Archive | Computer Security RSS feed for this section

How to know if your website is blocked in China

/ 27 November, 2010 / Computer Security / Permalink

Reasons to get your website blocked in China

The Chinese government has had the Golden Shield Project , 金盾工程 (aka Great Firewall of China) since 1998. Officially Chinese Internet filtering blocks access to websites containing:

  • Anti-social opinions and activities (decided by China censors)
  • Organizations and commentaries which are a threat to national security (Tibet, Taiwan, etc)
  • Pornography
  • Organizations and commentaries undermining the government’s policies on religion (Falung Gong)
  • Websites helping to circumvent Internet censorship

It is also possible that your website could be blocked in China by mistake, websites blocked by China ISPs are also likely to be deindexed from China based search engines and will not be shown in the results.

How China blocks websites on the Internet

It is not technically feasible for Chinese censors to examine all of the Internet content, the Chinese government blocks access to websites using firewalls and proxy servers at the Internet gateways of China’s ISPs.

Researchers from the University of California, Davis and University of New Mexico found out that the Great Firewall of China is not a true firewall since banned material is sometimes able to pass through several routers or through the entire system without being blocked.

Website filtering is done through and ad-hoc network without a centralized server it is possible for some web sites to be in one Chinese city and available accessing it from another region of China.

When the Chinese Internet filtering system detects a banned word travelling across the network it sends a series of commands to break the connection and block the access to the website. Chinese internet filtering looks for the use of banned words, this will encourage a certain level of self-censorship from Chinese surfers since they know that certain words are taboo they will choose a different topic altogether.

Filtering was particularly erratic at Internet peak times when more Chinese users were online.

For more information on China’s Internet censorship read ConceptDoppler: A Weather Tracker for Internet Censorship and OpenNet profile on China

Website banned in China

Website banned in China

 

How to reduce the likelihood of your site being blocked in China

  1. Do not post political material considered sensitive by the Chinese Government: Some obvious content susceptible to be blocked by the Chinese authorities includes references to the Falung Gong spiritual movement, Tiananmen Square protests, democracy in China, Taiwan independence and the free Tibet movement in between others.
  2. Get a dedicated IP for your hosting: This will reduce the chances of your site being blocked by accident due to using a shared hosting account hosting content banned in China in a different domain.
  3. Do not publish pornography: Internet pornography is forbidden in China and the Internet police will block access to your site if they find out your website distributes it.
  4. Get a webhost located in China: Chinese webhosts are more expensive and downtime might be higher than in other locations but they are also less likely to be blocked by the Chinese Internet filter.

Although administered by the Chinese government Hong Kong is not subjected to Internet censorship as it has special status.

How to check if a website is blocked in China?

Just-Ping: This service will ping a website from different locations across the world, including servers located inside China, if you notice a packet loss from those servers this could indicate that the site is not accessible in China.

ViewDNS China firewall test: This test checks for symptoms of DNS poisoning, one of the more common methods used by the Chinese government to block access to websites, the test uses test a number of servers from various locations in mainland China.

Watch Mouse: This service monitors your website access from various locations across the world, including tests using servers located inside China.

WebSite Pulse: This test will connect to your site and will download the complete HTML web page using various servers located across China, it will also report how long it takes to download.

GreatFirewallOfChina: Websites are tested used various servers located in mainland China, you will be informed whether the request has timed out, it failed (blocked) or it is reachable.

If you need to perform frequent tests on website accessibility or SEO from inside China you can use China based VPN, this will mask your real IP and make you appear like you are Chinese Internet surfer, there are various VPN providers offering a virtual private network in China, ironically you can also use the same VPN service to get around Internet filtering elsewhere and keeping your privacy online.

2 Comments

CryptoNAS to encrypt your Network Attached Storage data

/ 30 October, 2010 / Computer Security / Permalink

What is a Network Attached Storage device?

A Network Attached Storage, commonly known as NAS, is a centralized device dedicated to data storage used to share files over a network, either your own local home network or the wider Internet.

Network Attached Storage devices contain one or more hard drives and are networked with other appliances, NAS units are configured for file sharing between multiple computers. If they contain more than one hard disk they can be configured as a JBOD (Just a Bunch Of Disks), or in RAID to facilitate data back up and quick file access.

Small and remote offices and home networks they all normally use a NAS appliance for file sharing, NAS drives have software that can be set to automatically back up every computer on the network and they can also be used as a servers but very few of them include data encryption capabilities.

The NAS operating system and other software on the NAS unit provides the configuration and management of the data storage and access functionalities.

