Paradox
©
Fisana

Jump to content


- - - - -

~Open discussion for Privacy and Security Tip of the Day ~


  • Please log in to reply
59 replies to this topic

#1 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 23 May 2010 - 11:47 PM

Open discussion for Privacy and Security Tip of the Day


Encrypt Your Data
Requiring a strong password to log onto accounts on your computer is a good security step. But when the government is your attacker, it's not nearly enough. If the government seizes your computer, all it has to do to get around your account protection is to take the hard drive out and stick it into another computer to get around your password protection. Similarly, if you were subject to a sneak-and-peek search, the government could sneak in with their own hardware, take your hard drive out and copy it, and then replace it without you ever knowing. Your best and only protection against this is to encrypt the data that's on your computer so the government can't read it !

Encryption Basics
Encryption is a technique that uses math to transform information in a way that makes it unreadable to anyone except those with special knowledge, usually referred to as a "key." There are many applications of encryption, but some of the most important uses help protect the security and privacy of files on your computer, information passing over the Internet, or left sitting in a file on someone else's computer. If encryption is used properly, the information should only be readable by you and people that receive the key from you. Encryption provides a very strong technical protection against many kinds of threats — and this protection is often easy to obtain.

How Does Encryption Work?
What do you need to know about how encryption works? Surprisingly little. Encryption is conceptually similar to the "secret codes" that children learn about and use to communicate. If you’ve ever spoken in pig Latin or used a decoder ring, you've used very simple encryption techniques on a message. Again, the idea is to take a normal human-readable message (often called the plaintext message) and transform it into an incomprehensible format that can only become comprehensible again to someone with secret knowledge:

Plaintext message + Encryption algorithm + Key = Scrambled message

Decryption algorithm + Key + Scrambled message = Plaintext Message

File and Disk Encryption

Theft or seizure threats can be mitigated by encrypting the data on the disk. Some sort of mitigation is especially important for laptops, which are at high risk of being lost or stolen, but the same measures can be useful for improving the security of any pc or workstation-type computer.

Full-disk encryption is meant to protect stored data against this sort of exposure, if the computer is stolen or seized when it is powered off. If the computer is seized while running, there are tricks that sophisticated adversaries could use to read the data regardless of encryption.

File encryption is disk encryption that only applies to certain specific files on your computer. It may be easier to deploy but is vulnerable to several threats that do not apply to full disk encryption.

Hard disk passwords are a feature offered by many laptop manufacturers. These can be enabled within the BIOS of your computer. Hard disk passwords don't encrypt any data on your drive, they just prevent the drive from cooperating with the computer until the password is supplied. There are numerous commercial services which will disable these passwords for about $100 per drive. So a hard disk password is useful against a casual thief, but of no use against law enforcement or other non-casual adversaries.

Disk Encryption Is Of Little Use in Civil Lawsuits
It is extremely important to note that disk encryption is unlikely to offer much protection against civil litigation. Many of the procedural obstacles which might apply to law enforcement attempts to obtain encrypted data during a criminal investigation would not apply in a civil case. If an adversary in a civil case persuades a judge to issue a subpoena for your data, a failure to decrypt and disclose the data would be held against you in the case.

If your threat model involves civil litigation, it is essential to simply not have the data on a computer in the first place, or to have secure deletion practices in place long before any lawsuit is filed. Once a lawsuit is filed, you will be obliged to preserve any pertinent documents, and the presence of forensic evidence that you deleted data after a suit was filed would have dire consequences.

Choosing Disk Encryption Software
There are many full-disk encryption tools. Using a mainstream one is probably safer than an obscure one, since mainstream disk encryption products have usually received more expert review. Leading disk encryption programs include DiskCryptor,BitLocker, PGPDisk, FileVault, TrueCrypt, and dm-crypt (LUKS); some of these come with the operating system, while others are third-party add-ons. You can read a detailed comparison of these and many other disk encryption products from a comparison at Wikipedia. This comparison may help you select a disk encryption product to meet your needs, but any of these systems can protect your data better than having no disk encryption at all.

Things To Know When Using Disk Encryption
Generally, disk encryption software will require you to enter a separate disk password when you turn the computer on or start using the disk (some systems can use a smartcard instead of or in addition to a password). To be effective, this password must be resistant to all forms of automated guessing. Remember that the disk encryption is fully effective at preventing access to the disk when the computer is turned off (or the encrypted disk is entirely unmounted or removed from use); to get the full benefit, you should unmount the encrypted disk or turn the computer off in any situation where the risk of compromise is especially high, such as a computer left unattended overnight or a laptop being carried from place to place. (Using disk encryption without following this precaution scrupulously will still provide more protection against some attackers than not using disk encryption.)

Finally, full-disk encryption can also be used on servers, providing some protection against seizure of the servers. However, even servers with encrypted hard drives could be vulnerable to attackers with specialized techniques if they're seized while they're operating. Proper use of disk encryption on servers can also be a nuisance because the server can't do a fully unattended automatic reboot. (It's not safe to store the password for the disk on the server itself, so an administrator will have to enter the disk password whenever the computer is restarted.)

Plausible Deniability
One interesting property which some disk encryption developers are working towards is plausible deniability. The goal of these efforts is to offer users a way to not only encrypt their files, but to prevent an attacker from being able to even deduce the existence of some of the encrypted files. The user will have a way to "plausibly deny" that the files exist.

One example of this concept is DiskCryptor's ability to have an encrypted partition (which can be hidden as any file on your hard drive) and within that partition hide another partition. One password will reveal the outer partition and another separate password will reveal the inner one. Because of the way DiskCryptor encrypts the partition table itself, an observer cannot detect a hidden partition even if she has access to the "regular" encrypted share. The idea is to give the user something to decrypt if a law enforcement officer or Customs official asks, while keeping the rest of their information secure.

In practice, DiskCryptor's first attempt to implement this feature was shown to be ineffective because operating systems and applications leave so many traces of the files they work with, that a forensic investigator would have many avenues by which to determine that the inner partition existed. The DiskCryptor developers have responded to this research by offering a way to install and boot from an entire separate operating system within the inner partition. It is too soon to know whether their new approach will turn out to offer secure plausible deniability.

Technical issues aside, remember that lying to a federal law enforcement officer about material facts is a crime, so if a person chose to answer a question about whether there were additional encrypted partitions on a computer, they would be legally obligated to answer truthfully.


