Skip to content

Snoopers Charter would allow UK Government to ban end to end encryption

http://www.neowin.net/news/uk-government-admits-snoopers-charter-would-allow-it-to-ban-end-to-end-encryption

The UK government has publicly admitted that parts of the Investigatory Powers Bill (IPB), better known as the ‘Snooper’s Charter’, would allow it to force companies to ban end-to-end encryption.

In what may be viewed as a huge assault on the public’s privacy, not to mention digital security, the government would ask internet and communication service providers to “develop and maintain a technical capability to remove encryption that has been applied to communications or data”. As one member of the House of Lords put it, when debating the IPB, this essentially means that companies may not use end-to-end encryption, and could leave the public at risk, not to mention setting a supremely dangerous precedent.

Lord Strasburger explained:

The implication of what [the government] is saying is that no one may develop end-to-end encryption. One feature of end-to-end encryption is that the provider cannot break it; encryption is private between the users at both ends. He [the minister] seems to be implying that providers can use only encryption which can be broken and therefore cannot be end to end, so the next version of the Apple iPhone would in theory become illegal.

That’s because developing the technical capability to break strong encryption is a costly and problematic endeavor. So in essence, the government aims to force companies to offer weaker encryption and develop backdoors in their services. This is exactly what privacy and advocacy groups like the EFF warned about months ago, when the FBI was trying to force Apple to hack its devices.

As usual the powers granted by the Snooper’s Charter are claimed to be in the service of national security and the fight against terrorism. Earl Howe, minister of state for defence, argued that “there will be circumstances where it is reasonably practicable for a company to build in a facility to de-encrypt the contents of communication.”

But of course, the wider implications of such demands, by a democratic Western government no less, are rarely brought up by their proponents. However, Baroness Hayter attempted to explain:

The problem is whether the Government would ever require a company to engineer such access, enforcing the company to create a model which, if then followed by other nations with perhaps less security than ours, would lead to a lowering of standards.

Her arguments bring to mind recent cases where authoritarian regimes such as Turkey, Russia and China, have demanded they have access to user data and banned companies from using strong encryption which the government couldn’t bypass.

 

***Reddit Comments***

To be clear, the Government Minister of State for the Ministry of Defence in the House of Lords has clarified thatcertain clauses within the Investigatory Powers Bill do in fact compel Communications Service Providers to ensure that there is a capability for the state to acquire plaintext equivalents of encrypted communications if reasonably practicable if and only if the CSP has applied said crypto themselves.

  • Is this bad news for Whatsapp etc? Yes
  • Is this bad news for normal people? Yes
  • Is this bad news for crypto geeks? Kinda (it’s kinda abhorrent to have to undermine crypto for the state but nothing stopping you using PGP / OTR / etc)
  • Is “end to end crypto” banned? No
  • Is there a criminal offense for using crypto? No
  • Can you (a UK citizen) be jailed for refusing to decrypt your comms / HDDs etc? Yes (RIPA s.49 / s.50)

TL;DR; If you provide communications services (e.g. an app) and your app encrypts messages then the government can ask you to ensure you are able to decrypt messages if asked and if reasonably practicable.

Source: Provided written evidence to both the Parliamentary Joint Select Committee and the Science and Technology Committee against many powers within the bill (notably the encryption elements above, ICRs, Bulk EI (hacking) and the filter) and have been following this bill since its inception.

Edit: FWIW the House of Lords is having it’s final debate from 14:30 BST today in regards to ICRs (a record of every internet connection you make held for 12 months), the filter (a way to query *all** CSPs simultaneously for said ICRs using an identifier e.g. your name or your address)* and more. You can watch it here:http://parliamentlive.tv/Event/Index/564fcfed-b0eb-4220-bc56-4206f6e3c889

***Conclusion***

  1. Do encrypt your communications separately to your ISP (your ISP has to decrypt your data if asked and they are able).
  2. Use a service dedicated to privacy.  Use a VPN provider that provides both a DNS (so your ISP’s DNS server is not used  & does not keep logs, so that even if a court order is served, they are unable to comply.
  3. I use IVPN, along with a number of other privacy tools.   I’m a proud affiliate of IVPN, as I can’t find anyone who’s better.  I won’t promote anyone else, as nothing compares to them in my opinion.

