Hacker 10 – Security Hacker

Category: Security

Computer Security

  • Review Mozilla Persona authentication system

    Review Mozilla Persona authentication system

    Mozilla Labs, the makers of Firefox browser and Thunderbird, have come up with an experimental browser based single login system called Mozilla Persona. After a user has verified his email address by visiting a link sent to his inbox he can claim ownership and use that email address and a chosen password to login at any site supporting Mozilla Persona, very few at the moment, you will know if a site supports Mozilla Persona when they show the logo.

    The main advantages of Mozilla Persona are that it saves surfers from having to remember dozens of different usernames and passwords across sites, it does not leak information to the website you log in and it works across browsers, site authentication only needs Javascript enabled to work .

    The Mozilla Persona website is used as authentication backend server holding user’s email details, but anyone can run their own verification server, Mozilla Persona is a decentralized login system. When a user logs into a Mozilla Persona identity provider a set of public/private encryption keys will be created inside the browser using javascript, the public encryption key is then sent to the Mozilla Persona identity provider where it will be used to sign an identity certificate before sending it to the user’s browser for storage.

    Any website requiring a user to login using Mozilla Persona will use javascript to prompt the user if wishes to login, if he agrees the browser will send the previously stored browser identity certificate, digitally signed with that user’s private encryption key, the login server will verify the signature asking the Mozilla Persona identity provider for the user’s public encryption key, making sure the digital signature is valid.

    The disadvantages of Mozilla Persona are that websites need to support it and since many already support OpenID, Google Account login, Twitter and Facebook connect, they will be wondering if they really need to add even more login plug-ins, another downside is that if your Mozilla Persona provider goes down you will be unable to login to dozens of sites. This is what happened to my OpenID provider some time ago and it was then that I made the decision not to use OpenID anymore, failure of the authentication server or a denial of service attack against the server constitutes a huge risk.

    How Mozilla BrowserID works
    How Mozilla Persona works

    Mozilla Persona vs OpenID

    OpenID is a more seasoned one click authentication system that shares some common ground with Mozilla Persona, both systems need a single username and password to login across multiple sites and act like a third party authentication server working across browsers, the main differences are:

    • Mozilla Persona does not involve the identity provider in the login process whereas OpenID identity providers are part of the authentication process, this means that OpenID identity providers are aware of  the sites you are a member of, Mozilla Persona protects your login activities from identity providers, OpenID does not.
    • Mozilla Persona has been designed to tightly integrate with the browser with the login process taking part within it, a Firefox add-on is in the making, OpenID redirects you to a website for the login process to take place.
    •  Mozilla Persona always identifies users with their email address, OpenID authentication process does not always implicate a user email address.

     Conclusion Mozilla Persona

    I fail to see how Mozilla Persona is any better than a password manager, Mozilla Persona simplifies login across multiple sites by only needing a single password and a password managers will automatically fill in your username/password, not having to type it in, all you need to know is the masterpass, just like with Mozilla Persona ID.

    Mozilla Persona can be a good replacement for those endangering their privacy using Facebook connect and Twitter accounts to login at other sites, by using Facebook connect you are giving third party companies access to private data,  Mozilla Persona, like OpenID, will stop that, but I am not seeing myself using Mozilla Persona any time soon.

    I am very happy with my offline password manager and I believe it is a much more secure login system than using a server that I have never seen or audited to manage my login credentials for dozens of sites.

    Note: Mozilla Persona used to be called BrowserID, this post has been updated accordingly.

    Visit Mozilla Persona homepage

  • Delete locked files and folders with FilExile

    Delete locked files and folders with FilExile

    Windows File Protection (WFP), first introduced with Windows Millennium, (Windows Vista uses something called Windows Resource Protection) is a built system that detects the replacement and overwriting of system files, caused by malware or badly written software, if system files where to be erased it would cause continuous operating system crashes and even prevent it from booting up. Windows File Protection can not be turned off by users (unless using a kernel debugger).

    After uninstalling a program you will find junk files left behind due to a substandard uninstaller, many times those files can not be manually erased with Windows complaining that they are locked, another explanation for locked files is corrupted files or changed file permissions, it is also possible that folders pointing to an invalid name or to an extremely long path can give you an error when you attempt to erase them, and there are malware files locking themselves in to prevent you from erasing infected files.

