Hacker 10 – Security Hacker

Author: John Durret

  • Autonomy Central email encryption and secure notes

    Autonomy Central email encryption and secure notes

    Autonomy Central is a cross platform and portable Java based email service to encrypt email messages, files and notes using 2048-bit RSA key and AES 256-bit, that level of security should stop well funded attackers. Creating an account is a fast five step process for beginners, or you can choose a “Control Mode” for power users giving you more options.

    You will be given a @valeso.com email address that can be used to securely communicate with other users, encryption and decryption will be automatic. If someone is using a Outlook or Yahoo address and does not have an Autonomy Central account, you can send them a Special Delivery message with a link to an online SSL viewer where the recipient can decrypt the information entering the right password that could be transmitted via SMS or phone call.

    Autonomy Central Valeso encrypted email
    Autonomy Central Valeso encrypted email

    Other features of this security suite include a secure notes section where you can keep personal reminders encrypted, and a file storage service that will encrypt any file you drag and drop inside the Window. Data will be stored locally in your computer or in Valeso cloud servers depending on settings.

    Autonomy Central is a highly configurable email service, advantageous for those who like to decide every single detail of their email habits but it could complicated for beginners given how many options it has.The default settings are safe for everyone in case you don’t want to spend time reading the manual or playing around with the software.

    This service could be an alternative to Hushmail, with some  important differences that one should consider, like not being able to use your own encryption keys, which means you have to trust the company behind Autonomy Central, and not being able to use webmail.

    Visit Autonomy Central homepage

    Update 2014: Program no longer supported, link erased.

  • Cypher Bot for iPhone and iPad message encryption

    Cypher Bot for iPhone and iPad message encryption

    Cypher Bot is an encryption app for iPhone and iPad, deploying the bullet proof Advanced Encryption Standard 256 bit algorithm securing files and text. Encrypted messages can be sent via email or SMS and saved to your device with just a couple of taps.

    You can also import files directly from a Dropbox cloud storage account. The app has a very colourful interface, the default makes this security app look like a child’s interface, appropriate for encryption beginners to work their way around but perhaps maybe not so much fun for the serious kind of people, you can choose from six different themes and change it.

    iPhone and iPad encryption Cypher Bot
    iPhone and iPad encryption Cypher Bot

    Usage is instinctive, this is a symmetric encryption program where you have to share the password with the recipient for the other part to be able to read the files. When you send or post a link bearing the format cypherbot:// and that is tapped by someone with the app, it will automatically open with Cypher Bot, you can post those encrypted notes in any social network without message length limit.

    This is an easy to use encryption app with the same downfalls than many of its competitors. Both parts must have the app installed for message encryption to work and it only works with the iPhone, if your partner is on an Android phone you will not be able to securely communicate with him.

    I think that it would be advantageous for apps that only work on one device to have some kind of universal web interface where people can copy and paste encrypted text and read it regardless of what phone they are using, it would not be as secure as device to device communication, but it would better than forcing your friends to buy certain phone brand. On the positive side, there is a Mac OS X Cypher Bot app that is compatible with the iPhone app.

    Visit Cypher Bot homepage

  • Capture DNS queries with DNSQuery Sniffer

    Capture DNS queries with DNSQuery Sniffer

    DNSQuery Sniffer is a free Windows application that captures your computer DNS queries, the program is useful to troubleshoot name resolution complications and check if a domain name is being blacklisted by your ISP DNS. There is no need to install the program, you can run it in portable mode and carry it with you on a USB thumbdrive.

    When you run DNSQuery Sniffer for the first time you will shown the available network adapters in your computer, including virtual host components presented as a separate network cards. Your initial choice of capture options will be set as default, to change them later on you will have to access Options>Capture Options or click F9, there are shortcuts to access many of the functions.

    DNSQuery Sniffer capturing DNS queries
    DNSQuery Sniffer capturing DNS queries

    I recorded my DNS queries while on a VPN and it worked perfectly well. A VPN encrypts data in transit over the Internet but recording takes place before DNS queries leave the router. Another use for this program could be for a system administrator to spy on network users, if you are using a portable VPN on an Internet Cafe, DNSQuery Sniffer is one of the many tools a computer admin can deploy to monitor in real time at what sites you are visiting.

    Some of the details recorded include Host name and port (for example: pagead2.googlesyndication.com:54630), DNS query time stamp, request time and response time, reverse DNS lookup, IPv6 server address, destination IP address and many others. I noticed that most of the requests only show hostname and port, itemised displayed details will depend on what server you visit.

    While I was recording outbound queries on my computer I was able to see Google Adsense and Facebook queries created by the plugins embedded in the website I just visited. Logs can become huge within a couple of recording hours, they can be exported as CSV/XML or HTML file and import them into a spreadsheet for processing.

    This tool will be useful for system administrators. Home users without logging needs might prefer to troubleshoot DNS problems with another freeware called DNS Benchmark.

    Visit DNSQuery Sniffer homepage

  • Firefox addon warns you of NSA PRISM surveillance

    Firefox addon warns you of NSA PRISM surveillance

    Dark Side Of The Prism is a Firefox addon that will show a dark PRISM logo on your screen every time you visit a website that is known to allow gathering of user’s data to the US National Security Agency. The addon will work on a company’s main website and all of its associated services.

