Hacker 10 – Security Hacker

Author: John Durret

  • Free personal firewall Privatefirewall review

    Free personal firewall Privatefirewall review

    Privatefirewall is an all purpose firewall with real time monitoring and intrusion detection, unlike Windows firewall that only monitors incoming connections, PrivateFirewall checks and blocks outgoing malicious trojans, in addition to monitoring computer processes and the registry which Windows firewall also leaves out. Privatefirewall is very easy to install working right out of the box after a computer reboot, it integrates tightly in the Windows Security Center disabling the built-in Windows firewall.

    Running two firewalls at once could block some applications inadvertently, it is good practice to only use one, if firewalls rules were to conflict in between them there is no saying on what the network would do, to secure your computer a single firewall and a single antivirus is enough, you could run a hardware and a software firewall but once again, rules could conflict and it would not keep you much safer on the Internet.

     

    Windows firewall alternative Privatefirewall
    Windows firewall alternative Privatefirewall

    Privatefirewall allows you to create a list to blacklist or whitelist (trusted) websites, everything that happens is logged in case you want to look up suspicious activities or just learn what certain installed application is connecting to on the Internet, emails are monitored to detect anomalies, like sending 100 emails in under 5 minutes, a strong indication that some kind of bot is doing that, the firewall rules based filtering allows for customization of individual software blocking Internet access to selected  programs while letting others through.

    Privatefirewall main features

    • Packet filtering supports IPv4 and the new IPv6 addresses
    • Antihacker protection checks software behavior to identify malware activities
    • Email anomaly protection protects against own computer being used for sending spam
    • Advanced application management restricts programs rights, like executing code

    Privatefirewall has a multilayered approach to computer security, it controls the way applications and processes operate in your computer, it detects Windows registry key value changes and stops untrusted executables being launched by camouflaged malware, popping up an alert when that happens, the firewall is lighter in resources than Comodo and ZoneAlarm, very easy to use for newbies, it comes with three preset profiles (home,work, on the road) with semi advanced control management for experienced users, definitely much better than the built-in Windows firewall and free for personal and commercial use, it seems like a bargain, specially indicated for those wanting a firewall for their tablet or notebook due to the few resources it uses and the “on the road” profile for mobile users.

    Visit Privatefirewall homepage

  • HMA VPN user arrested after IP handed over to the FBI

    Cody Andrew Kretsinger, a 23 year old from Phoenix, Arizona (USA) is now facing 15 years in prison after being arrested by the FBI, an alleged member of malicious hacker group LulzSec in which he used the moniker “recursion”, he is believed to be involved in the hacking of Sony Pictures Entertainment servers using a SQL injection to obtain confidential information and post it on the Internet, British based Hide My Ass VPN  handed over his home IP on receiving a court order, according to the indictment Cody Kretsinger Hide My Ass VPN username was “recursion“, the same nickname he used in the hacking group, allegedly he also completely wiped clean his computer hard disk after hacking Sony Pictures.

    On a side note, for LulzSec to launch a denial of service attack against the UK Serious Organised Crime Agency (SOCA) website and use a British based VPN service does not come across as the kind of idea that the brightest candle in the shop would have.

    All VPNs keep connection logs 

    Anyone believing a VPN can be used for criminal activities and get away with it, is living in cuckoo land, all VPNs keep logs, if they didn’t they would not be in business for long, law enforcement or their dedicated server provider would shut down their business, you need to cover your ass and so do VPN companies, legally VPNs do not have to keep any logs but if a VPN is continuously used to commit crimes and they do not take any action to stop it they could be the ones facing court, HMA can track you down if you break the law.

    It is a common misconception that when a VPN claims “we do not keep logs” people assume they can not be tracked down, many users do not realize that there is no need for a VPN to know what sites they visit to track them down, all a VPN needs to protect their own ass is to know the user’s connection and disconnection time, for example if user A has been using IP 1.2.3.4 on Monday 25th Sept. at midnight and a company or LEA claims that IP 1.2.3.4 was used to carry out an illegal action on Monday 25th at midnight, all that the VPN needs to do is to look up who was using the IP at the time, the logs detailing the user bad deeds can be taken by the company owning the server where the hacking/posting occurred.

    What a law enforcement agency, aka LEA, can not do is to pursue a VPN company and ask them what websites have been visited by user A, VPNs do not normally keep that data, it is impossible for the FBI to go on a  fishing expedition asking for a user Internet activities hoping to find something illegal, if the FBI asks for a VPN company logs, they already have evidence that a crime was committed otherwise no subpoena could be issued.

    The next time you see a VPN claiming that they do not keep logs, always assume they are talking about visited websites logs, connection logs, the ones used to track you down, are always created on the VPN otherwise it wouldn’t work, privacy is a matter of how long do they keep connection logs for, in HMA VPN case, this can be found in their tiny terms and conditions, it used to be one week, then they changed it to 30 days (without notifying users of this change), then it changed a second time (without notifying users once again) and now it is at 30 days connections logs but do not be surprised if tomorrow this changes without notifying anyone like it has been done in the past.

