Archive | Computer Security RSS feed for this section

Encrypt DNS traffic to stop man-in-the-middle attacks with DNSCrypt

/ 22 December, 2011 / Computer Security / Permalink

 Encrypt DNS requests

DNSCrypt is an open source tool from OpenDNS to prevents man-in-the-middle attacks, like snooping by Internet Service Providers. For those not familiar with OpenDNS, the company provides free Domain Name Servers that can be used to increase your online privacy by not using your ISP DNS, filter and block content at DNS level or  stop DNS leakage when using a VPN, .

This new tool encrypts DNS look ups from your machine to the DNS server, anyone sniffing traffic will not be able to see what is being requested, just like SSL turns HTTP traffic into encrypted HTTPS, DNSCrypt does the same with DNS requests. It should make life more difficult for Governments using DNS to spy on citizens, countries like China for example, can block the pages you at DNS level, even if you use a VPN to circumvent Internet filtering it might be necessary to change the ISP DNS server for it to work. However, state sponsored Internet censorship normally employs more than one method to block websites, DNS is just one of them.

OpenDNS NetGear router settings

OpenDNS NetGear router settings

Changing your DNS settings to another provider will not cause any kind of overhead, it might be even quicker than your ISP DNS, I have been using Comodo DNS for well over 2 years with no problems at all, it will also work if you are using a VPN, you should take DNSCrypt as an extra layer of security to your web browsing experience. TCP traffic can be enabled over port 443 (used for HTTPS) in case an external firewall mangles Internet traffic, OpenDNS warns that encrypted DNS reliability is not as good as their insecure DNS servers, if you experience slow downs switch back.

DNSCrypt is complementary to DNSSec, which only provides authentication and chain of trust, but not encryption for DNS records, they both can work together and experience no conflicts, DNSCrypt claims to be using elliptical cryptography for DNS requests consisting in two public encryption keys communication.

Note: DNSCrypt is only available for Mac computers, a PC version is being worked on.

Visit DNSCrypt homepage

2 Comments

Secure Profile password protect Google Chrome profile

/ 22 December, 2011 / Computer Security / Permalink

Password protect Internet browser

Secure Profile is a Google Chrome addon that allows you set up a password to protect your entire Goggle Chrome profile, this is much better than other Chrome privacy addons like Link Password, which only encrypts your bookmarks. After entering a password inside Secure Profile options, before anybody can use your browser they will have to enter the password too, this extension can be used to stop people from using your Internet browser. Different profiles can be set up, all of them with a different password.

You could use one profile/personality to visit certain sites, like news, and switch to a different profile for sites like porn, the advantage would be that tracking cookies on that specific profile will be isolated from others.

Google Chrome Secure Profile addon

Google Chrome Secure Profile addon

This addon also protects your browser in Incognito mode when Google Chrome runs in RAM. It could be of use when sharing a computer at home to make sure everyone has their own settings and cookies, this is an easy solution to stop a noisy person from looking at your browser settings and history.

Visit Secure Profile Chrome addon homepage

0 Comments

How cryptographic hashing functions work

/ 20 December, 2011 / Computer Security / Permalink

 Hashing algorithms

A cryptographic hash function is a one-way computational mathematical operation (aka checksum or digest) that takes a stream of data and returns a fix sized bit string known as cryptographic hash value, this value is unique, any small modification to the file will change it, for example, modifying a single pixel on a photograph will not be noticeable by the human eye but a cryptographic hashing of the picture will return value differing from the original.

Cryptographic hashing algorithms are widely used in computer forensics to guarantee that files have not been tampered with, it can be compared to a digital fingerprint, security related software and Linux distributions normally come with a hash value, the user is meant to use a special program to calculate a hash value resulting from file he has just downloaded and make sure that it coincides with the string listed by the developer, if it doesn’t it means that the file been changed by someone or accidental data corruption occurred during the download, when two files have the same cryptographic hash value it is guaranteed that they are identical.

Hash function diagram

Hash function diagram

Hashing a file does not mean to encrypt it, cryptographic algorithms used for encryption are totally different from those used for hashing files, encryption software like Truecrypt, gives two algorithm choices, one for encrypting the data and another to hash the user keyfile or password. Another use of cryptographic hashes is password storage, encryption software does not store user passwords in plain text, it creates a cryptographic function of a password, when the user wants to decrypt the data the software performs that operation again, if the cryptographic hashes coincide it then decrypts everything.