    For example, the Bing search engine is included in the list of PRISM websites along with all other Microsoft owned websites because Microsoft was named in the leaked NSA documents listing partner companies.

    Dark Side Of Prism Firefox addon
    Dark Side Of Prism Firefox addon

    This addon is a good way to remind yourself that you are being spied on at all times on the Internet and it will also play Pink Floyd’s aural prism “Dark Side Of The Moon” album while it shows the PRISM logo, different tracks will play on different sites. The looped music can get a little over your head as there is no way to mute it other than leaving the site, Dark Side of the Prism will force you to close the tab and go to an alternative company or you will get stuck with annoying music and a scary black logo.

    The source code is available for review in case you are paranoid and suspect this addon could be another NSA invention to spy on people.

    Visit Dark Side of The Prism addon

  • SSH in your browser with Chrome Secure Shell

    SSH in your browser with Chrome Secure Shell

    Chrome Secure Shell is a terminal emulator, you can use it to access a remote server from within your browser, it replaces PuTTY in Windows and ssh in Mac/Linux computers. Secure Shell can emulate most things any xterm Unix terminal can do. Secure Shell runs hterm, an HTML terminal emulator written in JavaScript, it does not provide SSH access on its own but it can connect to any server running sshd on any port and it will be as secure as ssh. Executed commands are sandboxed inside the browser, this stops malware from spreading to your computer.

    Combined with a shell account the Secure Shell Chrome extension could be used to bypass Internet filtering. With sparse Linux command line knowledge it is possible to launch the Lynx browser in the remote server and access filtered websites, or use the Alpine email client or irssi IRC client within the shell.

    Chrome Secure Shell SSH
    Chrome Secure Shell SSH

    SSH server login might be accomplished with the traditional username and password or the much more secure digital certificate authentication system, this makes credentials theft very laborious. You can change shell settings like font size, cursor blinking and font colouring with some tinkering and spending time reading Secure Shell help file.

    A few native terminal features missing are X11 forwarding, SFTP to upload or download files, Syslog (data logging for auditing) and you can’t call multiple terminals but you could obtain a background process running in the shell account with the screen command for multi tasking.

    It would not make sense to have this extension in a Linux computer, since all Linux OS come with a terminal. Windows users are the ones who should be thankful that there is no need to install CygWin any more in their computer, Secure Shell brings simple Unix access to the browser,

    Visit Chrome Secure Shell

  • Encrypted chat in Apple iOS with iCrypter

    Encrypted chat in Apple iOS with iCrypter

    iCrypter is a small encryption app for Apple iOS (iPhone, iPad, iPod Touch). With this app you can write or paste messages inside a window and attach any file you like, from photos or videos to documents, after that you will be asked to enter a password to scramble everything. The encrypted message can be distributed via SMS, WhatsApp, Facebook, Twitter, Skype, iMessage and the like.

    The password you used for encryption is stored in the built-in Contact Book which is also encrypted, to start a secure chat session the password is shared with other participants, when someone with iCrypter installed clicks on an incoming message decryption will initiate automatically.

    iCrypter Apple iOS encryption
    iCrypter Apple iOS encryption

    iCrypter uses symmetrical cryptography implementing the Advanced Encryption Standard 256-bit algorithm, a US National Security Agency algorithm approved to secure top secret information. Data encryption takes place in your phone before being transmitted, there is no central server that could be wire tapped to read your messages or any kind of backdoor subverting the software.

    To protect your information if the device is lost or stolen, a self-destruction function called “Fail Safe” will wipe all iCrypter content, bookmarks and settings, overwriting data with the US Department of Defence 5220.22-M E method after entering the grid application password wrong five times. The encryption algorithm source code put in action by iCrypter can be downloaded and is available for inspection.

    This is an effortless encryption app to operate, with an easy to navigate interface, the only downside is that people you communicate with needs to have iCrypter installed too and the app is not available for Android yet, a future Android release is planned for this year.

    Visit iCrypter homepage

  • Encrypt data in Android with Secret Space Encryptor

    Encrypt data in Android with Secret Space Encryptor

    Secret Space Encryptor is a cross platform tool made up of a password manager, message encryption to encrypt text, and file encryption to password protect photos or videos. Each function can be configured in settings to apply a different cipher algorithm, Secret Space Encryptor comes with a wide range of ciphers: AES-256bit, Blowfish-256/448bit, Serpent-256bit, Twofish-256bit and Gost-256bit.

    File encryption will preserve timestamps and associate .enc files with the utility, the password manager can classify data inside coloured folders and back everything up exporting it to an encryped .pwv file that can be later imported back or save it unencrypted to an .xml file, a standard format to import data into other applications like a different password manager.

    Secret Space Encryptor Android
    Secret Space Encryptor Android

    You will find other embedded privacy utilities like a clipboard cleaner, algorithm benchmark or customizable password generator. The software is very complete and open source, giving you some guarantee against backdoors, amazingly this free app has no advertisements or nagging screens, this a very easy to use encryption tool, the software is available for Windows, Android, Linux and Mac OS X, there is a java version of the program that runs on any OS with Java installed.

    Visit Secret Space Encryptor homepage