Hacker 10 – Security Hacker

Category: Other

Other computing tips

  • Review scam VPN provider IAPS intl-alliance

    Review scam VPN provider IAPS intl-alliance

    Taking advantage of a free three day trial for prospective customers that I found in Reddit self-edit, I decided to look into IAPS Security Services (intl-alliance) VPN provider. I was really looking forward to see for myself if IAPS claims of being able to provide VPN servers in places as unique and paradoxical as the Vatican Holy City and Mecca in Saudia Arabia were for real.

    To start with, IAPS intl-alliance website could do with a redesign, you will find it confusing, not mobile friendly and messy, but what matters most is the quality of their services, so let’s not judge them for that alone. IAPS intl-alliance VPN monthly prices aren’t cheap but annual subscriptions work out at a reasonable rate if they really provided the over 140 worldwide countries and more than 190 VPN servers they say they have. IAPS also has dedicated packages to watch USA or Canadian TV from abroad and packages to be able to play poker with a VPN.

    After signing up I quickly received a friendly email from Jared Twyler, IAPS Chief Executive Officer whose LinkedIn page lists education in the highly regarded Massachusetts Institute of Technology. I had previously informed Jared that I would be reviewing their VPN services on hacker10 blog and he was confident enough to say that “I’ve been a vpn supplier since 2007 and have been judged since then. Seeing another site pass judgement isn’t anything new.”

    IAPS OpenVPN imaginary VPN Andorra server
    IAPS OpenVPN VPN Andorra

    The welcome email contained a username and password with 192 links to VPN servers in locations that no other VPN provider can give you. Iraq, Falkland Islands, Palestinian Territory, Qatar, Bhutan, Uganda, Uzbekistan, Algeria, Kuwait, nearly all European countries and at least a dozen USA servers. IAPS intl-alliance does not have any propietary VPN client, you are given a link to the official OpenVPN client, this makes it a little difficult to manage all of the over 190 servers but not a big deal. When you click on any of the links on the email an .ovpn certificate will be automatically downloaded to the OpenVPN folder and permanently added, it was very easy to set it up.

    I decided to start the VPN testing with the server in Saudi Arabia, the first thing I noticed is that there was very little lagging and the speed was excellent. I checked my location using ip-score.com and a couple of other sites that check your computer IP online, sure enough they identified my computer as being in Saudi Arabia (Mecca), however Google advertisements were being shown in my local language. I then decided to visit an Israeli website, knowing that all Israeli pages are blocked by Saudi Arabia Internet filtering, I expected not to be able to access it but I had no trouble viewing the page. I decided to visit a porn website to see if it was blocked, and again, I had no problem looking at online porn with what it supposedly was a Saudi VPN in Mecca.

    This was puzzling, I carried out similar testing with other servers, all with similar results, the whatismyip websites would indicate that I was in the location IAPS intl-alliance said the VPN was, and extraordinarily, my VPN connection did not have any kind of lagging or speed cutback while connected to far away countries like Bhutan or South Sudan.

    I suspected something wasn’t right when I found no ping or speed differences in between the VPN in Italy and China. I also noticed that virtually all computer IPs assigned by the VPN started with 46.36.*.*.*, it just happenned that Saudi Arabia and the VPN in the Vatican had both assigned me computers IPs in the same range. After a few traceroutes and whois lookups I realised that IAPS was always listed as an Internet Service Provider in the whois and the contact address was always listed as a local address.

    That is how I believe they fool the websites about your geolocation, by IAPS listing the network operator address as being in Mecca, the websites checking your location assume that your ISP is also in Mecca since that is where the network is theoretically being operated from. IAPS owns the 46.35.*.*.* IP range and they assign it as they see fit only changing the local address of the network operator to fool websites into believing the visitor comes from that particular country.

    IAPS intl-alliance OpenVPN client
    IAPS intl-alliance OpenVPN client

    IAPS intl-alliance server provider is listed in the “mnt-by” records of the whois is IP as RackSRV, a United Kingdom based company selling VPS and dedicated servers, I am inclined to believe that Jared Twyler, listed as the server administrator based in the United States, has rented one or more servers with RackSRV and is masking them as being located in all of those exotic locations he is selling VPN services for when in reality he does not own any server in any of those countries.

    I tried IAPS intl-alliance servers in the USA and they can fool Hulu and Pandora, if you wish to watch USA TV it will work, nothing wrong with that, but I am calling this company a scam because they are advertising their services as having physical servers in over 190 countries and in all likehood they only have a single server in the United Kingdom.

