Who's A Rat - Largest Online Database of Informants and Agents
HomeMembers LoginLatest NewsRefer A LawyerMessage BoardOnline StoreAffiliatesAbout UsContact Us
Who's A Rat - Largest Online Database of Informants and Agents Worldwide!
Site Navigation
Visit Our Store
Refer A Lawyer
Affiliates
Link To Us
Latest News
Top Secret Documents
Make A Donation
Important Case Law
Members Login
Feedback
Message Board
Legal Information
Advertise your AD, Book or Movie

Informants and Agents?Who's a Rat Message Board

WhosaRat.com
Register  |   |   |  Calendar  |  Chat
 
 
 


Reply
  Author   Comment   Page 1 of 9      1   2   3   4   Next   »
hannah

Registered:
Posts: 797
Reply with quote  #1 
Option 1

If you are at a cafe or someone elses computer use TAILS.
TAILS runs from a dvd or cd instead of the hard drive and is a complete operating system with a browser.

Tails - Privacy for anyone anywhere

 
tails.boum.org/Cached
Tails The Amnesic Incognito Live System. Privacy for anyone anywhere. Privacy for anyone anywhere.

After downloading TAILS,
Use Image Burn (my favorite) or powerISO to burn the image to a dvd or cd after downloading it.  Enjoy!  (Get it here free)

http://www.imgburn.com/index.php?act=download

You can walk up to any computer, insert the dvd or cd (you can also boot from a USB drive) and it will run entirely separate from the machine you are working on.
It runs on the machine's RAM and when you log off all traces of your use disappear.

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #2 
Option 2 (the best choice)
1.
If you are at home and not too sophisticated with computers, use TOR:  (get it free here)  Simply download and follow the intructions:

Tor Project: Anonymity Online

 
http://www.torproject.org/Cached - Similar
A free software implementation of second-generation onion routing, a system enabling its users to communicate anonymously on the Internet.





2.
If you are super Paranoid, use a proxy along with TOR.  do a google search for "Free proxy server IP addresses".  once you select one, enter it into TOR for an added layer of security.  an example of where to obtain proxy server information is below: (dozens of wesbites are similar)
http://www.proxynova.com/proxy-server-list/
http://www.atomintersoft.com/products/alive-proxy/proxy-list/

3.
If you are super-duper paranoid, run a vpn along with the proxy and TOR.  VPNs can be obtained free by doing a websearch for "free vpn services" but you may want to consider paying the $6 to $8 a month (as low as $40 a year) for highspeed VPN connections, paid for with a visa gift card, or bit coin, of course.

A list of the top VPN services is below:

http://vpnreviewz.com/
http://vpnsp.com/

The VPN is the single most important step in protecting your privacy. 
***************************************




OPTION 3

FOR THE PARANOID---OPERATING SYSTEM WHICH FORCES TOR

Anonymous operating system Whonix

 

Whonix is an anonymous operating system based on Virtual Box, Debian Linux and tor proxy, Whonix consists of two virtual machines, one dedicated to run a tor proxy acting as a gateway and the second one called Whonix-Workstation located in a completely isolated network. The system has been designed to make IP and DNS leaks impossible, not even malware with root access will be able to find out your computer IP, all Internet connections are forced through tor, including applications that do not support proxy settings, this is done using the firewall settings. It is possible to use Whonix with a VPN or SSH tunnel if needed, hardware serial numbers are also hidden. Any operating system able to run VirtualBox can run Whonix, this includes Windows, Mac, Linux, BSD and Solaris.

Disadvantages of running Whonix are that it will be very slow to update your operating system though tor, it is more difficult to set up than the tor browser bundle and your computer should have a good amount of RAM and modern CPU to run VirtualBox. Whonix advantages are that unlike an anonymous live CD like Tails or Liberté Linux data will be available after reboot due to persistent storage, you can install your favourite software packages using Debian’s packaging tool apt-get, the applications will be torified straight away, you can also save virtual machine snapshots saving a clean one for data recovery if needed.

Many Whonix default applications come configured to avoid fingerprinting, GPG software for example will not reveal your operating system version and XChat comes with the default torified set up as described in the tor project Wiki.

In countries where you can be forced to disclosure your full encryption password Whonix can help with plausible deniability if you hide the .ova virtual machine file inside a hidden encrypted container with Truecrypt or store the virtual machine inside a fully encrypted USB thumbdrive that will look like random data to forensics software.

Note: Development is ongoing, this is an Alpha release.

Visit Whonix homepage



https://github.com/adrelanos/Whonix

################# About Whonix #################Whonix (called TorBOX or aos in past) is an anonymous general purposeoperating system based on Virtual Box, Debian GNU/Linux and Tor.By Whonix design, IP and DNS leaks are impossible. Not even malwarewith root rights can find out the user's real IP/location.This is because Whonix consists of two (virtual) machines. One machinesolely runs Tor and acts as a gateway, which we call Whonix-Gateway.The other machine, which we call Whonix-Workstation, is on a completelyisolated network. Only connections through Tor are possible.Due to trademark issues the project was renamed to Whonix.








******************************
TIP: disguise your TOR packets
http://www.cmu.edu/silicon-valley/research/tech-showcase/pdfs/stegotorus.pdf

TIP:
If you don't know much about computers, you can buy a router preloaded with more secure software called DD-WRT (linux based) firmware and preconfigured for use with a VPN.  (see below) The prices are very reasonable
 

FlashRouters – DD-WRT Upgraded Wireless Routers & VPN ...

 
https://www.flashrouters.com/Cached
Buy upgraded high speed wireless routers running the latest, tested DD-WRT firmware FlashRouters, selling the best in DD-WRT installed

read the nice article below for more information:

http://www.smashingapps.com/2011/07/11/10-privacy-tools-to-browse-the-web-anonymously.html

http://www.computerworld.com/s/article/9012778/How_to_surf_anonymously_without_a_trace

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #3 

Technitium MAC Address Changer v6 (FREEWARE)

 
tmac.technitium.com/
Technitium MAC Address Changer v6 is a FREEWARE utility to instantly change (spoof) MAC Address of any network card (NIC).

Don't forget to change your mac address with the push of a button!

(free software)


or this one:

(free)

http://www.alobbs.com/macchanger/



Also consider a DNS changer software


TIP:
Check your IP address after setting up privacy software with these sites (I use google)

whatsmyip.net/
whatismyipaddress.com/
http://www.whatsmyip.org/
http://privacy.net/analyze-your-internet-connection/

Run a traceroute here:
http://www.whatsmyip.org/traceroute/
You can ping here:
http://www.whatsmyip.org/ping/

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #4 
http://www.nirsoft.net/utils/wireless_network_watcher.html

Keep track of your wireless network (free)


http://www.nirsoft.net/utils/wireless_network_view.html
View the other wireless networks around you (free)


http://www.faronics.com/standard/deep-freeze-2/

Freeze your hard drive against unauthorized changes using Faronics Deep Freeze (google search "Faronics Deep Freeze Torrent" and Download using bit torrent)  Your computer will always be fast and virus free because no matter what changes are made to it, each time you restart, the computer will return to its original state at the beginning of the session.  Unless you unlock it, of course.


http://www.truecrypt.org/

Use True Crypt for whole hard drive encryption to protect your data (free)
With True Crypt, you can create a hidden partition so that even if you are forced to reveal your password under duress or court order, your true operating system and files will be invisible.
  No one will ever know.

