Category: Other

Other computing tips

SilverShielD, a free SSH/SFTP server for Windows

This Secure Shell server/client Windows program provides secure encrypted communications in between two hosts, the custom installation allows you to choose an exclusive install of an SSH/SFTP server and/or included management tools. SilverShieldD implements a server side technology called SafeUP to protect file uploads when the client doesn’t protect them.

Secure SFTP clients like WinSCP upload files with a fake name and renames them in the server after successfully upload, this system stops accidental overwriting of the server file if the connection breaks before the upload is finished, SilverShielD SafeUp technology does exactly the same thing but on the server side. The software comes with an easy to understand help manual full of screenshots, and a command line version called SilverCLI that can be integrated in third party management tools.

Free Windows SSH/SFTP server SilverShielD

Each SilverShielD user has its own set of public encryption keys to connect to the server, a keyring with multiple keys can be used too, there is a public key management window where to add, generate or remove encryption keys setting parameters like key length and key description, the latter will be kept in logs when a user connects to the server, you can also use PuTTYGen to create your own SSH keys and import them into SilverShielD.

Server administrators can apply individual user and folder permissions, ticking a simple checkbox a user ability to upload, download, delete, list files and much more can be managed and decide what kind of authentication mechanism can be accepted, public encryption key based, only password or both, while restricting connections to a single IP or network. An event handler can execute scrips for a specific user, when there are multiple scripts the initiation order can be established by order. File uploading can be set with Z compression on, a a lossless compression scheme called zlib that works across platforms and saves bandwidth and increases transfer rates during file uploading.

SilverShielD is easy to use with options containing all you need divided into tabs , from choosing what encryption algorithms are allowed, inside the “Expert Settings” tab, up to entering an SMTP server for when a script needs to call SendMail or Postfix. The “Security Settings” tab lets you customize tarpit timeouts to stop port scanning, a very common occurrence carried out by bots trying to find an open port in a server before a malicious hacking attack takes place, tarpit can ban attackers IP addresses if they keep sending unasked server probes.

This is a highly customizable SSH/SFTP server that advanced IT users should like, the free edition can be deployed for non commercial purposes, allowing for up to 3 concurrent connections at a time, businesses need to purchase a license.SilverShielD is fitting for people who are not comfortable with the command line and need an advanced SSH/SFTP server that can be set up at home in a matter of minutes in any old spare computer.

Visit SilverShielD homepage

3 February, 2013
Password protect notes with Secret Notes

Secret Notes is a free program to write and keep password protected notes, during installation you will be asked if you would like to install adware called “cleanmypc“, this can be skipped if you pay attention and uncheck a tickbox, but it is compulsory to enter a registration email address for the program to be activated over the Internet. After launching this tool you will be asked to enter a masterpassword twice, you will need to launch the program and unlock the Secret Notes to add or edit new information.

The program is very eye candy with a nice interface that looks like real yellow Post-it notes, the background can not be changed but the font colour can be modified to over a dozen different hues, made bold, italic or underlined, with a basic do and undo arrow buttons and a trash can symbol next to the date and timestamp. All pretty basic but enough for taking notes and they are all beautifully organised in rows.

Password protect notes with Secret Notes

A “Lock Notes” button will close down the software and make it inaccessible without a password. I was unable to find any information in the developers page about what kind of encryption it is used to secure the notes, assuming that is what they use, I would treat this tool as a very light guarantee program until more information it is given about the employed defence system, I don’t think it is proper for a security product to omit it.

Visit Secret Notes homepage

28 January, 2013
Hide text and photos inside sound files with CipherTune

CipherTune is a tool for Mac and Windows to hide text and photos inside .midi sound files using the encryption algorithm Blowfish 256bit. There is no need to install this software, it runs in portable mode, the program is divided into tabs and everything is intuitive, only the drop down camouflage menu is different from anything you have seen before, when you choose to encrypt a file the methods you are given are made of music instruments like “Chorused Piano“, “Harpsichord” or “Electric Grand Piano“, you can adjust the Tempo and choose if the resulting sound file has to be in stereo or mono.

