Anonymity Online Through The Tor Project

Since it’s release in 2002, the Tor (short for The Onion Router) has been a system running intended to enable online anonymity.

Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user’s location or usage from someone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including “visits to Web sites, online posts, instant messages and other communication forms”, to the user. It is intended to protect users’ personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored.

http://www.torproject.org/

I have tried using Tor years ago and it seems somewhat practical, but effective for someone who would like anonymity online. The Tor client software can be run through virtually anything that uses the internet on your computer. The downside I found with it though was that sometimes it can cause slow speeds, due to running through other people who have slow internet. Also the fact that you are volunteering yourself while on the Tor network, might make some uneasy about using it.

Have any of you guys used Tor? and if not, do you think it is worth using it to protect your privacy?

USB Hardware Keylogger with Wi-Fi

I’ve always known about hardware based keyloggers, but until recently I have not realized how advanced they have become. Upon my surprise, recently I came across a Wi-Fi Premium USB Hardware Keylogger being sold online. It has a somewhat hefty price tag at $169, but it’s amazing what it can do.

Features:

•    2 Gigabytes of internal memory
•    Automatic E-mail reports with recorded keyboard data
•    Background connection to the Internet over a local Access Point
•    Built-in time-stamping module
•    Internal clock and battery with over 7 years lifetime guaranteed!
•    No software or drivers required, Windows, Linux, and Mac compatible
•    On-demand access at any time through TCP/IPWi-Fi
•    Support for WEP, WPA, and WPA-2 encryption
•    Ultra compact and discrete, less than 2 inches (5 cm) long
•    Works with any USB keyboard

Link to the google product page

Just having 2 gigabytes of memory allows for a ton of text to be stored. Probably about 1000 word documents. Scariest thing about this Keylogger is it’s Wi-Fi connectivity. Once deployed, the attacker wouldn’t have to worry about collecting it and has the information they need as soon as they want. I do wonder though if the claim of it working with any USB keyboard is in fact true.

What do you guys think about this new breed of hardware keyloggers?

Making The Right Anti-Virus Choice

An increasing amount of people use Anti-Virus products every year, as it is important to do so. Some are certainly better than others and choosing the right Anti-Virus is important for many reasons. When considering an Anti-Virus product one should take these features into account.

• Real-time Scanner
• On-access Scanner
• On-Demand Scanner
• Heuristic Scanner
• Compressed File Scanner
• Scheduled Scans
• Script Blocking
• POP3 Email Scanning
• Web-mail Protection
• Instant Messaging Protection
• Automatic Virus Updates
• Automatic Program Updates

Here are some statistics on the top Anti-Virus programs for 2011. The statistics are done by AV-Test, an independent IT-Security Institute that does detailed test reports every year.

• “Protection”: Covers static and dynamic malware detection, including real-world 0-Day attack testing.
• “Repair”: Check the system disinfection and rootkit removal in detail.
• “Usability”: System slow-down caused by the tools and the number of false positives.

http://www.av-test.org/en/tests/test-reports/

Personally I have always been a fan of Kaspersky, but within the last 4 years the top Anti-Virus products have been changing positions. Even Norton has gotten better and is less known for bloatware then what it used to be.

What Anti-Virus products do you guys recommend? Or do you believe these statistics to be quite accurate?

New Intel Identity Protection Technology

Just recently Intel has been putting authentication technology into its chips. These consist of some Core and Core vPro processor-based PCs from HP, Lenovo, Sony and others. These enhanced chips started shipping to consumers over the summer, while many were clueless of the technology.

Intel Identity Protection Technology generates a unique number for the specific PC and a six-digit code that is used to authenticate your computer with your account when logging into a Web site. (Credit: Intel)

This is a two-factor authentication process, which adds an extra layer of security. When you visit a site and type in your username and password, an algorithm running on the chipset generates a six-digit code that changes every 30 seconds from the embedded processor. That generated six-digit code is then validated by the site. Although the downside is that the web site needs to be using this identity protection technology that works with the Intel chip to enable this two-factor authentication.

I think this security tech is promising because it’s making use of hardware to add security. I would hope though that the algorithm that’s used to generate the six-digit codes would be hard to figure out or replicate by a hacker.

http://news.cnet.com/8301-1009_3-20126770-83/intel-chips-let-web-sites-check-your-computers-id/

What do you guys think about this added security method in Intel chips? Is it practical and would sites adopt it?

Laptop Shoulder Surfing

Privacy problems with using laptops in public has always been a concern. As we all know, a low tech way to hack a laptop is to simply peer at the laptop while the owner uses it. I’ve personally have seen a fair share of laptops being used in public with no consideration of those around them. A big problem I think is just human psychology. While a person is engaged in using their laptop, their mind is in that mode and everything around them is a separate world.