You should always create a password on the hard drive so that it is required before the machine boots, (Preboot authentication) even if you don't use True Crypt.

You can also disable the dvd and usb drives on boot up so that no one can attempt password recovery during the boot up.



If you suspect your machine is not secure, re-image it with a fresh image on a regular basis using Norton's Ghost.  (several  times a year)  (Do a google serach for "Norton's Ghost torrent" and then download using bit torrent)  If you use Deep Freeze you probably won't have to do this much.

>>>>>>>>>>>>>>>>>
-Always wipe your hard drive if you erase the whole drive AND the blank unused space on your drive when you delete a sensitive file.  DOD says to over write it 3x, NSA says 7x just to make sure.  They have file shredder programs too. I CANNOT STRESS TO YOU HOW IMPORTANT THIS STEP IS.  ONCE YOU HAVE A SECURE MACHINE IN PLACE, THIS IS THE NEXT STEP.  If you simply delete the file or overwrite one time, the file can be recovered!  If you are on a sensitive OP, make sure to wipe your drive and blank space on a drive that is being used a minimum of 3x
 http://downloadcrew.com/index.php?act=search&q=disk+eraser


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

--  Use ccleaner once in a while to keep all the garbage from slowing your machine down

http://www.piriform.com/ccleaner

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #5 

https://www.virtualbox.org/wiki/Downloads

Oracle VM VirtualBox

 
Run Multiple Operating systems using Virtual Machine Software


Ubuntu, Fedora and Windows 8 are free

http://windows.microsoft.com/en-US/windows-8/release-preview

http://fedoraproject.org/get-fedora

http://www.ubuntu.com/download

Get it here.  Enjoy.  its all free!

BackTrack 5 is available free:

BackTrack 5 R3 was released on 13th of August, 2012.


http://www.backtrack-linux.org/downloads/

Welcome to Backtrack-Linux.org, home of the highest rated and acclaimed Linux security distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack you Install BackTrack, boot it from a Live DVD or thumbdrive, the penetration distribution has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.



if you need help setting up your Backtrack5, see:

http://www.facebook.com/notes/lulzsec/want-to-be-a-ghost-on-the-internet/230293097062823




Don't forget to do penetration testing on your network using Alfa adapters
http://www.alfa.com.tw/in/front/bin/ptlist.phtml?Category=105463

USB wifi adapter supporting packet injection:

http://www.amazon.com/Alfa-802-11b-Wireless-Original-9dBi/dp/B001O9X9EU/ref=sr_1_2?ie=UTF8&qid=1328768355&sr=8-2


or

http://www.wifirobin.com/
http://wifisniper.com/products.html

This Adapter works well and they have long range


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #6 
A few more tips: 

Make sure to change your router firmware to DD-WRT available free here:


http://www.dd-wrt.com | Unleash Your Router

 
http://www.dd-wrt.com/

DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.

 


:
  • One of the most popular DD-WRT router features is VPN-Client integration, tunneling all traffic from the FlashRouter through a private, encrypted, and untraced Internet connection. All FlashRouter DD-WRT Routers arrive with an Ethernet Network cable, a customized installation guide configured to your network specifications, a power adapter, and easy access to the VPN service of your choice.

    FlashRouters is a 2011 Editors' Choice Award Winner at VPNSP.com, one of the premier and most-trusted VPN review sites. We take care of the hassle of flashing and testing, you enjoy the easy setup and the assurance of a more secure network. Make the upgrade to a DD-WRT Router today.DD-WRT Installed.

  • Free included technical support
  • Boost your wireless signal.
  • Enhance streaming HD video.
  • Speed up network transfers.
  • Encrypt network traffic.
  • Change your IP address.
  • OpenVPN & PPTP options



    No need to sacrifice privacy
    Here are a few other good tools

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #7 

before using this software, be advised that weaknesses were found in implementation of this chat method...

consider using pidgin or offtherecord instead....

For chatting in 256bit AES encrypted chat use:


Cryptocat

 
https://crypto.cat/Cached
Cryptocat lets you instantly set up secure conversations. It's an open source encrypted, private alternative to other services such as Facebook chat.


Read more about it here

http://www.forbes.com/sites/andygreenberg/2011/05/27/crypto-cat-aims-to-offer-super-simple-encrypted-messaging/

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #8 
For the paranoid:

1.
When opening email attachments such as Word (doc or docx) documents, Excel, PDF or photos (jpg) sent by people at work or any untrusted source, save them to a USB Flash memory stick. DO NOT OPEN THEM ON YOUR HOME COMPUTER

Take the flash memory stick and read or print the documents at your public library or internet cafe instead of opening them on your home computer.  You can also open them on a different computer with no internet connection and using virtual machine software and a different operating system
Get the VM software here for free:
https://www.virtualbox.org/wiki/Downloads

Someone can send a spy software disguised as a Word, pdf or jpg photo file.  Also if someone has access to your machine they can install a hardware based logger between your keyboard and your computer case (several crimes have been committed this way.)


2.
When installing software on your computer, never choose the "update automatically / download automatically" option for your software (windows, java, adobe flash, etc)
Always choose the "Do not check for updates / I will manually update myself" option.

The software will try to scare you and say this is not safe, but ignore the warnings


When the software gets out of date, go to the website of the software maker and download the update yourself.

Never update automatically or click on a balloon popup that says it will do the install for you.  LEA has been known to get your ISP or the software manufacturer to cooperate and inject a virus onto your computer through the use of software updates.
http://searchsecurity.techtarget.com/definition/government-Trojan

(excerpt)

The documents for FinFisher, a Gamma product, say it works by "sending fake software updates for popular software." In one example, FinFisher says intelligence agents deployed its products "within the main Internet service provider of their country" and infected people's computers by "covertly injecting" FinFisher code on websites that people then visited.

The company also claims to have allowed an intelligence agency to trick users into downloading its software onto BlackBerry mobile phones "to monitor all communications, including [texts], email and BlackBerry Messenger." Its marketing documents say its programs enable spying using devices and software from Apple, Microsoft, and Google Inc



http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html



3. Do not update or install software on your laptops using a hotel's network
http://www.ic3.gov/media/2012/120508.aspx
http://nakedsecurity.sophos.com/2012/05/10/fbi-hotel-malware-threat/

This can also be away for someone to install a virus.


