Hacker 10 – Security Hacker

Category: Other

Other computing tips

  • Review Windows keylogger HeavenWard LightLogger

    Review Windows keylogger HeavenWard LightLogger

    LightLogger HeavenWard is a keystroke monitoring tool marketed to parents to spy on their children computing activities. I was a little surprised that my Avast antivirus did not flag it as malware and allowed me to install it without any warning, only Comodo Firewall asked me for permission to execute the file and make some Windows changes but that is all. If you have administrator rights in the computer where you would like to install this keylogger there will be no problems, Windows uninstall menu did not show the keylogger program and the taskbar did not have any icon, but manually navigating to “Program Files” will show a folder named “HeavenWard/Lightlogger“.

    Screenshots are saved inside a subfolder of “ProgramData“, used by Windows to store application settings, it is not possible for a user to manually navigate there unless you directly enter the path in Windows Explorer toolbar. The keylogger main window can be brought back from hiding using a configurable shortcut, make sure that to install it in your Windows administrator account and not your target’s account, you will be able to spy on computer guest accounts from within your own.

    Windows keylogger HeavenWard LightLogger
    Windows keylogger HeavenWard LightLogger

    The program is very complete when it comes to gathering data, you can see the list of visited websites, typed keystrokes that will include passwords entered in secure sites like email services and social networks, pasted clipboard content, programs run and timed screenshots that can be configured in quality and intervals, captured data is appended with the precise date and time of the event.

    This keystroke monitoring tool could spy on your children’s computer activities as the developer says, the program could also be used against older people with a limited Windows account, but it can not be emailed to anyone, you will need physical access to the computer with administrator rights to install it and anyone with advanced computing knowledge and able to access an administrator account could see the traces left in Windows registry keys if they happen to like playing with it, the program makes no effort to hide its name (LightLogger) and the installation is done in the default Program Files folder.

    I think that you can safely use this keylogger on anyone in the same computer who is using an account without administrator rights and not able to access Windows system files, otherwise, it would be too risky.

    Note: This is not a free program, the trial version will show a pop up window every hour.

    Visit HeavenWard LightLogger homepage

  • Remove Gmail advertisements with Gmelius

    Remove Gmail advertisements with Gmelius

    Gmelius is a cross browser (Opera,Firefox,Chrome,IE) extension to enhance your Gmail interface, after installing it you will be presented with a long list of settings with check boxes to easily decide what your webmail should look like. Other customizable options are removing chat and status of chat contacts, colourize navigation icons, remove People Widget, make header autoexpandable, apply the same font to all inbox messages and add attachment icons, to tweak these settings you just need to check or uncheck a tickbox.

    Gmelius removes Gmail adverts
    Gmelius removes Gmail adverts

    This extension will not stop Google email scanning your messages but by removing the advertisements, besides getting a better Gmail experience, you can get back at Google by depriving them of revenue earned invading your personal privacy. Nearly all free email services display advertisements of some kind but only the most busybody services like Gmail go to the extra length of scanning people’s personal messages.

    If you care about privacy it’s best to use a different email service but if you are going to use Gmail because it has features you can not find elsewhere and you are not encrypting your messages removing advertisement will send Google a strong message about how relevant people think their adverts are.

     Visit Gmelius homepage

  • Computer forensics Linux distribution CAINE

    Computer forensics Linux distribution CAINE

    CAINE (Computer Aided INvestigative Environment) is an Ubuntu based Linux distribution targeted at computer forensic investigators, from law enforcement to private digital investigators. It comes with friendly graphical interfaces for most forensic tools making this OS a good choice for students and computer forensic amateurs, as well as professionals. There is a front end called XSteg for Stegdetect, a tool to detect messages hidden in  images (steganography), dd, a command tool to mirror and restore files can be used with a front end called AIR (Automated Image & Rescue) supporting dc3dd an enhanced dd version that includes features like hashing and zeroing files specially developed for digital forensics by the US Department of Defense Cyber Crime Center. The Sleuth Kit, a set of command line tools can be used in CAINE through Autopsy, a graphical front end that looks like a browser, a command based network scanner called nmap can be used with point and click thanks to zenmap.

    CAINE computer forensics distribution
    CAINE computer forensics distribution

    Once you have finished your work CAINE makes it easy to create a written report as .rtf or HTML. For those who don’t know, unlike .docx or .odf (Open Document Fortmat), .rtf (Rich Text Format), files, although Microsoft proprietary, they are widely supported by most software and do not include metadata.

    Computer forensics live CDs are widely used during investigations because they do not write anything to the host computer, however you should use a widely tested distribution to make sure that it works as expected and do not trust what a community or vendor distribution claims because only wide testing can find out unexpected bugs.