By producing a container sound file the software saves you time by not having to look for an appropriate .midi song with the right size that can be used to hide information inside but it also limits the choice of cover stories you can have for owning that sound.

Steganography and encryption CipherTune

The software includes an audio player to listen to the sound file after you click on “Make Encryption Tune” before saving it. I opened one of these .midi steganographic files with Notepad and everything appeared to be encrypted and non readable expect by the words “Text to CipherTune by Kenji Kojima“, this gives away that the file was created using a steganography tool that can embed hidden messages and photos inside, this is clearly not software that you should rely on for secure cover communications, to start with .midi files are not as common as .mp3 and they could attract some attention if there is no valid reason to have them, and then there is the embedded text telling observers what program was used to create the sound file.

This is a very original program, let’s hope security can be improved a bit more by erasing those lines in the header sound file revealing that steganography is present.

Visit CipherTune homepage

28 January, 2013
Facebook alternative, the Social Number network

Social Number is a networking site where people can create groups to discuss any issues they like without having to reveal their real identity and connect with like minded people from all over the world, not just friends and family. The signing up process requires you to create a number of in between six and ten digits, this will be your ID, enter a real email address that needs to be confirmed and tick a box to corroborate that you are over 18 due to the nature of some of the groups.

Other information like profession, college, interests and location is all optional, if you enter this data it will help Social Number find suggested discussion groups and pals, otherwise you can find them on your own with the search box. Private messages can be sent to other people in the network knowing their Social Number decimal.

Facebook alternative Social Number

At the time of writing the most popular Social Number groups are hacktivism and sex, there are also discussions about depression and health issues that would be impossible to talk about somewhere like Facebook with your real name and risk being stigmatized for ever due to a temporary lapse. On the downside, foul language can also be found around, but nothing stops you from blocking abusive members or report harassment to the administrators.

Social Number is what Facebook should have been if they really cared about privacy. Computer IPs are logged and they will be given to the authorities in case of illegal activities but Social Number makes sure that nobody searching the Internet for your name will be able to link it to your personal posts unless you reveal too much information yourself. The site also has an encrypted SSL connection to stop third party eavesdropping. A similar site to Social Number is the Experience Project, with many more users since it has been around for longer, but in Social Number they have a much greater focus in connecting with others at a personal level.

Visit Social Number homepage

23 January, 2013
German police testing FinFisher/FinSpy trojan horse tools

A German ministry of the interior budget document leaked to Netzpolitik reveals that the Federal Criminal Police (BKA) is considering acquiring surveillance tools sold by British Gamma Group to monitor computer and Internet usage, German police is developing its own electronic surveillance tool called Spähtrojaner, at a cost of three million Euros but it will take more than a year to be finished and they need to deploy spying tools now, German magazine Spiegel quotes police sources confirming that they are already testing FinSpy trojan horses to eavesdrop in people’s computers.

FinFisher/FinSpy espionage software is marketed as a crime fighting tool only available to law enforcement and it requires a UK Home Office export license to be sold outside the European Union, the software is of dual use and it has been launched in the past against political dissidents in Bahrain where security researchers managed to map suspected FinFisher Command and Control servers around the world.

FinFisher/FinSpy trojan horse infrastructure

This government endorsed malware is normally installed in target computers using social engineering getting a user to open the trojan horse sending it through email, posting a file to a website for download, or getting physical access to the computer. A security researcher looking into a FinFisher trojan horse sent to political activists in Bahrain found out that the file was disguised as a .jpg written in Unicode Right-to-Left Override character with the .exe being found at the beginning of the file and not the end as it is usual, the exact trojan horse name was “exe.Rajab1.jpg” and it opened an actual cover-up photograph besides infecting the computer.

According to that report FinFisher captured data was stored in a random Windows system folder called: C:\Documents and Settings\User\Application Data\Microsoft\Installer\{A69832D8-3F71-4241-7493-7551DB00C34C} prior to sending it to the command server.