4.  Do not websurf while logged into your facebook, gmail, hotmail, yahoo or any other service (gmail can track your browsing).  Always check your email, logout and then surf the net.

5.  If you want to go truely off the grid, abandon any email or facebook account setup with your real IP address.  only use email accounts setup with your proxy.  The reason is that facebook can track you even if you login using anonymizer software because they already know who you are.

TIP:
Windows 8 allows installation and boot up from a external or USB flash drive that you can carry on your keychain. (Windows 8  is the first operating system to allow booting from a USB drive)
Encrypt your usb stick and unplug it and take it with you or lock it in a safe when not in use.  There is no way to tamper with your hard drive if you have it password protected or it is in your pocket!
A 32gb or 64 GB USB stick is less than 50 dollars

Pass this information on to your freinds

Happy safe computing!


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #9 

Use search engines that do not store personal information or log IP addresses

Startpage Web Search

 
https://startpage.com/Cached
Startpage offers you Web search results from Google in complete privacy! When you search with Startpage, we remove all identifying information from your


Ixquick Search Engine

 
https://www.ixquick.com/Cached
Ixquick search engine provides search results from over ten best search engines in full privacy. Search anonymously with Ixquick Search Engine!


DuckDuckGo

 
duckduckgo.com/Cached - Similar
Provides a clean interface together with a no-tracking privacy policy. Offers keyboard shortcuts to navigate and zero-click information sources displayed in the ...
 

Startpage.com allows you to open any search result using an IXquick proxy!
All search results have a link next to it that allows it to be opened through proxy.


Yauba: Anonymous Search Engine

 
Mar 18, 2009 – Yauba is an anonymous search engine which lets you search the internet safely and anonymously

Read more about anon search engines here:

http://www.hacker10.com/internet-anonymity/list-of-privacy-search-engines-for-anonymous-internet-search/

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #10 
http://ipduh.com/anonymity-check/
Information about your internet connection
(leak test)  I will post others soon.



http://privacy.net/analyze-your-internet-connection/

another net connection test



http://www.belarc.com/free_download.html

Hiring a professional computer-security consultant is out of reach for most home PC users, but Belarc Advisor can fill part of that gap
Software that will give you details about your own machine



To stay current on the latest privacy and security issues, try the crypto-gram newsletter:

http://www.schneier.com/crypto-gram.html









Favorite site of the week:

Hide My Ass! Free Proxy and Privacy Tools - Surf The Web ...

 
Hide My Ass! Free web proxy, surf online anonymously, hide your IP address and protect your privacy.

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #11 
In addition to the usual anitivirus software available online, try Patriot NG
http://www.security-projects.com/?Patriot_NG

Patriot is a 'Host IDS' tool which allows real time monitoring of changes in Windows systems or Network attacks.

Patriot monitors:
  • Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered.
  • New files in 'Startup' directories
  • New Users in the System
  • New Services installed
  • Changes in the hosts file
  • New scheduled jobs
  • Alteration of the integrity of Internet Explorer:(New BHOs, configuration changes, new toolbars)
  • Changes in ARP table(Prevention of MITM attacks)
  • Installation of new Drivers
  • New Netbios shares
  • TCP/IP Defense(New open ports, new connections made by processes, PortScan detection...)
  • Files in critical directories(New executables, new DLLs...)
  • New hidden windows(cmd.exe / Internet Explorer using OLE objects)
  • Netbios connections to the System
  • ARP Watch (New hosts in your network)
  • NIDS (Detect anomalous network traffic based on editable rules)

Submenu


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #12 
A thrid alternative to TOR and TAilS mantioned in the first post is:

JonDonym - the anonymisation service

 
anonymous-proxy-servers.net/Cached - Similar
JonDonym offers high speed anonymous proxy servers and anonymous surfing. It can hide your IP address

You can read more about it here:

http://en.wikipedia.org/wiki/Java_Anon_Proxy





******************


Another alternative to TOR, TAILS, JAP  is called Freenet.  get a copy here:

https://freenetproject.org/

Share, Chat, Browse. Anonymously. On the Free Network.

Share files, chat on forums, browse and publish, anonymously and without fear of blocking or censorship! Then connect to your friends for even better security!

Freenet Download 0.7.5 for Windows

Installation instructions and other systems installers.

What is Freenet?

Freenet is free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in "darknet" mode, where users only connect to their friends, is very difficult to detect.

Communications by Freenet nodes are encrypted and are routed through other nodes to make it extremely difficult to determine who is requesting the information and what its content is.

Users contribute to the network by giving bandwidth and a portion of their hard drive (called the "data store") for storing files. Files are automatically kept or deleted depending on how popular they are, with the least popular being discarded to make way for newer or more popular content. Files are encrypted, so generally the user cannot easily discover what is in his datastore, and hopefully can't be held accountable for it. Chat forums, websites, and search functionality, are all built on top of this distributed data store.

Freenet has been downloaded over 2 million times since the project started, and used for the distribution of censored information all over the world including countries such as China and the Middle East. Ideas and concepts pioneered in Freenet have had a significant impact in the academic world. Our 2000 paper "Freenet: A Distributed Anonymous Information Storage and Retrieval System" was the most cited computer science paper of 2000 according to Citeseer, and Freenet has also inspired papers in the worlds of law and philosophy. Ian Clarke, Freenet's creator and project coordinator, was selected as one of the top 100 innovators of 2003 by MIT's Technology Review magazine.

An important recent development, which very few other networks have, is the "darknet": By only connecting to people they trust, users can greatly reduce their vulnerability, and yet still connect to a global network through their friends' friends' friends and so on. This enables people to use Freenet even in places where Freenet may be illegal, makes it very difficult for governments to block it, and does not rely on tunneling to the "free world".


read the wiki here:

Freenet - Wikipedia, the free encyclopedia

 
en.wikipedia.org/wiki/FreenetCached - Similar
Freenet is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to store information, and has a suite of

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #13 
Once you have all the software together don't forget a high end computer which are only 410 to 490 dollars.  Multi core computers can best handle all of the applications.  These are high end processors I have listed as an example:

http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=1824466&CatId=332



http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=2313376&CatId=332
__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #14 
Anonymous websurfing on your phone.  Use TOR on Android Mobile phones
(I am tossing the Iphone in favor of Android)

https://guardianproject.info/apps/orbot/


Orbot: Mobile Anonymity + Circumvention

What is Orbot?

Orbot is an application that allows mobile phone users to access the web, instant messaging and email without being monitored or blocked by their mobile internet service provider. Orbot brings the features and functionality of Tor (read more below) to the Android mobile operating system.

Orbot 1.0.5.2 (packaging Tor 0.2.2.25) is currently available in the Android Market and from the Tor Project website.

About the Tor Project

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis. Learn more at https://torproject.org

Screenshots

Usage Notes

Orbot may request different configuration depending on the Android operating system version it is used on.

