Free VPN with unlimited bandwidth iPrivo

iPrivo is a free advert supported VPN provider, it will allocate you a UK IP address (additional US server planned) able to stream online TV, bypass Internet filters and hide your online activities from your ISP. During installation you will be asked for permission to install TAP-Win32 OpenVPN drivers, a toolbar and set your default search engine to iPrivo, the results are provided by Google with iPrivo earning a little commission, this shouldn’t be a big problem for the user.

The main concern was having to install a toolbar, without it you won’t be able to use the free VPN, turning the VPN on and off and settings are all administrated using the toolbar. I did not find it intrusive, it had a search box, a server selection tab, IP speed test, and links to services like Facebook, YouTube and online games, the option to select the US server was greyed out but it hinted that other locations should be available in the future.

Connecting iPrivo from Europe the speed test in the UK server gave me an acceptable 1.3MB download, 320Kbit/s upload, and 133ms ping rate, I accessed the BBC iPlayer with it and I did experience any trouble streaming the BBC live from abroad.

iPrivo free VPN toolbar

iPrivo free VPN toolbar

At the moment the service is in beta (testing phase) and it really felt that way, I didn’t manage to get the toolbar installed in Internet Explorer, maybe because I already had the AVG toolbar, I don’t know for sure. My favourite Opera browser was not supported and I ended up downloading the Chrome browser. It couldn’t turn the VPN on and off  in the Chrome browser using the button in the toolbar and I had to do it manually going inside iPrivo folder manually executing the program. I would imagine those problems will be ironed out in the future, once the toolbar shows in your browser everything should work fine, don’t be discouraged to give it a try due to my bad experience, the application is easy to uninstall and it did not leave anything behind.

I was reassured that this is not a temporary offer reading on iPrivo frontpage that the VPN will always be free. Unlike other VPNs iPrivo logs policy was easy to find and understand, they claim to anonymize user’s IPs first and erase stored logs after one 1 week, quite fair, I also wasn’t shown any advert during my Internet browsing session.

I choose to pay for a VPN because I use it all the time and I still can afford it but if that changes in the future I can see myself using iPrivo as my main free VPN once they come out of beta, they have a better privacy policy than their main competitor (HotShoptShield) and I enjoyed the control that the toolbar gave me over the VPN.

If you are on a VPN package with a bandwidth cap you might want to consider iPrivo for video and music streaming saving your premium VPN for email and browsing sensitive sites.

Update 2014: iPrivo is no longer a free service!

Visit iPrivo homepage

Cain & Abel Windows password cracker

Cain&Abel is a long standing password recovery tool that can sniff passwords from the network you are in, crack encrypted passwords using dictionary, brute force and cryptanalysis attacks, record VoIP conversations creating an MP3 audio file, reveal password boxes, analyse encrypted SSH and HTTPS connections and much more. The target public are security researchers, network administrators and IT teachers but it can also be exploited by the bad guys of course, the developer will not help in illegal activities.

I downloaded this program from the official site and AVG antivirus gave me a warning that the software contained a trojan horse, due to how password crackers work it is possible your antivirus will trigger a security warning too, it is up to you to decide what to do, I also got a popup warning from Cain&Abel saying that I had Windows firewall enabled and this would stop some features, implying that I should disable it for everything to work. You will be asked to optionally install WinPCap a packet capture library, without it Cain&Abel wireless packet sniffing won’t work.

Cain&Abel password cracker

Cain&Abel password cracker

 How to record a VoIP call with Cain&Abel

To record a VoIP call with Cain&Abel go to “Configure“, click the “Sniffer” tab, select the network interface card from the list and save the settings, now go to the “Sniffer” tab in the main window choose “VoIP” and “Start Sniffing“, from now on any voice over IP call that goes through the network will be encrypted and saved as MP3, you will have to wait until enough traffic has been generated before being able to listen to the audio file.

The configuration window can also be used to create self-signed fake digital certificates, retrieve a digital certificate using a proxy with the “Certificates Collector” or launch an ARP (Arp Poison Routing) attack with a real or spoofed IP and MAC address. This free password cracker is one of the most complete available in the market and an excellent tool to learn about computer security, everything is easily classified in tabs “Decoders“, “Network“, “Sniffer“, “Cracker“, “Traceroute“, “CCDU“, “Wireless” and “Query“, each one of those tabs contains related extra options.

