Remove files metadata with BatchPurifier

/ 17 May, 2012 / Other Computing / Permalink

BatchPurifier Lite review

Every time you create a document, take a digital photograph or edit a movie, hidden data called metadata will be embedded inside the file, that data can contain the author’s name,  date, software or camera used, copyright notices and even GPS Geolocation showing the exact location where a photograph was taken. BatchPurifier is a tool to remove metadata from dozens of different files, the Lite version reviewed here only works with .jpeg images.

Metadata found on JPEG files  

 Camera manufacturers and image editing software companies can come up with their own proprietary metadata embedding system embodying anything the developer wants to your photographs, typically a digital JPEG image metadata will contain:

  • EXIF (Exchangeable Image File Format) data automatically added to photos by all digital cameras and some scanners, details stored in EXIF show the date and time a photo was taken, camera brand and model, hardware unique serial number, exact location if the camera had GPS enabled (i.e. iPhone), and a small thumbnail of the photo that sometimes is not updated by software after you edit the image leading to a possible recovery of the original file.
  • XMP (Extensible Metadata Platform) is added by software tools and it contains details given by the user, like keywords, notes, description and category.
  • ICC profile contains colour management data used to be able to view a photograph in another device with different specs.
BatchPurifier image metadata removal

BatchPurifier image metadata removal

BatchPurifier Lite has a five step wizard interface guiding you through the metadata removing process giving substantial information on a side bar about what each acronym means, you can choose to only remove part of the hidden data ticking a checkbox next to each attribute, at the end you will be given the choice to save the image as new or overwrite the original file. It is possible to remove thousands of images metadata at once adding multiple jpegs or a whole folder including subfolders and even compressed .zip files with images inside.

Optionally there is no need to open up the program to clear an image metadata, BatchPurifier integrates with Windows shell menu, advanced users can use BatchPurifier from command line integrating it with a script, this could be used for example to automatically get rid of all metadata in files stored inside a certain folder .

Visit BatchPurifier homepage

0 Comments

Anonymous Internet surfing with Liberté Linux

/ 16 May, 2012 / Internet Anonymity / Permalink

 Liberté Linux review

Liberté Linux is a small (220MB) Gentoo based secure oriented distribution available as a live CD, live USB thumbdrive, installable or Open Virtualization Bundle (.ova) compatible with Virtualbox and VMWare. This operating system enables people to anonymously communicate with others via chat (Pidgin+OTR, XChat) or email and browse the Internet using tor, it supports new and old hardware, including 3G modems, Bluetooth and experimental UEFI booting.

Openbox is the default window manager, from there you can configure your mouse, keybindings, timezone, etc. You will find security software like the open source Figaro password manager and GNU Privacy Assistant (GPA) to manage encryption keys together with tools to read text (ePDFViewer, FBReader), listen to audio (Audacious), watch videos (Movie Player), edit images(Geeqie) and a task manager displaying CPU and RAM. Liberté Linux keep its size small replacing bloated software with lightweight tools that do not carry unnecessary features, for example instead of using LibreOffice to edit text it comes with Abiword.

Liberté Linux Anonymous operating system

Liberté Linux Anonymous operating system

The wireless network card MAC address is randomly changed at boot time, the only thing Liberté Linux asks the user to enter is a passphrase during installation in order to create a LUKS compatible encrypted storage space using otfe  (On-the-fly encryption) where persistent user data will be stored in /mnt/boot/otfe/liberte.vol  using a paranoid 8192 RSA key that will take a couple of minutes to generate. The user is automatically logged in as “anon“, if you need to be root, and it is never a good idea to browse the Internet as root, the root password is “liberte“, entering “gentoo=root” during boot will also unlock it.

Epiphany is the default browser, leaner than Firefox, it comes with HTML5 support, you shouldn’t need flash to view online videos in YouTube, the browser has been configured to surf the Internet through tor,  including links to The Hidden Wiki, Wikileaks and Torcheck on the main page to get you started. The Florence virtual keyboard allows the user to enter text using the mouse, a good way to bypass hardware keyloggers in public computers, RAM memory is wiped when you power off the system to stop cold boot attacks.