    FilExile erase locked files
    FilExile erase locked files

     Erasing locked files

    FileExile is an easy to use open source program that will get rid of hard to erase folders and files, all you have to do is to locate the hard to erase file or folder, select it and click on “Delete“, you will not even need to reboot your computer. FileExile allows you to log all operations to keep track of what has been erased.

    I have also managed to erase locked files using a simple secure data shredding application this gets around Windows File Protection most times and circumvents Windows recycle bin.

    Visit FilExile homepage

  • Track changes in computer files with WinPatrol

    Track changes in computer files with WinPatrol

    This lightweight system monitoring software (802Kb) supervises the programs running in your PC, it will create a snapshot of the critical files in your operating system and warn you if anything has changed, it uses heuristics, based on file behaviour, to detect zero day attacks. WinPatrol has a tabbed easy to navigate interface. Inside the “StartUp Programs” tab you will see a list of the software that starts at boot time, double clicking on any of  the program names will give you further information on them, with another click you can disable a start up program or decide to delay its launch, this can speed up your Windows boot up time.

    WinPatrol will stop changes without your permission in the registry, scheduled tasks, IE Addons, ActiveX controls and more, hidden files will be exposed and if a program has changed a file association, WinPatrol can restore it. Unlike other antispyware software WinPatrol does not scan your hard disk for malicious files it monitors the system files behaviour instead, this will minimize conflicts with other computer security software you are running. WinPatrol also has a privacy feature to stop Internet tracking cookies allowing you to manage your cookies and erase them based on cookie name using keyword filtering.

    WinPatrol system monitoring tool
    WinPatrol system monitoring tool

    If you suspect you have malware in your computer or notice a sluggish PC, you can use WinPatrol to look at the software running and kill unwanted background processes, WinPatrol it is a good complimentary tool to stop malware. Together with a good antivirus and firewall, this software will help you control how your computer system files work, some of the features like real time monitoring and access to a database with information about cryptic files and what they do are only available with the non free Plus version of WinPatrol.

    Visit WinPatrol homepage

  • Learn computer forensics with OSForensics

    Learn computer forensics with OSForensics

    Computer forensics is a branch of digital forensic science associated with investigations to recover, identifying and analysing data stored in digital devices (PC, iPhone, CDs, etc), the process a computer forensics investigation follows resembles that of data recovery but the evidence is subject to guidelines to document an audit trail and preserve the extracted data so that it can be used in a court of law if necessary.

    Computer forensic experts are the people who have been trained in extracting and analysing evidence from digital media , a computer forensics expert should be able to tell what happened, how it happened and who/what was involved, computer forensic experts take part in child pornography investigations, identity fraud cases, malicious hacking incidents, etc. To become a computer forensic expert it is necessary to have a background in computer science, some universities offer certification in computer forensics, you will also need work experience as a computer forensics analyst or IT Security (i.e. internship).

     How to Perform Computer Forensics and Data Recovery

    OSForensics is a collection of computer forensics tools, some of them used by law enforcement, providing you with information about computer configuration and activities.

    After creating a case with OSForensics you will be able to see the computer’s recent activities like connected USB devices, recently browsed websites or downloaded images, another option allows you to recover passwords stored in the browser, if a file has been erased by Windows this forensic tool can recover it as long as it has not been overwritten, a time line lets you see a graph with a good overview of what and when it happened, the results can be exported in CSV or HTML format for further processing, e.g. printing, email.

    OSForensics free computer forensics software
    OSForensics free computer forensics software

    The OSFMount tool allows you to mount all kind of disk images ( .iso, .bin, .nrg, .sdi, .vmd,etc) and view them without having to burn it to a CD-Rom. The Mismatch File Search tool can scan the hard disk searching for files which default extension has been changed in order to disguise them, for example renaming a .jpg file as .txt (which can be reversed), the Mistmatch File Search tool will look at the file headers bytes where the file type is specified and make sure it corresponds with the file extension it represents.

    The Memory Viewer allows you to view the computer RAM memory running processes while the computer is on, useful to find malware in RAM if you detect anomalies. Another very useful feature is the indexing of files, OSForensics can search a hard drive much quicker than the built-in Windows search and show a preview with thumbnails inside a pane. Keyword and date filtering search are on the menu just like email messages indexing, Microsoft Outlook, Thunderbird, Windows live mail, Eudora and many others are all supported (.pst, .mbox, .msg, .eml, .dbx), email message headers with the sender’s IP, can be viewed.