IVPN – Free Trial of VPN

https://uwnthesis.wordpress.com/2016/05/26/ivpn-free-trial/

Warrant Canary – can be found here:

https://www.ivpn.net/resources/canary.txt

ivpn win 10

Flaws found in security products from AVG, Symantec and McAfee

http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/

Hundreds of security products may not be up the job, researchers say, thanks to flawed uses of code hooking.

The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month.

The pair say 15 products including AVG, Symantec, and McAfee are affected. Scores more may be vulnerable thanks to their use of Microsoft’s Detours, code Redmond says is used for “re-routing Win32 APIs underneath applications [and] is licensed by over 100 ISVs and used within nearly every product team at Microsoft.”

The researchers did not specify if Microsoft’s enhanced mitigation experience toolkit (EMET) is affected.

Attackers would already need access to a system to reap the benefits of the vulnerabilities and neuter the security platforms running on the target system.

“We found six different common security issues that stem from incorrect implementation of code hooking and injections techniques,” the pair say.

“These issues were found in more than 15 different products.

“Practically, it means that thousands of products are affected.”

Microsoft is brewing a patch for Detours due to drop next month which will help to address matters.

The pair examined intrusive user-mode hooks common across end point security products and man-in-the-middle malware alike, namely the Duqu trojan, making the “depressing” finding that many are vulnerable to exploitation.

KALI LINUX 2.0 – How To: Reset Linux MySQL Root user password

This video will detail how to reset the root account password on a MySQL database.

https://learnnetsec.blogspot.co.uk/

Download PDF (3 pages)

https://drive.google.com/file/d/0B6jPadgZoPsbTlVHYkg2aDRxazA/view?pref=2&pli=1

****

Open a terminal as root

service mysql stop

mysqld_safe –skip-grant-tables & (then press enter twice)

mysql -u root (hit enter)

Reset Password:

use mysql;

update user set password=PASSWORD(“yournewpasswordhere”) where user=’root’;

flush privileges;

Restart MySQL:

service mysql restart

Testing:

mysql -u root -p

enter your password here and hit enter

Type exit and hit enter to quit.

 

 

KALI – Bleeding Edge Repository

The power of Linux is in the repositories, and how stable they are.  If you are using Kali Linux, then you’ll know that Debian Linux is prized for its stability.  Therefore it should come as no surprise that the Kali team have separated out the stable from the “Bleeding edge” tools. Bleeding edge tools are likely to break, which is why they are separate.

Step 1 A: Code (Fully automatic updates).

echo deb http://repo.kali.org/kali kali-bleeding-edge main >> /etc/apt/sources.list
apt-get update
apt-get upgrade

Step 1 B: Code (Opt-In updates)

We’ve set up an opt-in “Kali bleeding edge” repository which contains daily builds for several useful and frequently updated tools. These repositories are still highly experimental (meaning we expect things to break from time to time until we get more feedback from the community).

echo deb http://http.kali.org/kali kali-bleeding-edge contrib non-free main >> /etc/apt/sources.list
apt-get update
apt-get upgrade

Tools:

There are the tools considered bleeding edge – there are some such as SQLMAP that are amazing, but probably illegal in many countries.  Use SQLMAP against your own databases, and see what happens.  **Warning, sit down if you’ve got any medical conditions – once this baby works, she’s amazing*

SQLMAP

  • aircrack-ng

  • beef-xss

  • dnsrecon

  • johnny

  • libfreefare

  • libnfc

  • mfcuk

  • mfoc

  • rfidiot

  • set

  • sqlmap

  • w3af

kali bleeding edge tools

CppCon 2015: Greg Law ‘Give me 15 minutes & I’ll change your view of GDB’

‘Victory for privacy’ as Microsoft wins email battle with US government

http://www.telegraph.co.uk/technology/2016/07/15/victory-for-privacy-as-microsoft-wins-email-battle-with-us-gover/

Microsoft logo
Microsoft said the decision was a victory for privacy rights CREDIT: AP
Microsoft won’t be forced to turn over e-mails stored in Ireland to the US government for a drug investigation, an appeals court said in a decision that may affect data security throughout the US technology industry.