The following table is my personal recommendations when selecting a
cipher algorithm:

+----------------------------------------------------------------+
| PARAMETER | RECOMMENDATION |
+--------------------+-------------------------------------------+
| block cipher | AES, Serpent |
+--------------------+-------------------------------------------+
| symmetric key size | at least 128bits |
+--------------------+-------------------------------------------+
| hash functions [12]| SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512)|
| | Whirlpool |
+--------------------+-------------------------------------------+


Cryptography for dummies:
- Ciphers: http://en.wikipedia.org/wiki/Cipher
- Block ciphers: http://en.wikipedia....ki/Block_cipher
- Block size: http://en.wikipedia...._(cryptography)
- AES: http://en.wikipedia....yption_Standard
- Serpent: http://en.wikipedia....erpent_(cipher)
- Hash function: http://en.wikipedia....i/Hash_function
- SHA: http://en.wikipedia...._hash_functions
- Whirlpool: http://en.wikipedia.org/wiki/WHIRLPOOL
- Passphrase: http://en.wikipedia....wiki/Passphrase
- Weak key: http://en.wikipedia.org/wiki/Weak_key
- LinuxCryptofs: http://wiki.boum.org...t/LinuxCryptoFS
http://en.wikipedia....yption_software

Edited by jay pheno, 24 May 2010 - 07:57 AM.


#2 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 24 May 2010 - 01:22 AM

Full Hard Drive Encryption

The free (and open source) DiskCryptor will encrypt hard drives, flash drives, and even CD/DVD’s. Unfortunately DiskCryptor is restricted to encrypting entire drives, but for some people that won’t be a problem if the sensitive data is kept on a secondary drive. Or, of course, DiskCryptor supports the encrypting of your boot drive if you want to go that route. Personally I encrypt all my drives . What about performance? Here’s the claim they make on their site:

On the Intel Core 2 Quad Q6600 CPU, data encryption speed amounts to 104Mb/s per core. The maximum speed of reading the data from a single hard disk, equals to 80Mb/s, thus consequently, one can work with up to 5 different disks without the loss of performance, when using the aforementioned type of processor. In case if your disks are not operating under a constant high load, then it is possible to work with even higher number of disks, and on a weaker system, without losing the performance.

That’s pretty impressive, but those particular stats are for a quad core processor. On a dual core that should still mean you can read from two drives simultaneously even if they are at maximum load. So you shouldn’t see too much of a performance hit just because you’re encrypting your data.
Here’s a list of some other features they highlight:
  • Disk partition encryption of any configuration, including boot and system partitions.
  • Choice to select an encryption algorithm: AES, Twofish or Serpent. Cascaded modes are available as well.
  • Full support for dynamic disks.
  • Full support for encryption of external USB storage devices.
  • Ability to create encrypted CD’s and DVD’s.
  • High encryption performance, comparable to efficiency of a non-encrypted system.
  • Support for hardware cryptography found in VIA processors.
  • Support for disk devices with large sector sizes, which is important when working with hardware RAID.
  • Automatic mount of disk partitions and external storage devices.
  • Extended configuration possibilities of booting an encrypted OS. Support for different multi-boot scenarios.
  • Full support for 3rd party boot loaders (LILO, GRUB, etc.).
  • Ability to place boot loader on external medium and to authenticate using the key medium.
  • Support for key files.
  • Support for hotkeys to dismount partitions, initiate emergency system stop, etc.
DiskCryptor works on Windows 2000 up to Windows 7, and is compatible with both 32-bit and 64-bit systems.
DiskCryptor Homepage (Windows only; 32/64-bit; freeware)
BqbsqRXkijI

Edited by jay pheno, 24 May 2010 - 08:04 AM.


#3 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 24 May 2010 - 01:30 AM

Cold Boot Attacks on Encryption Keys
*diskcryptor Security improvement: added automatically erasing keys in memory when shutdown, reboot or hibernate to prevent "cold boot" attacks. im not sure if any other full disk encryption software has fixed this .

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.
JDaicPIgn9U

Edited by jay pheno, 24 May 2010 - 01:36 AM.


#4 Rowson

Rowson

    o.O

  • OG VIP
  • 70 posts

Posted 24 May 2010 - 06:58 AM

Just the other day I was thinking that topia needs a topic on this! It's a scary internet out these days and MalwareBytes will help put your mind at ease! http://www.malwarebytes.org/ Will scan your computer for Malware, some nasty stuff! It will pick up different viruses and tracking cookies with ease. If you get the full version it will give you real-time protection while using the net, scanning places you visit for potential malware infections. I highly suggest if you even think you could be infected run this software!

One type of virus that it bad for everyone here at mycotopia is called a RAT (Remote Administrative Tool) and you could be infected with one and not even know it! RAT's allow a person to access everything on your HD, all saved passwords from ALL browsers, turn your web cam on and mic, download and run exe files hidden! and even use your computer to be a bot in a DDOS attack! oh did I mention access your files? yeah they can even download them and use them to black mail you very bad stuff if you ask me. Keyloggers are in the mix.

How does one get a virus like this you might ask? It's not that hard to be honest. It could be bound to ANY file you download and mask to look like any file. A fake website called a Java Drive-by, which acts like a flash or java website and ask you to download an add on or install a update to view the content. It doesn't just not work either, a drive by can even include content to make it seem legit. One example I have seen was set up to look like a web cam site that would answer you when you talked to it!

I'm not sure if it's true or not but I heard a rumor that the Java Drive-by apps can have a script added to them so they auto download very scary if you ask me.

Now MalwareBytes alone isn't enough some times the virus are encrypted and are 100% Fully Undetectable by virus scanners, yes that's right even if you have top of the line 100 bucks a year virus scanning software you still could be infected! That's where HijackThis comes into play http://free.antivirus.com/hijackthis/ Now I can't tell you too much about it other than if you do use it, don't go crazy and delete the things it finds because it could be a false positive you will need to find someone who knows what they are doing and have them analyze your logs from the scan.

Still more!!!

So you have a file that you want to download but your not sure you should open it? Don't trust your old AV? why not scan it with up to 40 AV scanners that are all up to date?!?! Yup you totally can for free!!!
http://www.virustotal.com/
http://scanner.novirusthanks.org/

Virus Total has 40 scanners it will scan your file with and Novirusthanks will only use 20 but it will not distribute the sample to AV company's.