FinFisher toolkit Gamma Group

FinFly trojan horse can record VoIP conversations before they are encrypted by Skype or after they have been decrypted on the recipient’s side, it logs keystrokes and it can grab screenshots or activate webcams and microphones. A smartphone version called FinSpy mobile can wiretap Android, iPhone and Blackberry phones, antivirus software does not detect FinFisher tools, if you are afraid you can be targeted by it then consider virtualization of all of your Internet activities in VirtualBox or use a live DVD that has no permanent storage.

Visit Gamma Group homepage

19 January, 2013
Brute force Linux encryption with LUKS volume cracker

The Linux Unified Key Setup (LUKS) volume cracker utility is a Windows program built around FreeOTFE to launch a brute force attack against compatible Linux encrypted volumes like Cryptoloop, dm-crypt and LUKS, widely used Linux disk encryption schemes, with the later also ported to the Android phone.

Operating LUKS volume cracker is very easy, select an encrypted volume first, select a dictionary you have, or build a custom one based on words likely to be used by the suspect and finally click on the huge “Crack” button, you will be given updates about the cracking process on the window below the program.

LUKS volume cracker

The good news are that LUKS intentionally slows down password access to stop dictionary attacks and brute-force is not a real option unless a very easy password has been chosen or the attacker has a list of potential passwords. When you design a password do not get awed by its length, entropy (randomness) is a much more important factor in password security than the number of characters it is forged of, make sure special characters and blank spaces are present in it.

If would like to destroy an encrypted LUKS volume there is no need to wipe the whole partition, erasing the header and keyslots is enough, by default, LUKS decryption keys are contained within the firs 2MiB of an encrypted LUKS partition. A salt value is also stored inside the header, it will be impossible for anyone to decrypt a volume without knowing it, not even if the password is found out later on. Encrypted Solid State Disks and thumbdrives will still need full device wiping as wear levelling technology moving around data makes it impossible to securely overwrite an specific sector.

To wipe the first 10MB of an encrypted LUKS volume (sda1) in Linux type:

dd if=/dev/zero of=/dev/sda1 bs=512 count=20480

Visit LUKS volume cracker homepage

28 December, 2012
Deceiving authorship detection with JStylo-AnonymouAuth
Stylometry, the study of linguistic style, is a method used for authorship recognition, it has helped in numerous historical breakthroughs attributing documents of unknown authorship. The same technique can be used to identify an anonymous blogger or forum poster but a set of necessary conditions must be met for stylometry to succeed, like having a reduced number of suspects and a few hundred of available paragraphs that can be compared and analyzed by an algorithm.

It is possible for a state sponsored agency to use their computers to scan similar forums to try and link a high target with his real identity by looking at the writing style alone, it is well known that spy agencies already have the capability of scanning Facebook for keywords, where people is using their real name, but due to the millions of users that Facebook has, an stylometry attack would not be feasible unless it is reduced to forums with just a few dozen users. Gathered evidence is still not a definite beyond reasonable doubt, but it can used as an extra intelligence tool pending confirmation.

Adversarial stylometry JStylo-AnonymouAuth

Manual adversarial stylometry techniques to circumvent authorship recognition:
- Obfuscation: An author can deliberately camouflage his writing style, including punctuation and use the thesaurus to avoid being repetitive or briefly quoting someone’s else words.
- Imitation: An author imitates someone’s writing style so that analysis will point towards that person or throw the algorithm off the trail with no conclusive result.
- Translation: Automatic software can translate the text a couple of times to a different language and then back to the original.
The Drexel University research team has also released an open source tool called Jstylo-Anonymouth, bundling together an authorship recognition analysis tool and authorship recognition evasion tool, the software is written in Java and will work in any operating system. When you use Anonymouth to circumvent authorship recognition you will be shown an analysis of text complexity, unique and sentence word count, average sentence length, letter space and reading ease score then you will be told if each feature is optimal for anonymity or it needs changing, this automated software is ideal to release long documents.

Note: Software is an alpha release still in development.

Visit JStylo-Anonymouth homepage
15 December, 2012