your language/interest pattern etc can all serve as a intelligent fingerprint REGARDLESS OF YOUR IP address and you can be tracked uniquely in the internet regardless of the IP. Clear cookie, cache as you close your browser window, clearing all cache is necessary, not just cookie as they can have capabilities as that of cookie. Disable auto reloading content, advertisement etc Things as such, messenger (away in 5 minutes of interactivity) behavior etc can leak your uptime, bandwith utilization etc! (ask.com (ask eraser), customize google plugin, noscript) Another example: There are browser plugins, tools… that can be use to change your user agent but BAD thing about using such tools are instead of hiding your identity they make you stand like an ostrich in swarm of crow. Let me explain, suppose opera released critical update to all versions of its browser today so most of the computer user that are online with opera browser is sure to auto update their browser within few weeks... but as you are just changing your user agent appearing as some version of opera you will stand infront of intelligence analyst like a gentleman appears to be using opera but your user agent dates back to opera released 3 year ago, unique features of browsers indicate you are forging user-agent using patterns of tool x that has opera user agent with version y hard coded which you are using. Further, an attacker can know what plug-in your browser supports and what browser specific features you have disabled combination of all intelligence analysis data can create a unique fingerprint making tools you used to be more anonymous, more secure backfire and these information can be used by the attacker (Big Brother?) to instead create a unique pattern of your identity makes you less anonymous even if you are able to use different IPs all the time. Real IP is something that can be associated to you if discovered. But if you use anonymous technology haphazardly you give away unique identity/behavior pattern that can be as good as obtaining real IP information. Know to strike the right balance… or am I being too paranoid? See, Intelligence analysis is very hard to fool. Anonymous email: 1). Encrypt and base64 encode the content securely to guarantee point-to-point (p2p) confidentiality. 2). While sending and receiving email, force the final output to be read as ASCII as text format can be OS specific: DOS (CRLF), UNIX (LF) and Macintosh (CR) which can leak your OS. Grammar and spelling correction in text can be analyzed to know which version of word processor is used to create it; it can leak OS specific information even with normal plain text! 3). Re-mailers Google: Mixminion /mixmaster /Cyberpunk remailers Basically, they route you email through several mail relay servers of your choose striping headers that can leak the source of the email as they pass by from one server to another. They provide feature of redundancy that can assure delivery of email to higher degree and employ random delays and random message padding before forwarding message. Notes: - Don't trust the server blindly assuming they will guarantee your anonymity needs. Operators have to comply with local law all the time. Assume, they can be monitored, logged, hacked and bugged. Use other intermediate means of anonymity before you choose to these services. - Keep message size normal. -consult re-mailer statistics sites to know about history of the operator, security track record of the OS they use, country in which these servers are situated etc 4). User should take great care stripping meta data while emailing images, audio, video files, documents etc as they may embed and store information within them about the user or system that created/modified the file. This information can be retrieved when transmitted and can be uniquely associated to you. Like, they might store and leak registered Unique IDs of a product that created the content, embed your hardware serial number (like Ethernet MAC address CPU info etc) this information can be used to track you down to a country or region where the particular sales happened. Microsoft Windows Activation, Microsoft Office… infamous example. 5). Technologies as f2f network, open proxies that cross different geographical boundaries etc can be chained together so that you can relay your communication through open smtp relays from china :P ,free mail servers from third world where logging, monitoring and technical capabilities are primitive or you could use your own SMTP server to route your (encrypted) mail directly to the destination. There are online sites that claim to provide disposable email address for email delivery or retrieval. Anonymous-Sender.com, Pookmail.com (Research…) Example: [EMAIL PROTECTED] is common emails add. How about you write an article about features pookmail in dig with a test example, [EMAIL PROTECTED] While [EMAIL PROTECTED] gets thousand of hits you send your private encrypted content in that crowd for delivery to your receiving party, or how about using steganography and posting a secret content to a website/forum embedding it as pornography. This can act as a drop zone. The content can be retrived by the receiving party. Think creative… its not necessary text communication should happen through @email_address! You could use free file upload server to accomplish the same. Upload 10 files of similar size using steganography. Embed one video with encrypted content and rest 9 videos just random data (decoy). The receiver who knows the key can easily extract the encrypted content while an attacker will have to try and brut force all the obtained files. Similar can be used for encrypted volume. 6). While sending anonymous email make sure trivia things like X-Mailer string, your time zone (GMT) doesn't gets leaked or best forged if intentionally leaked. Version info of encryption technology you use can sometime serve as a advantage to the attacker. Example, GPG software version you are using can leak from your Public Key. Conclusion: Anonymous and secure communication is not about just using the right tools and its not just about focusing on application layer, link laye bla… bla….:P It's about truly knowing what you are doing in fine details. Flexibility and security is always like opposite poles of a sea-saw. There are many of things I skipped which are beyond the scope of this email but this should be a good push to the curious starters. All I recommend you if to prioritize on is right intelligence and in-depth understanding of the subject matter over any tools or technologies because no matter what technologies you use it only stands a slim chance over intelligence analysis in right direction.