Liberté Linux is pioneering the use of Cable Communications for anonymous email exchange, achieved giving the user a cryptic .onion and .i2p address that functions as  personal email address, it requires some configuration in Claws email to use it. Message delivery can take hours or days and you will get a delivery receipt once the message reaches the recipient.

Liberté Linux Florence virtual keyboard

Liberté Linux Florence virtual keyboard

It is possible to run a stand alone VPN or PPTP using the network manager and tor-resolve in console mode, you can run Liberté Linux inside Windows too but I would not advice it as IMHO it weakens your privacy. I have used other Linux distributions for anonymous Internet surfing, like Tails and OccupyOS and I have decided to adopt Liberté Linux as my default distro for secure communications, I find it more suitable for me because it is more lightweight, it comes with detailed documentation, it creates an encrypted storage space for user data and exists the option to disable tor in case I need to login into Paypal or any similar site blocking proxies.

I don’t think you will be disappointed with this operating system. If you are wondering why it does not include Truecrypt I suspect that it might have to do with the fact that Truecrypt is not released under the standard Linux GPL license and this can be a problem. However, you can create your own encrypted containers from command line with otfe.

Visit  Liberté Linux homepage

0 Comments

Mymail-Crypt for Gmail GPG encryption (Chrome)

/ 15 May, 2012 / Other Computing / Permalink

Mymail-Crypt for Gmail

Mymail-Crypt is a Chrome browser addon to encrypt messages with GPG operating within Gmail webmail interface, the project aims to be OpenPGP compatible to be able to communicate with anybody using public key encryption even if they have different PGP or GPG software. After installing Mymail-Crypt you will have to generate your encryption keys, this can be done with the addon, entering a password is optional and highly recommended, if you don’t use a password anyone breaking into your Gmail account will be able to decrypt sign and encrypt messages supplanting your identity. Encryption keys can and must be backed up.

Mymail-Crypt is fairly easy to use, you will see a button in Gmail compose screen with the options “Encrypt and sign“, “Encrypt“, “Sign“. Received encrypted Gmail messages can be read using the drop down menu “Decrypt” option and entering your password.

MyMail-Crypt GPG Chrome Gmail

MyMail-Crypt GPG Chrome Gmail

The project uses an OpenPGP open source library called Openpgp.js , it runs locally in JavaScript, messages are encrypted/decrypted in your browser. This addon will stop Google and others from reading your emails during transit but email drafts and decrypted autosaves will be saved in the clear to Gmail servers, encryption only takes places after you click on the “Encrypt” button, it will not protect you while you are composing the message, the developer also warns that it is possible for Gmail to get hold of the encryption password  monitoring the user when he types it in.

Another way to encrypt Gmail messages with GPG is using Thunderbird and Enigmail but it won’t work for webmail, or obtaining a digital certificate for your email client.

Visit Mymail-Crypt Chrome store homepage

0 Comments

Dislocker, a free tool to decrypt Bitlocker volumes

/ 8 May, 2012 / Other Computing / Permalink

Bitlocker decryption

Dislocker is a Linux and Mac OS X computer forensics tool to read Bitlocker encrypted partitions, it can be used with FUSE (Filesystem in Userspace), a loadable Unix Kernel module, or without it, once the partition has been decrypted you can mount it as NTFS and read or copy everything.

Bitlocker is a Microsoft utility designed with businesses in mind to fully encrypt a hard drive, it is only available in Windows Ultimate, Enterprise and Server platforms, Windows 8 will include it too. The encryption key can be stored inside a Trusted Platform Module chip found in high end computer motherboards. Although there is not known Bitlocker backdoor most businesses will ask for a password recovery option, Bitlocker allows you to create a recovery key that can be printed or stored in external media.

