Hacker 10 – Security Hacker

Category: Other

Other computing tips

  • US judge orders woman to decrypt laptop or face contempt of court

    In a case that could set a legal precedent, a Federal US judge has ruled today on a long standing case that the defendant Ramona Fricosu, involved in a multimillion bank fraud, must decrypt her Toshiba laptop hard drive of face contempt of court, the woman had argued that exposing the laptop contents to law enforcement by entering her password would violate the Fifth Amendment, right not to self-incriminate, the judge ruling in a 10 page verdict says that the defendant isn’t protected because the  1789 All Writs Act  has been used to require telephone companies to aid in surveillance and can be invoked in forcing decryption of hard drives as well.

    Her solicitor, Phil Dubois, has asked for a stay of execution so that they can appeal and has announced that his client may not be able to decrypt the laptop for any number of reasons although the defendant was recorded in a jailhouse conversation with her ex-husband admitting to having access to the laptop and it will be hard to claim that she doesn’t know the password.

    It looks like the US could become a country like the United Kingdom where refusing to reveal your password to the authorities is already a criminal offence, but while UK laws sets a maximum prison sentence of 2 years (5 years if the case is related to terrorism), in the US people could be held in contempt of court which means an indefinite prison sentence.

    This is not the end of it yet as hopefully the appeal will be granted and could overturn this verdict, once the legal fight has exhausted all possible recourse, US law should soon be clear about if citizens have the right to refuse to reveal the password to their encrypted files or not, at the moment is best to be cautious and assume that sticking a finger up the cops and saying that you won’t reveal the password might not work as expected.

    Note: According to an article in Popular Science, the defendant was using Symantec PGP Desktop full disk encryption.

    UPDATE March 2012: According to an article in Wired, the FBI has now decrypted the disk, they did not disclosure how they did it but the woman’s solicitors points out that possibly the co-defendant has given the password to the police.

  • How to secure your personal data at border crossings

    How to secure your personal data at border crossings

    Border control officers at land crossings and airports in many countries have the right to search traveller’s laptop and smartphones without a court order, that is where your family photos, banking details and list of visited websites reside. Lawyers, doctors and businessmen should also be concerned about this practise, if you care about your privacy here are some tips to protect your digital data from noisy border agents:

    Backup your data: There is the possibility that a border agent damages or seizes your device, always have a backup somewhere else and never take the backups with you, leave them at home. If you need to backup your data at the guess country, i.e. holidays photos, use an encrypted cloud service like SpiderOak or Tresorit, encrypt the and SFTP to your server, or back it up to an encrypted USB thumbdrive and mail it to your home.

    Use whole disk encryption: Whenever it is possible use full disk encryption as opposed to file encryption, there are too many places where the operating system creates temporary copies of personal data to be able to securely wipe everything. If you can get away with using a Linux live CD for your day to day Internet usage this is the best course of action, remove the laptop hard drive or wipe it, with a live CD nothing will be saved to your hard drive.

    Officer searches laptop at border crossing
    Officer searches laptop at border crossing

    The country you visit could have different encryption laws to that of your home country, in the UK for example, it is a criminal offense not to reveal the password to your encrypted files when law enforcement asks for it, the penalty for refusing is up to 5 years in prison. If unsure about local cryptography laws, store your data encrypted on the cloud and take only a live CD with you, download your files only after going through customs and make sure to never save anything as you could be asked for access at any time during your stay or on your way out.

    Smartphone protection

    If you are using an SD card for storage, extract it and wipe the memory card on a PC using specialist software (Eraser, ProtectStar, BCWipe, etc). On Android phones, download the Whispercore app for full phone encryption. Another choice is to use a second phone only for travelling, unless you really need a smartphone abroad, buy a cheap phone and transfer your SIM card there, this should also help you protect against theft by making it less attractive.