... Browser Extension: Customize FF: Disable all auto updates & in about:config you may want to remove any third party urls that starts with the keyword google, yahoo etc... Useful Plugin: Private Browsing, NoScript, User Agent Switcher, RefControl, Ghostery, CookieSafe, Optimize Google, Close n forget, Better Privecy, Adblock Plus (disable plugin's autoupdate features as well) ... & On a related paper from EFF Published just recently we share the similar notion.
From open source only rare few people like Henrik Gemal, (
http://browserspy.dk/ ) are known people to have early knowledge (~1999) on this topic. (Source) http://www.eff.org/press/archives/2010/05/13 May 17th, 2010 Web Browsers Leave 'Fingerprints' Behind as You Surf the Net EFF Research Shows More Than 8 in 10 Browsers Have Unique, Trackable Signatures San Francisco - New research by the Electronic Frontier Foundation (EFF) has found that an overwhelming majority of web browsers have unique signatures -- creating identifiable "fingerprints" that could be used to track you as you surf the Internet. The findings were the result of an experiment EFF conducted with volunteers who visited http://panopticlick.eff.org/ . The website anonymously logged the configuration and version information from each participant's operating system, browser, and browser plug-ins -- information that websites routinely access each time you visit -- and compared that information to a database of configurations collected from almost a million other visitors. EFF found that 84% of the configuration combinations were unique and identifiable, creating unique and identifiable browser "fingerprints." Browsers with Adobe Flash or Java plug-ins installed were 94% unique and trackable. "We took measures to keep participants in our experiment anonymous, but most sites don't do that," said EFF Senior Staff Technologist Peter Eckersley. "In fact, several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities. This experiment is an important reality check, showing just how powerful these tracking mechanisms are." EFF found that some browsers were less likely to contain unique configurations, including those that block JavaScript, and some browser plug-ins may be able to be configured to limit the information your browser shares with the websites you visit. But overall, it is very difficult to reconfigure your browser to make it less identifiable. The best solution for web users may be to insist that new privacy protections be built into the browsers themselves. "Browser fingerprinting is a powerful technique, and fingerprints must be considered alongside cookies and IP addresses when we discuss web privacy and user trackability," said Eckersley. "We hope that browser developers will work to reduce these privacy risks in future versions of their code." EFF's paper on Panopticlick will be formally presented at the Privacy Enhancing Technologies Symposium (PETS 2010) in Berlin in July. For the full white paper: How Unique is Your Web Browser?: https://panopticlick.eff.org/browser-uniqueness.pdf For more details on Pantopticlick: http://www.eff.org/deeplinks/2010/05/every-browser-unique-results-fom-pa ... For more on online behavioral tracking: http://www.eff.org/issues/online-behavioral-tracking ... # (Here are few basic bookmarks to improve Stealthier internet access for windows) Scan for missing system updates (Shortcoming : Lack CLI Version) secunia.com/vulnerability_scanning/personal/ The Secunia PSI is aFREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. ... Microsoft windows Fixes 16 year old vulnerability, ref its migration section seclists.org/fulldisclosure/2010/Jan/341 ... (Harden Windows to Minimum configuration) www.nliteos.com/guide/ nLite allows you to customize your installation of Windows XP, Windows 2000, or Windows 2003. You can integrate service packs and hotfixes. ... Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD www.nu2.nu/pebuilder/ ... Preventing USB devices spreading viruses seclists.org/fulldisclosure/2008/Nov/481 Change permission of driver folder and critical autorun registry entries to everyone:R (cacls, regedit) ... Easy software to prevent windows listening in 135,445,137-139, UPNP and Messenger ports) www.softpedia.com/get/Security/Firewall/Windows-Worms-Doors-Cleaner.shtml Anti Keylogger Test www.softpedia.com/get/Security/Firewall/Anti-KeyLogger-Tester.shtml ... Here are a few bookmarks, that readers might want to further explore: (Windows checks for digital signature of executing installer revealing installation of a specific software on the user system to Certification Authority like Symantec compromising privecy, never trust CA blindly, cert from public CA is week security ) supportforums.vizioncore.com/thread.jspa?threadID=22276&tstart=-2 news.netcraft.com/archives/2010/05/20/symantec_buys_large_share_of_ssl_market.html ... (Basic Monitoring)www.sysinternals.com/ (Autoruns, Process Explorer, TCPView , ShareEnum) Startup Programs and Removing Them www.marksanborn.net/howto/startup-programs-and-removing-them/ ... Use anonymous computer/netbios name while OS setup and during software installation. Disable Unnecessary Windows Services (disable SSDP/UPNP, windows client, auto update, bits, system restore, remote registry, windows time, tcp over net bios, windows, indexing, help and support etc) www.pc-washer.com/optimize-windows/disable-unnecessary-windows-service.php www.marksanborn.net/howto/turn-off-unnecessary-windows-services/ ... Use application isolation, and use software restriction policy in sandbox dir http://www.sandboxie.com/ portableapps.com/ Prefer using portable application in jailed, user privilege only, locked down read only mode. ... Use third party manual software uninstaller to monitor registry and fs modification over time. www.revouninstaller.com/revo_uninstaller_free_download.html ... Free Antivirus : www.free-av.com/ www.threatfire.com/ www.iantivirus.com/ ... Online Antivirus scanner antivirus.about.com/od/freeantivirussoftware/tp/aaonline.htm Online Port Scanner (To check your firewall leak from outside) www.google.com/search?q=online+port+scanner ... QEMU, dont use virtual machine acceleration. Use User mode emulation and run the guest OS from limited privilege and emulate your guest os on other architecture EXCEPT X86 cpu emulation (or architecture distinct to host OS) in the VM for added security/delay attack? QEMU is able to not just emulate a full system, but also to run a normal program that was compiled for another architecture. This is done when it cannot be recompiled because the source code is unavailable, or when the program's architecture does not permit running it under all architectures en.wikipedia.org/wiki/QEMU ... * free, fast-booting Linux distros that aren't Chrome OS www.downloadsquad.com/2009/12/30/10-free-fast-booting-linux-distros-that-arent-chrome-os/ (Recommended: Mobin, Jolicloud) Google Chrome OS follows Good security practice, But the OS has a Bad privecy trackrecord) en.wikipedia.org/wiki/Google_Chrome_OS ... Packet Capturing Tool: download.netwitness.com/download.php?src=DIRECT www.wireshark.org/download.html ... Core Force was best personal firewall for windows. en.wikipedia.org/wiki/Core_force ... www3.untangle.com/Product-Overview Untangle provides a powerful suite of Internet management applications for small-to-medium businesses and education institutions. ... Do web facing activity inside VM, still a tutorial on stealthier internet access from windows OS is beyond the scope of this text. _____________________ In other news, DARPA looks for stealthier Internet access http://gcn.com/articles/2010/05/21/darpa-safer-solicitation.aspx In particular, DARPA is interested in technologies that “allow anonymous Internet communications to bypass techniques that suppress, localize and/or corrupt information.” The technologies the Defense Department is interested in circumventing include IP-address filtering or "blocking," which can deny user access; Domain Naming Service hijacking, which redirects a user to a different Web site or service from what the user intended; and content filtering, which captures and analyzes the content of the user's network traffic through deep packet inspection. The Safer Warfighter Communications (SAFER) program (DARPA-BAA-10-69) covers applications such as instant messaging, electronic mail, social networking, streaming video, voice over IP and video conferencing. DARPA’s particular technical areas of interest include