Hacker10

OnlineVNC: Remotely access your computer on the browser

OnlineVNC is a service that allows you to remotely control a computer using a web browser running on any operating sytem, wherever you are, work, hotels, etc. The service can also be used tor provide online IT support, the only thing needed for it to work is installing the Windows only software on the server side and that Adobe Flash is present on the client side. The application can also grant access to your home computer to friends or work colleages to share huge files with the built-in FTP client or show presentations.

The server control panel allows you to see who is connected and what they are doing in real time, being able to restrict or give viewing, keyboard or mouse access. There is no limit to the number of people who can connect to the computer, communication takes place using the Remote Framebuffer (RFB) protocol, compatible with offline Virtual Network Computing viewers like TightVNC, RealVNC and UltraVNC, you can log off or lock the remote computer without breaking the connection, the remote desktop picture can be scaled, with a fit to screen mode and the network speed can be changed to slow, reducing the quality of graphics optimizing bandwidth in slow networks.

Remote desktop access OnlineVPN

The connection port number can be configured, this should help getting around firewalls and making your server harder to spot on the Internet by adopting a non usual port, if you notice anyone scanning your computer adding their IP to the Host Filter will blacklist it.

There are trust based downsides to this uncomplicated solution for remote computer access, if you are not using your own computer it would be a security risk accessing OnlineVNC because you have no guarantee against keyloggers in an Internet cafe, but with your own tablet or laptop it is not a problem. Another downside is that the RFB protocol is not very secure and it is possible to crack the password if someone on the network captures the encryption key, but you can tunnel OnlineVNC over a VPN adding an extra security layer with strong encryption, a third downside is that you have to trust the company managing the service to respect your privacy and be responsable, beyond that, OnlineVNC is acceptable for those looking for an effortless way to remotely access computer files.

Visit OnlineVNC homepage

4 February, 2013
SilverShielD, a free SSH/SFTP server for Windows

This Secure Shell server/client Windows program provides secure encrypted communications in between two hosts, the custom installation allows you to choose an exclusive install of an SSH/SFTP server and/or included management tools. SilverShieldD implements a server side technology called SafeUP to protect file uploads when the client doesn’t protect them.

Secure SFTP clients like WinSCP upload files with a fake name and renames them in the server after successfully upload, this system stops accidental overwriting of the server file if the connection breaks before the upload is finished, SilverShielD SafeUp technology does exactly the same thing but on the server side. The software comes with an easy to understand help manual full of screenshots, and a command line version called SilverCLI that can be integrated in third party management tools.

Free Windows SSH/SFTP server SilverShielD

Each SilverShielD user has its own set of public encryption keys to connect to the server, a keyring with multiple keys can be used too, there is a public key management window where to add, generate or remove encryption keys setting parameters like key length and key description, the latter will be kept in logs when a user connects to the server, you can also use PuTTYGen to create your own SSH keys and import them into SilverShielD.

Server administrators can apply individual user and folder permissions, ticking a simple checkbox a user ability to upload, download, delete, list files and much more can be managed and decide what kind of authentication mechanism can be accepted, public encryption key based, only password or both, while restricting connections to a single IP or network. An event handler can execute scrips for a specific user, when there are multiple scripts the initiation order can be established by order. File uploading can be set with Z compression on, a a lossless compression scheme called zlib that works across platforms and saves bandwidth and increases transfer rates during file uploading.

SilverShielD is easy to use with options containing all you need divided into tabs , from choosing what encryption algorithms are allowed, inside the “Expert Settings” tab, up to entering an SMTP server for when a script needs to call SendMail or Postfix. The “Security Settings” tab lets you customize tarpit timeouts to stop port scanning, a very common occurrence carried out by bots trying to find an open port in a server before a malicious hacking attack takes place, tarpit can ban attackers IP addresses if they keep sending unasked server probes.