    OSForensics can run on a live system but a real computer expert will avoid doing so until the hard drive has been cloned first, a running operating system changes data while functioning, e.g. timestamps, running malware, logs. The first thing a computer forensic expert does before seizing a compromised system is to pull the machine’s plug off the wall to cut the power as logging off a computer using the shut down process will modify many logs and processes.

    OSForensics free version main features

    • Memory viewer and dumper
    • Raw disk viewer
    • Verify & create hash values
    • Disk imaging & drive zeroing
    • Install and run from USB stick
    • Collect system information, settings, environment

    This free forensics software can be copied to a USB device to be used onsite, it will make for a good tool in triage cases quickly determining if a digital device has anything of interest that justifies taking it away to the lab. OSForensics makes for a great appliance for those wanting to get in the computer forensics field and learn on their own, the free version has some missing features but still useful.

    Typical law enforcement agencies computer forensics software like Encase is much more complex to use, with no free version and very expensive for an individual, beginners should start learning with a cut down version such as this one.

     Visit OSForensics homepage

    Note: You can download example rainbow tables and hash sets from the OSForensics website (password cracking).

  • Digitally sign your documents with SignNow

    Digitally sign your documents with SignNow

    SignNow is a free service allowing you to digitally sign a document online, it doesn’t require any registration or download making the process quick, it works with all major browsers, you can digitally sign a document using the iPhone and Android phone too, the site uses a SSL digital certificate for encrypted communication with the browser stopping third parties from eavesdropping on the uploaded document, documents are not stored and automatically erased after 30 minutes once they have been digitally signed.

    When you have uploaded the document you would like sign, PDF preferred, you will be able to create a signature with your mouse or touch screen and select the font to be used (typeface mimicking handwriting), the date will be added to the signature. If you need someone else to add a signature to the document you can choose to “Invite a signer”, that person will receive an email with the document for them to follow the same process, a sticky note with instructions can be added to the signed document.

    Are digital signatures legally binding? 

    Electronic signatures are legally binding at the very least in the US and European Union, as far as the courts are concerned there is no difference in between between a digital signature and a handwritten signature with ink on paper, with some exceptions, the US Electronic Signatures Act of 2000 mentions that the creation of wills, testamentary trusts, divorce, adoption, family papers and the like are not acceptable signed on its digital signed form.

    SignNow digital signature online
    SignNow digital signature online

    Digitally signed documents will save you money in the form of time and help the environment, document management and storage will be easier, SignNow offers extra features paying a fee, there are other similar companies offering paid for digital signing of documents, like echosign and docusign, they are more appropriate for business dealings, a digitally signed document includes the date it was signed and it is tamper proof, most services allow for timestamp settings where you can specify the organization and add some company logo or watermark.

    Visit SignNow homepage

  • How to detect and remove rootkits with Gmer

    How to detect and remove rootkits with Gmer

    A rootkit is a collection of malicious programs that allows a cracker access to your computer with administrative rights, typical rootkits consist of spyware and trojans that monitor your computer traffic and log keystrokes, sophisticated rootkits can alter log files, erasing traces, combined with other malware, rootkits have the ability to attack other computers in the same network and the Internet.

    Rootkits can hide inside the operating system kernel, a bridge that is used to process data in between software applications and computer hardware, being very hard to remove using conventional antivirus software, the best way to prevent rootkits is to run an updated antivirus and good firewall to prevent them from installing in the first place.

    NOTE: Not all rootkits are malware, a small number of legitimate applications use rootkits, like for example DVD driver emulation software that allows the user to play a game without the physical DVD-rom inside the optical drive.

    How to uninstall a rootkit

    When a malicious rookit has already been installed in your computer, there is no guarantee that it can be removed without formatting and reinstalling the operating system, the only way to try and delete a rootkit is by scanning the operating system with a specialist rootkit removal utility and hope it will be picked up.

    A rootkit detector compares different parts of the operating system (files, processes and kernel hooks), hoping to find a mismatch, after discounting files legitimately hidden by the operating system it narrows down the list of the possible rootkits.

    Gmer rootkit removal software
    Gmer rootkit removal software

    How to use Gmer

    This free rootkit removal tool will scan your computer and list running processes attempting to find hidden processes, threads, modules, services, files, disk sectors (MBR), Alternate Data Stream, registry keys, hooking SSDT, hooking IDT, hooking IRP calls and inline hooks.