measurement, circumvention and testbed and evaluation support. However, these same tools could also be used by “those determined to get around measures designed to thwart copyright violators and extreme-porn aficionados,” wrote Lewis Page in a story posted by U.K. publication The Register. ... # Non-Classical Computer Forensics http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Krawetz.pdf Windows Forensics/Antiforensics is another important topic which is an ocean on its own but sadly beyond the scope of this text. ( http://www.forensicfocus.com ) Anti-Forensics Intro Lack of evidence also evidence Storage Magnetic Storage Hard Disk Data Hiding Bad Cluster Negative Disk Slack Space Alternate Data Streme (with examples all) ATA-3 mode Data Wipeing ZIP drive and Floppy Disk CD/DVD Recording and wipeing Solid State Memory Error Levelling Cryptography (30 Pages least,www.schneier.com) Strength/Weekness Digital Signature, executable file Checksum Symmetric/Asymmetric Tools/Choices Bruteforce, other backdoor/program flaws (random no gen, key initilization etc) File/Disk Encryption Encrypted hdd PGP Disk True Crypt EFS openssl features FUSE (user land file system) Firefox Browser plug-in for file encryption. Remote Storage File Hosting Servers Remote Backup Servers Web Hosting Undelete Data Secure Data wipeing Quick Erase Disk and Memory dd, shred.exe, bcwipe, floppy auto wipe hdd (tool) Hibrination File, Page File, NTUSER.dat, REGISTRY, Temp directory Logs Internet/Email History Discuss all popular Browsers Slack Space Printer Picture Thumbs.db Meta Data EXIF description Document File (PDF/DOC) Meta Data Revision history MAC in document from Computer of origin Other file Format Audio Video DRM, Call back Home Propwrity Formats Water Marking Harrypotter book Example Steganography Picture,Audio, Video, Executables(-ve operation) Covert Channel TCP/IP and more Timestamp Cellphone Forensics Mobile Logs, data, SMS, Communication, Tracking/Location, IMEI, SIM,Enctryped SMS/MMS, Wipe Mobile OS, Prepaied SIM, Change IMEI Mibile through software/hardware, tools etc ... Some software in the OSS that are Rugged/Modular Designs. Applications like Sumatra PDF Reader ( http://blog.kowalczyk.info/software/sumatrapdf ), multi messenger clients like www.pidgin.im, www.miranda-im.org, www.FreeDownloadManager.org as download manager, www.OpenOffice.org, to handle office documents, should be run inside a VM whenever possible. Questionable documents from third party should be opened as google cache (If publically accessible web document, Syntax "cache: http://example.com/example1.pdf ", or mailed to yourself in the gmail and viewed as html or in google docs) Documents from Multiple file formats can be converted and viewed online from just browser. Like google on "Online PDF to HTML Conversion". Even, Audio and video file from untrusted source can be equally dangerous. You can normalize such attack by first uploading such audio, video or document files on an intermediate service providers for online file format conversion. They provide free services to convert say flv encoded received information to .wmv output and viewed as wmv instead. There are plenty of web services that provide such facility. The output file wmv should be opened instead of the original flv. Files received from third untrusted party should only be opened after such normalization to migrate attack vectors. www.clamwin.com anti-virus (very buggy) as manual av scanner, www.7-zip.org to handle archive are also nice tools. IMPORTANT: When you are done with "experiments" and have settled on a preference. Create a checklist of your knowledge and start a CLEAN configured installations of your OS. A free open source disk imager http://en.wikipedia.org/wiki/Acronis_True_Image http://odin-win.sourceforge.net/ How many hours did you spend in setting up your Windows system? Setting up the operating system, installing programs, customizing to your personal needs. Do you want to be protected against hard disk failures, viruses or other malware? Just restore your system within minutes. Why spend money for a commercial solution? ODIN supports snapshots can be run from command line or with a GUI and runs on 32-Bit and 46-Bit operating systems. (Latter, when you