  • Create an encrypted private chat room with PrivyTalks

    Create an encrypted private chat room with PrivyTalks

    While it is possible to create a private Chatoom online with something like Chatzy or Mibbit, the chat content will not be any more private than a postcard, it could be read by the website operator or someone with a packet sniffer, this can be solved using instant messenger software like Jitsi, supporting end to end encryption, but it requires both users to have the same program installed.

    PrivyTalks lets you set up a private chat room accessible from any web browser or mobile device, not requiring software downloads, the connection with the site is through an SSL certificate and the chat content is encrypted using public key encryption (512bit RSA key). Setting up a chatroom takes seconds, after a single click your Internet browser will generate two RSA keys using javascript, one private encryption key to read received messages, and one public key that will be used by the other user to encrypt chat messages before sending them to you, the whole process takes place in real time with unnoticeable delay.

    Privytalks will give you a personal URL to send to your contact, when they click on the link their own encryption keys will automatically be generated before connecting to the chatroom.

    PrivyTalks encrypted private chatroom
    PrivyTalks encrypted private chatroom

    One great advantage of PrivyTalks is that you don’t need to send any password, eliminating password leakage risk, and it is so easy to use that the average user will not even notice encryption is taking place, a problem I have found when trying to establish encrypted communications is that most non techie users bark at the thought of having to learn a new skill.

    All messages at PrivyTalks are encrypted before leaving the computer, if anyone intercepted them, all they would get is gibberish, in a extreme case where PrivyTalks owners are forced to log chatroom conversations they would not be able to decrypt/read them because all encryption is carried out by the user in his own browser, PrivyTalks only serves as a means of channelling the chat, you can use a packet sniffer yourself and check how everything being sent out is encrypted.

    PrivyTalks will warn you with a sound if someone connects to the chatroom so you don’t have to be looking at the screen waiting for your contact to connect, in case you forget to close down the browser, after 5 minutes of idle time the chat will disconnect itself and the contents cleared, a hashed fingerprint is showed below the chat window, this is to make sure that there is no man in the middle attack, which would change the fingerprint if it happened.

    Every time you connect to a server on the Internet your IP is logged, there is no way around it other than using a proxy/VPN, PrivyTalks does not mention how long for connection logs are kept in the server, you should not treat PrivyTalks as an anonymous chat if you are using your real IP, treat it as a private chat that nobody else can read but may be traced back to you.

    Visit PrivyTalks homepage

    UPDATE 2015: PrivyTalks has been down for a few months, link erased.

  • Test for intrusion detection with Patriot NG

    Test for intrusion detection with Patriot NG

    Patriot NG is a real time monitoring tool keeping an eye on changes in your Windows operating system and network, the program warns you of registry changes, new files in the Startup directory, new users being added, new services, changes in Windows host file, new scheduled jobs, Internet Explorer alteration(toolbars,configuration changes), changes in the ARP table (used for man in the middle attacks), opening of ports by new processes and anomalous network traffic.

    This is a good tool to catch zero day threats, Patriot NG relies on software behaviour to predict if malware is changing files instead of using signature files like antivirus software without heuristics does.

    Patriot NG IDS system
    Patriot NG IDS system

    If you suspect your computer has been infected by a trojan the first thing to do should be detaching your router to stop all Internet access, if someone has managed to infect your computer they can disable intrusion detection tools and send you updated malware via the Internet. After you have disconnected your router an antivirus, anti-spyware and anti-rootkit software should be run in the computer until something is found.

    An Intrusion Detection System (IDS) tool is best used by people with good computer knowledge, newbies might not realise that they are giving access to a trojan horse since malware is normally disguised and named as something else, the user will need to know some basic operating system files (locations&names) to understand what is going on.

    Visit Patriot NG homepage

  • Retroshare P2P encrypted chat and filesharing

    Retroshare P2P encrypted chat and filesharing

    Retroshare is a decentralized open source friend-to-friend (F2F) Instant Messenger tool with group file haring capabilities and encryption, friends need to be invited before they are able to take part in the chat, you can create a group chat using a friends list, in group chats a forum can be used to distribute files in between acquaintances, the files are distributed in a multihop swarm system, even if one person goes offline, the files are still available as they can be downloaded from more than one source in parallel.

    It is possible to post links on a public chatroom, the links are on the form of “retroshare://” and whoever clicks on them will need to have the software installed for them to work, this is an ideal program to securely transfer files in between friends with no central server keeping logs and your private encryption key kept in your hard disk with no possibility of leaking it out. Authentication is done using GnuPG encryption keys (GPG4Win is included in the Windows installer), connection is through SSH and OpenSSL is used for end to end encryption.