    Digital cameras

    Border agents might want to look at your holiday photographs for whatever reason, sometimes searching for illegal pornography or to corroborate that you really have been on a leisure break. There is no easy protection against this other than extracting the memory card, encrypting it and mailing it to yourself, it will help not to look suspicious by coming back from holidays with an empty camera by introducing a second memory card in the digital camera with photos you don’t care about anyone seeing

    The decision on whether to search your electronic devices or not will take into account the countries you have visited, your background (criminal record), how you behave at the border, and the state of alert at the time, electronic devices can also be searched at random or just because the border officer feels like it.

    Border control agents could swap test your laptop for bomb residue, this test is called Explosive Trace Detection and it can be carried out on any piece of checked baggage.

    For further information read the Electronic Frontiers Foundation Guide for Travelers Carrying Digital Devices 

  • Shutdown a computer remotely with RemoteRebootX

    Shutdown a computer remotely with RemoteRebootX

    RemoteRebootX is a portable application to remotely monitor a computer in real time, it can also be used to simultaneously shutdown, reboot, ping or Wake-on-LAN multiple computers, the best part is that it does not need to be installed in the remote computer, simply launch RemoteRebootX and add hosts. A task scheduler allows you to automatically execute actions without supervision, other useful options are retrieving the last boot time of a host, acquiring its MAC address and looking at the drive space information, all of the actions can be done using the interface or right clicking on the computer IP.

    On restricted computers you will be asked to login first before executing any command, using the padlock icon, it will also ask you for the computer Workgroup. This tool can be used by system administrators in conjunction with BatchPatch, a paid for application, to install updates on multiple servers and reboot them simultaneously.

    Computer management RemoteRebootX
    Computer management RemoteRebootX

    RemoteRebootX interface is not as pretty as that of EMCO Wake-on-LAN, another tool to remotely control a computer over the Internet or inside a network, but it has higher capabilities, allowing you to reboot and shutdown computers, which EMCO Wake-on-LAN can’t do, and it can be carried on a USB thumbdrive.

    Visit RemoteRebootX homepage

  • ProxyDNS a cloud based DNS proxy to watch USA TV abroad

    ProxyDNS a cloud based DNS proxy to watch USA TV abroad

    ProxyDNS is a proxy service designed to access geographically restricted services like Pandora Radio, Netflix and ABC. Unlike a VPN where you need to download software, ProxyDNS only requires you to change your DNS settings, their homepage has instructions on where to find them in Windows, Mac and Linux. The DNS could also be changed in your router, which is operating system independent, this kind of proxy works in all operating systems no matter how obscure they are, it can be used with the Xbox and Roku.

    I have been using ProxyDNS for a couple of days and everything works pretty good, I managed to watch CWTV and Hulu series from abroad with no glitches, something to bear in mind is that unlike a VPN, this service has not been designed for privacy, when you visit any website not included in the DNS spoof list, your real IP will not change. ProxyDNS is using a DNS proxy so that when you request page X, the DNS server automatically swaps your IP for one of theirs in the US, this creates a  situation where you can see  your real computer IP on one browser tab and on the other browser tab you can watch an online TV service restricted to USA residents only, you will not even notice the proxy is there.

    Windows DNS settings
    Windows DNS settings

    ProxyDNS is a smart very easy to use solution to access georestricted services in the US, it can access all well known TV and online radio companies, users can request new services are added to their list. The proxy is still in beta, you could have it working in your computer in under 2 minutes with no software download at a cheaper price than a VPN provider.

    Visit ProxyDNS homepage

  • How to find out your router IP address in Windows

    How to find out your router IP address in Windows

    There are many router models out there and the one that your ISP gives to you sometimes does not include the router IP address, they come with an auto installable kit instead.

    Entering a router IP address into your web browser toolbar will take you to the router interface, this is very useful to change the router default settings and others.

    A router IP address can not be changed, this is embedded into the hardware by the manufacturer, a router of the same brand and series will use the same IP, which means that it is not secret, anyone using the same router as you and in range, could connect wireless to your router interface and modify the settings, you should always change the default router password.

    Step 1 to find router address:

    Open Windows run and type cmd.exe OR command.com, alternatively, if you can’t find Windows run search for cmd.exe OR command.com

    Command prompt cmd Windows
    Command prompt cmd Windows

    Step 2 to find router IP address:

    At the Windows command line prompt type ipconfig you will now see your computer Internet IP, IPv6, MAC address and router IP address.