restore the image run one time update on all software and installation modules from previous backup to assure latest protection via manual automatic updates. ) ... Move on from Antivirus to Application whitelists solutions: http://en.wikipedia.org/wiki/Whitelist#Application_whitelists ... # (Windows XP Security Checklist) http://www.google.com/search?q=windows+xp+security+checklist http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm Windows Secure Build Checklist http://seclists.org/basics/2009/Feb/199 DoD General Purpose STIG, Checklist, and Tool Compilation CD http://iase.disa.mil/stigs/checklist/index.html Windows XP Baseline Security Checklists http://technet.microsoft.com/en-us/library/cc751488.aspx Checklist: Securing your computers using Security Configuration Manager http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sce_pols_check.mspx ... [This is IMPORTANT ] For the audience who are experiencing the 'Avatar' blues... edition.cnn.com/2010/SHOWBIZ/Movies/01/11/avatar.movie.blues/index.html So, if you are you are experiencing Windows Blues with these new tools and its LOOKS? Here is a little therapy... So if you are experiencing 'Windows Media Player' blues, you can always do a makeover of VLC Player with Windows media player like skin from, www.videolan.org/vlc/skins.php There are also, "MSN Messenger like" skin for Miranda & Pidgin IM, to get over MSN Messenger Blues. addons.miranda-im.org/index.php?action=display&id=67&sort=dlcount&order=desc www.youtube.com/results?search_query=pidgin+skin To get over IE blues, you can Make Firefox Look Like Internet Explorer 7 www.howtogeek.com/howto/internet/firefox/make-firefox-look-like-internet-explorer-7mostly-on-windows-vista/ Ok, finally to use Linux that looks like Windows, but secure... there is; ylmf.org/en/ ... FF: Search-engine auto suggest, block "reported attack website" and "web forgeries" check are bad features from privecy prospective. ... Recommendations: Delete Inbuilt zip manager & wordpad like softwares using nLite or XPlite ( www.litepc.com/download.html ) ... Here is a customized_nlite_session for you as a sample for a jump start, groups.google.com/group/nepsecure/web/nlite_SESSION.INI nliteos.com Have you ever wanted to remove Windows components like Media Player, Internet Explorer, Outlook Express, MSN Explorer, Messenger... How about not even to install them with Windows ? nLite is a tool for pre-installation Windows configuration and component removal at your choice. Optional bootable image ready for burning on media or testing in virtual machines. With nLite you will be able to have Windows installation which on install does not include, or even contain on media, the unwanted components. … Disable send of AV quarentine file and fs scan report to av vendor. They leak your OS directory structure. ... Map your Desktop and my document folder in encrypted truecrypt volume, truecrypt full hdd encryption or use segate encrypted hdd. ... ... Program used to create one's own CD, with all the personalizations one likes en.wikipedia.org/wiki/FreeSBIE en.wikipedia.org/wiki/Incognito_(Linux) The main feature being the inclusion of anonymity and security tools such as Tor by default. ... Cygwin is a Linux-like environment for Windows. www.cygwin.com/ ... ... Windows Volume serial number: www.digital-detective.co.uk/documents/Volume%20Serial%20Numbers.pdf ... forensic analysis of windows registry: www.forensicfocus.com/forensic-analysis-windows-registry www.eptuners.com/forensics/contents/A_Forensic_Examination_of_the_Windows_Registry.pdf Registry Quick Find Chart.backup.fm www.accessdata.com/media/en_us/print/papers/wp.Registry_Quick_Find_Chart.en_us.pdf www.forensicfocus.com/downloads/windows-registry-quick-reference.pdf Registry Viewer www.logon-int.com/Product.asp?sProdClassCode=ACD-P-0007 ... picture forensics: www.hackerfactor.com/papers/bh-usa-07-krawetz-wp.pdf ... en.wikipedia.org/wiki/Windows_thumbnail_cache Vinetto is a forensics tool to examine Thumbs.db files. vinetto.sourceforge.net/#overview ... www.narus.com/products/intercept.html ... Windows uniquely logs Mounted USB Devices by hardware SSID. It is used to identify if a pendrive / usb device has been inserted in a computer or