Ok so you scanned your file on virus total but you still think it could be bunk? Why not try SandBoxie? Sandboxie is a software that will let you drag and drop files into it and run them but in a quarantined part of your hard drive with 0 risk of harming your computer. How ever some virus's are equipped with Anti-software and sandboxie is one of them in which case the file will not load and you will know something is up with it.

http://www.sandboxie...wnloadSandboxie

Process Explorer

It works just like your regular Task Manager does but better and gives more detailed info about what is really running on your computer.

http://technet.micro...s/bb896653.aspx

ATF-Cleaner

A better way to clean your web browers deletes temp files and other internet related files that you "don't have to keep"

http://www.atribune....id=25&Itemid=25

Well, that's all I can think of right now hopefully this can help some of you out :D

#5 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 24 May 2010 - 07:21 AM

Just the other day I was thinking that topia needs a topic on this!
Well, that's all I can think of right now hopefully this can help some of you out :D


thankyou Rowson, you brought up some very important issues such as
web browser security & Secure File deletion !

i plan to cover this issue in detail for both Linux ,windows an mac os's , please stay tuned :flash:

i can personally vouch for the use of
http://www.virustotal.com/ and the use of http://www.sandboxie.com you linked :dance: both those are in my list of tools !



Edited by jay pheno, 24 May 2010 - 08:35 AM.


#6 mate0x

mate0x

    st0ned

  • OG VIP
  • 4,607 posts

Awards Bar:

Posted 24 May 2010 - 07:50 AM

Hey kick ass post Jay, very usable info as always. Bookmarked.

#7 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 24 May 2010 - 08:07 AM

"Risks of using cryptographic software and possible ways of data leaks"

How well, do you think, your data is protected from an unauthorized access?

It is likely, that many will answer on that question with the confidence about the safety of their data. The general assumption is, that the use of cryptographic software makes your data safe. People who have only a superficial knowledge about the information security, presume however, that if your information would be sought after by a resourceful adversary, like a government agency, then any encryption would be broken. People versed a little bit more in the information security, often ridicule that presumption, however.

Let us not take a side of any supposition, but explore the subject, instead. In the following article, I will explain about the risks of using cryptographic software, and about the ways of gaining access to the encrypted data. The article is based on a common knowledge, and you will find no secrets there. Still, by giving some thought to the information conveyed here, you may grasp how fragile your security might be, and how something perceived by many to be indestructible, can easily be broken. Well then, let us briefly examine the main types of attacks on the encrypted information.

Breaking into cryptoalgorithms, or the brute force attack
It is accepted knowledge, that there are no absolutely strong algorithms, except for a disposable notepad. All known cryptoalgorithms are based not on this knowledge but rather on the lack of it, and the strength of any cipher has yet to be mathematically proven.

On the other hand, the weakness of most of the invented ciphers has already been established. Therefore, a strong cipher is considered to be one for which there exists no practical method of breaking it yet it remains likely that such a method may eventually be devised. However, speaking in regards to the well studied ciphers such as AES, Twofish, Serpent, there is very little chance that they will be broken in the next 10 years.

There exists a view that NSA/CSS employs cryptanalytic methods which are not known to the public. That, however, is no more than a rumor as there are no facts proving it to be otherwise. Still, one must remember not to assume that the data encrypted with a cipher, considered to be strong by the current standards, will remain safe forever. In my opinion, the maximum term for which the data can be considered to be safe, when encrypted by a recent strong cipher, is 10 to 20 years. That should always be kept in mind.

Currently, the only plausible attack on strong cryptoalgorithms, is going through all the possible key combinations. At the current stage of technical progress, it is possible to pick the 64-bit key, and theoretically the 70-bit key. The 80-bit key is the minimum, which is considered to be safe. In the future, when a quantum computer will become a reality, the length of the key for the symmetric ciphers would have to be doubled to achieve the same level of safety. This means that, theoretically, 128-bit keys can be broken on a quantum computer. The 256-bit keys, however, will never be broken by the brute force attack as working through the entire number of possible keys will come against the limits set by the law of physics. Taking all that into consideration it should not be forgotten, that your password ought to have the same strength as the key space of the encryption algorithm you are using, otherwise your encrypted data will be accessed by picking up the password.

To summarize, it is evident that the successful brute force attacks are a highly unlikely occurrence, nevertheless, they should not be disregarded completely. Also, cryptoalgorithms with less than a 256-bit key should not be used though longer keys make no real sense either.

Faulty implementation of cryptographic software
Even the strongest of the encryption algorithms can be defenseless, if it is implemented with errors, or used inappropriately, and that is the illness of the proprietary software. Microsoft is especially infamous for that, as virtually each of its cryptographic solutions had serious vulnerabilities, often breakable in a trivial manner. One need not venture far for the examples, — Kerberos, encryption of Microsoft Office documents, PPTP VPN, NTLM authentication protocol, SysKey, EFS encryption in Windows 2000, RNG implementations in Windows 2000/XP/Vista. As history shows, that company is unable to learn on its own mistakes, therefore it is better to use anything, but the Microsoft's cryptography, since, even if you would want to, you will find no worse reputation, than the one enjoyed by the Microsoft.

Besides containing errors, proprietary software and cryptographic hardware devices, can also have intentional backdoors, existence of which can be lied about by the producer. As an example, we can look at the Drecom hard drives with hardware data encryption, manufacturer of which has announced encryption to be done using AES, but actually it turned out to be simple and easy to break XOR cipher. If you would like to find more about that, please read this article. Thence we can conclude, that the promises of the producers can never be trusted, and one should always demand the proof of the claims made by the manufacturer. Any such proof should always be thoroughly examined, and if there is not enough qualification for the verification process, then seeking a professional opinion is strongly recommended.

Malware
When using impeccable quality cryptographic software, there is no danger of falling a victim to the above mentioned issues, still however, that does not rule out the other possible threats. One of the most serious risks, is for the trojan horse program to get a foothold in your system, which then may intercept entered passwords, encryption keys, or even transmit the data that your are protecting, itself.

Protection from malware is one separate and large theme, and it will not be discussed in this article. There is one thing you should remember, though, — no malicious software must ever infiltrate your computer system. Otherwise, there is no point in data encryption. In case, when handling truly important data, for which it is absolutely unacceptable for anyone to get an unauthorized access to, then it is advisable for such a system not to be connected to the internet, and it also should have only the bare minimum of required software installed.

Physical attacks
Physical attacks are always involved with the possibility of direct physical access to the system, or with the opportunity to observe it, which may be associated with the remote monitoring or using the bugging technology.

There are the TEMPEST techniques, allowing for the image from a monitor to be read from a distance of a hundred meters, by capturing and analyzing electromagnetic (EM) radiation emitted from a display. The text entered on the keyboard, can be acquired by capturing, with a bug or a laser microphone, and examining the sounds that the keys make when being pressed. An adversary, who can come into direct contact with your system, may implant it with the software contaminant or with the hardware keylogger.

The encryption keys and the confidential data, can be obtained from the computer memory by freezing and transferring the memory chips, or by connecting a scanner/reader device to the computer buses. The contents of the memory can also be accessed through some external ports, for example via FireWire, without the help from any special technology, and using only a notebook computer.