Hard drive Bitlocker encryption

Hard drive Bitlocker encryption

Bitlocker uses AES encryption in CBC mode with an optional Elephant diffuser, the Full Volume Encryption Key (FVEK) will be the same size as the encryption strength used, i.e. when encrypted with AES128bit the FVEK is 128bits long, in AES256bit mode the FVEK is 256bits long and if the Elephant diffuser is used the encryption key will be 512 bits long.

Dislocker is not a tool to crack a Bitlocker encrypted drive, the idea is to help investigators who already own the recovery password, external key file (BEK) or a clear key to access the volume, other tools like Encase can already do that but they are not free like Dislocker. The only approach to break a fully encrypted drive is getting hold of the computer while it is switched on and extract the encryption keys from RAM or try to brute force the passphrase in case the user has been stupid enough to use a dictionary word.

Visit Dislocker homepage

0 Comments

Host a tor server entirely in RAM with Tor-ramdisk

/ 7 May, 2012 / Internet Anonymity / Permalink

Set up a tor proxy server

Tor-ramdisk is a tiny Linux distribution (5MB) developed by the IT department at D’Youville College (USA) to securely host a tor proxy server in RAM memory, it can run in old diskless hardware and it will stop a forensic analysis from people stealing or seizing a tor server. In the event that a tor server is seized due to ignorance or calculated  harassment, and it would not be the first time, the end user would still safe because the chained nature of the tor proxy network makes it impossible to find out someone’s computer IP by seizing a single server but other data, even if meaningless, can still be recovered, running tor in RAM is an extra security step that can help convince people that the machine is merely acting as a relay as it contains no hard drive.

When a Tor-ramdisk server is powered down all the information is erased with no possibility of recovery, the tor configuration file and private encryption (torrc& secret_id_key) in between reboots can be preserved exporting and importing them using FTP or SSH making the life of a tor node operator easy.

tor server proxy diagram

tor server proxy diagram

One disadvantage of running a tor node entirely in RAM memory is that it can not host hidden services as that requires hard drive space, other than it is a fully functional entry,middle or exit tor node. I would advise you to block all ports (USB,Firewire) in the server with epoxy, there are computer forensic tools that can be plugged into the USB port and make a copy of the RAM memory on the fly. You might have heard about the cold boot attack where someone with physical access to a recently switched off server or computer can still retrieve data remanence from RAM memory, this is not easy to achieve and the recovery timespan is comprised of a few seconds.

Visit Tor-ramdisk homepage

0 Comments

Convergence, a digital Certificate Authority replacement

/ 5 May, 2012 / Computer Security / Permalink

Convergence digital certificates

Convergence is an open source project that wants to replace Certificate Authority organisations issuing standardised X.509 digital certificates and confirm that the company signing it is who they say they are, for which a fee is normally charged, it can be very expensive to get a reputable Certificate Authority  (i.e. Verisign, GeoTrust)  that is included in all major Internet browsers root to confirm your identity. There has also been instances in which a Certificate Authority has been hacked by criminals, and likely nation states, to sign their unauthorised digital certificates with the own CA private keys allowing them to launch man-in-the-middle attacks against which the user has no defence.

It is possible for someone to create a self-signed digital certificate, or buy a cheap one from a small Certificate Authority, but this will cause the Internet browser to beam a security warning during the SSL handshake and it easily scares off people not familiar with computer security.

Convergence P2P digital certificate authority replacement

Convergence P2P digital certificate authority replacement

Convergence allows people to configure a dynamic set of notaries that use the whole network to validate the communication, instead of having someone else telling you who to trust a whole set of users decide who is trustable.

Anyone can run their own notary, the notary trust level can be set by the whole network of multiple notaries, information exchange is immediate and hides the user IP address, Convergence intends to eliminate the problem that comes with blindly trusting a single Certificate Authority and places trust in the hands of the whole community using the notaries network to check a digital certificate history before validating it, for this to work it will be necessary a large number of notaries.

Visit Convergence homepage

Note: Only available for Firefox users as an addon.