What people really should do is put more thought into preventive measures. They sell many different privacy filters these days that are made of a type of plastic using microlouver technology. They have gotten better since they first came out. Nowadays they work well enough that someone sitting next to you will not be able to make out your screen.

Then the question comes up, what about someone behind me? Well you need to make sure you use a laptop in public where your back won’t be exposed to others. Like sitting in a corner or near a wall of some sort. That is unless you have snuggie security.

Who knew snuggie security idea could be an answer?

There is the everywhere security model.

The side security model

and the keyboard security model

Would you use snuggie security? or do you guys think there is a better way out there to keep your laptop privacy, other than the things I have mentioned.

Full-Body Scanners – Naked, But Safe

Since 2010 there has been a lot of talk about full-body scanners being used in airports. Has security gone to far? Is this technology too revealing? The answer might surprise you, because although many people are really enjoying making a fuss about privacy and morals with this magical way to see underneath your clothes, the resulting images resemble something more morbid than sexual.

Example pictures:

I think the result photos that a full-body scanner puts out are not sexual, but very effective for security measures. Lets face it, going through airport security is not a who’s hotter naked contest; it’s a who’s carrying the most dangerous items contest. As far as I know in UK there is a limit to 18 and above for these scans. I wouldn’t be surprised if it was the same here.

How do you feel about full-body scan privacy? Would you gladly get virtually naked for a machine, or would you rather keep your private parts private?

• In case you guys were wondering, here is a list of all the airports that currently use full-body scanners:
  · Albuquerque International Airport (ABQ)
  · Atlanta Hartsfield-Jackson Airport (ATL)
  · Baltimore-Washington International (BWI)
  · Boise Airport (BOI)
  · Boston-Logan International (BOS)
  · Bradley International Airport (BDL)
  · Brownsville-South Padre Island Airport (BRO)
  · Buffalo-Niagara International (BUF)
  · Charlotte Douglas International (CLT)
  · Chicago-O’Hare Airport (ORD)
  · Cincinnati-Northern Kentucky International (CVG)
  · Cleveland-Hopkins International Airport (CLE)
  · Columbus International Airport (CMH)
  · Corpus Christi International Airport (CRP)
  · Dallas/Ft. Worth Airport (DFW)
  · Denver International Airport (DEN)
  · Detroit Metro Wayne County Airport (DTW)
  · El Paso International Airport (ELP)
  · Fort Lauderdale International Airport (FLL)
  · Fresno-Yosemite Airport (FAT)
  · Gulfport-Biloxi Airport (GPT)
  · Grand Rapids-Gerald R. Ford Airport (GRR)
  · Harrisburg International Airport (HIA)
  · Honolulu International Airport (HNL)
  · Houston-George Bush International (IAH)
  · Indianapolis International Airport (IND)
  · Jacksonville International Airport (JAX)
  · Kansas City International Airport (MCI)
  · Laredo International Airport (LRD)
  · Las Vegas-McCarran Airport (LAS)
  · Lihue Airport (LIH)
  · Los Angeles International Airport (LAX)
  · McAllen-Miller International Airport (MFE)
  · Memphis International Airport (MEM)
  · Miami International Airport (MIA)
  · Milwaukee Mitchell Airport (MKE)
  · Minneapolis-St. Paul International (MSP)
  · Nashville International AIrport (BNA)
  · New York – JFK International Airport (JFK)
  · New York – LaGuardia Airport (LGA)
  · Newark-Liberty International Airport (EWR)
  · New Orleans-Louis Armstrong International (MSY)
  · Oakland International Airport (OAK)
  · Omaha-Eppley Field (OMA)
  · Orlando International Airport (MCO)
  · Palm Beach International (PBI)
  · Philadelphia International Airport (PHL)
  · Phoenix Sky Harbor (PHX)
  · Pittsburgh International Airport (PIT)
  · Providence-T.F. Green International (PVD)
  · Raleigh-Durham International Airport (RDU)
  · Richmond International Airport (RIC)
  · Rio Grande Valley-Harlington Airport (HRL)
  · Rochester International Airport (RST)
  · Salt Lake City International Airport (SLC)
  · San Antonio International Airport (SAT)
  · San Diego International Airport (SAN)
  · San Francisco International Airport (SFO)
  · San Jose-Mineta International Airport (SJC)
  · San Juan- Luis Munoz Marin International (SJU)
  · Seattle-Tacoma International Airport (SEA)
  · Spokane International Airport (GEG)
  · St. Louis-Lambert International (STL)
  · Tampa International Airport (TPA)
  · Tulsa International Airport (TUL)
  · Valley International Airport (HRL)
  · Washington DC’s Dulles Airport (IAD)
  · Washington DC’s Reagan Airport (DCA)

