Category: Security

Computer Security

Review US anti-censorship proxy FreeGate

Freegate is a proxy software to enable people living in a country that censors the Internet to circumvent ISP filtering, it is one of the most used proxies in China and it is hosted in hundreds of dynamic mirrors to outsmart the Chinese authorities, you can also request a download link emailed to you as FreeGate website is obviously blocked in China. The proxy was initially created by Falung Gong followers (a spiritual discipline banned in China), developed and maintained by Dynamic Internet Technology Inc. and it receives funding from non-profit American organizations, including the US Government.

The project uses Hurricane Electric servers in California, you will get an US IP in that state when you use it, I had no problems watching Hulu (restricted to US residents) and listening to Pandora radio with FreeGate, at the time of my testing I was getting 1.5Mbp/s download speed, enough for video streaming, there are various servers available, all of them in the US, it is easy to switch in between them. The software interface looks outdated but is easy to manage, it contains a few extra options like erasing Internet Explorer history when the program exits and setting up a list of websites to connect directly without using FreeGate, it comes preconfigured to connect to some of the most popular Chinese websites like Baidu, Taobao and any .cn site without a proxy, a hotkey can be set up to hide/show FreeGate.

Free US anti-censorship proxy FreeGate

The program automatically opens up Internet Explorer after executing it, it is possible to configure it with other browsers but it requires some manual tweaking changing the browser network settings, or you could download Gproxy Firefox addon to help you manage and switch proxy settings. There is no need to install FreeGate in your computer, the software will run from inside a thumbdrive with a double click but I was asked for administrator rights to allow FreeGate to pass through the Windows firewall and execute Java.

Using FreeGate will not offer you the same degree of anonymity that the tor proxy does but it is considerably faster, if all you care about is bypassing an Internet filter FreeGate works very well, just remember that it has been designed for users in China, while it works elsewhere the developers are developing this proxy as a China centred circumvention tool and I doubt they will attend feedback from someone in Europe complaining that the can’t watch a US only TV film, this is also not a VPN, the only connection that will go through the proxy is the Internet browsing, all other applications (IM, torrents,SMTP) will be using your home computer IP.

Some people report that the software is flagged by their antivirus, I use AVG antivirus and I did not get any malware warning, the software does not contain any trojan but it works similarly like trojan horses do penetrating firewalls, just make sure you download it from an official link. FreeGate is a good tool to have if you are going to travel to China or any other country with Internet censorship, like Iran and Vietnam.

Visit FreeGate homepage

16 July, 2012
Convergence, a digital Certificate Authority replacement

Convergence is an open source project that wants to replace Certificate Authority organizations issuing standardized X.509 digital certificates and confirm that the company signing it is who they say they are, for which a fee is normally charged, it can be very expensive to get a reputable Certificate Authority (i.e. Verisign, GeoTrust) that is included in all major Internet browsers root to confirm your identity. There has also been instances in which a Certificate Authority has been hacked by criminals, and likely nation states, to sign their unauthorized digital certificates with the own CA private keys allowing them to launch man-in-the-middle attacks against which the user has no defense.

It is possible for someone to create a self-signed digital certificate, or buy a cheap one from a small Certificate Authority, but this will cause the Internet browser to beam a security warning during the SSL handshake and it easily scares off people not familiar with computer security.

Convergence P2P digital certificate authority replacement

Convergence allows people to configure a dynamic set of notaries that use the whole network to validate the communication, instead of having someone else telling you who to trust a whole set of users decide who is trustable.

Anyone can run their own notary, the notary trust level can be set by the whole network of multiple notaries, information exchange is immediate and hides the user IP address, Convergence intends to eliminate the problem that comes with blindly trusting a single Certificate Authority and places trust in the hands of the whole community using the notaries network to check a digital certificate history before validating it, for this to work it will be necessary a large number of notaries.

Visit Convergence homepage

Note: Only available for Firefox users as an addon.

5 May, 2012
DeOps, a secure decentralized Instant Messenger
DeOps, Decentralized Operations, is a Windows P2P instant messenger for secure file sharing and chatting, unlike Windows Live Messenger or Yahoo! Messenger there is no central registration server where to recover data from, all of the settings are locally stored in your computer, communications are P2P and ports are chosen at random to avoid traffic fingerprinting. The messenger, a small 3MB download, doesn’t have to be installed,it can be run from inside a USB thumbdrive or encrypted container, copying the profile there will move all of your settings along the way. I noticed that Windows Firewall blocked me when I launched the application asking for confirmation that I wanted to grant Internet access to DeOps this means that in guest computers you might need administrator rights.