0 Comments

MetroBuddy Secure SMS stops SMS eavesdropping

/ 4 May, 2012 / Mobile Phone / Permalink

Privacy Android SMS messages

MetroBuddy Secure SMS is a free app for the Android phone to send and receive secure SMS messages in between individuals or groups, the other end will need to have the app installed and be in your contact list with the country code number, even if you are both in the same country, to be able to interact together. After launching the app a secure connection in between phones is established you will see the message “Adding contact“, this involves exchanging up to 8 SMS messages and could take a few minutes depending on mobile phone carrier.

You will know communications are secure when you see a closed padlock next to your buddy’s name, from then on anyone eavesdropping on your messages will only be able to see random data, the user does not have to do anything else other than typing in a normal SMS message.

MetroBuddy Secure SMS Android

MetroBuddy Secure SMS Android

You can let other people known about this app using “Tell a friend” from the main menu this will send a download link to your contact, it is possible to create a group and send a single message to everyone at once. I couldn’t find any information in the developers website about the encryption technical details but the way the app works I would say that the messages are not encrypted themselves it looks as if a secure encrypted tunnel in between phones is created, similar to HTTPS (SSL) in your web browser, and anything that goes through it is secure.

Visit MetroBuddy Secure SMS in GooglePlay

0 Comments

SandCat browser for website penetration testing

/ 2 May, 2012 / Other Computing / Permalink

SandCat browser review

SandCat is a free portable penetration testing browser based on Chromium, the rendering engine behind Chrome browser, thanks to extensions support you can quickly find out what server software is being used by a website, run javascript in the loaded page, view cookies and links, use a cgi scanner, HTTP brute force a page and much more. Three tabs at the bottom of the browser allow you to easily change view from normal to source code or logs.

Coders can create their own browser extensions with HTML, CSS and Lua (a programming language), Syhunt, the browser developers, own RudaScript library allows you to execute any scripting language, like Ruby, Python, PHP, javascript, etc.

SandCat browser penetration testing

SandCat browser penetration testing

Although the browser is directed towards system administrators to test their own web server security and people scrutinizing pages that contain malware, privacy activists could use SandCat to see in real time how they are being tracked on the Internet, the browser can split its main window in half to show all HTTP live headers in real time on top of it, it can also be used to teach people how websites work, looking at the HTTP headers as you browse a website shows all of the external elements being download, packet sizes, request methods (GET/POST), pings, advertising networks, redirects… It is much more clear than seeing a website activity using a packet sniffer full of binary numbers that have to be grouped together.

The browser is too technical for the average user, unless you are a student, hardcore geek or professional PEN tester it wouldn’t make much sense for you to run SandCat.

Visit SandCat browser homepage

0 Comments

DeOps, a secure decentralized Instant Messenger

/ 2 May, 2012 / Computer Security / Permalink

DeOps P2P review

 DeOps, Decentralized Operations, is a Windows P2P instant messenger for secure file sharing and chatting, unlike Windows Live Messenger or Yahoo! Messenger there is no central registration server where to recover data from, all of the settings are locally stored in your computer, communications are P2P and ports are chosen at random to avoid traffic fingerprinting. The messenger, a small 3MB download, doesn’t have to be installed,it can be run from inside a USB thumbdrive or encrypted container, copying the profile there will move all of your settings along the way. I noticed that Windows Firewall blocked me when I launched the application asking for confirmation that I wanted to grant Internet access to DeOps this means that in guest computers you might need administrator rights.

After launching DeOps you can create a global ID and secret passphrase for your organization, DeOps calls every separate P2P network an “organization“, each one of them can contain multiple chatrooms and groups. A deops:// link composed of a long alphanumeric string will be created for your group, you can copy it to the clipboard and share it publicly or in private with prospective members, to join your new darknet people will need to know the passphrase together with the link, the passphrase can easily be changed by the group founder in the settings.

If you want to join an existing organization open a .dop DeOps Identity file or copy and paste a deops:// link inside the Join Organization window.