Network Attached Storage device aka NAS

Network Attached Storage device aka NAS

CryptoNAS Network Attached Storage encryption introduction

CryptoNAS is a multilingual Debian based Linux live CD with a web based front end that can be installed into a hard disk or USB stick. CryptoNAS has various choices of encryption algorithms, the default is AES, it encrypts disk partitions using LUKS (Linux Unified Key setup) which means that any Linux operating system can also access them without using CryptoNAS software, and if you use Windows you can use FreeOTFE to read Linux encrypted partitions .

CryptoNAS configuration and settings

CryptoNAS provides two packages: CryptoNAS-Server and CryptoNAS-CD

The CryptoNAS-Server: Targeted at network administrators and it adds hard disk encryption to a file server (running Samba, NFS, DAV, etc.).

The CryptoNAS-CD: Targeted at home users and it allows for easy NAS device encryption and browsing through a web interface.

CryptoNAS default username and password are admin:admin you should change both as soon as you have it installed. The next step is to create a configuration partition for CryptoNAS settings to be stored, after that you can enable disk encryption, format the hard disk using your file system of choice and enter the passphrase to be used, CryptoNAS will start encrypting the hard disk straight away, you will be able to see the progress clicking on status.

CryptoNAS interface

CryptoNAS interface

Your router will need to be in the same subnet, which means its IP needs to be 192.168.0.1. Check the default gateway address through the network connection details, log into your router and change the address in the LAN/network settings if necessary.

To access CryptoNAS through your web browser use https://192.168.0.23 you will get a message warning you about a problem with the security certificate since CryptoNAS uses a self-signed certificate, ignore it and go ahead.

If you switch off the computer where CryptoNAS is running the encrypted hard drives on your NAS will shut down and it will be inaccessible until you reopen it again entering the correct passphrase. You must remember that as long as CryptoNAS is running with the disks mounted the data is unencrypted and the encryption key held on RAM memory, only if someone disconnects your NAS device (i.e. NAS device gets stolen) or you turn it off encryption will secure your data.

Alternatives to CryptoNAS

  1. Use stand alone free open source encryption software like DiskCryptor or Truecrypt to encrypt your NAS hard drive and mount them on request.
  2. Use a NAS device that comes with encryption integrated, QNAP, Seagate and Synology all have AES256 encryption for some of its high end Network Attached Storage products.
  3. Use FreeNAS, a free open source NAS distribution based on FreeBSD that also allows for encryption of NAS hard drives.

Visit CryptoNAS to download the NAS encryption live CD

0 Comments

How to crack a .zip or .rar password protected file?

/ 10 October, 2010 / Computer Security / Permalink

How secure is Winzip and Winrar encryption?

Both programs WinZip and WinRar use AES (Advanced Encryption Standard) for encryption, when implemented correctly and in conjunction with a long alphanumerical hard to guess passphrase, the AES cipher is impossible to crack in a reasonable amount of time, that means in your lifetime.

State sponsored agencies are also not able to crack a password protected Zip or Rar file if this has been encrypted with a hard to guess pass, the law of mathematics just like the law of physics, is equal for everyone.

Recovering a password protected .zip or .rar file

The only known method to recover a forgotten password from a password protected .zip or .rar file created using the latest WinZip and WinRar versions, is to use a brute force attack. In a brute force attack an automated software will use up all of the dictionary words and run all of them attempting to match the file password.

Knowing if special characters and numbers were used in the passphrase, as well as knowing the length of the password, is very helpful while setting up the program to launch a brute force attack against the encrypted .zip or .rar file.Cracking a .zip file protected with encryption can take minutes, months or a hundred years, depending on processing power and how hard to guess the password is.

Services to crack encrypted .zip files

CloudCracker:  A cloud based service for cracking WPA/WPA2 keys, CloudCracker offers brute force dictionary attacks against password hashes, wireless network keys and password protected documents, you could do this yourself in your computer but this service gives you access to an online cluster speeding up the process.

PWCrack: This password cracking service covers .zip encrypted files and PKZip files. Normally they will test a dictionary attack and brute force passwords up to 7 characters long.Password Crackers Inc. also offers services to crack many more different kind of encrypted files.

ElComSoft distributed password recovery

ElComSoft distributed password recovery

Software to crack password protected .zip files

Advanced Archive Password Recovery: This commercial software from ElComSoft helps you crack .zip and .rar encrypted files. They claim cracking archives created with WinZip 8.0 and earlier is possible in under one hour by exploiting an implementation flaw. For.zip or .rar files encrypted using the AES algorithm a brute force attack will be launched.