not. scissec.scis.ecu.edu.au/proceedings/2007/forensics/23_Luo_Tracing_USB_Device_artefacts_on_Windows_XP.pdf Delete USB Device History from the Windows Registry (USBSTOR key) and the setupapi.log www.anti-forensics.com/delete-usb-device-history-from-the-windows-registry-usbstor-key-and-the-setupapilog ... Preventing SSL Traffic Analysis with Realistic Cover Traffic www.cs.uiuc.edu/homes/nschear2/ccs09-poster.pdf ... In your emil client, disable automatic display of picture as attachment and disable html email ... third-party closed source device driver are security issues ... Change your online nick/identity often ... atomicparsley.sourceforge.net/ AtomicParsley is a lightweight command line program for reading, parsing and setting metadata into MPEG-4 files supporting these styles of metadata: iTunes-style metadata into .mp4, .m4a, .m4p, .m4v, .m4b files 3gp-style assets (3GPP TS 26.444 version 6.4.0 Release 6 specification conforming) in 3GPP, 3GPP2, MobileMP4 & derivatives ISO copyright notices at movie & track level for MPEG-4 & derivative files uuid private user extension text & file embedding for MPEG-4 & derivative file ... DocuColor Tracking Dot Decoding Guide w2.eff.org/Privacy/printers/docucolor/ FTC Investigating Privacy Risks of Digital Copiers www.eweek.com/c/a/Data-Storage/FTC-Investigating-Privacy-Risks-of-Digital-Copiers-465059/ ... use "isoinfo" in linux to get any forensic info left in a CD Nero keeps log of burned cd at: \Program Files\Ahead\Nero\NeroHistory.log It contains info about the Physical memory, CD burned, CD size, hardware device used to burn the cd etc … Burning CD and DVD can leak your CD/DVD hardware Manufacture Information: CD-R Manufacturer Code www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3078 CDR ATIP Reader read information from CD-R/RW media ATIP section and output it for user in raw binary data view, in fields values view and in translated view. That information can contain media manufacturer name, disc type and additional information. Also, www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=2961 ... HSF54 >> Radio Frequency / Microwave / EMF Shielding Paint << www.safelivingtechnologies.ca/rf/Products_RF_Shielding_Paint_HSF54.htm www.schneier.com/blog/archives/2004/12/wifi_shielding.html ... Visualizing Online Social Networks www.ire.org/sna/ internetbusinessmodels.org/visualizing-online-social-networks/ Inferring and Visualizing Social Networks on IRC www.jibble.org/piespy/ ... Protecting Secure Facilities with Sound Masking svconline.com/web_exclusives/sound_masking/ … (Only communication in either plain text or encrypted) Removing Sensitive Data from Documents (Microsoft Word/Excel/ppt, pdf) www.timeatlas.com/reviews/reviews/removing_sensitive_data_from_documents www.pcworld.com/article/119674/free_tool_identifies_hidden_data_in_microsoft_office_docs.html Microsoft Word Metadata Scrubber www.ghacks.net/2008/11/18/microsoft-word-metadata-scrubber/ Open office: lawyerist.com/how-to-quickly-and-easily-remove-meta-data/ (Anti forensic) www.blackhat.com/presentations/bh-usa-05/bh-us-05-foster-liu-update.pdf (Resource) www.forensics.nl/presentations geschonneck.com/security/forensics/ Steganography & Data Hiding - Links & Whitepapers : data-hiding.com/ Steganography, Steganalysis, & Cryptanalysis www.defcon.org/images/defcon-12/dc-12-presentations/Raggo/dc-12-raggo.ppt … NTFS hidden data analysis: www.forensicfocus.com/downloads/ntfs-hidden-data-analysis.pdf ... Password Recovery Speeds www.lockdown.co.uk/?pg=combi This document shows the approximate amount of time required for a computer or a cluster of computers to guess various passwords. ... Full Disk Encryption: What It Can And Can't Do For Your Data mobile.darkreading.com/9299/show/1a4113a09b515ef7a3d175e5e4be1446&t=18029ea8440795f55be33bb23c5f46af en.wikipedia.org/wiki/Comparison_of_disk_encryption_software ... Darik's Boot and Nuke www.dban.org/ ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. www.garykessler.net/library/fsc_stego.html An Overview of Steganography for the Computer Forensics Examiner ... Pentagon sets its sights on social networking websites www.abovetopsecret.com/forum/thread211526/pg1 “I AM continually shocked and appalled at the details people voluntarily post online about