Note
: a foe must never have the physical access to the live system, memory of which contains confidential data. If this condition is not observed, then any encryption can easily be broken. For that reason, arrangement of the work environment, where the restricted data is being handled, must always embody physical protection measures. It is ideal to have a special room for that purpose, which has no windows, is soundproof, is shielded from the EM radiation leaks, contains means to broadcast radio jamming transmissions, and certainly, has strong metal doors. The room must be watched over, and the entry needs to be regulated by an access regime. It is advisable for the access control to be duplicated, meaning, that the use of both mechanical and electrical locks at the same time, should be utilized. In addition, there should be a guard post, as well. In case if there exists no possibility to employ such measures, then, the means to detect attempted unauthorized access and malicious implants, at least must be incorporated. What has been proposed here, is not a paranoia, it is the necessary requirement to protect the data from a powerful adversary, and I would like to advise you to give it a serious thought.

Software-induced data leaks
With reference to the disk encryption, in certain cases it is possible to reveal the encrypted data even without the use of trojan software or having a physical access to the live system. The fault of that, are the leaks of confidential data into a number of non-encrypted system files. The most critical, in this regard, files on the Windows systems are the following: registry, swap, crash dump and hibernation file (hiberfil.sys). For the most part, the user mode application memory space, which contains the confidential data that applications process, is being paged to hard disk drive. DiskCryptor, however, prevents the keys and passwords from getting into the swap space, as it stores them in the non-swap memory. In addition, the passwords and keys are not being stored for longer than it is necessary to process them, and afterwards the memory that has been occupied by this sensitive data, is nulled.

This kind of security measure exists in all adequate open source cryptographic software, but that is not always sufficient to reduce the data leaks risk to zero. The most dangerous are the data leaks into hiberfil.sys and crash dumps, as the whole contents of memory, including its non-swap regions, is being stored on the disk in this case. This situation is essentially complicated with the fact, that the mechanism how the dumps and hiberfil.sys are being written, is not documented at all, and therefore, the most present-day disk encryption software cannot encrypt these files, and they are being written in non-encrypted way to disk sectors! Old DriveCrypt Plus Pack versions and even TrueCrypt 5.1, had such kind of vulnerabilities. The consequences of that are catastrophic, as saving of the memory dump in open manner, definitely opens up the possibility to reveal all encrypted information in a matter of few minutes.

The guys from Microsoft did such a dirty job, that there is even no need to devise any backdoors in the cryptographic software. Most probably, that security-related government agencies can make use of this Windows's feature, and this is what has led some people to believe, that the government can break any encryption. The simplest solution for this issue, is to disable memory dump file generation and hibernation mode, which is recommended in the TrueCrypt's documentation as well (when system encryption is not used). The problem is, though, that most users do not read documentation, and have little awareness about the important factors that play role in the system's safety, and thus users get an illusion of security, instead of the real protection. DiskCryptor, starting from version 0.2.5, has extra measures in place to prevent leaks of the sensitive data:
  • When the system partition is encrypted, then memory dump and hibernation files are already protected (by default Windows is configured to write these files to the system partition).
  • If the system partition is not encrypted, and when there are mounted encrypted disks present in the system, then the use of hibernation mode and saving of memory dump (on system crash) are blocked, and in case if there are no mounted encrypted disks present, then before commencing hibernation or writing memory dump, the password cache is being automatically cleared from memory.
That way, the program does not let the sensitive data to be written to disk in a non-encrypted way.

Nonetheless, please bear in mind, that there is always a chance for the data leaks to occur because of a third-party application. For example, if there is a software on your system, that intercepts keyboard input (it can be a language translation tool, an automatic keyboard layout changer, or a keylogger), or if you use the clipboard to copy passwords, then in such cases, passwords may be stored in a memory region that DiskCryptor has no control of, and where the data leaks can be taking place. In order to safeguard yourself from these kind of data leaks to be used against your system's security, — it is sufficient to encrypt all the disk partitions, where this important data can be written onto. If your system is connected to a network or the internet, please make sure, that no unauthorized transmissions of the sensitive data are taking place, as keyloggers, besides saving their log on a local disk, can also transmit what they capture over your network/internet connection. But then again, you must not let any malicious software to get into your system, in the first place.

Conclusion
As you can see, there are many ways which can lead for the encrypted confidential data to become exposed, and this is by no means a comprehensive overview of all the possible ways to achieve that. In particular, there has been no mention of either rubber-hose cryptanalysis, nor possible risks involving the human factor, or social engineering manipulation. The more we know about the information security, the more aware we become of our defenselessness.

So that is why you should always remember, — confidential data protection must not be limited to encryption only, and it is all-important to take very seriously the arrangement of physical security structure, as well. In no way however, what has just been put forward, diminishes the necessity to use encryption, and it still remains a formidable obstacle for an adversary to overcome.

Edited by jay pheno, 24 May 2010 - 08:13 AM.


#8 Erkee

Erkee

    Trolls'R'us

  • Expired Member
  • 1,477 posts

Posted 24 May 2010 - 09:43 AM

subscribed.

#9 Mrs.Hippie3

Mrs.Hippie3

    QueenBee

  • Founders
  • 11,103 posts

Awards Bar:

Posted 24 May 2010 - 09:47 AM

Archive material . :thumbup:

#10 justweed

justweed

    Friend of the Devil

  • Validating
  • 1,062 posts

Posted 24 May 2010 - 09:49 AM

PeerBlock, blocking attacks from the source

Since I'm kinda high, here's the quote from their website.

PeerBlock lets you control who your computer "talks to" on the Internet. By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries! They can't get in to your computer, and your computer won't try to send them anything either.
And best of all, it's free!

PeerBlock is a MUST HAVE for any p2p users, or people who don't want to let government snooping computers into their PC's.

http://www.peerblock.com/

#11 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 24 May 2010 - 11:46 AM

PeerBlock, blocking attacks from the source

Since I'm kinda high, here's the quote from their website.


PeerBlock is a MUST HAVE for any p2p users, or people who don't want to let government snooping computers into their PC's.

http://www.peerblock.com/



ty justweed , peerblock rocks i agree it is worth useing not just for p2p/torrents but it also will block any network communication to any ip in its database.

id also suggest these programs :

*note all these programs use the same filter sets


PeerGuardian OS X

http://phoenixlabs.org/pgosx/ <--for mac's they also make a windows version but i suggest peerblock for windows .

PeerGuardian is Phoenix Labs’ premier IP blocker for OS X. PeerGuardian integrates support for multiple lists, list editing, automatic updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc), making it the safest and easiest way to protect your privacy on the Internet.