The ruling on Thursday overturned a 2014 decisionordering Microsoft to hand over messages of a suspected drug trafficker.

The company argued that would create a “global free-for-all” with foreign countries forcing companies to turn over evidence stored in the US. The government said a ruling in favor of Microsoft would create legal loophole to be exploited by fraudsters, hackers and drug traffickers.

The law doesn’t “authorise courts to issue and enforce against US-based service providers warrants for the seizure of customer e-mail content that is stored exclusively on foreign servers,” US Circuit Judge Susan Carney wrote for the majority of the New York appeals court.

The government is considering its options, Peter Carr, a spokesman for the US Department of Justice, said.

“Lawfully accessing information stored by American providers outside the United States quickly enough to act on evolving criminal or national security threats that impact public safety is crucial to fulfilling our mission to protect citizens and obtain justice for victims of crime,” Carr said.

Microsoft said the ruling is a win for the protection of people’s privacy rights under their own laws, rather than the reach of foreign governments. “This decision provides a major victory for the protection of people’s privacy rights under their own laws rather than the reach of foreign governments,” the company said.

“As a global company we’ve long recognised that if people around the world are to trust the technology they use, they need to have confidence that their personal information will be protected by the laws of their own country.”

Katherine Albrecht: Windows 10 Is Full Blown Electronic Tyranny

 

 

KALI WIFI Adapter – Which are the best WIFI network adapters for Kali Linux

Kali Linux works with a limited set of WIFI network adapters, and getting the best network adapter is like black magic.  In the good old days of Backtrack, I would always have recommended a 54 Mbps card from Alfa – called the  Alfa AWUS036H.  This card was amazing… and would pick up 2-3 times as many networks as more powerful cards.  This leads us to the first point about KALI Network adapters – the chipset is more important than the adapter itself.  The Alfa AWUS036H used the Realtek 8187L chipset  – and nothing came close to its performance.  Of course, who wants a 2.4 Ghz, 54 Mbps adapter these days?

 

Step 1 – Research the Chipset

The chipset is the ultimate decider of whether a network adapter will flunk or be awesome with Kali Linux – choose wisely, as even yours truly has bought an expensive adapter that proved to be utterly useless.

Atheros AR9271
Ralink RT3070
Ralink RT3572
Realtek 8187L (Wireless G adapters)

The reference section links the chipset to drivers.

 

Step 2 – Use Alfa cards – lazy option

You are humbly introduced to Alfa network cards – Alfa dominate the Penetration Testing scene.   Not all Alfa’s work with Kali on a plug n play basis.. so we still need to be selective.

We are looking for network adapters that can carry out “monitor mode ” and “packet injection”.

If your dream card cannot do this – then backtrack.. backtrack, gedit…

 

Step 3 – Wardriving Paddles & Antennas

Use wardriving paddles to increase your adapters signal strength.  A rule of thumb here is that every 3 db increase in power, will double your signal strength.  So an Alfa antenna with a 10 db gain – means triple your signal strength.

10 db gain antenna – for 2.4 Ghz and 5 Ghz networks

alfa 10db antenna

The panel antenna fits onto the Alfa adapters, and costs between £12 and £20.

The wardriving paddle works with only 2.4 Ghz networks, and gives 7 db gain for £11.

I really like using the wardriving paddle, however 2.4 Ghz networks are dying out.

alfa paddle

Step 4 – Current strongest Kali network adapters.