themselves.” So says Jon Callas, chief security officer at PGP, a Silicon Valley-based maker of encryption software. He is far from alone in noticing that fast-growing social networking websites such as MySpace and Friendster are a snoop’s dream. I Spy : Amateur satellite spotters can track everything government spymasters blast into orbit. Except the stealth bird codenamed Misty. www.wired.com/wired/archive/14.02/spy.html www.heavens-above.com/ spy satallites in sky: For America, having others know the precise time its eyes will be overhead poses a huge strategic problem. India's nuclear tests in the Rajasthan desert in 1998 caught US intelligence unawares because the Indians had ascertained the orbits of US satellites and hid their operations accordingly. ... www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/ Application Whitelisting: Allow Known Good to Prevent the Bad In the days following the recent IE vulnerability (Aurora) attacks, Gartner’s Neil MacDonald advised, "Application whitelisting at the endpoints would have stopped these attacks." Shortly after, companies targeted by this attack chose Bit9 – named 2010 Technology of the Year by InfoWorld – to protect their systems. ... news.com.com/Hidden+text+shows+SCO+prepped+lawsuit+against+BofA/2100-7344_3-5170073.html?tag=nl A Microsoft Word document of SCO's suit against DaimlerChrysler, seen by CNET News.com, originally identified Bank of America as the defendant instead of the automaker. This revision and others in the document can be seen through powerful but often forgotten features in Microsoft Word known as invisible electronic ink. A feature in the word-processing software tracks changes to documents, who made those changes, and when they were made. ... Geotagging invades Privacy (Flickr, Twitter, Facebook, Pisica all bad ): www.aguntherphotography.com/geotagging-invades-privacy.html The prices for GPS receivers have eroded. Even my iPhone has one already built in. It takes photographs and automatically attaches GPS data. Jobo and other accessory makers have developed GPS receivers that record a location every time you press the shutter release button on your camera, allowing you to combine them later on your PC. For several years, I used to carry a small Garmin GPS, recording track logs and using programs like JetPhoto Studio, Google gpicsync or Microsoft Location Stamper to put the GPS data into my digital files. Geotagging is now a mainstream technology and is more popular than ever. Geolocation: en.wikipedia.org/wiki/Geolocation en.wikipedia.org/wiki/Geocoded_photo How to Geotag Your Photos : www.wired.com/gadgetlab/2008/05/how-to-geotag-y/ Privacy nightmare: Geotagging in Twitter goes live www.geek.com/articles/mobile/privacy-nightmare-geotagging-in-twitter-goes-live-20100315/ … Cropping Pictures with Adobe Photoshop Can Be Dangerous labnol.blogspot.com/2006/11/cropping-pictures-with-adobe-photoshop.html … Photo Studio www.stuffware.co.uk/photostudio/ Photo Studio is also a useful tool for exploring the meta data stored along with your image files. The program supports a wide variety of meta data standards, including EXIF, CIFF, Olympus, JFIF and Photoshop. EXIF data will be of particular interest to digital camera users - it is the format used by most digital cameras to store camera settings along with an image. The tool also has basic support for some movie formats - AVI and QuickTime/JPEG, as recorded by some older digital cameras. The tool can play back, as well as extract video, audio and stills from these files. ... atomicparsley.sourceforge.net/ AtomicParsley is a lightweight command line program for reading, parsing and setting metadata into MPEG-4 files supporting these styles of metadata: iTunes-style metadata into .mp4, .m4a, .m4p, .m4v, .m4b files 3gp-style assets (3GPP TS 26.444 version 6.4.0 Release 6 specification conforming) in 3GPP, 3GPP2, MobileMP4 & derivatives ISO copyright notices at movie & track level for MPEG-4 & derivative files uuid private user extension text & file embedding for MPEG-4 & derivative file … TEMPEST 101 www.tscm.com/TSCM101tempest.html TEMPEST is an official acronym for "Telecommunications Electronics Material Protected From Emanating Spurious Transmissions" and includes