MoBlock

http://moblock.berlios.de/ <-- for linux

MoBlock is a linux console application that blocks connections from/to hosts listed in a file in peerguardian format (guarding.p2p). It uses iptables ipqueue userspace library and it is very light in resource usage (cpu, ram).

#12 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 24 May 2010 - 12:21 PM

Antiforensics - Making computer data safe from prying eyes...

q9VUbiFdx7w
pdf of video


Anti-forensics methods are often broken down into several sub-categories to make classification of the various tools and techniques simpler. One of the more widely accepted subcategory breakdowns was developed by Dr. Marcus Rogers. He has proposed the following sub-categories, data hiding, artifact wiping, trail obfuscation and attacks against the CF (computer forensics) process/tools.

Data hiding
Data hiding is the process of making data difficult to find while also keeping it accessible for future use. “Obfuscation and encryption of data give an adversary the ability to limit identification and collection of evidence by investigators while allowing access and use to themselves.” Some of the more common forms of data hiding include encryption, steganography, and other various forms of hardware/software based data concealment. Each of the different data hiding methods makes digital forensic examinations difficult. When the different data hiding methods are combined, they can make a successful forensic investigation nearly impossible.

One of the more commonly used techniques to defeat computer forensics is data encryption. In a presentation he gave on encryption and anti-forensic methodologies the Vice President of Secure Computing, Paul Henry, referred to encryption as a “forensic analysis's nightmare”
The majority of publicly available encryption programs allow the user to create virtual encrypted disks which can only be opened with a designated key. Through the use of modern encryption algorithms and various encryption techniques these programs make the data virtually impossible to read without the designated key.


File level encryption encrypts only the file contents. This leaves important information such as file name, size and timestamps unencrypted. Parts of the content of the file can be reconstructed from other locations, such as temporary files, swap file and deleted, unencrypted copies.
Most encryption programs have the ability to perform a number of additional functions that make digital forensic efforts increasingly difficult. Some of these functions include the use of a keyfile, full-volume encryption, and plausable deniability. The widespread availability of software containing these functions has put the field of digital forensics at a great disadvantage.



Other forms of data hiding involve the use of tools and techniques to hide data throughout various different locations in a computer system. Some of these places can include “memory, slack space, hidden directories, bad blocks, alternate data streams, hidden partitions.” One of the more well known tools that is often used for data hiding is called Slacker (part of the framework). Slacker breaks up a file and places each piece of that file into the slack space of other files, thereby hiding it from the forensic examination software.

Artifact wiping
The methods used in artifact wiping are tasked with permanently eliminating particular files or entire file systems. This can be accomplished through the use of a variety of methods that include disk cleaning utilities, file wiping utilities and disk degaussing/destruction techniques.

Disk cleaning utilities use a variety of methods to overwrite the existing data on disks . The effectiveness of disk cleaning utilities as anti-forensic tools is often challenged as some believe they are not completely effective. Experts who don’t believe that disk cleaning utilities are acceptable for disk sanitization base their opinions off current DOD policy, which states that the only acceptable form of sanitization is degaussing. (See National Industrial Security Program) Disk cleaning utilities are also criticized because they leave signatures that the file system was wiped, which in some cases is unacceptable. Some of the widely used disk cleaning utilities include DBAN, srm, KillDisk ,CCleaner.

Trail obfuscation
The purpose of trail obfuscation is to confuse, disorientate and divert the forensic examination process. Trail obfuscation covers a variety of techniques and tools that include “log cleaners, spoofing, misinformation, backbone hopping, zombied accounts, trojan commands”. One of the more widely known trail obfuscation tools is Timestomp (part of the Metasploit framework).



Timestomp gives the user the ability to modify file metadata pertaining to access, creation and modification times/dates. By using programs such as Timestomp, a user can render any number of files useless in a legal setting by directly calling in to question the files credibility.


Another well known trail-obfuscation program is Transmogrify (also part of the Metasploit framework). In most file types the header of the file contains identifying information. A (.jpg) would have header information that identifies it as a (.jpg), a (.doc) would have information that identifies it as (.doc) and so on. Transmogrify allows the user to change the header information of a file, so a (.jpg) header could be changed to a (.doc) header. If a forensic examination program or operating system were to conduct a search for images on a machine, it would simply see a (.doc) file and skip over it.


Attacks against the computer forensics process/tools
In the past anti-forensic tools have focused on attacking the forensic process by destroying data, hiding data, or altering data usage information. Anti-forensics has recently moved into a new realm where tools and techniques are focused on attacking forensic tools that perform the examinations. These new anti-forensic methods have benefited from a number of factors to include well documented forensic examination procedures, widely known forensic tool vulnerabilities and digital forensic examiners heavy reliance on their tools.

During a typical forensic examination, the examiner would create an image of the computers disks. This keeps the original computer (evidence) from being tainted by forensic tools. Hashes (see cryptographic hash function) are created by the forensic examination software to verify the integrity of the image. One of the recent anti-tool techniques targets the integrity of the hash that is created to verify the image. By affecting the integrity of the hash, any evidence that is collected during the subsequent investigation can be challenged.


Anti-forensics Tools :


- Timestomp, that allows you to modify all four NTFS timestamp
values modified, accessed, created, and entry modified.

- Slacker, tool that allows you to hide files within the slack
space of the NTFS file system.

- Sam Juicer, a Meterpreter module that dumps the hashes from the
SAM, but does it without ever hitting disk.


Secure file deletion Tools:
- Eraser (windows)
- Evidence eliminator (windows)
- CCleaner (windows) http://www.piriform.com/ccleaner
- shred (linux)
- srm (bsd, linux)
- wipe (linux)
- Dban (universal) http://www.dban.org/

Related reading

Anti-forensic techniques, http://www.forensics...nsic_techniques

Anti-Forensics: Techniques, Detection and Countermeasures, http://www.simson.ne...slides-ICIW.pdf

The Computer Forensics Challenge and Anti-Forensics Techniques, http://www.h2hc.com....7/montanaro.pdf



#13 mushmonkey

mushmonkey

    Phantom Psychonaut

  • Expired Member
  • 778 posts

Posted 24 May 2010 - 01:07 PM

thanks for the great info!! :kiss:

i just read cory doctorow's "little brother" and have been thinking a lot more about computer/network security issues.

#14 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 25 May 2010 - 08:04 AM

DNS Leaks
The Problem
When an application connects to a server on the Internet, it needs to resolve hostnames (i.e., www.mycotopia.net) to IP addresses.