Decentralized P2P IM DeOps

Decentralized P2P IM DeOps

To add buddies to your IM list copy and paste their personal deops:// link  inside the add window, to share files with everyone in the group place them inside “My Shared Files” area where they can be marked as public to be found by anyone using DeOps or private to be shared with darknet friends only, it is possible to copy and paste into websites a unique deops:// link of each file to be downloaded by other people using the same P2P messenger, the files you are sharing will only be available while you are online, file transfers are automatically swarmed (multi-sourced) when multiple people are downloading the same file.

DeOps organization types

  • Public: Anyone can join by entering deops://orgname
  • Private: Only those invited can join, utilizes the lookup network to aid in finding new members.
  • Secret: Same as private except the look up network is not utilized. Best for large networks and LANs.

You can find the usual IM settings like ignoring people in the network or set your status to Available, Away or Invisible, advanced options have diagnostics to automatically configure your router opening the necessary ports, successful network connection is displayed with a green bar. The tools section includes a bandwidth graph, crawler, lookup, file transfer status, technical logs (called Internals), data packets details and a searcher to find users and organizations that have chosen to go public, the help manual is very basic and has not been finished yet.

The software includes a DeOps Internet simulator able to create dummy users and networks for troubleshooting, I did not experience any kind of problem and had everything set up in under 5 minutes. The weak spot of this software is that you are not anonymous, no measures are taken to hide your IP from other users, if someone you are communicating with is not who you think they are (infiltration, kidnapping), your real identity would be compromised.

 Visit DeOps homepage

Note: This software development is on-going.

0 Comments

SPDY, a quicker and safer HTTP browser protocol

/ 29 April, 2012 / Other Computing / Permalink

SPDY protocol explained

SPDY, pronounced “speedy”, is a new experimental protocol developed by Google to speed up the Internet and make it safer. HTTP (Hypertext Transfer Protocol) was never designed to efficiently download a large number of small files, it was meant to attend a single request each time. As the Internet age advanced websites kept adding elements like CSS (Cascade Style Sheets), external javascript, XML and images, all of those multiple elements needed to be downloaded together for the user to be able to view a webpage, resulting in bottlenecks and delays.

The ultramodern SPDY protocol ambition is to reduce website load, latency and increase security, it wants to replace parts of the old HTTP providing faster communication in between server and browser. SPDY uses less TCP connections wrapping up multiplexing in a single stream and manages TCP more efficiently prioritizing the resources needed to be send first, reducing upstream data and cutting down the number of handshakes, it also supports “server push” a technology that predicts what will be downloaded next, sending it to the browser before a request is made.

SPDY protocol status in Chrome browser

SPDY protocol status in Chrome browser

SPDY is turned on by default in Google Chrome, see it by typing “chrome://net-internals” into the Omnibox, and Firefox will turn it on in their next Firefox 13 release, to enable it now, go to “about:config“, search for “network.http.spdy.enabled” and set it to “true“. An Apache server SPDY module exists and Nginx based servers (used by Facebook and Hulu) and Jetty web servers (Ubuntu, Zimbra) will support it soon making it easy for webmasters to deploy SPDY, the protocol won’t work unless server and browser both support it.

Browsers that currently work with SDPY are Chrome, Firefox, SeaMonkey and Amazon Kindle Silk, the only websites I know of at this time supporting SDPY are Google services (Gmail, search,etc) and Twitter. Safari and Internet Explorer do not have immediate plans to support the protocol leaving half of the Internet population out and making it more difficult for the Internet Engineering Task Force ( IETF) in charge of the HTTP protocol to approve a backwards compatible neutral standard.

Compulsory SSL connection 

The SPDY protocol makes it mandatory to encrypt all connections with websites using SSL, webmasters must install a SSL certificate in their servers for this endeavour. As good as it seems, various webmasters have objected to the approach arguing that when you multiply millions of SSL encryption and decryption requests the server CPU hardware needs a hardware upgrade and extra arrangements for heat dissipation provoking costs to go up.

The second problem is that  requiring all webmasters to have an SSL certificate will end up with many of them not bothering renewing the certificates and users will start to get used to see “expired digital certificate” warnings clicking on the ignore button without even reading it.

Read Google’s SPDY white paper

0 Comments