This is a highly customizable SSH/SFTP server that advanced IT users should like, the free edition can be deployed for non commercial purposes, allowing for up to 3 concurrent connections at a time, businesses need to purchase a license.SilverShielD is fitting for people who are not comfortable with the command line and need an advanced SSH/SFTP server that can be set up at home in a matter of minutes in any old spare computer.

Visit SilverShielD homepage

3 February, 2013
Password protect notes with Secret Notes

Secret Notes is a free program to write and keep password protected notes, during installation you will be asked if you would like to install adware called “cleanmypc“, this can be skipped if you pay attention and uncheck a tickbox, but it is compulsory to enter a registration email address for the program to be activated over the Internet. After launching this tool you will be asked to enter a masterpassword twice, you will need to launch the program and unlock the Secret Notes to add or edit new information.

The program is very eye candy with a nice interface that looks like real yellow Post-it notes, the background can not be changed but the font colour can be modified to over a dozen different hues, made bold, italic or underlined, with a basic do and undo arrow buttons and a trash can symbol next to the date and timestamp. All pretty basic but enough for taking notes and they are all beautifully organised in rows.

Password protect notes with Secret Notes

A “Lock Notes” button will close down the software and make it inaccessible without a password. I was unable to find any information in the developers page about what kind of encryption it is used to secure the notes, assuming that is what they use, I would treat this tool as a very light guarantee program until more information it is given about the employed defence system, I don’t think it is proper for a security product to omit it.

Visit Secret Notes homepage

28 January, 2013
Hide text and photos inside sound files with CipherTune

CipherTune is a tool for Mac and Windows to hide text and photos inside .midi sound files using the encryption algorithm Blowfish 256bit. There is no need to install this software, it runs in portable mode, the program is divided into tabs and everything is intuitive, only the drop down camouflage menu is different from anything you have seen before, when you choose to encrypt a file the methods you are given are made of music instruments like “Chorused Piano“, “Harpsichord” or “Electric Grand Piano“, you can adjust the Tempo and choose if the resulting sound file has to be in stereo or mono.

By producing a container sound file the software saves you time by not having to look for an appropriate .midi song with the right size that can be used to hide information inside but it also limits the choice of cover stories you can have for owning that sound.

Steganography and encryption CipherTune

The software includes an audio player to listen to the sound file after you click on “Make Encryption Tune” before saving it. I opened one of these .midi steganographic files with Notepad and everything appeared to be encrypted and non readable expect by the words “Text to CipherTune by Kenji Kojima“, this gives away that the file was created using a steganography tool that can embed hidden messages and photos inside, this is clearly not software that you should rely on for secure cover communications, to start with .midi files are not as common as .mp3 and they could attract some attention if there is no valid reason to have them, and then there is the embedded text telling observers what program was used to create the sound file.

This is a very original program, let’s hope security can be improved a bit more by erasing those lines in the header sound file revealing that steganography is present.

Visit CipherTune homepage

28 January, 2013
Freeware screen lock Eusing Maze Lock

Eusing Maze Lock is a free pattern based screen lock to stop people from accessing your computer while you are away, the unlocking mechanism consists of nine dots inside a grid that have to be connected in a certain order with the mouse to unlock the screen. This type of screen lock is often found in smartphones, it is commendable for this company to bring a security tool that does not require you to remember yet another password. The unlocking pattern is easy to remember if you use it daily, otherwise a back up copy can be kept in a safe place, or uploaded to your email account so that if you forget the unlocking pattern diagram you can restart your computer or look at the online back up copy using another device.

The program will autolock the computer when idle, the background lock can be transparent or set to any image of your choice, the configuration tab allows you to specify the inactivity period before the computer screen locks, and optionally lock the keyboard or disconnect the computer from the Internet when the screen lock is activated, this stops people from messing around with your data if you have a document open in the background. If anyone attempts to get into your computer using the wrong pattern code a loud alarm siren sounds displaying a custom message on the screen and the computer will go into lock down for in between one and three minutes before any other unlocking attempt can be made, or alternatively the machine will shut down, the choices can all be set inside the configuration tab.