To do this, the application sends the hostname to a DNS server for resolution. The DNS server sends the IP address for the hostname back to the application. This is normal business and is good for every day use.

However, it is bad for business when you wish to conduct anonymous connections.

Let's examine an example of why DNS leaks are bad for anonymous connections. Let's say you exist in an oppressive regime and wish to browse a web site on the rergime's forbidden list. Your computer needs to resolve the hostname for forbidden web site, so it sends a request to its DNS resolver.



The regime true to its repressive nature is monitoring the DNS servers for requests for forbidden sites. It correlates the request for the banned site with your IP address and stops by to arrest you for violating the law even though you made the connection using an anonymizing tool, such as Tor or other proxies.

What does it mean to you?
It means that while all your content is passing through an encrypted connection,Tor ,vpn or proxy .some of your DNS lookups could be going to your ISP's resolver.


This means they could potentially tell which sites you visit by the dns request and they could even block access to certain sites by blocking the DNS resolution for those sites.


Can I test for it and see if it affects me?
There is a test you can run here
(You can ignore everything but the IP address/Server name (this is a test for a specific dns vulnerability that may not be relevant to you at all, but it will also show dns leaks and that is what we are looking for here)).



The IP addresses and names are the only things you need to note. If one of those is your local resolver, you have the potential for DNS leak)
What can you do about it?
You can set your DNS to use our DNS servers. By using our servers to handle DNS for you the requests would not be logged by your ISP's dns servers.


You can use someone else's DNS servers, like OpenDNS or Google's (it's probably a given that Google logs all and keeps it near forever for them to keep their finger on the "pulse" of the Internet).


However, no matter what you choose for DNS, if you are affected by a DNS leak then the requests will still be traveling plaintext over the Internet. So they could be seen by an admin looking for them.


The best option (for VPN) is to adjust the bindings in XP/2k or if it happens in Vista/Win7 to set a static IP (and in the most extreme instances additionally remove the DNS servers from the main interface.)
Fixes: WindowsXP/2k
(you should be able to make this registry change to resolve the issue, if it does not work, follow steps for Vista/Win7)

  • Click Start, click Run, type regedt32 in the Open box, and then click OK.
  • Click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
  • In the right pane, double-click Bind.
  • In the Value data box, select the \Device\NdisWanIp item
  • Press ctrl+x
  • click the top of the list of devices, and then press ctrl+v
  • Click OK, and then quit regedt32 and reboot.
  • If you add or remove adapters, you'll need to do this all again
XP and 2000 users stop and retest here, you may not need to go further. If retest still fails, proceed to Vista/Win7 instructions:


Vista/Win7
First connect to the VPN. This is very important if you have not entered the ip and name for the VPN server in your hosts file. Once connected, continue:
Get to an elevated command prompt
  • Click Start, type cmd into the search box, when you see it listed above, right click on it and choose Run as administrator.
Find your primary interface name (we refer to it below as primaryinterface), ip address, subnet mask, and default gateway. You'll need this information to continue.
  • Type ipconfig /all
Create a quick backup of your settings
  • Type netsh interface ip dump > c:\netbackup.cfg
Set your primary Interface IP to a static one if you are using DHCP (You can skip this if you are already using a static IP).
  • Type: netsh interface ip set address "primaryinterface" static <ipaddress> <subnetmask> <default gateway> 1
If you don't set the IP static, DNS will just auto renew via DHCP after we blank it below.
Flush your DNS cache
  • Type ipconfig /flushdns
Stop and retest here, you may not need to go further. If retest still fails, proceed:

Set the DNS server to none for the active interface
(replace primaryinterface with your actual interface name, most often "Local Area Connection", but use whatever it said when you made it static)
  • Type netsh interface ip set dns name="primaryinterface" source=static addr=none
Leaks definitely stopped by here, we just disabled dns on the main interface.

To go back:

For DHCP Type:

netsh interface ip set address name="primaryinterface" source=dhcp
netsh interface ip set dns name="primaryinterface" source=dhcp
For static just reset DNS:
  • netsh interface ip set dns name="primaryinterface" source=static addr=x.x.x.x primary
Note: If you have multiple active network adapters you may need to perform the above for each of the active adapters.
If you messed up completely and need to restore
  • Type netsh exec c:\netbackup.cfg
Those advanced can create .bat files for this. You should also add hosts file entries for addresses you must resolve local even if connected to the VPN, for example the VPN address in case it disconnects and you want to immediately reconnect.


Edit hosts file
As always the “host” file is under C:\windows\system32\drivers\etc\ or %systemroot%\system32\drivers\etc\ and hence cannot be edited by normal users.
To edit the host file,
Click
Start – search for Notepad, right-click and select Run as administrator. This should launch notepad with elevated privileges. Now, open the host file from the File menu, edit and save.


You'll want to enter the VPN's IP and name here so you can reconnect if it drops. For questions on IP or name, contact helpdesk.

Edited by jay pheno, 25 May 2010 - 08:20 AM.


#15 eatyualive

eatyualive

    ExoCannibalist

  • Honorary Former Staff
  • 6,153 posts

Awards Bar:

Posted 25 May 2010 - 02:06 PM

great info!

#16 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 26 May 2010 - 02:15 PM

Securing Your Web Browser


Why Secure Your Web Browser?


Today, web browsers such as Internet Explorer, Mozilla Firefox, and Apple Safari (to name a few), are installed on almost all computers. Because web browsers are used so frequently, it is vital to configure them securely. Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.

Ideally, computer users should evaluate the risks from the software they use. Many computers are sold with software already loaded. Whether installed by a computer manufacturer, operating system maker, Internet Service Provider, or by a retail store, the first step in assessing the vulnerability of your computer is to find out what software is installed and how one program will interact with another. Unfortunately, it is not practical for most people to perform this level of analysis.

There is an increasing threat from software attacks that take advantage of vulnerable web browsers. A trend whereby new software vulnerabilities are exploited and directed at web browsers through use of compromised or malicious web sites. This problem is made worse by a number of factors, including the following:




  • Many users have a tendency to click on links without considering the risks of their actions.
  • Web page addresses can be disguised or take you to an unexpected site.
  • Many web browsers are configured to provide increased functionality at the cost of decreased security.
  • New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer.
  • Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.
  • Third-party software may not have a mechanism for receiving security updates.
  • Many web sites require that users enable certain features or install more software, putting the computer at additional risk.
  • Many users do not know how to configure their web browsers securely.
  • Many users are unwilling to enable or disable functionality as required to secure their web browser.
As a result, exploiting vulnerabilities in web browsers has become a popular way for attackers to compromise computer systems.

