Author: John Durret

Tor service operator arrested, malware inserted in Tor sites

Freedom Host administrator has been arrested in Ireland, he is currently awaiting extradition to the US, being described by an FBI special agent as “the largest facilitator of child porn on the planet.” Freedom Host was a service inside the Tor network hosting anonymous content that could consist of anything, ranging from leaked documents to hacking tools and illegal images.

Tor Project’s Executive Director has confirmed in his blog that Freedom Host servers were breached before going offline and it is claimed that hidden Tor sites in Freedom Host had been injecting a javascript exploit in an attempt to identify its users. The vulnerability only worked in Firefox 17, on which Tor Browser Bundle is based and is therefore vulnerable, the developers had recently turned on javascript by default in an attempt to make it more user friendly. People using the the NoScript addon or Tails live DVD to access Freedom Host hidden sites should have been protected from the exploit.

Freedom Host Tor operator arrested

OnionNews posters also link FreedomHost administrator with Tormail and a Bitcoin escrow service called OnionBank, those services should be considered compromised by law enforcement as well.

It is important to remember that what has been seized are servers belonging to an individual running various Tor services, this is not a Tor network vulnerability, as long as you did not run the Tor Browser Bundle you should be safe. Hidden sites running on different servers should also be safe, but this sends a strong message that what has happened to one operator might happen to others. The lesson learnt here is that you should always disable javascript in your browser.

More info: Tor Project official blog

5 August, 2013
Hide photos and videos in Android with Sectos

Sectos is a free Android app to hide photos and videos, it is fairly easy to use. After launching the app you select the photos or albums you would like to hide and they will be moved, changing the file so that no app can recognize them as media. A camera mode will automatically hide any pictures you take right away without needing to manually hide them.

The app unlocking code is stored as MD5 hash and photos are secured with what the developer calls a “high-secure algorithm“. I would be wary of using Sectos to hide very sensitive pictures from a resourceful attacker due to lack of app information about what encryption they are using if any. It is impossible to evaluate what they call a high secure algorithm, more specific information is obviously needed to trust something marketed as a security product.

Sectos Android app to hide photos

I liked from this app that it can hide its existence by removing Sectos logo from view and the app can be locked using a PIN or pattern. This stops noisy people from looking about after coming across a photo hiding app, which is very tempting to play with for one too many. Sectos PIN number prompt only becomes visible after dialling a preset number on the phone without that nobody should be aware it exists.

You can back you up your hidden data using the app integrated cloud storage services, Dropbox at the moment and Google Drive support planned for the future. Cloud back up can be set to automatic. If you forget the passcode, it can be reset via email link going to Settings > Privacy settings.

Visit Sectos in Google Play

27 June, 2013
Decentralized payment exchange network Ripple

Ripple is a peer to peer network to trade currencies, at the moment Bitcoins make up the bulk of trading but it can work with any currency and accept Dollars, Yen or Euros. Ripple also has its own native currency called ripples, represented by the letters XRP, ripples do not have to be necessarily used to trade with others, they are there to stop network abuse by imposing a ripple tax on transactions and they could be used for direct trading as a last resort.

Ripples do not need mining, the founding company, OpenCoin, has already premined one hundred billion ripples, instead of creating more units, like the Bitcoin network does, Ripple works the other way around and reduces the fixed number of available ripples by distributing them to others.

An example of a Ripple trade could consist in you loading Bitcoins to your Ripple address (they all start with r and look like a Bitcoin address, example of my public ripple: rpzoTc4YVnRig39MqZqYVM9ae1LhPAnMLj), transfer that money to a different Ripple account and convert it back to Dollars using a gateway. Ripple to Ripple transfer fees are tiny or free, but when you use an intermediary gateway to exchange different digital currencies, the intermediary will charge you for the service, in that sense is not any cheaper than a Bitcoin exchanger.

The gateway software is open source and can be set up by anyone, you can choose which gateway to trust and avoid the nodes you don’t like. Gateways are all connected in between them in peer to peer fashion, transactions should be authorized within seconds.

Advantages of using Ripple over Paypal are that opening an account requires no ID verification, transactions can not be reserved, fees are tiny and it can be used worldwide to buy anything you like without worrying about terms and conditions. The huge disadvantage over Paypal is that unless it takes off, it will not be easy to convert ripples into physical items or hard currency.

A comparison of Ripple vs Bitcoin should not apply here because Bitcoin is a digital currency and Ripple a currency exchange network and payment processor more similar to Paypal or MtGox.

Cryptocurrency Ripple wallet

There are Ripple detractors pointing out that Ripple founders, OpenCoin, keep 20% of the mined ripples for themselves, many Bitcoiners make profit too so I can’t really hold that against them, more worrying to me is Ripple being vulnerable to collapse if the authorities raid all of the trading gateways or they force the gateway operator to allow bugging equipment to be installed in the server. Unlike Bitcoin, where the customer can also be a miner, in Ripple you can’t do anything without a gateway administering transactions.

It is good to have alternatives, and perhaps one could use Ripple to make money transactions harder to track but I don’t see too many reasons to use them over let’s say Bitcoin exchanger MtGox. Even with redundant P2P servers, Ripple is still vulnerable to server seizure, just not as much as a single server system.

Visit Ripple homepage

22 June, 2013
Autonomy Central email encryption and secure notes

Autonomy Central is a cross platform and portable Java based email service to encrypt email messages, files and notes using 2048-bit RSA key and AES 256-bit, that level of security should stop well funded attackers. Creating an account is a fast five step process for beginners, or you can choose a “Control Mode” for power users giving you more options.