After launching DeOps you can create a global ID and secret passphrase for your organization, DeOps calls every separate P2P network an “organization“, each one of them can contain multiple chatrooms and groups. A deops:// link composed of a long alphanumeric string will be created for your group, you can copy it to the clipboard and share it publicly or in private with prospective members, to join your new darknet people will need to know the passphrase together with the link, the passphrase can easily be changed by the group founder in the settings.

If you want to join an existing organization open a .dop DeOps Identity file or copy and paste a deops:// link inside the Join Organization window.

Decentralized P2P IM DeOps

To add buddies to your IM list copy and paste their personal deops:// link inside the add window, to share files with everyone in the group place them inside “My Shared Files” area where they can be marked as public to be found by anyone using DeOps or private to be shared with darknet friends only, it is possible to copy and paste into websites a unique deops:// link of each file to be downloaded by other people using the same P2P messenger, the files you are sharing will only be available while you are online, file transfers are automatically swarmed (multi-sourced) when multiple people are downloading the same file.

DeOps organization types
- Public: Anyone can join by entering deops://orgname
- Private: Only those invited can join, utilizes the lookup network to aid in finding new members.
- Secret: Same as private except the look up network is not utilized. Best for large networks and LANs.
You can find the usual IM settings like ignoring people in the network or set your status to Available, Away or Invisible, advanced options have diagnostics to automatically configure your router opening the necessary ports, successful network connection is displayed with a green bar. The tools section includes a bandwidth graph, crawler, lookup, file transfer status, technical logs (called Internals), data packets details and a searcher to find users and organizations that have chosen to go public, the help manual is very basic and has not been finished yet.

The software includes a DeOps Internet simulator able to create dummy users and networks for troubleshooting, I did not experience any kind of problem and had everything set up in under 5 minutes. The weak spot of this software is that you are not anonymous, no measures are taken to hide your IP from other users, if someone you are communicating with is not who you think they are (infiltration, kidnapping), your real identity would be compromised.

Visit DeOps homepage

Note: This software development is on-going.
2 May, 2012
Share encrypted messages on social networks with Privly

Priv.ly is an open source project that allows you to communicate with others using the site of your choice while denying that site access to your data, everything is encrypted and shared through a link, the site can not be forced to reveal data it doesn’t hold and data retention won’t matter, by posting your messages through a link Google+, Twitter or Facebook will never have access to your private data. The messages will be automatically decrypted by people using the Privly browser addon making the process easy an automatic for everyone, only users whose public encryption key has been used to encrypt data will be able to read the message, it is possible to revoke access to a single user by not using his key and the content on the server can quickly be destroyed or changed.

At the moment Privly servers host the encryption keys to automate decryption and the extension pulls the encryption key and content off the server after your friend clicks on a Privly URL link, this makes the central server vulnerable to attack, there are future plans to change it by creating a P2P decentralized storage system making impossible even for Privly staff to read your messages, another vulnerability that the developers are working on is preventing the browser from caching encrypted messages.

Social network encrypted messages Priv.ly

Privly is an asymmetric public/private encryption key system, you could do this yourself encrypting your messages with PGP/GPG before posting them to a social network, Privly advantage over manual encryption is that it saves people time and makes the process easy by only needing a browser addon, their central delivery server also makes it possible to change or destroy a message after posting. You could try to achieve the same result using a self destructing messaging system but few of those services, if any, is open source. Privly is a good initiative to stop abusive social networks data retention policies and to stop censorship from software scanning the Internet for keywords.

The key for Privly to work is adopting a standard that everyone will understand as soon as they see it, in this case a URL, having too many ways of doing the same thing does not help spreading a technology, it all comes down to everyone agreeing on a system. You still have to solve the anonymity side of your messages as your computer IP is visible when you post a Privly link to a website.

Visit Privly homepage

Note: The project is still in development and might not be stable.

7 April, 2012
Free portable antivirus McAfee Stinger

McAfee Stinger does not need installation and can be run from a USB thumbdrive but it asks for administrator rights, this tool has not been designed as a replacement for a fully fledged antivirus, you could use it when you are travelling to check an Internet cafe computer before using it, McAfee Stinger is light on resources, small and fast. After executing it you can select a directory for scanning or scan the whole computer which took me 2 minutes for a 300GB hard drive, McAfee Stinger will scan subdirectories and compressed (.zip,.rar,.7zip) files too, if anything is detected you can choose to repair, rename, delete or report only.