Web Browser Features and Risks


It is important to understand the functionality and features of the web browser you use. Enabling some web browser features may lower security. Often, vendors will enable features by default to improve the computing experience, but these features may end up increasing the risk to the computer.

Attackers focus on exploiting client-side systems (your computer) through various vulnerabilities. They use these vulnerabilities to take control of your computer, steal your information, destroy your files, and use your computer to attack other computers. A low-cost way attackers do this is by exploiting vulnerabilities in web browsers. An attacker can create a malicious web page that will install Trojan software or spyware that will steal your information.

Rather than actively targeting and attacking vulnerable systems, a malicious web site can passively compromise systems as the site is visited. A malicious HTML document can also be emailed to victims. In these cases, the act of opening the email or attachment can compromise the system.

Some specific web browser features and associated risks are briefly described below. Understanding what different features do will help you understand how they affect your web browser's functionality and the security of your computer.

ActiveX is a technology used by Microsoft Internet Explorer on Microsoft Windows systems. ActiveX allows applications or parts of applications to be utilized by the web browser. A web page can use ActiveX components that may already reside on a Windows system, or a site may provide the component as a downloadable object. This gives extra functionality to traditional web browsing, but may also introduce more severe vulnerabilities if not properly implemented.

ActiveX has been plagued with various vulnerabilities and implementation issues. One problem with using ActiveX in a web browser is that it greatly increases the attack surface, or “attackability,” of a system.

Installing any Windows application introduces the possibility of new ActiveX controls being installed. Vulnerabilities in ActiveX objects may be exploited via Internet Explorer, even if the object was never designed to be used in a web browser

Many vulnerabilities with respect to ActiveX controls lead to severe impacts. Often an attacker can take control of the computer.

Java is an object-oriented programming language that can be used to develop active content for web sites. A Java Virtual Machine, or JVM, is used to execute the Java code, or “applet,” provided by the web site. Some operating systems come with a JVM, while others require a JVM to be installed before Java can be used. Java applets are operating system independent.

Java applets usually execute within a “sandbox” where the interaction with the rest of the system is limited. However, various implementations of the JVM contain vulnerabilities that allow an applet to bypass these restrictions. Signed Java applets can also bypass sandbox restrictions, but they generally prompt the user before they can execute.

Plug-ins are applications intended for use in the web browser. Netscape has developed the NPAPI standard for developing plug-ins, but this standard is used by multiple web browsers, including Mozilla Firefox and Safari. Plug-ins are similar to ActiveX controls but cannot be executed outside of a web browser. Adobe Flash is an example of an application that is available as a plug-in.

Plug-ins can contain programming flaws such as buffer overflows, or they may contain design flaws such as cross-domain violations, which arises when the same origin policy is not followed.

Cookies are files placed on your system to store data for specific web sites. A cookie can contain any information that a web site is designed to place in it. Cookies may contain information about the sites you visited, or may even contain credentials for accessing the site. Cookies are designed to be readable only by the web site that created the cookie. Session cookies are cleared when the browser is closed, and persistent cookies will remain on the computer until the specified expiration date is reached.

Cookies can be used to uniquely identify visitors of a web site, which some people consider a violation of privacy. If a web site uses cookies for authentication, then an attacker may be able to acquire unauthorized access to that site by obtaining the cookie. Persistent cookies pose a higher risk than session cookies because they remain on the computer longer.

JavaScript
, also known as ECMAScript, is a scripting language that is used to make web sites more interactive. There are specifications in the JavaScript standard that restrict certain features such as accessing local files.

VBScript is another scripting language that is unique to Microsoft Windows Internet Explorer. VBScript is similar to JavaScript, but it is not as widely used in web sites because of limited compatibility with other browsers.

The ability to run a scripting language such as JavaScript or VBScript allows web page authors to add a significant amount of features and interactivity to a web page. However, this same capability can be abused by attackers. The default configuration for most web browsers enables scripting support, which can introduce multiple vulnerabilities, such as the following:


  • Cross-Site Scripting
  • Cross-Site Scripting, often referred to as XSS, is a vulnerability in a web site that permits an attacker to leverage the trust relationship that you have with that site. Note that Cross-Site Scripting is not usually caused by a failure in the web browser.

  • Cross-Zone and Cross-Domain Vulnerabilities

    Most web browsers employ security models to prevent script in a web site from accessing data in a different domain. These security models are primarily based on the Netscape Same Origin Policy: http://www.mozilla.o...ame-origin.html. Internet Explorer also has a policy to enforce security zone separation: http://www.microsoft...rity/setup.mspx.

    Vulnerabilities that violate these security models can be used to perform actions that a site could not normally perform. The impact can be similar to a cross-site scripting vulnerability. However, if a vulnerability allows for an attacker to cross into the local machine zone or other protected areas, the attacker may be able to execute arbitrary commands on the vulnerable system.

  • Detection evasion

    Anti-virus, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) generally work by looking for specific patterns in content. If a “known bad” pattern is detected, then the appropriate actions can take place to protect the user. But because of the dynamic nature of programming languages, scripting in web pages can be used to evade such protective systems.

How to Secure Your Web Browser

Some software features that provide functionality to a web browser, such as ActiveX, Java, Scripting (JavaScript, VBScript, etc), may also introduce vulnerabilities to the computer system.

These may stem from poor implementation, poor design, or an insecure configuration. For these reasons, you should understand which browsers support which features and the risks they could introduce. Some web browsers permit you to fully disable the use of these technologies, while others may permit you to enable features on a per-site basis.

This section shows you how to securely configure a few of the most popular web browsers and how to disable features that can cause vulnerabilities. We encourage you to visit the vendor's web site for the browser you use to learn more. If a vendor does not provide documentation on how to secure the browser, we encourage you to contact them and request more information.

Multiple web browsers may be installed on your computer. Other software applications on your computer, such as email clients or document viewers, may use a different browser than the one you normally use to access the web. Also, certain file types may be configured to open with a different web browser. Using one web browser for manually interacting with web sites does not mean other applications will automatically use the same browser. For this reason, it is important to securely configure each web browser that may be installed on your computer. One advantage to having multiple web browsers is that one browser can be used for only sensitive activities such as online banking, and the other can be used for general purpose web browsing. This can minimize the chances that a vulnerability in a web browser, web site, or related software can be used to compromise sensitive information.

Web browsers are frequently updated. Depending on the version of your software, the features and options may move or change.


Mozilla Firefox

Mozilla Firefox supports many features of the same features as Internet Explorer, with the exception of ActiveX and the Security Zone model. Mozilla Firefox does have the underlying support for configurable security policies (CAPS), which is similar to Internet Explorer's Security Zone model, however there is no graphical user interface for setting these options. We recommend looking in the Help, For Internet Explorer Users menu to help users understand how terminology differs between the two applications.