SSL certificates contain a cryptographic hash to show its uniqueness, certification authorities use a hash algorithm to generate a certificate signature. Hashing algorithms can also be used to compare text, if the values coincide it assures content integrity this guarantees the receiver that the message has not been tampered with, in addition it is impossible to recreate the original message out of a hash string.

Note: Flaws have been found in the MD5 algorithm, The United States Computer Emergency Readiness Team (US-CERT) considers the MD5 algorithm broken and unsuitable for use, the MD5 hashing algorithm should not be used in SSL certificates and digital signatures. Most U.S. government applications require SHA-2 hash functions (SHA-224, SHA-256, SHA-384, SHA-512), SHA-2 has been designed by the National Security Agency (NSA) and stands for Secure Hashing Algorithm.

Cryptographic hashes and law enforcement

Law enforcement agencies and RIAA sponsored investigators use hashing algorithms to track down those sharing illegal files in P2P networks, in the case of law enforcement, when they seize child pornography images, they automatically hash photos and videos storing the hash strings on a database,these unique values are compared with the cryptohashes of other previously seized files to see if it matches any of them.

There are USB thumbdrives that can be plugged into a computer to scan its hard disk in search of files whose unique hashing algorithm matches one of the child pornography files previously seized, in a matter of minutes and without visually looking at the content law enforcement personnel can detect this kind of material, the same automatic software helps law enforcement to classify these images, when a new image not in the hashing database is found the software marks it for manual inspection to assess it.

Law enforcement also owns specialist software that analyses P2P networks attempting to match a cryptographic hash file to one of those in their database of banned child pornography images, with very little supervision it is possible to detect child pornography, once a file has been flagged it is brought to the attention of an officer to start the process of tracking down the IP and gathering further evidence, the only flaw this has is that if someone modifies one of those photos using a graphics editor giving it a little more/less brightness, then the cryptographic files will not coincide. Software like ssdeep attempts to plug that gap by using a technique known as fuzzy hashing, this method can match cryptographic hashes of very similar files, if someone changes a single bit on a file, it would still pick it up, extreme file changes would not, the same technique can be used to detect similar malware files.

RIAA sponsored companies can use cryptographic files to track down people sharing copyrighted material on P2P networks too, during their evidence gathering they will include a file hash value, if the case ever goes to court, after seizing the user’s computer, that unique hash string compared with the files in the computer will be solid evidence of guilt. Computer forensics software like Encase can create a cryptographic function of a computer hard disk as proof that the data not been tampered with when that hard disk gets to court or defence attorney.

P2P network diagram

P2P network diagram

In order to make it more difficult for intellectual rights owners to prosecute violators, a new peer to peer system using Distributed Hash Table (DHT) to defeat automatic tracking systems has been implemented in BitTorrent and eMule (changing default settings is needed), instead of names, DHT uses hashing algorithms to index files, it makes it harder for the user to find the files he wants but adds an extra layer of privacy to filesharing, although not enough to make it impossible to track the infringer, DHT does not hide an individual’s identity.

List of free hash and checksum calculators

To cryptographically hash a file you will need to obtain special software to do that, select the file you would like to hash, from a 1bit file up to a full hard disk, choose the algorithm of your choice and hash it, the same software can also allow you to verify that hashing algorithms coincide (aka integrity check). If you do not want to download software, websites like Hashemall allow you to compute hashes online.

FeeBooti: This free cryptographic hash value generator can computer all the common hashing algorithms (CRC32, MD5, Whirlpool, RipeMD160, SHA512, etc), simple to use interface, file integrity checksum for files of unlimited sizes, simultaneous checksum calculation using different algorithms, it copies hash values to Windows clipboard and integrates into windows property pages.

Multihasher: Portable hash value calculator supporting CRC32, MD5, SHA1,SHA256,SHA384 and SHA512. It can be used for hash file verification and upload files to VirusTotal querying its database to find out if the file is malware. Multihasher integrates with Windows Explorer context menu, supports Unicode characters, file drag and drop and much more.

Free checksum tool MultiHasher

Free checksum tool MultiHasher

HashGenerator: Beginner friendly application that can be installed or used as portable, to generate a hash file you simply right click on it using the context menu options or use the drag and drop feature. It computes 14 different type of checksums and can export a list of hashes to an HTML or .txt file.

MD5Deep: Command line open source hashing tool for Windows, it can be compiled for other systems like Linux and BSD, MD5Deep can compute MD5, SHA-1, SHA256, Tiger and Whirlpool message digests, it can process regular files or block devices, it can recursively dig through the directory structure. This tool is best avoided by beginners.