BROWSING

INSTANT MESSAGING

  • For Instant Messaging, please try Gibberbot which provides integrated, optional support for Orbot and Tor.

OTHER APPS 

  • Transparent Proxying: You must root your device in order for Orbot to work transparently for all web and DNS traffic. If you root your device, whether it is 1.x or 2.x based, Orbot will automatically, transparently proxy all web traffic on port 80 and 443 and all DNS requests. This includes the built-in Browser, Gmail, YouTube, Maps and any other application that uses standard web traffic.

Developers

 

You can also download them through our
F-Droid Repository
Donate
If you want to support our work financially, you can donate to one of the following organizations in our name, and we'll make sure it is applied relevantly:


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #15 
Secure VOIP using Zphone



http://zfoneproject.com/


Zfone™ is a new secure VoIP phone software product which lets you make encrypted phone calls over the Internet. Its principal designer is

Phil Zimmermann, the creator of PGP, the most widely used email encryption software in the world. Zfone uses a new protocol called ZRTP, which has a better architecture than the other approaches to secure VoIP.
  • Doesn't depend on signaling protocols, PKI, or any servers at all. Key negotiations are purely peer-to-peer through the media stream
  • Interoperates with any SIP/RTP phone, auto-detects if encryption is supported by other endpoint
  • Available as a
"plugin" for existing soft VoIP clients, effectively converting them into secure phones
  • Available as an
SDK for developersto integrate into their VoIP applications
  • IETF has published the protocol spec as
RFC 6189, and source code is published

On the cover of

VON (Voice On the Net) magazine


For More secure email use PGP or GPG  Or Hushmail

http://www.pgpi.com
http://www.gnupg.org/






http://www.forbes.com/sites/jonmatonis/2012/07/19/5-essential-privacy-tools-for-the-next-crypto-war/
__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #16 
For Anonymous Financial transactions use Prepaid Visa or Bit Coin

Read about Bit Coin here:
 

http://bitcoin.org/   (download it free here)

Bitcoin is an experimental new digital currency that enables instant payments to anyone, anywhere in the world. Bitcoin uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. Bitcoin is also the name of the open source software which enables the use of this currency.

TIP
1. always use a VPN when dealing with bitcoin
2 Use an offline wallet to store bit coins
3. Use Brain wallet

If you follow this advice, you will have no security issues.


en.wikipedia.org/wiki/Bitcoin
Cached - Similar
Bitcoin is a decentralized electronic cash system that uses peer-to-peer networking, digital signatures and cryptographic proof so as to enable users to conduct


http://spectrum.ieee.org/computing/software/bitcoin-the-cryptoanarchists-answer-to-cash/

Bitcoin: The Cryptoanarchists’ Answer to Cash--How Bitcoin brought privacy to electronic transactions  By Morgen E. Peck  /  June 2012


http://www.forbes.com/sites/jonmatonis/2012/06/22/the-bitcoin-richest-accumulating-large-balances/

http://www.wired.com/magazine/2011/11/mf_bitcoin/all/



Read about Brain wallet here:
http://www.forbes.com/sites/jonmatonis/2012/03/12/brainwallet-the-ultimate-in-mobile-money/

Brainwallet: The Ultimate in Mobile Money





How to Buy Bitcoins Anonymously in the US, Instantly

https://www.privateinternetaccess.com/blog/2012/04/how-to-buy-bitcoins-anonymously-in-the-us-instantly/

Step 1.

Download and install TOR from https://www.torproject.org/

Step 2. 

While using TOR create a Tormail account at http://jhiwjjlqpyawmpjx.onion

You can confirm the address at http://tormail.org/

Step 3. 

While using TOR, visit http://www.bitinstant.com

Step 4.

Choose the Cash deposit to Bitcoin to email option.

 

Step 5.

Follow the instructions on Bitinstant to make your cash deposit, and have your Bitcoins sent to your new Tormail account.

No ID is needed.

Step 6.

Receive your Bitcoins via email.

 

And voila.  Now you can use your anonymous e-mail account and anonymous bitcoins to buy goods and services online, truly anonymously

https://www.privateinternetaccess.com/ blog/ 2012/ 04/ how-to-buy-bitcoins-anonymously-in-the-us-instantly/ - View by Ixquick Proxy - Highlight

 


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #17 

Test your network using BackTrack 5 Revolution


BackTrack 5 is available free:
http://www.backtrack-linux.org/downloads/

Welcome to Backtrack-Linux.org, home of the highest rated and acclaimed Linux security distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack you Install BackTrack, boot it from a Live DVD or thumbdrive, the penetration distribution has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.
BackTrack 5 R2 Released!  August  15, 2012

How to manuals here: (how to boot BT5 from an encrypted thumb drive, etc)
http://www.backtrack-linux.org/tutorials/




Get Maltego 3.1 free

http://www.backtrack-linux.org/backtrack/maltego-3-1-released/


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #18 

This is another alternative to Tor, TAILS, Jondonym/JAP listed in the first post.  It allows end to end encryption, unlike the others, but it hasnt been as thoroughly tested as TOR.  Give it a try.



I2P
Anonymous Network - I2P

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several ...

http://www.i2p2.de - View by Ixquick Proxy - Highlight




Read the wiki here:

I2P - Wikipedia, the free encyclopedia

I2P (Invisible Internet Project) is a computer network layer that allows applications to send messages to each other pseudonymously and securely. Possible uses ...

https://en.wikipedia.org/wiki/I2P - View by Ixquick Proxy - Highlight


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #19 
Skype Morph disguises your TOR packets as a Skype Video Chat

http://arstechnica.com/tech-policy/2012/04/tor-traffic-disguised-as-skype-video-call-to-fool-repressive-governments/

 

Tor traffic disguised as Skype video calls to fool repressive governments

Recently released software makes communications sent through Tor appear almost …

An overview of the SkypeMorph architecture, which converts packet size distributions in Tor to those in Skype video calls.

Computer scientists have released a tool that disguises communications sent through the Tor anonymity service as Skype video calls, a cloak that's intended to prevent repressive governments from blocking the anonymous traffic.

SkypeMorph, as the application is called, is designed to remedy a fundamental limitation of Tor: While the communications are cryptographically secured, unique characteristics of their individual data packets make them easy to identify as they travel over the networks. In the past, for example, the cryptographic key exchange was different in Tor transactions and the certificates used were typically valid for only a matter of hours, compared with as long as a year or two for certificates used by most Web servers. These fingerprints made it possible for government censors in Iran, China, and elsewhere to block data traveling over Tor while leaving the rest of the country's communications intact.

Tor developers have remedied those shortcomings, but other unique signatures still exist. The idea behind SkypeMorph is to camouflage Tor communications so they blend in as traffic that government censors are reluctant to restrict.

