Skip to content

Surveillance Self Defence – EFF

https://ssd.eff.org/

The EU promotes the use of “Privacy Enhancing Tools” or PETS, the EFF calls the same tools “Surveillance Self Defence”.  This is an amazing development – the EFF are now promoting and in alignment with the EU – this synergy will help everyone keep their data safe.

Journalists

https://ssd.eff.org/en/playlist/journalist-move

https://ssd.eff.org/en/playlist/journalism-student

 

Human Rights Defender

https://ssd.eff.org/en/playlist/human-rights-defender

 

What Doesn’t a VPN Do?

A VPN protects your Internet traffic from surveillance on the public network, but it does not protect your data from people on the private network you’re using. If you are using a corporate VPN, then whoever runs the corporate network will see your traffic. If you are using a commercial VPN, whoever runs the service will be able to see your traffic.

The manager of your corporate or commercial VPN may also be subject to pressure from governments or law enforcement to turn over information about the data you have sent over the network. You should review your VPN provider’s privacy policy for information about the circumstances under which your VPN provider may turn your data over to governments or law enforcement.

You should also take note of the countries in which the VPN provider does business. The provider will be subject to the laws in those countries, which may include both legal requests for your information from that government, and other countries with whom it has a legal assistance treaty.  In some cases, the laws will allow for requests without notice to you or an opportunity to contest the request.

Most commercial VPNs will require you to pay using a credit card, which includes information about you that you may not want to divulge to your VPN provider. If you would like to keep your credit card number from your commercial VPN provider, you may wish to use a VPN provider that accepts Bitcoin, or use temporary or disposable credit card numbers. Also, please note that the VPN provider may still collect your IP address when you use their service, which can be used to identify you, even if you use an alternative payment method. If you would like to hide your IP address from your VPN provider, you may wish to use Tor when connecting to your VPN.

Secure Email Alternatives – October 2014

http://www.techspot.com/article/896-secure-email-and-cloud-storage-services/

Admission:

I was a beta tester for the secure “startmail” service, and am a fully paid up startmail user.

http://www.startmail.com.

However, in the greater interests of promoting privacy everywhere, here is a run down of alternative encrypted email providers from across the globe.

Back in June last year, confidential documents leaked by Edward Snowden indicated that major email and cloud storage providers like Google, Microsoft, and others were part of the NSA’s top secret surveillance program called PRISM. And if that wasn’t enough, there have been numerous reports of companies snooping on their customers themselves.

All these revelations have made Internet privacy a burning issue, with many privacy-conscious users now turning to services that claim to be secure from prying eyes of the NSA and law enforcement. In this article, we take a look at some of the privacy-focused email and cloud storage services that have either sprung up or gained popularity in the wake of what has popularly been referred to as the Summer of Snowden.

Secure email services

http://www.techspot.com/article/896-secure-email-and-cloud-storage-services/

 

****

With full thanks to Andy for this article :)

FBI wants Congress to mandate backdoors in tech devices to facilitate surveillance

http://www.homelandsecuritynewswire.com/dr20141020-fbi-wants-congress-to-mandate-backdoors-in-tech-devices-to-facilitate-surveillance

In response to announcements by Apple and Google that they would make the data customers store on their smartphones and computers more secure and safer from hacking by law enforcement, spies, and identity thieves, FBI director James Comey is asking Congress to order tech companies to build their devices with “backdoors,” making them more accessible to law enforcement agencies. Speaking at the Brookings Institution last Thursday, Comey said that police need new legislation to help them apprehend criminals who use encryption to hide incriminating evidence. “The FBI has a sworn duty to keep every American safe from crime and terrorism, and technology has become the tool of choice for some very dangerous people,” Comey said. “Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public-safety problem.”

The 1994 Communications Assistance for Law Enforcement Act (CALEA) forces telephone companies to build surveillance technologies into their networks to allow law enforcement to install wiretaps. The law has not been updated and it does not apply to new technology including online forms of communication.

Privacy advocates predict that few in Congress will support Comey’s quest for greater surveillance powers. “I’d be surprised if more than a handful of members would support the idea of backdooring Americans’ personal property,” Senator Ron Wyden (D- Oregon) said.