0 Comments

Create your own home VPN network with Comodo Unite

/ 18 December, 2011 / Computer Security / Permalink

Team Viewer alternative

Comodo Unite is a secure virtual private network (VPN) that can associate an unlimited number of computers,  connected PCs can talk in between them and exchange data, all that is needed is that they have the software installed, it can be used to access your home computer from work and retrieve or send files. The system could be compared to a form of private messenger where communications are encrypted and only those with an invitation can join the network with the added advantage of being able to control remote computers if enough rights are given. Software like Comodo Unite is ideal to help others troubleshoot computer problems over the Internet, it will allow you to remotely control their desktop, including applications and Internet browser, with just a couple of clicks.

When you create a network, unless it has been marked as public, membership requests will need to be approved, or if the other end has been given a password, he can automatically join the private network after which he can be assigned administrator rights. Comodo Unite can also communicate with 3rd party IM programs like Windows Messenger, Google Talk, Yahoo Messenger, ICQ and Facebook chat, Comodo Unite imports the settings of your already installed favourite Instant Messenger program and allows you to chat as you normally would do without having to swap client.

Comodo Unite home VPN network

Comodo Unite home VPN network

 

Home virtual private networks can be of use if you travel abroad and do not want to take certain files with you, however something VPN software can not do is to switch on the remote computer, you will have leave the computer booted up at all times. Remote authentication is made using a password, digital certificate or both. A web based interface allows administrators to manage a Unite network from any computer with Internet access.

Communications take place P2P with no central server logs, but make no mistake, this is not an anonymity tool, it will keep a third party from spying on your encrypted chat sessions and data transfers, but the other end will know your computer IP at all times and they will also know the computer you are connecting to. The software is free for non commercial use and it has a very complete easy to understand online help manual with screenshots.

Visit Comodo Unite homepage

0 Comments

Encrypted data backup with Powerfolder

/ 17 December, 2011 / Computer Security / Permalink

SpiderOak alternative

Powerfolder is a free program for Windows, Mac and Linux to securely share, sync and backup your computer files, locally or in the cloud, if you choose to backup your data online you will be offered a free account with 1GB of free space, this is not necessary as the program can be used to do offline backups, if you decide to use the cloud option all data transfers will be encrypted using SSL (transfer) and AES (storage), to open an online account only requires entering an email address, which does not need to be verified, and the password of your choice.

Powerfolder interface is easy to use, skinnable and with lots of configuration options, the software can be used to synchronize data in between computers on a LAN (Local Area Network) with real time data sync status showed on the screen, you can choose what to backup with a simple tick on a checkbox next to each folder.

PowerFolder encrypted data backup

PowerFolder encrypted data backup

To share files online you just need to go to the Folders tab and follow the wizard where you will be offered what files to share and where to send an invitation key, in order for someone to access your data they will need to enter that secret key first. PowerFolder cloud storage can be accessed through the iPhone or Android through a specially made mobile portal (m.powerfolder.com), browser file downloads are made using an encrypted SSL connection, you can view and play audio files online too. Powerfolder software scans local folders for changes and uploads/erases the data as necessary, bandwidth taken by PowerFolder can be limited, a proxy and specific ports chosen, the plugins tab lets you configure advanced settings, like adopting UDT connections instead of TCP, encryption security level and setting up a dynamic DNS.

I would have preferred it if the help manual wasn’t only available online, and the free 1GB online space is not enough to hold all of my important data, I could not find any other flaw to this very fine secure data backup software.

Visit Powerfolder homepage

2 Comments

Google Chrome Ghost Incognito extension for privacy mode

/ 15 December, 2011 / Computer Security / Permalink

Internet browser privacy mode

Ghost Incognito is a Chrome browser extension to make sure that certain websites are only opened in Incognito mode, Incognito mode (aka private browsing) in Google Chrome is activated using the CTRL+Shift+N and it stops your Internet browser from locally storing information about the websites you visit, like cookies, cache or history, all of your activities run in RAM memory and once you close the browser everything is gone for good. Firefox, Internet Explorer and Opera all have a privacy browser mode.

Ghost Incognito Google Chrome

Ghost Incognito Google Chrome

The main benefit of Ghost Incognito is that you can browse the Internet normally at work or school and have the browser configured to visit sites like Facebook only using privacy mode avoiding leaving any recoverable passwords, usernames and Internet history in a public computer. By default, all porn .xxx domain names will open using Incognito mode. When you type a URL that has been set up to run in private mode a new window automatically opens, but I noticed that the first typed URL triggering Incognito mode is remembered by the browser, this is a flaw that I hope the developers can fix in next releases, another possible problem is that the URLs you have added to Ghost Incognito extension configuration will be visible by anyone with access to your Internet browser, I can see this extension being useful for a portable Google Chrome browser but not much more.