"The goal is to make the traffic look like some other protocol that they are not willing to block," Ian Goldberg, a professor at the Cheriton School of Computer Science at the University of Waterloo, told Ars. "They could just shut off the Internet, of course, like Egypt did for a few days a year or so ago, but that, of course, would be extremely unpopular to their own people that are wondering why can't see pictures of cute cats."

A censorship arms race

The release of SkypeMorph comes a few months after a separate research team in Sweden uncovered changes the Chinese government made to its "Great Firewall" censorship infrastructure to make it harder for citizens to use Tor. Although their research paper (PDF) was only recently published, the findings have been public for a few months, said Goldberg, who sits on the Tor Project's board of directors. As censors in China and elsewhere devise increasingly sophisticated measures of detecting and blocking the anonymity service, it falls on Tor volunteers to find new ways to thwart them.

"The whole point of SkypeMorph is exactly because the Great Firewall is so complex," said Goldberg, who refers to the jockeying between privacy advocates and governments as a censorship arms race. "You have to very convincingly pretend your traffic is something else, like Skype."

SkypeMorph relies on the Microsoft-owned VoIP service to establish a cryptographically secured connection between an end user and unlisted entry points, known as bridges, to the Tor network. By sending a few short Skype messages to one of the bridges, a Tor user performs a Diffie Hellman key exchange to make sure the connection can be trusted. Once the handoff is completed, SkypeMorph initiates a Skype video call to the bridge and quickly drops it. The bridge and the end user then use the key to securely communicate using normal Tor protocols.

To prevent the Tor traffic from being recognized by anyone analyzing the network flow, SkypeMorph uses what's known as traffic shaping to convert Tor packets into User Datagram Protocol packets, as used by Skype. The traffic shaping also mimics the sizes and timings of packets produced by normal Skype video conversations. As a result, outsiders observing the traffic between the end user and the bridge see data that looks identical to a Skype video conversation.

The SkypeMorph developers chose Skype because the software is widely used throughout the world, making it hard for governments to block it without arousing widespread criticism. The developers picked the VoIP client's video functions because its flow of packets more closely resembles Tor traffic. Voice communications, by contrast, show long pauses in transmissions, as one party speaks and the other listens.

"It's not enough just to send encrypted packets to a particular port, Goldberg explained. "You want to send them in patterns and sequences and sizes and distributions that look as realistic as possible. What our system does is go a step beyond traffic morphing and not only matches the packet size distributions but also matches the timing distributions."

To prevent the Skype network from being overburdened, SkypeMorph sends data directly over the Internet once the VoIP client has been used to establish a secured connection.

Modular obfuscation plugins

The application makes use of programming interfaces built into Tor that allow the program to work with obfuscation extensions called pluggable transports. Such add-ons appear as SOCKS proxies to the Tor client and allow data delivered to bridges to be sent in obfuscated ways. Developers can design pluggable transports for Tor in much the way people write add-ons for the Firefox or Chrome browsers.

So far, the only pluggable transport available for Tor is known as obfsproxy. It passes traffic between end users and bridges through a stream cipher. SkypeMorph is designed to extend the benefit of this plugin "to address its limitation of not outputting innocuous-looking traffic," Goldberg's research paper (PDF) describing the software said.

The SkypeMorph paper was co-authored by Hooman Mohajeri Moghaddam, Baiyu Li, and Mohammad Derakhshani, all of whom were students enrolled in a class taught by Goldberg titled Hot Topics in Privacy Enhancing Technologies.



http://www.schneier.com/blog/archives/2012/04/disguising_tor.html


http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf



Download Skype Morph here:


http://crysp.uwaterloo.ca/software/

SkypeMorphSkypeMorph is a pluggable transport for Tor that disguises client-to-bridge traffic as a Skype video conversation.

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #20 
Why it is important to protect your privacy:

See the wall Street Journals catalogs of Net and phone surveillance technologies


http://projects.wsj.com/surveillance-catalog/


The Surveillance CatalogWhere governments get their toolsRandom Document

Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.

The techniques described in the trove of 200-plus marketing documents include hacking tools that enable governments to break into people’s computers and cellphones, and "massive intercept" gear that can gather all Internet communications in a country.

The documents—the highlights of which are cataloged and searchable here—were obtained from attendees of a secretive surveillance conference held near Washington, D.C., last month. Read more about the documents and see a list of agencies attending several such conferences (updated Feb. 7, 2012).

 
Above, a still image from a marketing video by FinFisher touting the brand's surveillance technology. Click "play" to learn more about what these documents reveal.

The documents fall into five general categories: hacking, intercept, data analysis, web scraping and anonymity. Below, explore highlights related to each type of surveillance, and search among selected documents.




__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #21 

Windows, Mac OS X, and Linux Applications can access your Photos, Contacts and Data too!

https://www.privateinternetaccess.com/blog/2012/03/windows-mac-os-x-and-linux-applications-can-access-your-photos-contacts-and-data-too/

Your Privacy is at Risk

The recent privacy debacle surrounding third-party iOS applications and Android applications has garnered serious attention.  Researchers have discovered that minimal to no permissions are required for applications on these devices to access one’s contacts, photos, and other considerably confidential data.

However, the fact is, this lack of a permission-based implementation has existed in almost all consumer-based operating systems for quite some time, including Microsoft Windows, Apple Mac OS X, and even *nix and its many variants.  Here is a tiny snippet which shows just how easy it is to access the Pictures folder on default Mac OS X and Ubuntu installs:

#include<stdio.h>

#include<string.h>

#include<dirent.h>

#include<unistd.h>

#include<pwd.h>

 

int main() {

  DIR *directory;

  struct dirent *entry;

  struct passwd *pwd;

 

  if(pwd=getpwuid(getuid())) {

    if(directory=opendir(strcat(pwd->pw_dir,"/Pictures"))) {

      while(entry=readdir(directory))

        printf("%s\n",entry->d_name);

      closedir(directory);

    }

  }

  return 0;

}

This code could be completed with a simple upload function to steal photos, and, in Windows, it’s equally as easy.  Fortunately, for consumers, the spotlight on privacy will help to progress our beta society to become more secure.

• • •

As an example, when I was driving on the highway the other day, I came across a bunch of soft barrels filled with water in front of a concrete wall at an exit.  These barrels function to soften a collision should someone crash into the solid concrete.  While I would love to believe that someone implemented this excellent safety measure “out of the blue,” it is more likely that someone died in a horrific accident crashing into the solid concrete.

We as people strive for progress, and the safety concerning our privacy and confidential lives and data are not an exception.  Awareness is the first step.  With mistakes comes perfection.

Let’s protect our privacy.


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #22 

7/25/2012 @ 11:03AM |4,337 views

DARPA-Funded Researcher Can Take Over Android And Nokia Phones By Merely Waving Another Device Near Them

 

Smartphones’ growing adoption of so-called “near field communications” promises to let the device in your pocket wirelessly make payments, beam info to other phones, and seamlessly sync with nearby computers. It might also let an artful hacker pickpocket your private information right through your clothes.