Alfa Network AWUS036NHA – Black Alfa 

alfa black

The AWUS036NHA uses the Atheros AR9271 chipset drivers.  150 Mbps – costs around £20.

alfa nha

alfa nha cyber

alfa nha black

Note the comment about region set to BO.  BO = Bolivia.  There are no radio laws in Bolivia so you can TX at maximum power.

****

Alfa Network AWUS036NH – Green or Teal Alfa

Comments/test results found:

alfa nh

alfa 36 nh cyber

alfa 36 nh comment

ALFA Network AWUS051NH V2 (Version 2) 2.4/ 5GHz

The AWUS051NH uses the RALink3572 chipset. It’s plug n play in Kali and injection capable.  300 Mbps – costs around £35.

alfaf 51 nh cyber

alfa nh comment

ALFA Network AWUS052NH 2.4/ 5GHz Dual Band 300Mbp/s

This uses the RT3572 chipset and reportedly works with Kali out of the box for G/N/A networks.  However, reports also found it weak when used with Windows.

alfa orange

It looks great too, but is hard to find, therefore costs over £40. I really like the look of this.. but need to find more corroborating evidence regarding its compatibility with Kali – but it’s looking good.

alfa rt3573 chipset

 

Non Alfa Adapters – TPLink WN 722N

alfa tplink

Non Alfa Adapters – Comfast using AR9271 chipset

alfa comfast

Alfa Adapters –  AWUS036NHR V2  -AVOID!!

Note the chipset – RTL8188RU.  This chipset is known to have issues.

alfa not good

*****

Disclaimer:

Last point, am I paid by Alfa networks? No.

Do they provide me with kit to test? No, sadly.  I wish they did.

If you have a wifi network adatper that works with Kali 2 – plug n play  then please let me know.

That’s the trouble with being independent and impartial – no free lunch.

****

Reference:

https://wikidevi.com/wiki/Atheros_AR9271

http://www.mediatek.com/en/downloads1/downloads/

https://forums.hak5.org/index.php?/topic/32347-recommend-wifi-adapters-working-with-kali/&page=1

http://www.cyberprogrammers.net/2015/09/best-usb-wireless-adapterscards.html

 

 

Home Computers Connected to the Internet Aren’t Private, Court Rules

http://www.eweek.com/security/home-computers-connected-to-the-internet-arent-private-court-rules.html

A judge in Virginia rules that people should have no expectation of privacy on their home PCs because no connected computer “is immune from invasion.”

 

A federal judge for the Eastern District of Virginia has ruled that the user of any computer that connects to the Internet should not have an expectation of privacy because computer security is ineffectual at stopping hackers.The June 23 ruling came in one of the many cases resulting from the FBI’s infiltration of PlayPen, a hidden service on the Tor network that acted as a hub for child exploitation, and the subsequent prosecution of hundreds of individuals. To identify suspects, the FBI took control of PlayPen for two weeks and used, what it calls, a “network investigative technique,” or NIT—a program that runs on a visitor’s computer and identifies their Internet address.Such mass hacking using a single warrant has riled privacy and digital-rights advocates, but Senior U.S. District Judge Henry Coke Morgan Jr. upheld the use of the warrant and even stated that the warrant is unnecessary because of the type of crime being investigated and because users should have no “objectively reasonable expectation of privacy.”Even using countermeasures, such as the Tor network, does not mean that the user should expect their location or their activities to remain private, according to the judge.