Visit Ghost Incognito Chrome extension

0 Comments

Modify files and folders timestamps with NewFileTime

/ 11 December, 2011 / Computer Security / Permalink

Change folder timestamp

NewFileTime is a small Windows utility to easily change files and folders timestamps, the application doesn’t need any installation, it can be run from a USB thumbdrive in portable mode and lets you change the Modified, Created and Accessed timestamps (day,month,year and time). To change a file or folder Created and Accessed date it is as easy as dragging and dropping the file inside NewFileTime main window or manually selecting the files using the import button. Its best feature is that you can add multiple files and folders and change all dates at once.

NewFileTime change file folder timestamp

NewFileTime change file folder timestamp

The menu lets you to quickly add and subtract hours or days to the file timestamps using one of the preset values, timestamps can also be exported or imported using the txt button. Overall this program does what it says on the tin with and you won’t need any administrator rights to run it. There are other free utilities to change a Windows file timestamp like Mooo TimeStamp or Timestamp modifier but I have found NewFileTime to be the easiest to use.

Visit NewFileTime homepage

0 Comments

Brute force advanced password recovery with HashCat

/ 8 December, 2011 / Computer Security / Permalink

Brute force password recovery

Hashcat is a free brute force attack tool (aka password cracker) to perform security audits on database password hashes or recover forgotten passwords, it is available for Linux and Windows, unlike the better known command line only dictionary attack tool John The Ripper, HashCat comes with an interface (aka GUI, Graphical User Interface). After downloading Hashcat you will need a password list (aka wordlist), you can download one from OpenWall. A common approach to recover a forgotten password is to try and guess it using dictionary words, the time to crack the password is linked to its length in bits, the most difficult to crack passwords will have been made up using a lump of special characters, punctuation signs and capital/small letters.

Brute force tool HashCat

Brute force tool HashCat

HashCat is not only a dictionary attack tool, it can use precomputed hashes, using a pre-computed dictionary made up of hashes saves time when cracking passwords because the the words have already been converted into hashing algorithms which is how passwords are stored. This kind of brute force attack can be slowed down when cryptography uses a technique to force all password entries to be recomputed at each try, in cryptography this is called salt.

The more you know about the the password constitution the quicker it will be to crack it, HashCat lets you specify password length, you will also want to determine the hash mode, encryption software use different hashing algorithms for password storage, the algorithm used is normally found within the software technical specifications. Computer graphic cards with a processor (Graphics Processing Unit, GPU) can notably speed up password cracking efforts, HashCat takes advantage of them being able to use up to 16 GPUs. Finding out a hard to guess password out of a hashing algorithm is not easy with just a single desktop computer, when the opponent has access to supercomputers or botnets, if the passwords is weak, a couple of days might be all one needs.

Visit Hashcat homepage

0 Comments

Real time antispyware protection Spyware Terminator

/ 28 November, 2011 / Computer Security / Permalink

Lavasoft Ad-aware alternative

Spyware Terminator is a small memory footprint real time anti spyware scanner, it can be configured to do a quick, full or custom scan excluding trusted selected folders which will speed up the scan. You are likely to get lots of hits after the first scan as all Internet browser tracking cookies will be flagged as spyware, tracking cookies are not an extreme privacy concern like real malware that hijacks your computer, but they are better off erased. The software interface is clean and easy to use, with its main window showing only three tabs from where you can perform everything you need besides options configuration that is only used once in a while.

Scanner reports are stored for reference and easy to understand, threats are rated and classified, helping the user get an idea of what steps to take next, antispyware scanning can be scheduled, it is probably best to set it up once a week, this is a reasonable timeframe for a home user to get rid of tracking artefacts acquired during normal Internet browsing.

Free antispyware Spyware Terminator

Free antispyware Spyware Terminator

Before uninstalling something SpywareTerminator will create a restore point, if you make a mistake by going to Tools>System Restore the system can be restored to what it was before, if you have doubts about a file already in your computer you can manually select it and force a hard scanner, if you come across a locked file that can not be erased SpywareTerminator lets you select it through the interface. A common trick used by spyware is to change file permissions to lock the file so that users can not erase them, permissions can be changed using Windows right-click but this is not easy to find for the average user.