    I gave IAPS Intl-alliance the opportunity to prove me wrong,  I asked IAPS Chief Officer Jared to name me the datacentre he is using in the Vatican city and in Saudi Arabia and his one line reply was “They are all private networks owned by IAPS.” I emailed back enquiring if IAPS really owned a VPN server in the Vatican and in Saudi Arabia and Jared’s response was a single word with a period “Multiple.” Fantastic explanation!

    I don’t think it is wrong providing VPN servers the way they do except that they are lying to customers about how many servers they own and how they manage to achieve a Saudi computer IP without having any server in Saudi Arabia, and I would not feel confidence in trusting my valuable privacy to a lying and cheating company.

    UPDATE: I sent a link about this post to IAPS Chief Officer Jared, mentioning that he is welcome to reply in the comments sections. It appears that IAPS does not wish to make any comment.

    Visit intl-alliance homepage

  • Encrypted video calls, group chat, notes and files with VIPole

    Encrypted video calls, group chat, notes and files with VIPole

    VIPole is a Windows, Linux, Mac and Android security suite providing encrypted file sharing, VoIP, video chat, notes, passwords and organizer. Installation is straight forward and it only requires you to provide a valid email address where you will receive a verification link, select the local folder where data should be stored and move your mouse around to generate entropy to create your private encryption key. You will have to cook up two passphrases, one to encrypt your data and another to encrypt your profile, the software makes sure that you do not reuse them but there is no strength meter. A virtual keyboard can be used to stop keyloggers.

    To be able to encrypt files in your hard drive you will have to temporarily disable your antivirus and install some drivers, I also had to disable the antivirus to update VIPole software client, I am using AVG, most modern antivirus programs will allow you to disable it for only a few minutes, this should not be a big problem as long as you trust VIPole not to do anything unacceptable to your computer.

    Encrypted messenger and video calls VIPole
    Encrypted messenger and video calls VIPole

    Encryption keys are managed exclusevly by the user, VIPole has no way to decrypt your data, calls and chats are end to end encryption with AES256/RSA 4096 bit keys and no central server that could be wire tapped, the company pledges that there is no backdoor. You can see an “History” tab in the program, chats logs can be accessed there but the data is only held in your computer and nowhere else, even then, that data is encrypted (premium version) when you close VIPole, losing the laptop will not reveal private logs without the proper password.

    Another nice feature is being able to set up a fake passphrase in case you are forced to disclosure it. Helpful in countries like the United Kingdom where you must reveal your password to the police when requested or risk criminal prosecution, but giving to the police a password to a fake encrypted container would also break the law if they find out, so not really recommended. I just could not see any other applicability other than bypassing airport staff opening up your laptop.

    I was really impressed with VIPole easy of use interface, the well organized tabs make it painless switching in between functions and information is clearly displayed in a nice clean layout with avatars that help you identify the caller and shift from the chat to notes or file manager window in no time.

    VIPole encrypted calling options
    VIPole encrypted calling options

    The only thing that made me feel unease about VIPole, besides not being open source, is that although calls do not go through their servers, passwords, notes, reminders and files are kept in VIPole servers,the reason for this is to be able to sync the data with your mobile device. It would have been valuable to have the choice not to sync data and keep everything local for those paranoid about cloud security. The good news are that it is impossible for server administrators or anybody breaking into VIPole facilities, to have access to the data in plain text, everything is encrypted with your private encryption key before leaving your device, this means that VIPole can not be compelled to produce a copy of your data even if they wanted to.

    This company security model really cares about users privacy and they should be praised for being very open about how data is stored and how they are protecting it, the company has plenty of information about their security model and businesses can get their own server to make sure that they are always in control of everything.

    I found the free VIPole plan good enough for home users, the paid version buys you more features like auto logout when idle, extra file storage space, encrypted virtual drive on desktop client and other elements that are nice to have but not a must have.

    Visit VIPole homepage

  • Linux Parrot OS for hacking, security and anonymity

    Linux Parrot OS for hacking, security and anonymity

    Parrot OS is a live and installable operating system based on Debian Linux and targeted at penetration testers and people interested in online anonymity. The nearly 2GB DVD download integrates professional and beginner computer security tools inside the MATE Desktop environment, a GNOME2 fork

    Booting can be done in forensic mode, listed as Stealth, to avoid modifying any file in the host computer, live, live fail safe or with a graphical GUI to install the operating system in your computer, visually impaired people can use a speech synthesis installer.

    Parrot OS default username is root with password toor easily changed after logging in. The distribution homepage has a Wiki but at the moment it only contains basic information for newbies about how to boot from BIOS or burn the distribution to a USB thumbdrive. However, if you are familiar with Linux you should not have to read too many tutorials, the tools included in Parrot OS are the same ones found in similar pen testing distributions like Kali or BackTrack Linux.