Besides providing protection for travellers using unknown computers this tool can be used as a second opinion if you detect an anomaly, the first thing quality malware will do is to disable your local antivirus, that is why it is important to scan your files with two different antiviruses when something does not add up, as well as checking for outgoing Internet connections.

Portable antivirus McAfee Stinger

This tool scans the boot sector which is where rootkits tend to lodge, processes and registry are also scanned, with an heuristic check which sensitivity can be adjusted from Very low to Very high, the default is Medium. Heuristics is a system to detect antivirus like behaviour, meant to discover zero day never seen before threats. McAfee Stinger comes with a very limited list of virus signatures, around 4000, they can be seen by clicking where it says “List of viruses“, it is mostly made up of trojan horses, McAfee claims that it can remove prevalent Fake Alert malware.

If you suspect your computer is infected you might want to check other software that McAfee’s has on its free tools page AntiMalware section, RootkitRemover and GetSusp, both directed at beginners and easy to use, good computer security is made up of layers, the more passive and active security layers you have the less chances of infection, another choice is to use an online antivirus if you are comfortable allowing access to your files.

Visit McAfee Stinger homepage

16 January, 2012
Uninstall a Windows program safely with iObit uninstaller

iObit uninstaller is a tool to help you get rid of junk left behind by uninstalled programs, some of its advantages over the standard Windows uninstaller is that it will scan the registry and hard drive to find invalid keys and leftover files, allows you to uninstall various program in batch mode using a single click, and it has a “Force Uninstall” mode to eliminate software not listed in the Windows Add/Remove control panel or if the original uninstaller no longer works, however this is not guaranteed to succeed all the time.

It’s tabbed interface classifies installed programs in “Windows Updates” ; “Rarely Used” ; “Large Programs” ; “Recently Installed” ; “Toolbars” and “All Programs“. This makes it very easy to find what you want to get rid of, an instant search box is also included, after using the Powerful Scan you will be presented with all the leftover files found and asked if you would like to erase them, anything you do is logged inside a text file accessible from the menu together with a shortcut to Windows Restore Point to reverse changes, iObit uninstaller will create a restore point every time you use the advanced uninstall mode.

iObit free Windows uninstaller

This program does not need installation and it can used in portable mode, it is a good tool to have for IT administrators, however, it requires administrator rights, unlike some of their competitors iObit uninstaller does not track what changes are made to your computer when you install software, the program is not as complete as Revo Uninstaller Pro, but it is free, if you are having problems eradicating a hard to go program it is well worth a try.

Visit iObit uninstaller homepage

13 January, 2012
Defeat trojan keyloggers with KeyScrambler

A keylogger is designed to capture every single keystroke you enter on your keyboard, it is one of the most effective ways to spy on someone and steal data, keyloggers are able to capture email passwords, credit card details and encrypted container passwords. The first line of defence to stop a keylogger from infecting your computer is a good antivirus, the second line of defence, once a keylogger has managed to make it into your computer, is to use a virtual keyboard but this will slow you down and is still vulnerable to trojan horses taking screenshots.

KeyScrambler defeats keyloggers by encrypting keystrokes at keyboard level using Blowfish-128bit and an asymmetric RSA 1024bit key, the space key is also encrypted, a malicious trojan horse capturing keystrokes will only manage to gather undecipherable data, there is no need to read anything to use KeyScrambler it allows the user to work as usual with no learning curve, a small green toolbar sits on top of the browser and automatically activates when you enter data confirming that it is working.

KeyScrambler toolbar

This program is ideal for protection against new sophisticated keyloggers not detected by any antivirus in the market, the kind of trojans state sponsored spy agencies use, anyone working in a financial environment should have a tool like this installed in their computer. The application could be improved with some antiscreen capturing feature, passwords are normally behind asterisks, but what you see on the screen could still be read through screenshots. KeyScrambler free version is very limited, it only works with Internet Explorer, Firefox and Flock, any browser addon like Lastpass password manager will also be supported. The paid for version of KeyScrambler version adds East Asian languages input, protects Windows Explorer, Windows logon screen and extra applications like the Opera browser, Safari, Chrome browser, Winrar, Notepad, iTunes, Filezilla, Truecrypt, Bestscrypt, LibreOffice, Skype, long etc .

KeyScrambler does not defeat hardware keyloggers it only starts working once the keystrokes have reached the Windows kernel working at driver level, in order for someone to install a hardware keylogger they will need physical access to the computer, most users are not at this level of risk, I think that this a good tool to have for high security environments.

Visit KeyScrambler homepage

7 January, 2012