Passware Kit Enterprise: This a professional solution and not targeted to end users. Password Kit Enterprise supports cracking of multiple different files, from encrypted .zip and .rar up to launching brute force attcks on fully encrypted disks using TrueCrypt. Passware Kit EnterPrice can use multiple core CPUs and nVidia GPUs to speed up the dictionary attacks.

LastBit: This company makes a full range of password recovery software to help you bring back forgotten passwords on ICQ, Skype, Firefox, PDF, PowerPoint, Zip and many more applications. Various Lastbit products support rainbow tables which considerably speeds up dictionary attacks.

Zip Password Tool: An easy to use password recovery tool that works launching dictionary attacks on encrypted ZIP compatible software. It supports AES file encryption cracking and you can customize the brute force attack with special characters and national symbols, there is also a password recovery progress bar.

Zip Password Tool cracking .zip password

Zip Password Tool cracking .zip password

Tips to help you recover passwords from encrypted files

The following information will be of great use when launching a brute force or dictionary attack against any kind of password protected file or disk.

Find all the other passwords you can from the PC, notes around the computer and things someone might have saved in their web browsers and the Windows password, many people use the same or similar passwords everywhere.

By collecting all of the user passwords you will be able to observe a password pattern, like how many characters are normally used to create a password, names of cities, pets or family members being used, capitalizing of the first letter, etc, you can then customize your cracking software and set it up to use the same password pattern that the user normally adopts.

WinZip does not hide the encrypted filenames, you should be able to list them, unless they packed an archive inside an archive, that might give you a clue about the contents and whether it is worth to try and crack it or not. Notice that WinRar however, has an option where the user can encrypt the filenames, although this is not active by default and a checkbox needs to be ticked.

Cracking Zip file encryption from versions earlier than WinZip9.0 is easy and there is no need for a brute force attack as there was an implementation flaw in the encryption. Since WinZip version 9 and above .zip files are protected using 128 or 256 bit AES and with a sufficiently complicated password finding it out will be impossible.

Dictionary attacks for a long password with characters outside of 0-9 and A-Z are very slow, when you plan a dictionary attack on an encrypted .zip or .rar file, limit the yourself to alphanumerics unless you are certain a special character was used to create the password.

Another approach is to scan the disk for all words and then try them in different upper and low case combinations against the encrypted file.

Conclusion about security of encrypted .zip and .rar files

The latest versions of WinZip and WinRar both use AES128 or 256 bit for encryption, this cipher is a security standard and safe from cracking as long as the password is sufficiently long and contains upper and lowercase letters, special characters and numbers.

The weakest link in .zip and .rar encrypted passwords is you, avoid reusing your passwords anywhere else and writing them down, with the exception maybe being a password manager you trust.

Make sure that you only encrypt .zip and .rar files with WinZip9.0 and above and Winrar3.0 and above as earlier versions have some vulnerability.

There are many companies out there promising to crack files encrypted with WinZip and WinRar, and they all rely on the same, either you using an old version of the file compression software, or you choosing a weak and easy to guess password, as long as you cover those two vulnerabilities, you are safe using WinZip or WinRar for encryption, my first choice would be WinRar since WinZip does not support file name encryption.

0 Comments

Free keylogger protection Neo’s SafeKeys

/ 16 September, 2010 / Computer Security / Permalink

Screen capture keyloggers security

If are conscious about computer security or are using a public computer in an internet cafe or library, using some kind of protection against keyloggers is a must have.

A keylogger can easily capture your Yahoo mail and Gmail passwords as well as banking passwords, anything you type in your keyboard could be logged and stored by someone you don’t know.

Neo’s Safekeys keylogger protection is a virtual keyboard that works with the mouse and will protect you against malicious hardware and software keyloggers.

Do not be fooled by the Windows on-screen keyboard as it performs software key presses each time you click an on-screen key and even the most basic keylogger will capture everything you type using it.

Neo’s SafeKeys keylogger protection main features

Password drag and drop keylogger protection: This feature allows you to tansfer your password dragging and dropping the password from Neo’s SafeKeys to the destination program, there are no keyloggers at present that can capture a password while dragging and dropping it.

Keylogger screenshot protection: Neo’s SafeKeys keylogger protection protects you against screenshots being taken ofyour mouse movements, Neo’s SafeKeys introduces a protective transparent layer on the virtual keyboard, if any malware is taking screenshots they will only see the protective layer and not the virtual keyboard buttons, screenshots taken using Windows commands do not see the transparent Windows, Neo’s SafeKeys will always remain at least 1% transparent.

