Hacker 10 – Security Hacker

Hacker10

  • Serval Project, a self-powered mobile phone network

    Serval Project, a self-powered mobile phone network

    Serval Project is an autonomous mobile network for non coverage areas, it requires no mobile phone company to operate, using Wifi enabled mobile phones transmit data in P2P mode, ideal for deployment in disaster areas where mobile phone towers have been destroyed and remote places where mobile phone signal can not reach.

    The software called Distributed Numbering Architecture (‘DNA’) turns an Android phone into an independent network router broadcasting and managing calls in mesh P2P mode. To enjoy adhoc wireless networking you will have to root your phone invalidating its warranty, if you choose not to root your mobile phone you can still use it for free P2P calls with people connected to the same Access Point but you won’t be able to transmit data like SMS messages, called MeshMS, and share files.

    Serval Project batphone P2P mobile mesh
    Serval Project batphone P2P mobile mesh

    The Serval Batphone software will guide through installation using a configuration wizard, the settings allow you to make a call through the Serval network, suspend services to allow your phone to operate as normal with a mobile phone company providing coverage, and reset your phone number, which can contain from 5 to 32 digits, numbers starting with 11 are reserved for emergency lines. If something does not work you can troubleshoot problems by going to the Wifi settings changing the SSID, frequency channel or router implementation, advanced users can create a new mesh on a different subnet changing the network address.

    Serval makes use of SipDroid, an open source free VoIP client for Android, options found on SipDroid can be found in Serval too.

    Serval Project mesh phone network P2P
    Serval Project mesh phone network P2P

    Although the initial idea of this project is to provide mobile phone coverage to extreme poverty and remote zone areas, I can envision the utility of this network by a group of acute paranoid people concerned about mobile phone companies keeping logs of their calls or fed up paying high fees, but every single node in the network would have to be trusted for this since they route the calls, probably not feasible with you have a large number of devices and impersonation is fairly trivial since there is no central authority allocating phone numbers, solutions to these problems could come in the form of call encryption and requiring a verbal identification password when the call is established.

    Currently still in development, it has been successfully tested by the developers in the Australian outback to make P2P mobile phone calls covering 1 square kilometer, future features include filesharing with people who are not reachable at the moment and a version for Apple iOS.

    Visit Serval Project homepage

  • Portable PGP encryption with GPG4USB

    Portable PGP encryption with GPG4USB

    GPG4USB is a portable program to encrypt text and files using GnuPG, the open source public key encryption system compatible with PGP. It works on Windows and Linux computers and does not require administrator rights for execution, files and messages can be exchanged with anyone using OpenPGP compatible software, like PGP Desktop or GPG4Win. The main interface will be familiar to anyone who has used PGP/GPG encryption in the past, you can create a keypair, import, export encryption keys, check key properties, upload keys to a keyserver, sign files, encrypt and decrypt files.

    You can also remove and add PGP headers to your messages, to see this feature you will have to go into settings click on the advanced tab and tick the “Show Steganographic Options” checkbox. Another advanced option is the possibility to split PGP encrypted attachments into pieces.

    Portable encryption GPG4USB
    Portable encryption GPG4USB

    The software comes with a very complete offline manual that any beginner will understand, to make this tool portable move the extracted files and “start_windows.exe” binary to a memory stick. GPG4USB could also become your main desktop GPG encryption software since it has a splendid interface that some people might find easier to use than other similar applications like WinPT.

    You should remember temporary files belonging to the encrypted data could still be found in any computer you use, that is the case for nearly all portable software.

    Visit GPG4USB homepage

  • Encrypt Android and iPhone text messages with TXTcrypt

    Encrypt Android and iPhone text messages with TXTcrypt

    TXTCrypt is a free app for Android, iPhone, Palm and desktop computer to encrypt any text message, from SMS up to notes, an online version exists to encrypt/decrypt messages if you do not want to download the app.TXTCrypt uses RC4 for encryption, a malleable and quick stream cipher designed in RSA laboratories, these days it is not considered secure enough to withstand a state sponsored attack on your communications but it should stop the average hacker.

    TXTCrypt uses symmetric encryption, where you password protect your text message and it can be decrypted by anyone who knows it, a system will have to be designed to pass on the password, which should be as long as possible to employ the full 64bit cipher strength.