You will be given a @valeso.com email address that can be used to securely communicate with other users, encryption and decryption will be automatic. If someone is using a Outlook or Yahoo address and does not have an Autonomy Central account, you can send them a Special Delivery message with a link to an online SSL viewer where the recipient can decrypt the information entering the right password that could be transmitted via SMS or phone call.

Autonomy Central Valeso encrypted email

Other features of this security suite include a secure notes section where you can keep personal reminders encrypted, and a file storage service that will encrypt any file you drag and drop inside the Window. Data will be stored locally in your computer or in Valeso cloud servers depending on settings.

Autonomy Central is a highly configurable email service, advantageous for those who like to decide every single detail of their email habits but it could complicated for beginners given how many options it has.The default settings are safe for everyone in case you don’t want to spend time reading the manual or playing around with the software.

This service could be an alternative to Hushmail, with some important differences that one should consider, like not being able to use your own encryption keys, which means you have to trust the company behind Autonomy Central, and not being able to use webmail.

~~Visit Autonomy Central homepage~~

Update 2014: Program no longer supported, link erased.

21 June, 2013
Cypher Bot for iPhone and iPad message encryption

Cypher Bot is an encryption app for iPhone and iPad, deploying the bullet proof Advanced Encryption Standard 256 bit algorithm securing files and text. Encrypted messages can be sent via email or SMS and saved to your device with just a couple of taps.

You can also import files directly from a Dropbox cloud storage account. The app has a very colourful interface, the default makes this security app look like a child’s interface, appropriate for encryption beginners to work their way around but perhaps maybe not so much fun for the serious kind of people, you can choose from six different themes and change it.

iPhone and iPad encryption Cypher Bot

Usage is instinctive, this is a symmetric encryption program where you have to share the password with the recipient for the other part to be able to read the files. When you send or post a link bearing the format cypherbot:// and that is tapped by someone with the app, it will automatically open with Cypher Bot, you can post those encrypted notes in any social network without message length limit.

This is an easy to use encryption app with the same downfalls than many of its competitors. Both parts must have the app installed for message encryption to work and it only works with the iPhone, if your partner is on an Android phone you will not be able to securely communicate with him.

I think that it would be advantageous for apps that only work on one device to have some kind of universal web interface where people can copy and paste encrypted text and read it regardless of what phone they are using, it would not be as secure as device to device communication, but it would better than forcing your friends to buy certain phone brand. On the positive side, there is a Mac OS X Cypher Bot app that is compatible with the iPhone app.

Visit Cypher Bot homepage

20 June, 2013
Capture DNS queries with DNSQuery Sniffer

DNSQuery Sniffer is a free Windows application that captures your computer DNS queries, the program is useful to troubleshoot name resolution complications and check if a domain name is being blacklisted by your ISP DNS. There is no need to install the program, you can run it in portable mode and carry it with you on a USB thumbdrive.

When you run DNSQuery Sniffer for the first time you will shown the available network adapters in your computer, including virtual host components presented as a separate network cards. Your initial choice of capture options will be set as default, to change them later on you will have to access Options>Capture Options or click F9, there are shortcuts to access many of the functions.

DNSQuery Sniffer capturing DNS queries

I recorded my DNS queries while on a VPN and it worked perfectly well. A VPN encrypts data in transit over the Internet but recording takes place before DNS queries leave the router. Another use for this program could be for a system administrator to spy on network users, if you are using a portable VPN on an Internet Cafe, DNSQuery Sniffer is one of the many tools a computer admin can deploy to monitor in real time at what sites you are visiting.

Some of the details recorded include Host name and port (for example: pagead2.googlesyndication.com:54630), DNS query time stamp, request time and response time, reverse DNS lookup, IPv6 server address, destination IP address and many others. I noticed that most of the requests only show hostname and port, itemised displayed details will depend on what server you visit.

While I was recording outbound queries on my computer I was able to see Google Adsense and Facebook queries created by the plugins embedded in the website I just visited. Logs can become huge within a couple of recording hours, they can be exported as CSV/XML or HTML file and import them into a spreadsheet for processing.

This tool will be useful for system administrators. Home users without logging needs might prefer to troubleshoot DNS problems with another freeware called DNS Benchmark.

Visit DNSQuery Sniffer homepage

19 June, 2013
Firefox addon warns you of NSA PRISM surveillance

Dark Side Of The Prism is a Firefox addon that will show a dark PRISM logo on your screen every time you visit a website that is known to allow gathering of user’s data to the US National Security Agency. The addon will work on a company’s main website and all of its associated services.

For example, the Bing search engine is included in the list of PRISM websites along with all other Microsoft owned websites because Microsoft was named in the leaked NSA documents listing partner companies.

Dark Side Of Prism Firefox addon

This addon is a good way to remind yourself that you are being spied on at all times on the Internet and it will also play Pink Floyd’s aural prism “Dark Side Of The Moon” album while it shows the PRISM logo, different tracks will play on different sites. The looped music can get a little over your head as there is no way to mute it other than leaving the site, Dark Side of the Prism will force you to close the tab and go to an alternative company or you will get stuck with annoying music and a scary black logo.

The source code is available for review in case you are paranoid and suspect this addon could be another NSA invention to spy on people.

Visit Dark Side of The Prism addon

18 June, 2013