Field scrapping keylogger protection: Some commercial keyloggers can grab passwords from password fields using Windows API commands, Neo’s SafeKeys keylogger protection will keep your password away and it will never store it behind the asterisk mask in Windows fields.

Neo's SafeKeys keylogger protection

Neo's SafeKeys keylogger protection

Mouse positioning keylogger protection: Mouse position logging is often used to defeat people using the banking websites on-screen keyboards, each time you click the coordinates of your mouse are captured, since the virtual on-screen keyboard always has the same dimensions the malware can then learn what on-screen keys you clicked on.

Neo’s SafeKeys will always start in a different position on the screen and its height and width will also change. You can also use a button named Resize SafeKeys to reset your virtual keyboard dimensions.

Clipboard keylogger protection: Most malware is able to capture data copied to Widnows clipboard, that includes even passwords. Neo’s SafeKeys never uses the clipboard for anything, ever.

Neo’s SafeKeys keylogger protection extrea features

Neo’s SafeKeys allows for the creation of customized keyboard layouts, your settings (not the passwords) will be stored in a NSKconfig .ini file, you can copy it and edit to your own taste until you get the keyboard layout you want.

You can use Neo’s SafeKeys as a portable notepad, disabling the password mark you will be able to see anything you enter.

Hardware keylogger plugged in PS2 port

Hardware keylogger plugged in PS2 port

Hardware keyloggers like the one pictured above are notoriously hard to detect, antivirus will not find them and they work in all operating systems.

Visit Neo’s SafeKeys free keylogger protection

0 Comments

Review TrulyMail, secure email encryption client

/ 12 September, 2010 / Computer Security / Permalink

Review TrulyMail Portable 2.7.9

TrulyMail wants to be a secure email replacement and it allows for easy sending of encrypted emails, including encryption of email subject, body and attachments, as well as return receipts, automatic digital signatures and cacellation of messages after they have been sent (and not read).

TrulyMail good points

TrulyMail stops spam easily because it is invitation based (similar to whitelisting), you know the sender of the message is the real sender and you can track which messages were received by the recipients and which were not, TrulyMail knows when your messages are delivered.

This E-mail client for encrypted communications also has advanced message management features like an enhanced address book, email filter, spell checker, HTML email messages, colour coding message tags, voicemail messages and delaying the sending of your message for some time. Another great feature at TrulyMail is that it will read your emails out and loud with a robotic voice with just the click of a button.

I found very useful that TrulyMail has a portable version, this allows for installation of the email client in a USB thumbdrive and the possibility of sending encrypted email from a public computer minimizing the risk of interception by the network administrators.

TrulyMail is also compliant with the HIPPA, a US law that requiring healthcare professionals to communicate protected health information securely so that nobody can intercept it.

TrulyMail interface secure email client

TrulyMail interface secure email client

TrulyMail bad stuff

If you want to send an email to someone using another email client they will have to give it up and download TrulyMail instead, although the developers claim to be working on a message viewer for those not using TrulyMail.

This secure email software only works in Windows and since your friends will need to be using TrulyMail to read your encrypted messages, this means that anyone using a MAC or Linux computer will not be able to receive your encrypted emails. The interface is only available in English (US), and the software it is not open source.

TrulyMail Email client update

TrulyMail Email client update

Review TrulyMail Conclusion

This free email client makes it easy to send and receive encrypted email messages to your friends, if you know nothing about how PGP/GnuPGP works and want to email data securely then TrulyMail will fulfil your needs.

However, the problem I see is that both parts need to be using TrulyMail email client, you could as well learn about how PGP email works or download ThunderBird and the Engimail plugin this way it won’t matter what email client your friends are using, as long as they can decrypt PGP messages. I can not see myself telling my contacts what email client they must use and I also like to have control over my encryption keys.

Even if you do not use encryption, TrulyMail still makes for a great free email client with some very nice features.

Visit TrulyMail, for free email encryption

0 Comments

How long should my password be? Minimum password length suggested

/ 23 August, 2010 / Computer Security / Permalink

We should start talking about passphrases and not passwords, according to one Georgia Institute of Technology study any a password shorter of 12 characters is vulnerable to attack, the length of your password, as well as quality, like using a combination of alphanumeric characters, does matter a lot when it comes to computer security.