    Suspected rootkits will be highlighted in red colour, when one is found, you right click on it, choose “Delete” and reboot your computer, if the red item is a service you will have to disable it first using right click, reboot your computer, detete the disabled service and reboot the computer again.

    NOTE: Read Gmer instructions carefully, this is not a click and go program, you need to know what you are doing.

    Visit Gmer homepage

  • How to report spam Emails to ISPs and police

    How to report spam Emails to ISPs and police

    There isn’t a single worldwide organization dealing with spam and fraud email, each case has to be reported to the specific local authorities, if the spam has traveled through various countries it will take the collaboration of various law enforcement agencies to track down its origins, it will be time consuming.

    The number of people that respond to spam and fraud is tiny but even a very small percentage of shoppers out of millions of emails can make money to the scammers, social media is a new opportunity for spammers and they are not missing on it, hacked Facebook and Twitter accounts are regularly used to send spam to everyone on the contact list, spam coming from a trusted friend, whose identity has been stolen unbeknown to them, is more likely to yield results with the victim ending up clicking on any link the message contains.

    Something else with what scammers count is that most people never report a small loss of under $50, they know that it will cost them more money to follow up the case that whatever they can get back, online scams schemes that want want to survive keep themselves under police radar by only stealing small amounts of money, done thousands of times it represents good income, even if they have to refund a couple of people pursuing action in court.

    Report spam emails directly to the ISP

    Spamcop is an effective and well established antispam service, all you have to do is to open an account with them, copy and paste the email you receive on an online form and Spamcop software will find out from the headers where it was sent from getting through the hub of proxies used to disguise the original computer IP that spammers used, Spamcop will also find out the abuse contact email address for the ISP and the website where the spam is being hosted then send an automatic report in a matter of seconds.

    Spamcop report spam email
    Spamcop report spam email

    Inside your Spamcop personal account you can check personal and global spam statistics, like reporting time, country of origin and past reports with dates.

    Visit Spamcop to report email spam

    Reporting fraud and spam email for US residents

    In the United States you can report emails containing fraudulent medical products or services to the Food and Drug Administration: FDA Consumer Protection.

    To report fraudulent investment emails you can do so at the U.S. Securities and Exchange Commission website clicking on the SEC website Tips and Complaints or use the StopFraud website to find the email address where to send a report of more specific financial scams like mortgage or bankruptcy fraud.

    To complaint about general email spam, like lottery scams, use the Federal trade Commission Complaint Assistant to forward them the deceptive email messages, they will store the spam in their database for future legal action, to help the FTC stop people calling you register your phone or file a complaint against companies disregarding the National Do Not Call registry at the DoNotCall website , the FTC also has an FTC Spam tips section with tips about how to avoid online scams and unsolicited email.

    The FBI, National White Collar Crime Center and the Bureau of Justice Assistant have put together the Internet Crime Complaint Center where identity theft, phishing emails and other general cybercrime can be reported, a partnership in between law enforcement agencies and regulatory agencies makes sure online complaints go to the right hands.

    The StopFakes website gives information on Intellectual Property theft and provides with a contact email address where to send questions about what to do when a product is being counterfeited, scroll down and click where on a small button that says “Report IP theft” to go to the US Immigration and Customs Enforcement IP theft online report form.

    To report online crime across borders outside the US use eConsumer and initiative made up of over two dozen consumer associations from all over the world in charge of enforcing fair trade practises.

    Non US residents reporting email scams

    Paypal has set up an antifraud department where you can report suspicious email and start an unauthorized transaction claim.

    The Anti-Phishing Working Group (APWG)  is an organization composed of businesses and law enforcement organisations focused on eliminating identity theft online resulting from email phishing scams, they have a report a suspected phishing website page, all of the emails are compiled into a list and analysed to spot trends and plan countermeasures.

    Free money online scam
    Free money online scam

    Netcraft runs a very complete free antiphishing toolbar that warns you of suspected scam sites giving you vital information about every site you visit like country where the site is hosted, site popularity and risk rating, using the same toolbar you can report a phishing site with just one click.

    Links to report spam (non US)

    • Australians can report spam at the SCAMwatch

    When you report email fraud and spam online do not expect automatic results or even a response, that will depend on the organization taking your report, how serious the case is and how easy it is to follow the trail, many spammers are based abroad and they send emails using compromised computers, the best method to stop spam still is to never buy anything from them.