At the Black Hat security conference Wednesday, serial Apple and Android hacker Charlie Miller plans to present a grab bag of new tricks that allow him to take complete control of Android and Nokia phones simply by bringing another device or just a chip within a few inches of the target gadget.

Miller, who works for security firm Accuvant but whose research was also funded in part by the Pentagon’s research arm the Defense Advanced Research Projects Agency, found that he could simply flash a near-field-communications (NFC) tag containing a chip next to an Android Nexus S phone to load a malicious url in the phone’s browser through a feature that Google calls Android Beam. From there, he was able to exploit a second, older vulnerability in the phone’s browser to take complete control of the device through the rigged website, accessing any information stored on its SD card or potentially installing software to monitor its communications.

In other words, by merely brushing up against someone in a crowded room, Miller could hijack his or her handset. “The whole idea of Android Beam is that if you both have Android phones, you can share a game you’re playing or a web page or something on Maps,” says Miller.  “But the scary thing is that with just an NFC tag I can make your browser open a web page and completely own your phone.”

Here’s a video that shows Miller gaining control of a phone through Android Beam:

Though the browser vulnerability that Miller used has been fixed in Android’s version 4.01, Miller says that most users likely haven’t implemented the patch; He points to Android version statistics that show that 90% of users have yet to upgrade to the latest version of the operating system, and close to two-thirds continue to use a version that’s two generations out of date.

In a separate attack on a Nokia N9, Miller found that unless the user changes the phone’s settings, the company’s Meego operating system enables Bluetooth pairing with any device that requests a connection via its NFC reader, even if its Bluetooth pairing is turned off. That simple security flaw could allow an attacker to flash the phone with a tag or another phone, pair it with his device, then gain complete access to its data and contacts.

Here’s a video of that Bluetooth pairing trick in action:

In the Nokia case, users can fix the problem by turning off Bluetooth pairing through NFC, but phones are shipped with the vulnerable capabilities turned on by default.

In a third attack, Miller used the N9′s NFC content sharing feature to send it a maliciously-crafted Word document that takes advantage of vulnerabilities in the phone’s word processor to take control of the device, as he shows in this video:


Update: As Ars Technica points out, Miller’s tricks require phones’ screens to be active, and in the case of the Nokia phones or Android phones running Ice Cream Sandwich or newer versions of the operating system, unlocked as well. In those cases, Miller imagines an attack scenario where an NFC tag is placed near another device where users expect to use NFC for legitimate purposes such as a point-of-sale terminal.

Miller began his research by scouring both the Nokia and Android devices’ NFC code for vulnerabilities, using a technique called “fuzzing” that repeatedly throws random data at the devices until they crash, which indicates a potentially exploitable bug. Using that method, he found two flaws in the NFC code that might allow him to execute commands on Android phones. But as he began to discover the more easily exploited vulnerabilities in the implementation of NFC shown in the videos above, he didn’t bother to try exploiting the bugs in the NFC code itself, which would likely have been more difficult.

“Once you realize NFC opens the gateway to the browser and other big attacks surfaces, I thought, why waste time exploiting these NFC bugs,” he says. “As an attacker I wouldn’t look for NFC bugs but instead focus on other applications that you can get to run using NFC.”

Miller says he alerted both Nokia and Google in the weeks before his talk. I reached out to both Google and Nokia for comment, and while Google declined to comment, Nokia responded in a statement that it’s “aware of the NFC-research done by Charlie Miller and [is] actively investigating the claims concerning Nokia N9. Although it is unlikely that such attacks would occur on a broad scale given the unique circumstances, Nokia is currently investigating the claims using our normal processes and comprehensive testing.”

“Nokia is not aware of any malicious incidents on the Nokia N9 due to the alleged vulnerabilities,” the company added.

Though the low-level NFC bugs he found through fuzzing need to be patched, Miller says there’s a simple way for Google and Nokia to solve the vast majority of their more severe NFC vulnerabilities: Require users to give their permission before a piece of content sent over NFC is automatically rendered on their phone.

For years, all but the least security-savvy users have known that they shouldn’t open emailed file attachments from strangers. It seems like a no-brainer for Google and Nokia to require that even fancy new wireless communications protocols follow the same rule.



This article is available online at:
http://www.forbes.com/sites/andygreenberg/2012/07/25/darpa-funded-researcher-can-take-over-android-and-nokia-phones-by-merely-waving-another-device-near-them/

 



8/01/2011 @ 9:04AM |392,178 views

Meet Comex, The 19-Year-Old iPhone Uber-Hacker Who Keeps Outsmarting Apple

 

Nicholas Allegra, better known by his hacker handle Comex. (photo by Nathaniel Welch)

Nicholas Allegra lives with his parents in Chappaqua, New York. The tall, shaggy-haired and bespectacled 19-year old has been on leave from Brown University since last winter, looking for an internship. And in the meantime, he’s been spending his days on a hobby that periodically sends shockwaves through the computer security world: seeking out cracks in the source code of Apple’s iPhone, a device with more software restrictions than practically any computer on the market, and exploiting them to utterly obliterate its defenses against hackers.

“It feels like editing an English paper,” Allegra says simply, his voice croaking as if he just woke up, though we’re speaking at 9:30 pm. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”

To the public, Allegra has been known only by the hacker handle Comex, and keeps a low profile. (He agreed to speak after Forbes‘ poking around Twitter, Facebook and the Brown Directory revealed his name.) But in what’s becoming almost an annual summer tradition, the pseudonymous hacker has twice released a piece of code called JailBreakMe that allows millions of users to strip away in seconds the ultra-strict security measures Apple has placed on its iPhones and iPads, devices that account for more than half the company’s $100 billion in revenues.

The tool isn’t intended for theft or vandalism: It merely lets users install any application they want on their devices. But jailbreaking, as the  practice is called, violates Apple’s obsessive control of its gadgets and demonstrates software holes that could be exploited later by less benevolent hackers.

Apple didn’t respond to requests for comment, but it’s not thrilled about Allegra’s work. When he released JailbreakMe 3 in July, the company rushed to patch the security opening in just nine days. Nonetheless, 1.4 million people used the tool to jailbreak their gadgets in that time, and more than 600,000 more since then. Allegra has become such a thorn in Apple’s side that its stores now block JailbreakMe.com on in-store wifi networks.

“I didn’t think anyone would be able to do what he’s done for years,” says Charlie Miller, a former network exploitation analyst for the National Security Agency who first hacked the iPhone in 2007. “Now it’s been done by some kid we had never even heard of. He’s totally blown me away.”

see photos

Click for full photo gallery: A Brief History of Apple Hacking

To appreciate JailbreakMe’s brilliance, consider how tightly Steve Jobs locks down his devices: Since 2008, Apple has implemented a safeguard called “code-signing” to prevent hackers from running any of their own commands on its mobile operating system. So even after an attacker finds a security bug that gives him access to the system, he can only exploit it by reusing commands that are already in Apple’s software, a process security researcher Dino Dai Zovi has compared to writing a ransom note out of magazine clippings.