    Linux penetration testing Parrot OS
    Linux penetration testing Parrot OS

    Some useful tools for privacy activists found in Parrot OS are Truecrypt to encrypt data, Bleachbit to erase Internet tracks, although if you run the live DVD this will not be needed, and the Iceweasel browser running with Tor, with Vidalia providing a graphical interface to manage the Tor network, showing consumed bandwidth, nodes you are connected to and message logs.

    Tools for penetration testers include packet sniffer Wireshark, man in the middle attacks with the Ettercap suite and an md5crack to brute for passwords out of captured md5 hashes. A screenshot and desktop recording utility is able to document all you do.

    Practically all of the hacking tools are found under the Parrot menu, dozens of programs nicely classified under descriptive activities such as “Information Gathering” ; “Sniffing/Spoofing“; “Wireless Attacks“; “Reverse Engineering” and many others with a submenu are all easily accessible.

    Although this distribution is being advertised as anonymity and penetration testing in one, I believe that it is mostly suitable for pen testers, those who want anonymity are still better off with Tails. Parrot OS is similar to Attack Vector Linux, packing powerful penetration testing tools with Tor to hide who is using them. On the other hand, any sys admin worth his salt will be blocking all Tor proxies from accessing the network.

    Computer forensics can also benefit from Parrot OS, as it has a dedicated “Forensics” menu with carving, hashing and imaging tools together with reporting tools to manage evidence and a forensic boot that will not modify data. You can find this distribution to be a sound alternative to BackTrack.

    Visit Parrot OS homepage

  • Bitmail, encrypted friend to friend email without central server

    Bitmail, encrypted friend to friend email without central server

    Bitmail is a decentralized open source email gateway that stores email messages encrypted offline and includes a secure IRC gateway for real time online chat. You can connect to the developer’s IRC channel from within the client.

    Email communications are secured with libgcrypt, a GPG cryptographic library, and AES over SSL. There is no need to install the client, it can be run as portable. As soon as you launch it you will be asked to enter a password with a minimum of 16 characters, this will be used to create your private encryption keys. Make sure not to forget it like me, because you will be locked out of Bitmail the next time you launch it, with all tabs greyed out.

    The same email client allows you to operate an IMAP capable BitMail server to relay messages to other people, running a server requires lots of configuration and it is not easy. Bitmail interface is well structured and tabbed but you will have to be familiar with encryption terms, there are lots of things that can be customized, like encryption algorithm, itiretation count, RSA key size and even salt length. This is not an email client for beginners.

    Secure P2P email client Bitmail
    Secure P2P email client Bitmail

    You will need to manually add the encryption keys from the people you would like to communicate with in the address book, encryption keys will have to be exchanged via different channel, like messenger. Once you have the participants encryption keys and your IP has been added to the list of allowed senders in the Bitmail server, anyone in the group is able to securely exchange messages.

    Bitmail darknet approach where there is no central authority that can be compromised and only those who know someone in the group are allowed to join in is the right approach against NSA state surveillance but I did not like that there was no anonymity in the network.

    Your computer IP could be traced if anybody in the darknet is eavesdropped with something as simple as a trojan horse. P2P email services should have built in mechanisms to stop the compromise of a single user from spreading to the other people in the network and Bitmail does not accomplish this.

    I liked that Bitmail is open source but due to the complicated set up and lack of anonymity I don’t think it is something I will be using. If you only need privacy, it might fulfil your needs, specially for intranet communications.

    Visit Bitmail homepage

  • Linux penetration testing distribution NetSecL OS

    Linux penetration testing distribution NetSecL OS

    NetSecL OS is a penetration testing OpenSuse based Linux distribution with the lightweight Xfce window manager. The distribution’s kernel has been hardened with grsecurity patches, a set of rules that allows for more extensive system auditing and protects you from stack overflows by making them non executable.

    The latest NetSecL OS 5.0 removes Firefox and incorporates the Chromium browser, not to be confused with Chrome. Even thought they both use the same source code, Chromium does not release binaries, it has to be built from source, and it does not send data to Google, the Chromium browser has improved privacy over Chrome.

    Other privacy enhancing features in NetSecL OS include Macchanger, a Unix utility to view, fabricate or forge a  MAC network card address and a Firewall GUI builder to set your own system access rules.

    Linux security distribution NetSecL OS
    Linux security distribution NetSecL OS

    You can run NetSecL OS as a live DVD or install it in a USB or hard drive. A .ova virtual  machine is available for download from Suse Studio website for testing. The default users are root and tux and the password for both of them is linux

    You can find specific penetration testing tools like the Metasploit framework , packet sniffer Wireshark, network monitor EtherApe, Open Vulnerability Assessment System OpenVas, port scanning Nmap, security reconnaissance Skipfish along password manager KeePassX, text editor Abiword, FTP client FileZilla and the open source Windows API implementation Wine, to run Windows programs in Unix.