A standard English keyboard has 95 letters and symbols and you should be taking advatadge of them to write full sentences as your password. Knowledge about a user may suggest possible passwords (such as pet names, children’s names, etc), hence estimates of password strength must also take into account resistance to this attack as well.

Password box

Password box

The ideal password length is 12 characters

The Georgia Tech Research Institure study on brute forcing passwords suggests a 12 characters password length in order to strike the right balance between convenience and security. Assuming a hacker can try 1 trillion password combinations a second, it would take him 180 years to crack an 11 character pass, this number would increase to17,134 years to crack a 12 character password.

How to create a strong password?

  • Include numbers, symbols, upper and lowercase letters in passwords.
  • Avoid any password based on repetition, dictionary words, letter or number sequences.
  • Use capital and lower-case letters.
  • Password must be easy to remember for and not force insecure actions like writing it down on notes.

According to one of the study authors if an attacker wants to crack many passwords quickly, once he’s built a rainbow table it might then only take about 10 minutes per password rather than several days. A rainbow table encodes the hashes of the most common passwords and uses that database to quickly run it against your hidden password.

Solutions to create secure passwords

Instructions to create the best random password possible: Diceware

Store your passwords encrypted online: LastPass

Free secure password manager for desktop computer: KeePass

0 Comments

Use a VPN on a computer without admin rights

/ 5 July, 2010 / Computer Security / Permalink

If you have to move around between computers, are using a college or work computer and have no admin rights and want to use a VPN to get around internet filtering you will find that OpenVPN needs administrator rights to be installed. There is a work around for this, simply use a portable VPN on a USB drive, which combined with a portable internet browser will also stop traces being left in the host computer.

You can bypass your workplace and library internet filtering with a virtual private network, as long as you can install a USB thumbdrive you will be able to launch the portable VPN or SSH tunnel, that will get around any logging, not even visited sites will be seen by the admin.

Portable VPN applications

OpenVPN portable (Free): OpenVpnPortable is openvpn and a modification of openvpn-gui as a portable app, so you can connect to your vpn on any computer. It is open source and free, for this portable VPN to work you will need to have your VPN provider digital certificates.

PortableVPN ($/€): This application allows to establish a VPN connection while using a computer without admin rights. You do not need to configure anything other that the portable VPN, it also allows for a portable PPTP. This application is also U3 capable for USB thumbdrives with U3.

Portable SSH tunnel

KiTTY: KiTTY is a fork of the well known SSH client PuTTY, KiTTY does not require any installation and you can use it easy with and SSH provider or your own SSH proxy server, place the portable SSH client on your thumbdrive and configure your browser to do all the surfing through the anonymous tunnel.

Recommended VPN: iVPN (Disclaimer: Affiliate code included)

Use a VPN without admin rights

Use a VPN without admin rights

0 Comments

Comodo Secure DNS Review

/ 24 June, 2010 / Computer Security / Permalink

Comodo Secure DNS’s server infrastructure is spread around five continents, your DNS requests will be answered by the closest available set of servers. I swapped my ISP DNS for Comodo Secure DNS nearly a year ago and everything has always worked fine, I have never experienced any downtime and the DNS resolution speed is excellent.

When you come across a parked domain name Comodo Secure DNS will block it and warn that the page is parked, you will shown a Yahoo search box, the same blocking page will appear for 404 page not found URLs (typos, non existent domains), Comodo finances their free DNS service redirecting all 404 traffic to their Yahoo search, it is not intrusive and nobody forces you to use it. But not all parked domains are blocked, just a few number of them, my guess is that Comodo marks as parked all domains using DNS belonging to a domain parking company and if they don’t use it Comodo Secure DNS will not detect them, over 50% of parked domains get through their filter.

Domain Name Server diagram

Domain Name Server diagram

Comodo Secure DNS review conclusion

Setting up Comodo DNS is really simple, their site has easy to follow instructions with screenshots for all operating systems, I have run a benchmark on Comodo DNS service using NameBench and their servers get top results all the time. The only downside I see to Comodo Secure DNS is that their filtering of parked domain names should be optional and there is no way to change this.

Customization options for Comodo Secure DNS do not exist, if you need a family filter, you will be better off with OpenDNS.

Change DNS to get around ISP censorship

If you travel to a country that filters the internet, like China, Arabia Saudi or Australia, a VPN might not be enough to bypass ISP internet filtering and you will have to change the router Domain Name Servers given by the local ISP, it happened to one of my friends going to China for a week, Comodo Secure DNS together with VPN4All bypassed the Great Firewall of China but using only the VPN did not work.

Visit Comodo Secure DNS homepage

0 Comments