    When you boot this live CD you will be given the choice to install the OS in your hard drive, I would not advise you to use CAINE as your everyday operating system because it comes with very few applications that are not computer related and it won’t be of much for a home user daily entertainment activities. You should not confuse this distribution with a penetration testing operating system like BackTrack, there are no offensive tools included in CAINE and only a few network related tools (WireShark, Cryptcat and Zenmap), CAINE purpose is to perform a post-mortem of a machine after an incident and gather data.

    Home users can use this live DVD to reset a user’s password on a Windows machine with chntpw , recover corrupted data with ddrescue, partition a disk with Gparted, or monitor a hard drive health and temperature with HDSentinel.

    Visit CAINE homepage

  • Steganography and encryption with StegHide UI

    Steganography and encryption with StegHide UI

    StegHide UI is a GUI interface for Steghide, an open source steganography program to encrypt and hide data inside images (.jpeg, .bmp) and audio files (.wav, .au), it allows users to do everything Stegide can do with a point and click mouse saving you the command line learning curve. There is a tab where you can use this steganography tool in command line mode were you to feel inclined to do so, StegHide UI offers you the best of both worlds, a GUI and command line all in one program.

    There is no need for installation, administrator rights are only needed to change the program settings. You can change the default encryption method, an already secure AES128-bit in CBC mode, set the default output folder or change the command line background colour, font and font colour. The only included help manual consists of the command line tab where you can type “help” and get a list of possible commands. GUI operation is fairly easy, to hide and encrypt files go to the “Embed” tab, select the carrier image or sound where to hide the data and the file you would like to hide, enter a password and choose the encryption algorithm and method using a drop down menu.

    Steganography and encryption StegHide UI
    Steganography and encryption StegHide UI

    To decrypt an steganographic message reverse the process using the “Extract” tab, enter the password and choose the output file with resulting extension, you will need to know what type of file is hidden (.txt, .mp3, .jpg, etc) to get the extension right and be able to view it with the correct program. There is a wide range of encryption algorithms available, the safest are AES Rijndael 128/192/256, Blowfish, TripeDES, Twofish and Serpent, other low strength ciphers like Enigma, Gost, CAST128/256 and Arcfour are included too.

    If you would like to defeat steganalysis, the art of detecting hidden data inside files, make sure to securely erase the original file, comparing two files side by side and looking at their differences it is possible to see that data has been embedded in one of them making the extraction easier for an attacker, but encryption with a strong password should still stop adversaries.

    Visit StegHide UI homepage

  • Erase hidden data with the Metadata Anonymisation Toolkit

    Erase hidden data with the Metadata Anonymisation Toolkit

    Metadata embedded in a document or media file can tell a lot about its author, creation time and date, original file author and modifications, location on a computer network where data was created, standards used and custom metadata can all be included in text documents, images, PDFs, spreadsheets, video files, music and others, most people are not even aware that they are leaking information in the documents they publish on the Internet and free tools like Metagoofil, included with Backtrack, can easily extract this metadata and expose who is behind certain document or image and where and when it was taken.

    Supported file formats

    – Portable Network Graphics (PNG)
    – JPEG (.jpeg, .jpg, …)
    – Open Document (.odt, .odx, .ods, …)
    – Office Openxml (.docx, .pptx, .xlsx, …)
    – Portable Document Fileformat (.pdf)
    – Tape ARchive (.tar, .tar.bz2, .tar.gz)
    – ZIP (.zip)
    – MPEG Audio (.mp3, .mp2, .mp1, .mpa)
    – Ogg Vorbis (.ogg)
    – Free Lossless Audio Codec (.flac)
    – Torrent (.torrent)

    Tails Metadata Anonymisation Toolkit
    Tails Metadata Anonymisation Toolkit

    The Metadata Anonymisation Toolkit will remove all metadata in files leaving it empty, however watermarks or steganographic tags won’t be removed but unlike metadata being added by default by many utilities, like Microsoft Office adding author name and smartphones adding GPS coordinates in photographs, watermarks are not usually inadvertently added and the original author will likely be aware of their existence, often inserted to track down forbidden sharing of confidential documents or pre-release movie versions. Summing up, MAT will protect you from accidental metadata leakage but not from customized metadata specifically included to track down the author.

    This software can be found in Tails, JonDo Live-CD and Debian Linux, if you need a Windows or MAC tool check my list of programs to edit Exif data.

    Visit Metadata Anonymisation Toolkit homepage

  • Hardware encryption adapters Enova Enigma vs CipherUSB

    Hardware encryption adapters Enova Enigma vs CipherUSB

    These encryption adapters are not to be confused with encrypted USB thumbdrives, the dongles do not store any data themselves, they are are simple hardware devices with a cryptochip to perform the encryption process making data only accessible using the dongle.