    NetSecL OS has all the tools a security professional needs to break into a network, I can see this operating system complementing BackTrack. The main difference in between both being that NetSecL OS is fixated with offensive security and not digital forensics, for example,NetSecL OS does not have image acquisition tools, in lieu BackTrack covers both fields.

    If you don’t like Backtrack Ubuntu base or just want to try something new, NetSecL OS is a valuable OpenSuse pen testing distribution.

    Visit NetSecL OS homepage

  • Crack wireless networks encryption with WifiSlax

    Crack wireless networks encryption with WifiSlax

    WifiSlax is a Slackware based Linux distribution specially designed to break into wireless networks to test their security. It can run as a live CD or installed in your laptop saving personal settings.

    Make sure to select  “English Menu”,when you first boot the CD as the default instructions will be shown in Spanish otherwise. Another available option is selecting the Linux desktop of your choice. WifiSlax comes with KDE, an eye candy graphical interface and XFCE for low resource systems and a command line only option for experts. You can also select your prefered Linux Kernel, if you run a high end computer with more than 4GB of RAM choosing the PAE (Physical Address Extension) kernel will improve performance. WifiSlax default root password is toor, for security it should be changed typing passwd.

    WifiSlax KDE comes with few packages for day to day use, mainly the Libre Office suite, The Gimp, FileZilla P2P programs and a handful of games. It is unlikely that this 650MB distribution will be your main desktop without adding additional software. Luckily this can be easily done using WifiSlax package manager and downloading prebuilt software .xzm modules for WifiSlax, there you will find TV streaming utilities like Zatoo and media players like XBMC.

    WifiSlax Linux to crack Wifi
    WifiSlax Linux to crack Wifi

    If all you want is to break into a WPA network you have everything you need already installed in WifiSlax. Tools that will help you test a wiereless network security are dictionary list generators Datelist and Crunch, usual WEP vulnerability cracking tools, even if hardly anybody uses WEP nowadays, it is a nice thing to have. To crack WPA networks you will find WPA GPU cracking taing advantage of advanced graphics card with a processing unit that can be used to brute force passwords, the always useful packet sniffer WireShark is also included along with man in the middle attack packages AirSSL and Yamas.

    There are other security tools not directly linked to wireless, like Grampus, used to extract documents, image and video metadata that could reveal who the author was and BleachBit to securely wipe Internet browsing history to stop anybody with access to your computer from learning what sites you have visited.

    This is a good wireless hacking Linux distribution except for the fact that the website is only available in Spanish but after burning the .iso the interface can be set to English.

    Visit WifiSlax homepage

  • Exploit residential router vulnerabilities with Routerpwn

    Exploit residential router vulnerabilities with Routerpwn

    Routerpwn is a web application listing dozens of ready to run local and remote exploits for, largely, home routers. It covers all major brands, all you have to do to test if your personal router is vulnerable to one of the exploits is to search for the make and model of your router and click on the exploit name to execute a javascript window testing a known vulnerability that will automatically break into the network or open up the default router IP, 192.168.1.1 and try a default admin password or privilege escalation.

    To learn more about the exploit click on the plus sign next to the listed bug and you will be taken to a security list like SecurityFocus or Seclist displaying full details of the exploit and the date it was first discovered.

    The site also contains links to lists of default router administrator username and passwords. Another tool can be used to find out an Access Point vendor entering the MAC address of the device, which hex number can be discovered with a simple network scan.

    Routerpwn javascript router exploit
    Routerpwn javascript router exploit

    It is not necessary to be connected to the Internet to use Routerpwn, the site can be stored offline, javascript exploits in local routers will work regardless of Internet access.

    Exploiting a router does not necessarily mean to be able to get into the network finding out a WPA key, some of the exploits in Routerpwn launch a denial of service attack against a router by pinging it non stop and bringing down the whole network. Other exploits show your router configuration, some vendors store keys to reset passwords in plain text inside configuration files that can be seen by mistake using a cross site scripting attack.

    There was an Android application for Routerpwn in Google Play but that link has now been removed, however the website can be accessed from any mobile device or game console that has an Internet browser. Everything has been optimized for access on the go coding it entirely in HTML and javascript.

    New exploits can be submitted to the site and if you would like to find out your own router vendor, the URL http://www.routerpwn.com/detect.html will show you the brand, if it can’t identify it a form will come up inviting you to submit the information.

    Routers are seldom upgraded or flashed by home users, even a exploit that is a few years old will still work against many devices. Routerpwn is a very powerful tool for penetration testers for a very important often overlooked security item that antivirus software does not screen.

    Visit Routerpwn homepage