• You will find full-body scanners at the following international airports:
  · Amsterdam-Schipol Airport (AMS)
  · Gimhae/Busan International (PUS)
  · Gimpo/Seoul International (GMP)
  · Jeju International (CJU)
  · Lagos-Murtala Muhammad International (LOS)
  · London-Heathrow (LHR)
  · Manchester Airport (MAN)
  · Milan-Malpensa International Airport (MXP) **No longer in use
  · Moscow-Sheremetyevo International (SVO)
  · Palermo International Airport (PMO) **No longer in use
  · Paris-Charles de Gaulle (CDG)
  · Regina International Airport (YQR)
  · Rome-Leonardo da Vinci/Fiumicino (FCO) **No longer in use
  · Toronto Pearson International (YYZ)
  · Tokyo-Narita International (NRT) *Trial period
  · Vancouver International (YVR)

http://www.jaunted.com/story/2010/11/15/165132/48/travel/An+Updated+List+of+the+80%2B+Airports+with+Full-Body+Scanners

Secret Knock Detecting Lock

 

I was going through my old youtube playlists recently and I stumbled upon a video that I hadn’t seen for over a year ago. I thought it was really cool and some of you may not have seen this before. It’s a knock detecting lock made by inventor Steve Hoefer. It detects a knocking sequence and unlocks a door when the knocking is produced correctly.

This is a really cool idea for a micro-controller. This is definitely thinking outside the box as far as security goes. I think using it would seem so natural. Also I think the benefit is that your knock could be complex, but somewhat easy to remember. Could you imagine somebody trying to crack it by standing there knocking a long time? I don’t, plus they would be likely to get unwanted attention.

What do you think about this innovation? Do you guys think it’s practical for use?

link for info on how to build: http://projects.grathio.com/2010/05/project-secret-knock-detecting-lock.html

Evil-VNC: A VNC Server Injector

There has been countless trojan/back door viruses made over the last decade, some more complex than others, but all unnerving nonetheless. There is one in particular though that I’ve always found to be a good example of how hackers can sometimes run ideas off of normal legitimate software.

Back in early 2000 remote access software known as RealVNC was released. Since then it has become widely used by many people. Basically it allows a computer to be remotely controlled by another computer. The server part is installed on the remote computer and then the computer accessing it would use the client part. RealVNC is meant for legitimate purposes. It doesn’t really present a security threat since it requires the cooperation of the remote computer and can have a password set for the server.

An example screenshot running of the client viewing two other remote computers:

In around 2004 a hacker known by matiteman created a vnc server injector. He named it Evil-VNC. It can secretly install an vnc server on remote host and run it automatically. The victim would not see anything or even know it would be running. After installation the hacker would be notified immediately by the server with the remote ip and password for connection sent to a preset cgi or php logger.

When it was first released it only had few features, but eventually was updated to include a whole bunch more, like even file transferring and built in file binding.

The hacker can use RealVNC client to view his victims, but since the Evil-VNC server features a JavaViewer Applet, it allows for remote control without any viewer application. This means the hacker could use any computer that has an internet browser with java and watch/control their victims from there!

Although Evil-VNC is well detected by anti-viruses nowadays, it’s source code was released. Thus anyone with the know how could crypt it with a crypter of their own or one that hasn’t been used by other people.

The Ultimate Online Virus/Malware Scanners

Nowadays there are so many ways to help protect yourself from viruses and malware. One way that many people may not have heard about are sites like virustotal.com and virusscan.jotti.org

  

These sites allow you to send a file either through the website or via email and have it scanned quickly by many different anti-virus products, including the best ones out on the market today. Virustotal.com uses 44 different antivirus products. The best part of it is that it is free to use and the results usually come back quick.

Here are the different anti-virus products used by Jotti:

The only drawback though is you can only scan submitted files. Obviously though you’ll be hard pressed to find a more comprehensive antivirus scanner. If you haven’t tried these sites before I suggest you guys try it out. Let me know what you guys think.

Personal RFID Security/Privacy Threats

A relatively new security/privacy threat has arrived in the last decade and it’s due to a chip that can be as small as a grain of sand. They are called RFID chips and are a form of microchips fitted with antennas. They have information stored on them which can be transmitted to an RFID reader. The RFID reader can send out a query causing the RFID tag to return any data it contains. Obviously this brings up big security concerns. The RFID tags are being put in passport cards and enhanced driver licenses that are available in a growing amount of states. Some of these RFID tags have even been found to be readable from a max of about 150 feet away.

When you get an enhance driver license they provide you with a privacy sleeve to keep it in which helps to block the radio signal from the chip getting out, but many people have been found to not use them and if the paper had been crumpled at all it may not even work.

What do you all think of this technology? Are we going to far and potentially exposing ourselves in ways we could have never imagined was possible?

http://www.technologyreview.com/computing/21842/