The following are some steps to disable various features in Mozilla Firefox. Note that some menu options may change between versions or may appear in different locations depending on the host operating system. You should adapt the steps below as appropriate.

To edit the settings for Mozilla Firefox, select Tools, then Options.


Posted Image


You will then see an Options window that has a Category row at the top and the features for that category below. The first category of interest is the General category. Under this section, you can set Firefox as your default browser. Also select the option Always ask me where to save files. This will make it more obvious when a web page attempts to save a file to your computer.


Posted Image


Under the Privacy category, you will find options for browser History and Cookies. In the History section, disable the option to Remember what I enter in forms and the search bar. If the browser remembers these options, it can be a privacy violation, especially if the browser is used in a shared environment. Visited page and download history can be disabled here too.

In the Cookie section, select ask me every time. This will help make it clear when a web site is attempting to set a cookie.


Posted Image

When the user is prompted, the contents of the cookie can be viewed and the user can select whether to Deny, Allow for Session, or Allow the cookie. This gives the user more information about what sites are using cookies and also gives more granular control of cookies as opposed to globally enabling them. Select Use my choice for all cookies from this site to have the browser remember your decision so that you will not be prompted each time you return to the site. Clicking the Allow for Session button will cause the cookie to be cleared when the browser is restarted. If prompting for each cookie is too excessive, the user may wish to select the Keep until: I close Firefox option. This will prevent web sites from being able to set persistent cookies.

Posted Image


Many web browsers will offer the ability to store login information. In general, we recommend against using such features. Should you decide to use the feature, ensure that you use the measures available to protect the password data on your computer. Under the Security category, the Passwords section contains various options to manage stored passwords, and a Master Password feature to encrypt the data on your system. We encourage you to use this option if you decide to let Mozilla Firefox manage your passwords.

The Warn me when sites try to install add-ons option will display a warning bar at the top of the browser when a web site attempts to take such an action.


Posted Image


The Content category contains an option to Enable Java. Java is a programming language that permits web site designers to run applications on your computer. We recommend disabling this feature unless required by the trusted site you wish to visit. Again, you should determine if this site is trustworthy and whether you want to enable Java to view the site’s content. After you are finished visiting the site, we recommend disabling Java until needed again.

Press the Advanced button to disable specific JavaScript features. We recommend disabling all of the options displayed in this dialog.


Posted Image

Posted Image


The Content section has an option to modify actions taken when files are downloaded. Any time a file type is configured to automatically open with an associated application, this can make the browser more dangerous to use. Vulnerabilities in these associated applications can be exploited more easily when they are configured to automatically open. Click the Manage button to view the current download settings and modify them if necessary.


Posted Image

The Download Actions dialog will show the file types and the currently configured actions to take when the browser encounters such a file. For all listed file types, either select Remove Action or Change Action... to modify the action to save the file to the computer. This increases the amount of user action required to launch the associated applications, and will therefore help prevent automated exploitation of vulnerabilities that may exist in these applications.

Posted Image

Posted Image


Firefox 1.5 and later include a feature to Clear Private Data. This option will remove potentially sensitive information from the web browser. Select Clear Private Data... from the Tools menu to use this privacy feature.


Posted Image

Posted Image

Because Firefox does not have easily-configured security zones like Internet Explorer, it can be difficult to configure the web browser options on a per-site basis. For example, a user may wish to enable JavaScript for a specific, trusted site, but have it disabled for all other sites. This functionality can be added to Firefox with an add-on, such as NoScript.

With NoScript installed, JavaScript will be disabled for sites by default. The user can allow scripts for a web site by using the NoScript icon menu. Scripts can be allowed for a site on a temporary or a more permanent basis. If Temporarily allow is selected, then scripts are enabled for that site until the browser is closed.


Posted Image


Because many web browser vulnerabilities require scripting, configuring the browser to have scripting disabled by default greatly reduces the chances of exploitation. To extend this protection even further, NoScript can be configured to also block Java, Flash, and other plug-ins by default. This can help to mitigate any vulnerabilities in these plug-in technologies. NoScript will replace these elements with a placeholder icon, which can be clicked to enable the element. Click the NoScript icon and then click Options... to get to the NoScript configuration screen.

Posted Image

On the Plugins tab, select the options as follows:

Posted Image

Aside from visiting web sites that are inherently malicious, users can also be put at risk when a legitimate, trusted site is compromised. For this reason, we recommend enabling the option to Apply these restrictions to trusted sites too. If this option is too intrusive, it can be turned off at the cost of increased risk.




#17 microscopeman

microscopeman

    Mycotopiate

  • Free Member
  • 576 posts

Posted 06 September 2010 - 07:36 AM

JohDo: http://jondos.com/en/jondonym
Its primary use is the anonymisation of web site requests against web site operators, internet providers and the anonymisation service Operators.

Tor: http://www.torproject.org/torbrowser/
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

#18 microscopeman

microscopeman

    Mycotopiate

  • Free Member
  • 576 posts

Posted 06 September 2010 - 07:53 AM

... and some good tools
Spybot Search And Destroy (trojan/spyware removal) - pretty much the best one out there for detection.
http://www.safer-net...org/index2.html
Spyware Blaster (prevent spy-sites)
http://www.javacools...areblaster.html
Eraser (secure delete)
http://sourceforge.n...rojects/eraser/
DBAN (Secure wipe disk)
http://www.dban.org/
Clamwin (Anti-Virus application) - need to setup scheduler manually. I like this one because it wont slow down your computer like all the other bloated ones out there.
http://www.clamwin.com/
  • Erkee likes this

#19 microscopeman

microscopeman

    Mycotopiate

  • Free Member
  • 576 posts

Posted 21 September 2010 - 07:07 PM

http://phoenixlabs.org/pg2/
PeerGuardian 2 is Phoenix Labs’ premier IP blocker for Windows. PeerGuardian 2 integrates support for multiple lists, list editing, automatic updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc), making it the safest and easiest way to protect your privacy on P2P.

*edit* link has been listed above but this is an updated version

http://iblocklist.com/lists.php
I-Blocklist is a site dedicated to the creation and distribution of IP lists for use with IP blockers such as PeerBlock, PeerGuardian, Moblock, and iplist.

Edited by microscopeman, 21 September 2010 - 08:50 PM.
Updated from link above


#20 Guest_jay pheno_*

Guest_jay pheno_*
  • Guest

Posted 21 September 2010 - 07:58 PM

thank you for your post ,, all good software ! :headbang:




Like Mycotopia? Become a member today!