After Allegra released JailbreakMe 2 last year, Apple upped its game another notch, randomizing the location of code in memory so that hackers can’t even locate commands to hijack them. That’s like requiring an attacker to assemble a note out of a random magazine he’s never read before, in the dark.

Yet Allegra has managed to find a path around those locks. In JailbreakMe 3, Allegra used a bug in how Apple’s mobile operating system iOS handles PDFs fonts that allows him to both locate and repurpose hidden commands. That critical flaw allowed a series of exploits that not only gains total control of the machine but leaves behind code that jailbreaks it again every time the device reboots –all without ever even crashing the operating system. “I spent a lot of time on the polish,” Allegra says with a hint of pride.

Dino Dai Zovi, co-author of the Mac Hacker’s Handbook, says JailbreakMe’s sophistication is on par with that of Stuxnet, a worm thought to have been designed by the Israeli or U.S. government to infect Iran’s nuclear facilities. He compares Allegra’s skills to the state-sponsored intruders that plague corporations and governments, what the cybersecurity industry calls “advanced-persistent threat” hackers: “He’s probably five years ahead of them,” says Dai Zovi.

Allegra isn’t after profit: his site is free, though it does accept donations. Nor does he criticize Apple for wanting to control what users can install on their devices. He calls himself an Apple “fanboy,” and describes Android’s more open platform as “the enemy.” “I guess it’s just about the challenge, more than anything else,” he says.

The young hacker taught himself to code in the programming language Visual Basic at the age of nine, gleaning tricks from Web forums. “By the time I took a computer science class in high school, I already knew everything,” he says. When he found that he couldn’t save a screenshot from the Nintendo Wii video game Super Smash Brothers to his computer, he spent hours deciphering the file, and later worked on other Wii hacks, getting a feel for its obscure operating system.

“I didn’t come out of the same background as the rest of the security community,” he says. “So to them I seem to have come out of nowhere.”

Allegra argues that his jailbreaking work is legal. The U.S. Copyright Office created an exemption last summer in the Digital Millenium Copyright Act for users to jailbreak their own cell phones, despite’s Apple objections that the ruling could open phones to dastardly hackers and even lead to “catastrophic” attacks that crash cell phone towers.

Whether it’s acceptable to release tools for others to jailbreak their devices, however, has yet to be decided. Three courts have ruled the practice is legal, while another said it could violate the DMCA. In January, Sony used that law and others to sue George Hotz, one of Allegra’s fellow iPhone hackers, for reverse engineering the Playstation 3. The suit was settled, but not before it touched off a wave of retaliatory cyberattacks on Sony by hackers around the world.

Allegra admits that technically, there’s little difference between jailbreaking phones and hacking them for more malicious ends. “It’s scary,” he says. “I use the same phone as everyone else, and it’s totally insecure.”

But at least in the case of JailbreakMe 3, Allegra also created a patch for the PDF vulnerability he exploited, allowing users to cover their tracks so that other hackers couldn’t exploit the same bug. In the period before Apple released an official patch, users who had jailbroken their iPads and iPhones were in some sense more secure than those who hadn’t.

A postscript to Apple: Perhaps your security team could use another intern.



This article is available online at:
http://www.forbes.com/sites/andygreenberg/2011/08/01/meet-comex-the-iphone-uber-hacker-who-keeps-outsmarting-apple/

 


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #23 

Your ISP is Going to Spy on You Starting July 12, 2012

If you enjoy reading, subscribe (via RSS or e-mail) and follow us on twitter.

 

65

Your ISP is going to spy on you starting July 12, 2012.

One year ago, the RIAA and the MPAA organized a project with the largest internet service providers in the US to begin monitoring their customer’s internet activity.  This monitoring was introduced as a joint coalition to combat piracy.  A list of providers that are on board includes, but is not limited to, Time Warner, Comcast, Cablevision, Verizon and AT&T.

According to CNet’s Greg Sandoval, Cary Sherman of the RIAA has announced this week that deployments of the spying tools are nearly prepared and a tentative launch of July 12, 2012 has been set.

Reports indicate that there will be consequences for users who are caught pirating digital media.  First offenses may include forced educational rehabilitation as well as throttled connection speeds.  There have also been discussions stating that the top 200 websites will become inaccessible for users who are caught pirating.

However, the fact that ISPs are able to detect this activity indicates that they will be spying on their users.

Tips to protect your privacy

Using the internet, as well as using the internet to fileshare, is completely legal.  Here are ways to protect your privacy when engaging in legal activities:

1. Use an anonymous VPN service.  For us, not only is it obligatory to recommend a VPN, but in general, this is also the most widely accepted solution to privatize internet traffic.  VPN services provide tunnels which are completely encrypted.  Your ISP will not be able to monitor your connection.  Additionally, every application will communicate through the VPN without any manual configuration.  Bonus points for paying with anonymous crypto-currencies like Bitcoin, but for no log VPN services it is not necessary. UPDATE: Be sure to disable Google Web History and use Chrome in Incognito mode to gain even more privacy!

Difficult: Easy
Cost: Paid
Pros: All applications are encrypted.  Your ISP will not be able to spy on you.
Cons: Paid service.
Recommended: 
✮✮✮✮✮

2. Use an ssh based SOCKS5 proxy.  You can run a local SOCKS5 proxy with the distributed ssh client in *nix and Mac OS X as well as PuTTY for Windows.  In Windows, simply set the options for PuTTy.   In Mac OS X and *nix, simply connect via SSH like:

ssh -D <port> (<user>@)<server>

Afterwards, simply open your application and manually configure it to connect to the SOCKS5 proxy running on the above specified port on the localhost (or 127.0.0.1). UPDATE: In FF, you will need to route DNS traffic through the ssh tunnel as well – enter “about:config” in the address bar and search for network.proxy.socks_remote_dns.  Set the value to true.

 

Difficulty: Medium

Cost: Paid (free if you already have a *nix shell)

Pros: Can be free if you already have a shell (like developers)

Cons: Manual configuration.  Does not protect all applications.

Recommended: ✮✮✮

 

 

UPDATE:

3. Tor is an amazing tool for obtaining privacy and anonymity.  For all your regular browsing needs, Tor is ideal, and best of all, it’s absolutely free.  However, Tor is not recommended when using heavy peer to peer file sharing protocols.

Difficult: Easy
Cost: Free
Pros: Very anonymous and completely free.
Cons: Slow and unable to do heavy p2p.
Recommended: 
✮✮✮

UPDATE #2:

One reader has suggested a few options:

4. I2P

5. Freenet

Protect your privacy.