In June, the House voted 293-123 to slash funds for National Security Agency projects that build vulnerabilities into security products, a sign that Congress is far from passing new legislation that makes U.S. tech products more vulnerable to hacking.

 

Take away Message:

* Backdoors in security will allow everyone to access your data, including journalists (Murdoch case) and divorce lawyers.

* Backdoors will destroy the US tech giants – and they know this.

* Google’s lobbying fund at Congress has just surpassed that of Goldman Sacks – which indicates a “fight to the death” by the Tech Giants.

* If the FBI win this debate – boycott all US products from Google, Apple, Microsoft, as you’re being wiretapped.

10 Minute Emails – How to get private emails

Have you ever given over your email address in a minute of lapsed judgement, and then the company has spammed your account with useless daily messages.  Soul destroying isn’t it!

Step 1 – Auto generate a 10 minute email

http://10minutemail.com/10MinuteMail/index.html

This will generate a fake email that works, for 10 minutes.

10 minute emails

Step 2 – Get an extra 10 minutes

Just in case the email “response” doesn’t come through, you can click to get another 10 minutes.

10 minute messages

Step 3 – Watch your email get Destroyed

10 minute email destructed

Poof!  No more junk email.

Take away message

Don’t give our your private email.  Use a junk email address that lasts 10 minutes.

It’s FREE!!

 

KALI – BASH Steampunk Scripting – How to automate Bash Scripts

BASH automates tasks, and Steampunk looks so cool, that we’re merging both together to get “Steampunk Scripting”.

Step 1 – Create the script

cat > steampunk

echo “Whatever text you feel like.”

Ctrl +d

bash cat steampunkNotice that wen you create the cat file, the cursor moves down to a new blank line, and that there is no prompt on that line.  Enter your echo “text” and then hit ctrl +d.

Think of ctrl +d as meaning “done!”.

Step 2 – Run the script

bash steampunk

kali bash scripting steampunkStep 3 – Add some commands to your script

You can easily “append” or “add to the end” of your script with the command >>

cat >> steampunk

Try adding these commands to your script, add each command one at a time.  End the script with ctrl + D, then run bash steampunk.

cal

ncal -w

date

who -q

bash add to cat

You’ll quickly see why cat can’t be used for major automation….

So switch to nano or leafpad to correct any typos, as both are installed on Kali.

Step 4 – use nano to edit a script

nano steampunk

bash nano steampunk fileMake your edits… now these next 2 steps are really important.

To save a file in nano we use Ctrl + O

To quit = Ctrl + X

****

Here’s my amended steampunk script (viewed in nano).  I’ve hit ctrl +o to save.

bash nano amended fileHere’s the amended script when I run “bash steampunk”

bash nano amended steampunk outputwho -q = will tell you the number of users on a system…

That’s it.  That’s all automation starts with.  Shell programming can read input and prompt the user, as well as offering menu’s to the user.

But that’s for another lesson.  Oh, okay, lets do it now.

Step 3 – How to read input from a user

This reads the user input, secondly stores this input as a variable {users}, which thirdly, can be accessed using echo $users.

echo -n “Ask your prompt question?”

read users

echo $users

bash read script

The output looks like this

bash read values

Step 4 – Use a Prompt String

So what is this about?  Well with this format, we can read in multiple values from the user, save them into the default variable, called $REPLY.  We can then use echo $REPLY.

read -p “Prompt question to user? > “

echo “REPLY = ‘$REPLY’ “

 

Lets try it out.

bash prompt output

So we can read in single or multiple values.  We can save the input as a variable, and reuse that variable in our scripts.

Here’s the multiple values in action.

bash prompt multiple values

Bash Lesson 2 – How to create a timed lock out for a top secret password

http://uwnthesis.wordpress.com/2014/10/19/kali-bash-scripting-how-to-create-a-timed-login-for-a-secret-password/

Malta – Winner of Hackathon

http://blog.davidvassallo.me/2014/10/19/hackathon-notes-and-links/

Congratulations to David for winning the Hackathon.

I recently had the opportunity to participate in (and win as it turned out…) the Malta Information Technology Agency (MITA) Hackathon, organized by TrustedSec.

Here’s his suggested reading list.