    TXTCrypt mobile phone text encryption
    TXTCrypt mobile phone text encryption

    While more secure encryption apps exist, TXTCrypt appeal lies on its simplicity and multiple platform support, being available as a Java download means that this program will run in obscure operating systems like Solaris and FreeBSD, adding to Windows, Mac and Linux.

    Being available for desktop as well as mobile phones it is also a strong point, as long as your security needs are low this is a good app, otherwise search for an encryption app using the AES cipher.

    Visit TXTCrypt homepage

  • Stop malware with Crystal Anti-Exploit Protection

    Stop malware with Crystal Anti-Exploit Protection

    Crystal Anti-Exploit Protection is a free utility to stop malware hijacking your computer, it will not replace your antivirus but act as a complement, the program will apply filters to your incoming and outgoing connections to decide if they should be allowed. Ironically enough my AVG antivirus flagged CrystalAEP as malware and I had to whitelist it.

    After launching CrystalAEP you will presented with a quick tutorial and asked to select all programs exposed to the Internet, like your Internet browser or messenger, CrystalAEP  will monitor them in real time, you can check what each program is doing in the alerts window, the default is set up at High Protection, programs security level can be individually modified using a level slider.

    Crystal Anti-Exploit Protection
    Crystal Anti-Exploit Protection

    CrystalAEP will stop malicious attacks carried out without user interaction, like a website instructing your Internet browser to load a module, but if you choose to willingly execute a process, i.e. download an unknow codec to see a cool video, then you will have to rely on your antivirus to pick that up. This program is targeted at advanced computer users, the expert mode has many configuration options that few people will understand, like DEP monitoring and COM/ActiveX monitoring, I would stick with the basic mode, it is adequate to stop malicious websites from exploiting software vulnerabilities.

    This tool consumes minimal resources and can be easily removed, it should help the computer paranoid, people visiting dodgy sites or those in high security environments to stop zero day exploits.

    Visit CrystalAEP homepage

  • Portable text encryption software CTI Encryption

    Portable text encryption software CTI Encryption

    Open source CTI Text Encryption is a small (290Kb) portable application to secure your text messages, there is no need for administrator rights and it should work in any public computer, I found a few of the default settings confusing, like for example naming the password fields “Key” and having everything hidden with asterisks by default, you will have to tick the  “Show Characters” checkbox to see what you are doing, on a public computer is best to keep everything hidden obviously. It took me a couple of minutes looking around to familiarize with the software.

    The program has two encryption tabs, “Two way Encryption” and “One Way Encryption“, the later is not reversible and can not be decrypted, the only possible use seems to be hashing a text message (creating a number generated from a string of text), it can be useful as anti-tampering measure to ensure message integrity, the output result can be copied and pasted with the a message.

    CTI Text Encryption software
    CTI Text Encryption software

    The software allows you to use your computer processor ID or hard drive serial number as a password with a single click but anyone with access to your computer could find those out, I did not find the feature too secure for that reason and there is no particular advantage that I know of by using them instead of a traditional password.

    CTI Text Encryption could be useful for travellers, assuming you convince the receiving end to download and use the same software to be able to read your messages. If you travel often it’s best to sign up with an email service that offers encryption by default, but unless you have your own computer security is easy to compromise, and if you use your laptop with a Wifi connection, PGP or GPG encryption would be the best option.

    I couldn’t find much information about CTI Text Encryption inner workings other than some change logs mentioning SHA256, Twofish and the Rijndael Algorithm (AES) .

    Visit CTI Encryption homepage

  • Best Firefox addons for computer privacy and security

    Best Firefox addons for computer privacy and security

    Security Sanitizer: It will securely wipe your Internet browser cache, history, cookies, download&search list and saved passwords using the US DoD 5220 algorithm (3 passes) or a single pass overwriting.

    Encrypted Communication: It encrypts text messages password protecting them, the receiver will need to have the same addon installed and know the password. And easy way for low security email communications.

    Click&Clean: A one click Firefox browser addon to erase all temporary files, remove download files history, clean cookies, typed URLs, Flash Local Shared Objects and support for external erasers like Wise Cleaner and BleachBit.