During installation you will offered to install a toolbar called Web Security Guard Toolbar, similar to Web Of Trust, allowing users to rate websites and warning you of sites flagged by people as dangerous, this is a nice addition but can be easily rejected, the default is to install it, you will have to uncheck the box. The paid for version of Spyware Terminator can be integrated with F-Prot antivirus engine, has high priority updates and other tools like junk file scanner, start up fine tuning to speed up the boot up process and an Internet browser addon scanner, support is provided by phone and email.

Visit SpywareTerminator homepage

0 Comments

List of hacking and surveillance techniques used by Governments

/ 20 November, 2011 / Computer Security / Permalink

Government hacking techniques

A list of normally secretive companies and products used by over 150 Governments from around the world to spy and hack into people’s computers has come to light thanks to the Wall Street Journal Surveillance Catalog project, these confidential brochures explain what products are used by Governments for mass surveillance, some of the prospectuses have been partially blacked out as specific technical information is only available to authorised law enforcement personnel.

The surveillance tools are sold to law enforcement agencies and some corporations, its legality depend on the laws of the country where they are being applied, the tools have often been found in the hands of repressive regimes like China or Iran, since censoring of the web and mass spying is allowed in those countries, it is perfectly legal.

Note: In addition to these private contractors products, well resourced countries also develop their own custom hacking tools in-house.

Software for Internet surveillance

Mobile phone tracking: Septier Location Tracking provides mobile phone tracking, lawful interception and intelligence gathering analyzing and retaining location data from mobile phone networks, it uses triangulation to find out where a mobile phone is, a technique that looks at the signal strength in between a phone and a mobile phone tower to determine its location, the system can handle all modern mobile networks like 3G, GSM, Wi-Fi, WiMax, etc.

Linguistic  Analysis: A company called Expert System Semantic Intelligence has semantic software called Cogito that is capable of searching linguistic data using strict parameters, categorize data and extract entities like people and organizations, after data has been sifted through events are flagged, further parsed for early warning indications, ranked and then extracted and categorized.

Social network analysis: Intellego studies the relationships in social networks, representing emails, websites and targets as nodes then interlink them with other nodes showing a graphic of all the links. The diagram shows a clear picture of the network communication. This kind of analysis does not necessarily involve public data in Facebook, it can involve private data analysis, it allows the investigators to easily spot target’s relationships.

Social network analysis

Social network analysis

Installing trojan horses: FinFly ISP can disguise a trojan horse in the form of popular software like updates for the Firefox browser, Adobe Flash or Java, once the user agrees to update this as he often does, a trojan horse that sends private data to a surveillance agency and is not detected by any antivirus is downloaded to his computer. This British company (Gamma Group) claims that it can work with an ISP to distribute a trojan horse to users. Its latest product, FinFly Web, can infect targets with a trojan on-the-fly by just visiting a website.

Deep packet inspection: OnPath technologies claims to provide “lawful interception” of Internet communications taking all the traffic from the Internet backbone (ie. ISP) and funnelling it through hardware devices that inspect data packets, determine what’s inside them and decides if it is necessary to forward the data to a law enforcement agency for inspection.

Deep packet inspection device

Deep packet inspection device

Hide computer IP: A company called ION (Internet Operations Network) solutions claims to provide random rotating IP addresses that look ordinary and are untraceable. Even law enforcement agencies need to hide their computer IPs, if someone is posing as a bad guy online he does not want his IP to reveal that his computer is located inside the FBI Headquarters, hiding a law enforcement agency computer IP is also useful to avoid warning a target that he is under investigation by visiting their potentially illegal website for research (servers log visitors IPs).

Trojan horse on a USB: When physical access to a computer is possible, a solution called FinFly USB can install remote monitoring software (aka trojan) on a target machine by just inserting a USB thumbdrive, it does not require any IT trained agent to do this. They claim that it has been used by surveillance teams to install “remote monitoring” on target computers that where switched off (booting the computer from the USB thumbdrive).

Interception of encrypted traffic: Using a man in the middle attack approach a company called Packet Forensics can intercept encrypted SSL  & TLS connections and decrypt its content, with this technique they can listen in to Voice over IP encrypted calls and read email messages sent through SSL tunnels. The company textually claims on its brochure “users are lured into a false sense of security” which allows staff to obtain the best evidence. Packet Forensics devices can easily be placed at an ISP or private network without causing any noticeable interruption in the service.

Visit WSJ Surveillance Catalogue ( scroll down)

UPDATE: Wikileaks has now released a more complete list of companies selling surveillance malware to law enforcement, these documents can be found at SpyFiles

0 Comments