    The router IP address is the IP written right after where it says “Default Gateway” , you can notice in the picture that there are two default gateways, this is because the router is wireless and has more than one connection port, the RJ45 ports belongs to the wired ethernet connection (in this case empty) and the other port is a default router gateway belonging to the Wireless connection.

    ipconfig find router IP address
    ipconfig find router IP address
  • Use JPEGSnoop to discover if a digital photo is real or fake

    Use JPEGSnoop to discover if a digital photo is real or fake

    It is very hard to know by just looking if a digital picture has been altered with a graphical editor or it is being presented on its original and raw format. Digital cameras embed all kind of metadata in the pictures they take, data about data found in the digital photographs inside EXIF (Exchangeable image file format).

    JPEGSnoop is a tiny portable open source program that goes beyond extracting EXIF metadata, this free application can indicate the quality of the JPEG image compression used by the camera saving the file, JPEGSnoop uses the fact that each digital camera has different and specific compression quality levels when taking a picture and it compares that unique pattern against its large database of compression signatures reporting what digital camera or graphical editor was used to generate the image, being able to determine if a photograph is truly original or it has been edited with a graphics editor like Photoshop, software graphical editors unique compression signatures are included too in JPEGSnoop database.

    JPEGsnoop reports countless of other details, EXIF / IPTC metadata, Huffman table decode, quantization table matrix (chrominance and luminance), chroma subsampling, JPEG saving settings, JPEG resolution settings, RGB histograms, etc. People who do not need that technical wealth of information about a digital picture can just skip it and look at the EXIF data instead, which normally includes basics like location, model of camera used and date and time.

     

    JPEGSnoop digital photo forensics
    JPEGSnoop digital photo forensics

    JPEGSnoop can open .jpg, .thm (thumbnail), .avi, .dng (digital negatives), .pdf, .mov and extract embedded JPEG files from within them. If the photograph is corrupted and can no longer be viewed JPEGSnoop will try to recover the photograph thumbnail if there is one. This application can be of great use for home users wondering if that famous celebrity in the digital picture is a fake or real photo and it will also be of use for digital image forensic experts and amateur photographers alike.

    There is other software capable of retrieving photographs metadata but JPEGSnoop stands out from the crowd by being the only one I know of able to tell you if the picture was edited with a graphical editor.

    Visit JpegSnoop homepage

  • Predict hard disk failure with Acronis Drive Monitor

    Predict hard disk failure with Acronis Drive Monitor

    It is very hard to predict when a hard disk will fail, Acronis Drive Monitor is a free hard disk monitoring tool that will alert you before a hard disk crash. Acronis Drive Monitor will avoid data loss by monitoring the physical hard disk health using S.M.A.R.T. (Self-Monitoring, Analysis and Reporting Technology) readings and warning you before the drive fails.

    A colour coded summary provides an overview of the disk’s health at a glance, in addition, when it detects a problem it will generate an onscreen alert or send and email depending on configuration.

    This free hard disk monitoring tool will warn you if no back up software has been found in the computer, it is inevitable that all hard disks will fail one day, nothing lasts forever, everyone should have a back up solution put into place it is highly responsible to warn users about this, even if Acronis is trying to push its paid for back up software in the process.

     

    Acronis Drive Monitor software
    Acronis Drive Monitor software

     

    Acronis Drive Monitor main features

    • Hard disk health monitoring in the background
    • Monitoring of event logs for possible problems
    • Email alerts in case of hard disk complications
    • Weekly hard disk electromechanical status report
    • Support for RAID hard drive configuration

    This Acronis product integrates very well with the rest of the premium Acronis home and business software but you do not need to have any of those installed in order to use it, Acronis Drive Monitoring seems to have been released with the freemium market in mind, where people are given something for free with the hope that they will upgrade to a paid for product with more features.

    This hard disk monitoring tool does an excellent job, is easy to use and it is on a par with paid for hard disk diagnostics software.

    Visit Acronis Drive Monitor homepage