Interesting Articles and Links:

http://blog.davidvassallo.me/2014/10/19/hackathon-notes-and-links/

 

Happy Reading!!

KALI – How to adjust Date, Time, Keyboard to British, European and Global Date Formats

American’s tend to forget that their date format is ONLY used in America, the rest of the world uses the British/European date formats. This could have serious repercussions for manufacturing or sales orders.  So how do we reset the Date format for the global community?

1. British / European / Global formatting for Dates

The date command displays or sets the system date and time.  If using a global system I would recommend the use of the three letter month to avoid any confusion.

date +%d = two digit day

date +%h = three letter month

date +%m = two digit month

date +%Y = four digit year

So the British date format would be:

date +”%d %h %Y”

kali European Date format

Step 2 – Change to UK British English Keyboard

Root (Far Right – at the Top)

System Settings (like control panel in Windows)

kali system settings

Keyboard

 kali keyboardLayout Settings

kali keyboard layout

Language Tab (the first tab) > British English

kali british englishFormats Tab (2nd tab)

UK English = this will set the £ characters etc for currency

kali uk formatIn order to prevent the US keyboard layout… I jettison the option and use

English UK with WinKeys

English UK

kali uk only keyboardHere’s the £ symbol and speech marks from a UK keyboard

kali uk with winkeys keyboardUnder root > system settings > Region

Select English UK

Date & Time

Kali defaults to EDT… set to European time.

Under root > system settings > Date and Time

Select Europe > Select city eg “London”

 

kali date and timeTest the date settings.

Enter date

Here we see “BST” or British Summer Time – you’ll note that date is still producing the US formatting, not the Global formatting… someone will have to write a note and explain to Americans that their date formatting does not apply to the rest of the global economy.

kali time set twice

Nasty SSL 3.0 vuln to be revealed soon – sources

http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/

Gird your loins, sysadmins: The Register has learned that news of yet another security vulnerability – this time in SSL 3.0 – is probably imminent.

Maintainers have kept quiet about the vulnerability in the lead-up to a patch release, which is expected in in the late European evening, or not far from high noon Pacific Time.

Details of the problem are under wraps, purportedly due to the severity of the vulnerability. El Reg cannot confirm whether or not it is indeed a serious bug as we have not received details of the vuln.

To that end, it is unknown what platforms were impacted, but as SSL is very widely used, any flaw will require plenty of urgent attention – and probably be unwelcome news to a tech community already reeling from the recent Shellshock vulnerability in Bash and the Heartbleed flaw.

The SSL flaw won’t be the only thing keeping security bods and system administrators busy. A dangerous worm has been discovered exploiting a zero-day flaw (CVE 2014-4114) in all versions of Microsoft Windows and Server 2008 and 2012.

VPN – Warrant Canary – How do you know if a warrant has been issued against your VPN?

In these dark days of government surveillance, kangaroo FISA court orders, and the Patriot Act, how can you trust your communications are not subject to a court order?  The answer lies in using a VPN.

Warrant Canary

Some VPN providers issue a “Warrant Canary”.  This means they will signal to you if a warrant has been issued.  Here we examine the “Warrant Canary” system of IVPN.  IVPN are a VPN provider who promise to shut down their services and relocate, rather than co-operating with surveillance.  This is their system.

https://www.ivpn.net/resources/canary.txt

Step 1 – IVPN will confirm that no warrants have been served or assets seized

ivpn warrant

Step 2 – Headlines from a Newspaper to “time” the message

ivpn warrant 2

Step 3 – EU Data Protection – No PII  – Personally Identifiable Information

ivpn warrant 3

IVPN promise to shut down and relocate if they are ever forced to log you.

That’s one heck of a commitment.

In addition they operate the “Warrant Canary”; if pressure is applied to them, you’ll know about it, as the “Canary in the Coalmine” will warn users.

IVPN

www.ivpn.net

******

Which is the safest VPN on the market? Who do I use for a VPN?

http://uwnthesis.wordpress.com/2013/05/17/which-is-the-safest-vpn-on-the-market-which-vpn-cares-most-for-your-privacy/

 

Follow

Get every new post delivered to your Inbox.

Join 161 other followers