 


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #24 

Ok, this is funny.  The FBI puts out a special report on BitCoin- apparently they don't like it and find it threatening.  Then they include ways on how to circumvent detection while using bit coin and stamp the report "FOUO" (For official use only) and then they leak a copy to the public!  DuHHHhhhHHhhh



FBI Fears Bitcoin’s Popularity with Criminals



Click the link to see the article:
http://www.wired.com/threatlevel/2012/05/fbi-fears-bitcoin/


Copy of the FBI report is here:

http://www.wired.com/images_blogs/threatlevel/2012/05/Bitcoin-FBI.pdf

" FBI helpfully lists several ways that Bitcoin users can protect their anonymity.
  • Create and use a new Bitcoin address for each incoming payment.
  • Route all Bitcoin traffic through an anonymizer.
  • Combine the balance of old Bitcoin addresses into a new address to make new payments.
  • Use a specialized money-laundering service.
  • Use a third-party eWallet service to consolidate addresses. Some third-party services offer the option of creating an eWallet that allows users to consolidate many bitcoin address and store and easily access their bitcoins from any device.
  • Individuals can create Bitcoin clients to seamlessly increase anonymity (such as allowing users to choose which Bitcoin addresses to make payments from), making it easier for non-technically savvy users to anonymize their Bitcoin transactions."

 





Share
 

Bitcoin Digital-Wallet App Hits Android Market

  • By
Mike IsaacEmail Author
  • 5:37 pm | 
  • Categories:
Phones

First introduced to the Android Market on Wednesday, the Bitcoin app for Android turns your smartphone into a wallet for

Bitcoins, a form of alternative, decentralized currency that has been circulating the web for a few years. The app allows you to store and transfer Bitcoins from one device to another, which means you’ll be able to pay for items without having to use cash or credit, all from the comfort of your own smartphone.

When you want to transfer Bitcoins to another account, a QR code pops up on your smartphone’s screen. The other user simply scans the QR code with his or her phone, and the Bitcoins are transferred to the second phone’s account. If you happen to lose your phone, it’s not a huge deal — all of your Bitcoins are backed up with your Google account, synced to the cloud.




http://www.wired.com/gadgetlab/2011/07/bitcoin-android-app/?utm_source=Contextly&utm_medium=RelatedLinks&utm_campaign=Previous

__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
hannah

Registered:
Posts: 797
Reply with quote  #25 

Meet 'Rakshasa,' The Malware Infection Designed To Be Undetectable And Incurable

A sculpture of a Rakshasa, the Hindu demon from which Jonathan Brossard's malware experiment takes its name.

Malicious software, like all software, gets smarter all the time. In recent years it’s learned to destroy physical infrastructure, install itself through Microsoft updates, and use human beings as physical “data mules,” for instance. But researcher Jonathan Brossard has innovated a uniquely nasty coding trick: A strain of malware that’s nearly impossible to disinfect.

At the Black Hat security conference in Las Vegas Thursday, Brossard plans to present a paper (PDF here) on “Rakshasa,” a piece of proof-of-concept malware that aims to be a “permanent backdoor” in a PC, one that’s very difficult to detect, and even harder to remove.

Like some other tenacious malware strains, Rakshasa infects the computer’s BIOS, the part of a computer’s memory that boots its operating system and initializes other system components. But it also takes advantage of a potentially vulnerable aspect of traditional computer architecture: Any peripheral like a network card, CD-ROM, or sound card can write to the computer’s RAM or to the small portions of memory allocated to any of the other peripherals. So Brossard has given Rakshasa, whose name comes from that of a mythological Indian demon, the ability to infect all of them. And if the BIOS or network card is disinfected, for instance, it can be reinfected from any one of the other compromised components.

In order to disinfect the computer, “you would need to flash all the devices simultaneously,” says Brossard, founder of the French security consultancy Toucan System. “It would be very difficult to do. The cost of recovery is probably higher than the cost of the laptop. It’s probably best to just get rid of the computer.”

Rakshasa, which Brossard first suggested in a less-developed form at a Paris conference last spring, is built with open source, innocuous BIOS-modifying software like Core Boot and Sea BIOS. Brossard says that makes it compatible with more machines’ hardware than proprietary software would and also means that antivirus isn’t likely to detect it. It’s programmed to download all malicious code that it uses after the machine boots up–and after antivirus is disabled–in the form of a fake PDF file over an SSL-encrypted Wifi connection, and then store that code in memory rather than on the hard drive to avoid ever leaving a trace that might be caught by forensic analysis.

Just how Rakshasa would infect a computer in the first place isn’t exactly Brossard’s focus. He posits that a Chinese manufacturer might install it before it ever reaches a customer’s hands, a real problem given the complex supply chains in most computers’ past. “The whole point of this research is to undetectably and untraceably backdoor the hardware,” he says. “What this shows is that it’s basically not practical to secure a PC at all, due to legacy architecture. Because computers go through so many hands before they’re delivered to you, there’s a serious concern that anyone could backdoor the computer without your knowledge.”

A spokesperson for Intel, the company as close as any to being responsible for the architecture of modern PC hardware, says it’s reviewed Brossard’s paper, and dismisses it as “largely theoretical,” writing that “there is no new vulnerability that would allow the landing of the bootkit on the system.” The company’s statement argues that it wouldn’t be possible to infect the most recent Intel-based machines that require any changes to BIOS to be signed with a cryptographic code. and it points out that Brossard’s paper “assumes the attacker has either physical access to the system with a flash programmer or administrative rights to the system to deliver the malware. In other words, the system is already compromised with root/administrative level access. If this level of access was previously obtained, a malicious attacker would already have complete control over the system even before the delivery of this bootkit.”

But Brossard argues that today only a small percentage of computers require code-signing in their BIOS. He admits that the attacker would need control of the computer before installing Rakshasa–not much comfort given his concern about manufacturers installing a piece of ultra-stealthy malware.

And Intel’s claim that there is “no new vulnerability” exploited by Brossard’s work? He agrees. “It’s not a new vulnerability,” he says. “It’s a problem with the architecture that’s existed for 30 years. And that’s much worse.”

Check out Brossard’s paper, which contains many other nasty malware tricks here, or below.

http://www.forbes.com/sites/andygreenberg/2012/07/26/meet-rakshasa-the-malware-infection-designed-to-be-undetectable-and-incurable/


__________________
Test your connection for leaks:
http://ip-check.info/?lang=en

Use TAILS
https://tails.boum.org/

How to boot from USB and other great stuff:
http://www.rmprepusb.com/

Open pdf and word files online instead of on your puter'
http://view.samurajdata.se/

USE the net more securely:
https://pressfreedomfoundation.org/blog/2014/04/help-support-little-known-privacy-tool-has-been-critical-journalists-reporting-nsa
https://www.torproject.org/download/download

http://www.theintelligencenews.com/


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes......"



"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information.... it's all about the information!"
0
Previous Topic | Next Topic
Print
Reply

? ?
Copyright ? 2001-2004 Who?s A Rat. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
?