    The USB ciphering dongle sits in between a USB host (desktop computer) and a USB device (thumbdrive, external HDD, blu-ray, etc), encrypting all data going through it before writing everything on the external device, there is no need to install drivers and no software is involved, encryption is hardware based with little performance issues, the dongle will work in any operating system.

    In addition to desktop computers these devices can be used to encrypt data in tablets and smartphones as long as a USB port is present

    Enova Enigma USB

    NIST (National Institute of Standards and Technology)/CSE (Communications Security Establishment) certified, using hardware AES-256 ECB/CBC encryption strength. Data written to the USB drive through the Enova Enigma dongle is automatically encrypted and decrypted when read out from the drive, requiring no additional hardware or software.

    Enova Enigma USB encryption dongle
    Enova Enigma USB encryption dongle

    It works in Windows, Mac, Linux and Android but configuration can only be done in Windows and data can not be encrypted in place you will have to start from zero wiping everything. USB3 compliant, there is more than one model,  AES128/256bit in ECB or CBC mode, Cipher Block Chaining with AES256 is the most secure dongle, all models are strong enough to withstand state sponsored attackers but AES256 in CBC mode should buy you more time in case of future cryptographic breakthroughs.

    A recovery password of up to 32 characters can be set up and used if you lose the device. A “Write-Protect” function protects the USB stick from malware infections, FIPS 140-2 certification of the crypto module is in progress.

    Visit Enova Enigma homepage

    Addonics CipherUSB

    Hardware-based, FIPS-certified AES 256-bit encryption, strong enough to protect top secret information in Government agencies, it does not require software or driver installation, operating system agnostic (Windows, Mac, Linux, Solaris, BSD), it can encrypt Blu-Ray, DVD or CD discs using an external burner connected to the dongle.

    It is not possible to encrypt content already in place, you will have to format the drive first and restore the data.

    Addonics CipherUSB encryption adapter
    Addonics CipherUSB encryption adapter

    CipherUSB can be daisy-chained, if you insert two or more devices together to encrypt a drive it will be impossible to decrypt it again unless it is using the same two chained devices, this allows you to split the decryption keys in between more than one person.

    The enclosure is made of plastic but tamper resistant, preventing opening of the unit without destroying the plastic housing, a power/activity LED will show that everything is working as expected. There is no backdoor but you have the option of inserting a recovery password of up to 32 characters long, if you lose your device you can buy a new one and decrypt the data using this recovery password, if you do not set it up the data would remain undecipherable.

    CipherUSB can be used for full disk encryption, including the Master Boot Record, encrypted disks will show as blank when viewed.

    Visit CipherUSB homepage

    Conclusion Enova Enigma vs CipherUSB

    After looking at the specs, both encryption adapters are equally secure, certified and fast, there is little difference in between them, Enova Enigma has the unique “read only” feature that stops malware from installing into the USB but CipherUSB specifically mentions on its page that they have no backdoor, Enova Enigma does not confirm nor deny anything about backdoors, this is an important piece of information that all security vendors should make clearly visible.

    I would probably go for CipherUSB if I had to buy one of them, CipherUSB is slightly cheaper and I would get peace of mind about no factory backdoors included.

  • Brute force a Truecrypt volume with TrueCrack

    Brute force a Truecrypt volume with TrueCrack

    Truecrack is an open source Linux only tool optimized with Nvidia Cuda (Compute Unified Device Architecture ) technology, a computing platform able to process queries in parallel that can be used to crack Truecrypt volumes greatly speeding up brute force attacks, Truecrack will only work if the volume has been encrypted with the default Truecrypt settings RIPEMD160 and XTS block cipher mode based on AES. The software can read a list of passwords from a text file or generate a list of possible passwords from a charset of symbols defined by the user, a dictionary attack of 10,000 possible passwords with a length of 10 characters each will take 11 minutes to execute on an Intel Core i7 computer CPU, the same list of possible passwords in GPU mode (Nvidia Cuda technology) only takes 30 seconds to execute.

    Truecrack will open a Truecrypt volume and retrieve the masterkey from its header section checking the success of the deciphering operation, if the password is right or wrong, querying the true and crc32 fields.

    Truecrack brute force Truecrypt
    Truecrack brute force Truecrypt

    This is not the first tool designed to crack Truecrypt, while Truecrypt default settings are safe, for what I have seen in other similar tools they are all optimized to crack Truecrypt encryption having into account that the user did not change the default cipher (AES) or key derivation (RIPEMD160) and they do not work when keyfiles have been used. Choosing a strong passphrase should stop any brute force attack on your Truecrypt volume but if you would like to play the paranoid card it would be a good idea to change the default settings to something else, like a cascade algorithm, and add a keyfile.

    Visit TrueCrack homepage