To use Cain&Abel you should have some computer security background, this is not a tool for the complete beginner, the most basic tool Cain&Abel includes is a Base64 password decoder going up to a WPA PSK (Pre-Shared Key) calculator and an RSA SecurID Token calculator, this is an excellent tool to find out about passwords, it contains a password decoder, cracker and dumper as well as hash calculators with support for Wifi for network monitoring.

Visit Cain&Abel homepage

Anonymous Internet surfing with Liberté Linux

Liberté Linux is a small (220MB) Gentoo based secure oriented distribution available as a live CD, live USB thumbdrive, installable or Open Virtualization Bundle (.ova) compatible with Virtualbox and VMWare. This operating system enables people to anonymously communicate with others via chat (Pidgin+OTR, XChat) or email and browse the Internet using tor, it supports new and old hardware, including 3G modems, Bluetooth and experimental UEFI booting.

Openbox is the default window manager, from there you can configure your mouse, keybindings, timezone, etc. You will find security software like the open source Figaro password manager and GNU Privacy Assistant (GPA) to manage encryption keys together with tools to read text (ePDFViewer, FBReader), listen to audio (Audacious), watch videos (Movie Player), edit images(Geeqie) and a task manager displaying CPU and RAM. Liberté Linux keep its size small replacing bloated software with lightweight tools that do not carry unnecessary features, for example instead of using LibreOffice to edit text it comes with Abiword.

Liberté Linux Anonymous operating system

Liberté Linux Anonymous operating system

The wireless network card MAC address is randomly changed at boot time, the only thing Liberté Linux asks the user to enter is a passphrase during installation in order to create a LUKS compatible encrypted storage space using otfe  (On-the-fly encryption) where persistent user data will be stored in /mnt/boot/otfe/liberte.vol  using a paranoid 8192 RSA key that will take a couple of minutes to generate. The user is automatically logged in as “anon“, if you need to be root, and it is never a good idea to browse the Internet as root, the root password is “liberte“, entering “gentoo=root” during boot will also unlock it.

Epiphany is the default browser, leaner than Firefox, it comes with HTML5 support, you shouldn’t need flash to view online videos in YouTube, the browser has been configured to surf the Internet through tor,  including links to The Hidden Wiki, Wikileaks and Torcheck on the main page to get you started. The Florence virtual keyboard allows the user to enter text using the mouse, a good way to bypass hardware keyloggers in public computers, RAM memory is wiped when you power off the system to stop cold boot attacks.

Liberté Linux is pioneering the use of Cable Communications for anonymous email exchange, achieved giving the user a cryptic .onion and .i2p address that functions as  personal email address, it requires some configuration in Claws email to use it. Message delivery can take hours or days and you will get a delivery receipt once the message reaches the recipient.

Liberté Linux Florence virtual keyboard

Liberté Linux Florence virtual keyboard

It is possible to run a stand alone VPN or PPTP using the network manager and tor-resolve in console mode, you can run Liberté Linux inside Windows too but I would not advice it as IMHO it weakens your privacy. I have used other Linux distributions for anonymous Internet surfing, like Tails and OccupyOS and I have decided to adopt Liberté Linux as my default distro for secure communications, I find it more suitable for me because it is more lightweight, it comes with detailed documentation, it creates an encrypted storage space for user data and exists the option to disable tor in case I need to login into Paypal or any similar site blocking proxies.

I don’t think you will be disappointed with this operating system. If you are wondering why it does not include Truecrypt I suspect that it might have to do with the fact that Truecrypt is not released under the standard Linux GPL license and this can be a problem. However, you can create your own encrypted containers from command line with otfe.

Visit  Liberté Linux homepage

Mymail-Crypt for Gmail GPG encryption (Chrome)

Mymail-Crypt is a Chrome browser addon to encrypt messages with GPG operating within Gmail webmail interface, the project aims to be OpenPGP compatible to be able to communicate with anybody using public key encryption even if they have different PGP or GPG software. After installing Mymail-Crypt you will have to generate your encryption keys, this can be done with the addon, entering a password is optional and highly recommended, if you don’t use a password anyone breaking into your Gmail account will be able to decrypt sign and encrypt messages supplanting your identity. Encryption keys can and must be backed up.