    Tamper Data: For advanced Internet users wanting to view and modify HTTP/HTTPS headers and post parameters. Very useful to monitor traffic and see what data is being sent and received through Firefox.

    TamperData Firefox addon
    TamperData Firefox addon

    Ghostery: It reveals the companies that track you around the web when you visit a website and allows you to block the trackers giving the user ultimate control on what company cookies are blocked and which ones are allowed to prevail.

    Certificate Patrol: Shows what digital certificates have recently been updated to help the user decide if the change is legitimate. Helpful to stop websites with fake digital certificates, the user should have knowledge on how digital certificates work.

    BitDefender QuickScan: Online tool using cloud based antivirus services to quickly determine if a file is infected with malware, useful for a second antivirus opinion without having to install it in your computer.

    Browser Protect: Anti-hijacking extension to protect your browser from home page changes and  toolbars/search engine additions, protection level can be customized from high to low and URLs can be whitelisted.

    Stealthy: Fast proxy finder to hide your computer IP, it can be useful to access services only available in the US (Slacker Radio, CWTV), access banned websites like Facebook or fake your geolocation.

    Stealthy Firefox addon
    Stealthy Firefox addon

    LeetKey: It can encode plain text into L337, ROT13, BASE64, HEX, URL, BIN, DES, AES, Morse or DVORAK keyboard layout, it could be used to maintain private conversations on social networks or forums posting ciphered messages.

    KeeFox: A companion addon for KeePass password manager, KeeFox will connect to the password manager database and automatically fill in forms and password fields, automatically adding new entries to KeePass.

  • Review US anti-censorship proxy FreeGate

    Review US anti-censorship proxy FreeGate

    Freegate is a proxy software to enable people living in a country that censors the Internet to circumvent ISP filtering, it is one of the most used proxies in China and it is  hosted in hundreds of dynamic mirrors to outsmart the Chinese authorities, you can also request a download link emailed to you as FreeGate website is obviously blocked in China. The proxy was initially created by Falung Gong followers (a spiritual discipline banned in China), developed and maintained by Dynamic Internet Technology Inc. and it receives funding from non-profit American organizations, including the US Government.

    The project uses Hurricane Electric servers in California, you will get an US IP in that state when you use it, I had no problems watching Hulu (restricted to US residents) and listening to Pandora radio with FreeGate, at the time of my testing I was getting 1.5Mbp/s download speed, enough for video streaming, there are various servers available, all of them in the US, it is easy to switch in between them. The software interface looks outdated but is easy to manage, it contains a few extra options like erasing Internet Explorer history when the program exits and setting up a list of websites to connect directly without using FreeGate, it comes preconfigured to connect to some of the most popular Chinese websites like Baidu, Taobao and any .cn site without a proxy, a hotkey can be set up to hide/show FreeGate.

    Free US anti-censorship proxy FreeGate
    Free US anti-censorship proxy FreeGate

    The program automatically opens up Internet Explorer after executing it, it is possible to configure it with other browsers but it requires some manual tweaking changing the browser network settings, or you could download Gproxy Firefox addon to help you manage and switch proxy settings. There is no need to install FreeGate in your computer, the software will run from inside a thumbdrive with a double click but I was asked for administrator rights to allow FreeGate to pass through the Windows firewall and execute Java.

    Using FreeGate will not offer you the same degree of anonymity that the tor proxy does but it is considerably faster, if all you care about is bypassing an Internet filter FreeGate works very well, just remember that it has been designed for users in China, while it works elsewhere the developers are developing this proxy as a China centred circumvention tool and I doubt they will attend feedback from someone in Europe complaining that the can’t watch a US only TV film, this is also not a VPN, the only connection that will go through the proxy is the Internet browsing, all other applications (IM, torrents,SMTP) will be using your home computer IP.

    Some people report that the software is flagged by their antivirus, I use AVG antivirus and I did not get any malware warning, the software does not contain any trojan but it works similarly like trojan horses do penetrating firewalls, just make sure you download it from an official link. FreeGate is a good tool to have if you are going to travel to China or any other country with Internet censorship, like Iran and Vietnam.

    Visit FreeGate homepage