technical security countermeasures; standards, and instrumentation, which prevent (or minimize) the exploitation of security vulnerabilities by technical means. TEMPEST is nothing more then a fancy name for protecting against technical surveillance or eavesdropping of UNMODIFIED equipment (the unmodified part is important). Video eavesdropping demo at CeBIT 2006 www.lightbluetouchpaper.org/2006/03/09/video-eavesdropping-demo-at-cebit-2006/ ... ACK Tunneling Trojans www.ntsecurity.nu/papers/acktunneling/ ... Zfone™ is a new secure VoIP phone software product which lets you make encrypted phone calls over the Internet. : zfoneproject.com/ … OpenID is a privecy risk en.wikipedia.org/wiki/OpenID … Keys Can be Copied From Afar, Jacobs School Computer Scientists Show www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=791 San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key! … How to use your PC and Webcam as a motion-detecting and recording security camera www.simplehelp.net/2006/09/27/how-to-use-your-pc-and-webcam-as-a-motion-detecting-and-recording-security-camera/ ... MadMACs: MAC Address Spoofing And Host Name Randomizing App For Windows www.irongeek.com/i.php?page=security/madmacs-mac-spoofer … Serious Issue, Block UpnP and “windows time”,time synchronization for windows. www.sans.org/security-resources/malwarefaq/win_upnp.php www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/RegistryTips/Network/DisableWindowsMessengerbroadcastsonUDPport1900.html … Surf Jack – HTTPS will not save you enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/ ... reDuh - TCP Redirection over HTTP www.sensepost.com/labs/tools/pentest/reduh reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests. Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially. ... In 1992 as a quick hack, I happened to demonstrate that you can send TCP packets with bad checksums (subtract 1), which provides a near-invisible "covert channel" that penetrates everywhere with very low probability of detection or interception. This channel is still wide open, and a far better channel than stego-over-VoIP for the same target devices. spectrum.ieee.org/telecom/internet/vice-over-ip-the-voip-steganography-threat/0 ... Why Skype is evil ultraparanoid.wordpress.com/2007/06/19/why-skype-is-evil/ ... ( Timestomp and Slacker is a poor POC from anti-forensic prospective) www.metasploit.com/research/projects/antiforensics/#Confrences Basic Windows Anti-forensics: www.system7.org/docs/WinAFCheatsheet.pdf … What is Social Engineering ? Basically, social engineering is the art and science of getting people to comply to your wishes. It is not a way of mind control, it will not allow you to get people to perform tasks wildly outside of their normal behaviour and it is far from foolproof. packetstormsecurity.nl/docs/social-engineering/aaatalk.html … Open Source Intelligence - OSINT www.onstrat.com/osint/ ... Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information in a easy to understand format. www.paterva.com/web4/index.php/maltego … There are even tools like Fake Voice Fake Voice allows you to change your voice. You can be anyone you want to be, including a male, female, an old or young person. You can also add real-time effects to your voice for concealing or having fun with your voice. www.google.com/search?q=free+Fake+Voice+software www.soft32.com/download_206007.html … EFF Launches Surveillance Self-Defense site : https://ssd.eff.org/ Mar 2009 The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Stealthier Internet access Bipin Gautam (May 25)
- Re: Stealthier Internet access Valdis . Kletnieks (May 25)
- Re: Stealthier Internet access Christian Sciberras (May 25)
- Re: Stealthier Internet access Christian Sciberras (May 25)
- Re: Stealthier Internet access Bipin Gautam (May 25)
- Re: Stealthier Internet access Valdis . Kletnieks (May 25)
- Re: Stealthier Internet access BMF (May 25)
- Re: Stealthier Internet access Marsh Ray (May 25)
- Re: Stealthier Internet access Bipin Gautam (May 25)
- Re: Stealthier Internet access Valdis . Kletnieks (May 25)
- Re: Stealthier Internet access T Biehn (May 31)
- Re: Stealthier Internet access Christian Sciberras (May 25)
- Re: Stealthier Internet access Valdis . Kletnieks (May 25)