Mymail-Crypt is fairly easy to use, you will see a button in Gmail compose screen with the options “Encrypt and sign“, “Encrypt“, “Sign“. Received encrypted Gmail messages can be read using the drop down menu “Decrypt” option and entering your password.

MyMail-Crypt GPG Chrome Gmail

MyMail-Crypt GPG Chrome Gmail

The project uses an OpenPGP open source library called Openpgp.js , it runs locally in JavaScript, messages are encrypted/decrypted in your browser. This addon will stop Google and others from reading your emails during transit but email drafts and decrypted autosaves will be saved in the clear to Gmail servers, encryption only takes places after you click on the “Encrypt” button, it will not protect you while you are composing the message, the developer also warns that it is possible for Gmail to get hold of the encryption password  monitoring the user when he types it in.

Another way to encrypt Gmail messages with GPG is using Thunderbird and Enigmail but it won’t work for webmail, or obtaining a digital certificate for your email client.

Visit Mymail-Crypt Chrome store homepage

Dislocker, a free tool to decrypt Bitlocker volumes

Dislocker is a Linux and Mac OS X computer forensics tool to read Bitlocker encrypted partitions, it can be used with FUSE (Filesystem in Userspace), a loadable Unix Kernel module, or without it, once the partition has been decrypted you can mount it as NTFS and read or copy everything.

Bitlocker is a Microsoft utility designed with businesses in mind to fully encrypt a hard drive, it is only available in Windows Ultimate, Enterprise and Server platforms, Windows 8 will include it too. The encryption key can be stored inside a Trusted Platform Module chip found in high end computer motherboards. Although there is not known Bitlocker backdoor most businesses will ask for a password recovery option, Bitlocker allows you to create a recovery key that can be printed or stored in external media.

Hard drive Bitlocker encryption

Hard drive Bitlocker encryption

Bitlocker uses AES encryption in CBC mode with an optional Elephant diffuser, the Full Volume Encryption Key (FVEK) will be the same size as the encryption strength used, i.e. when encrypted with AES128bit the FVEK is 128bits long, in AES256bit mode the FVEK is 256bits long and if the Elephant diffuser is used the encryption key will be 512 bits long.

Dislocker is not a tool to crack a Bitlocker encrypted drive, the idea is to help investigators who already own the recovery password, external key file (BEK) or a clear key to access the volume, other tools like Encase can already do that but they are not free like Dislocker. The only approach to break a fully encrypted drive is getting hold of the computer while it is switched on and extract the encryption keys from RAM or try to brute force the passphrase in case the user has been stupid enough to use a dictionary word.

Visit Dislocker homepage

Host a tor server entirely in RAM with Tor-ramdisk

Tor-ramdisk is a tiny Linux distribution (5MB) developed by the IT department at D’Youville College (USA) to securely host a tor proxy server in RAM memory, it can run in old diskless hardware and it will stop a forensic analysis from people stealing or seizing a tor server. In the event that a tor server is seized due to ignorance or calculated  harassment, and it would not be the first time, the end user would still safe because the chained nature of the tor proxy network makes it impossible to find out someone’s computer IP by seizing a single server but other data, even if meaningless, can still be recovered, running tor in RAM is an extra security step that can help convince people that the machine is merely acting as a relay as it contains no hard drive.

When a Tor-ramdisk server is powered down all the information is erased with no possibility of recovery, the tor configuration file and private encryption (torrc& secret_id_key) in between reboots can be preserved exporting and importing them using FTP or SSH making the life of a tor node operator easy.

tor server proxy diagram

tor server proxy diagram

One disadvantage of running a tor node entirely in RAM memory is that it can not host hidden services as that requires hard drive space, other than it is a fully functional entry,middle or exit tor node. I would advise you to block all ports (USB,Firewire) in the server with epoxy, there are computer forensic tools that can be plugged into the USB port and make a copy of the RAM memory on the fly. You might have heard about the cold boot attack where someone with physical access to a recently switched off server or computer can still retrieve data remanence from RAM memory, this is not easy to achieve and the recovery timespan is comprised of a few seconds.

Visit Tor-ramdisk homepage