Free screenlock Eusing Maze Lock

This is an excellent screen lock that does all you need to protect a computer located in a shared room, but if your adversary is a state or corporation entity they will have the resources to acquire professional computer forensics software, like Passware Kit Forensics, able to get through any screen lock in a matter of seconds using your USB port and the autorun feature to execute a script mirroring your hard drive data or extract RAM memory even with the computer screen locked. If you adversary is low level, Eusing Maze Lock is hard to beat as a free and secure screen locker.

Visit Eusing Maze Lock homepage

26 January, 2013
Facebook alternative, the Social Number network

Social Number is a networking site where people can create groups to discuss any issues they like without having to reveal their real identity and connect with like minded people from all over the world, not just friends and family. The signing up process requires you to create a number of in between six and ten digits, this will be your ID, enter a real email address that needs to be confirmed and tick a box to corroborate that you are over 18 due to the nature of some of the groups.

Other information like profession, college, interests and location is all optional, if you enter this data it will help Social Number find suggested discussion groups and pals, otherwise you can find them on your own with the search box. Private messages can be sent to other people in the network knowing their Social Number decimal.

Facebook alternative Social Number

At the time of writing the most popular Social Number groups are hacktivism and sex, there are also discussions about depression and health issues that would be impossible to talk about somewhere like Facebook with your real name and risk being stigmatized for ever due to a temporary lapse. On the downside, foul language can also be found around, but nothing stops you from blocking abusive members or report harassment to the administrators.

Social Number is what Facebook should have been if they really cared about privacy. Computer IPs are logged and they will be given to the authorities in case of illegal activities but Social Number makes sure that nobody searching the Internet for your name will be able to link it to your personal posts unless you reveal too much information yourself. The site also has an encrypted SSL connection to stop third party eavesdropping. A similar site to Social Number is the Experience Project, with many more users since it has been around for longer, but in Social Number they have a much greater focus in connecting with others at a personal level.

Visit Social Number homepage

23 January, 2013
KProxy Agent, a portable Internet browser with proxy

KProxy Agent is a Chrome based portable browser that comes preconfigured to handle HTTP requests through one of the free KProxy network of IPs to bypass Internet filtering. People using public computers at work and college will find it useful to access Facebook, YouTube and other typically blocked entertainment sites. The browser runs in Incognito mode by default (known as Private Browsing in Firefox). Chrome Incognito mode executes in RAM memory and does not store browsing history, cookies or cache in the hard drive, browsing traces will be gone and non recoverable after you close KProxy Agent, the developers claim that proxies encrypt data in between the browser and the sites you visit, any passwords or email you send can not be intercepted by anyone listening in, which makes this tool suitable for security in public Wi-fi access points.

The speed tests I carried out on the free proxies gave me around 2MB-4MB, this is enough to watch online TV, taking advantage of this I managed to bypass geoblocking filtering and I was able to watch Hulu from outside the US without problems, unfortunately the ping rate wasn’t so impressive and browsing Internet sites at times it felt slow, I solved it by choosing a different proxy server closer to home.

KProxy Agent portable proxy browser

KProxy Agent has been developed in Java, it will not work if this is not installed. Java has had numerous security problems in the past but it benefits from being multi platform, this portable browser will run in Windows, Mac and Linux or any other OS that has Java installed. Switching in between proxies can be done in a matter of seconds within a couple of mouse clicks but only US and German proxies could be found in the proxy list. KProxy Agent could benefit of a more detailed proxy information, instead of having ten different public proxies with the American flag next to them they could point out where exactly in the US each proxy is located, East or West coast and enumerate server load for each one of the proxies so that the user can choose the best one.

It seems that KProxy Agent developers intend to make money with this program by getting people to upgrade to their faster premium proxy service, you will find KProxy Pro mentioned around but in a non obstructive way, if you only use an Internet censorship bypass tool occasionally the free version is just fine, you only need to trust KProxy owners with your data just as it happens with all other proxy or VPN services.

Visit KProxy Agent homepage

21 January, 2013