    Retroshare encrypted chat and file sharing
    Retroshare encrypted chat and file sharing

    Upload and download speeds will depend on the user’s available bandwidth, file sizes of more than 2GB are supported, a private friend to friend network like Retroshare solves the problem of strangers reporting on controversial files being shared but friends IPs are still visible and if someone steals a members identity the whole network will fall, due to its multiphop nature the original uploader might hide his computer’s IP from the person downloading from him but other people IPs sharing that file in the network will be visble, leading to the original source following them, disabling IP/certificate exchange services improves anonymity.

    You can use Retroshare with a Virtual Private Network (VPN) to hide your real IP and improve your network anonymity, as VPNs are known to keep logs for a shorter time than ISPs do, there are no VPN incompatibilities of any kind, the software is available for Windows, Linux and MAC.

    Visit Retroshare homepage

  • Cloud forensics tool OWADE pulls online services data

    Cloud forensics tool OWADE pulls online services data

    One of the problems that traditional computer forensics has is that lots of information is stored on the cloud, MSN, Yahoo, Skype, Dropbox, GoogleDocs, Facebook, etc, online data is accessible with a court order but that involves lots of paperwork making the investigation more complex with the physical data still unsecured and in some cases with the server located offshore out of local authorities jurisdiction. OWADE (Offline Windows Analysis and Data Extraction), is an open source cloud forensics tool developed by a Stanford University team and launched at the BlackHat 2011 security conference able to extract information from cloud services that a user has accessed in his computer.

    Cloud computer forensics diagram
    Cloud computer forensics diagram

    OWADE can reconstruct Internet activities and search for the online identities that have been used, Encase and FTK (The Forensics ToolKit) can already do this, OWADE advantage is its ability to decrypt files ciphered using the various Microsoft built-in encryption schemes, like Syskey and DPAPI (Data Protection API), OWADE combines its ability to decrypt Microsoft encryption algorithm with traditional data extracting techniques in order to access Skype chat history, decrypt Internet Explorer stored logins & passwords, by cracking the Windows user password, or access  historical Wi-Fi location data stored by Windows, providing a list of access points with dates and times.

    Traditional computer forensics software has a hard time reconstructing cloud services data stored in the hard disk due to Windows scattering everything across multiple files and encrypting some portions. OWADE does not pull data from the servers, the data was downloaded on the hard disk when the user accessed the service, what OWADE does is to search, decrypt and put together all of the cloud personal accounts, logs, logins and passwords that have been accessed.

    This tool is still being developed, an Alpha version (not stable) has been released, and it can only analyse the Windows operating system.

    Visit OWADE homepage

  • Encrypt text files using the AES cipher with Scrambled Egg

    Encrypt text files using the AES cipher with Scrambled Egg

    This open source cross platform program will encrypt text messages using a wide range of algorithms to choose from, AES, Blowfish, ARC2, CAST, 3DES or RSA using your own public encryption key, text compression with Zlib or Bz2 can be performed before encryption.

    Scramble-Egg has a portable version to take it with you in a USB thumbdrive, needing 20MB of space, the software doesn’t need any administrator rights or special plug ins to run, it is an ideal portable encryption tool, the resulting encrypted text can be saved as XML, Json, UU or a .png image, a “No tags” option can be turned on and off depending on if you want the receiving end to know algorithm combination has been used leaving an attacker intercepting the encrypted message wondering what kind of file it is as it doesn’t have any identifying sign giving away what tool has been used for encryption, in order for someone to decrypt the message, besides the password, they will also need to know the cipher combination, if you eliminate tags you will have to inform the receiver about the used combination.

    You can copy the ciphered text and send it by email, paste in a document or post it to a Usenet group, encryption is performed in real time slowing down your computer as you type with the CPU load spiking implementing the encryption algorithm, as soon as you add a character or change some setting you will see the resulting ciphered text straight away on the second pane.

    Scrambled-Egg text encryption software
    Scrambled Egg text encryption software

    For covert communications you could easily embed a small encrypted text message in a webpage HTML code and in the event that anyone looked at the source code, which few people do, they would not be able to work out what the message says or what has been used to cipher it, the advantage of embedding an encrypted message on a website as opposed to sending it is that if the website has lots of traffic, it becomes impossible to know who received/read it.

    The help file is very basic and it could be improved, Scrambled Egg is easy to use but it appears to assume that people using it already understand what each one of the compression and encryption algorithms mean as the instructions do not explain anything about them, I would recommend you use AES for encryption as it is a standard algorithm widely reviewed by cryptographers and regularly tested for weaknesses. My favourite feature is that Scrambled Egg works in Windows, Linux and Mac, this makes it easy for your friends to use this encryption tool regardless of their operating system.

    Visit Scrambled Egg homepage