“It is clear to the Court that Defendant took great strides to hide his IP address via his use of the Tor network,” the judge wrote in the ruling. “However, the court FINDS that any such subjective expectation of privacy—if one even existed in this case—is not objectively reasonable.”Other courts have found the opposite. The Ninth Circuit, for example, held in 2007 that just connecting a computer to the network does not undermine a user’s “subjective expectation of privacy and an objectively reasonable expectation of privacy in his personal computer.”Yet there has been a dramatic shift in the public’s reasonable expectation of privacy because people do expect to be able to defend their computers against attack, Judge Morgan argued.”[H]acking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public’s reasonable expectations of privacy,” the judge wrote. “Now, it seems unreasonable to think that a computer connected to the Web is immune from invasion. Indeed, the opposite holds true: In today’s digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked.”The judge argued that the FBI did not even need the original warrant to use the NIT against visitors to PlayPen.The Electronic Frontier Foundation, a digital rights group, warned that the ruling is far outside any current legal notion of privacy. The group expects, however, that law enforcement will begin to use the ruling unless it is overturned.”The Justice Department has a practice of carving out novel legal interpretations and then advancing them in court,” Andrew Crocker, a staff attorney for EFF told eWEEK. “I would not be surprised if they did try to rely on the idea that they don’t need a warrant for this type of hacking.”Few people will have sympathy for the defendant, a man who allegedly visited PlayPen and downloaded images from the site, but the precedents in the case could affect everyone, the EFF stated.”The decision underscores a broader trend in these cases,” the group stated in a blog post. “Courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone’s rights.”The case may also cause the industry to determine a better definition of the term “malware.” While the word originally comes from “malicious software,” the intent of the software is less an issue than the expectations of the user on whose system the software runs. Adware, spyware and other forms of tracking are often considered malware.Special Agent Daniel Alfin, who sought the warrant, declared that the NIT program is not malware.”The NIT utilized in this investigation was court-authorized and made no changes to the security settings of the the target computers to which it was deployed,” he said. “As such, I do not believe it is appropriate to describe its operation as ‘malicious.'”

Kali Linux – Penetration Testing Cheat Sheet

Linux Penetration Testing Commands

Breaking Out of Limited Shells

Credit to G0tmi1k for these (or wherever he stole them from!).

The Python trick:

python -c 'import pty;pty.spawn("/bin/bash")'
echo os.system('/bin/bash')
/bin/sh -i

System Information Commands

Useful for local enumeration.

COMMAND DESCRIPTION
whoami Shows currently logged in user on Linux.
id Shows currently logged in user and groups for the user.
last Shows last logged in users.
mount Show mounted drives.
df -h Shows disk usage in human readable output.
echo "user:passwd" | chpasswd Reset password in one line.
getent passwd List users on Linux.
strings /usr/local/bin/blah Shows contents of none text files, e.g. whats in a binary.
uname -ar Shows running kernel version.
PATH=$PATH:/my/new-path Add a new PATH, handy for local FS manipulation.
history Show bash history, commands the user has entered previously.

Linux Network Commands

COMMAND DESCRIPTION
netstat -tulpn Show Linux network ports with process ID’s (PIDs)
watch ss -stplu Watch TCP, UDP open ports in real time with socket summary.
lsof -i Show established connections.
macchanger -m MACADDR INTR Change MAC address on KALI Linux.
ifconfig eth0 192.168.2.1/24 Set IP address in Linux.
ifconfig eth0:1 192.168.2.3/24 Add IP address to existing network interface in Linux.
ifconfig eth0 hw ether MACADDR Change MAC address in Linux using ifconfig.
ifconfig eth0 mtu 1500 Change MTU size Linux using ifconfig, change 1500 to your desired MTU.
dig -x 192.168.1.1 Dig reverse lookup on an IP address.
host 192.168.1.1 Reverse lookup on an IP address, in case dig is not installed.
dig @192.168.2.2 domain.com -t AXFR Perform a DNS zone transfer using dig.
host -l domain.com nameserver Perform a DNS zone transfer using host.
nbtstat -A x.x.x.x Get hostname for IP address.
ip addr add 192.168.2.22/24 dev eth0 Adds a hidden IP address to Linux, does not show up when performing an ifconfig.
tcpkill -9 host google.com Blocks access to google.com from the host machine.
echo "1" > /proc/sys/net/ipv4/ip_forward Enables IP forwarding, turns Linux box into a router – handy for routing traffic through a box.
echo "8.8.8.8" > /etc/resolv.conf Use Google DNS.

https://highon.coffee/blog/linux-commands-cheat-sheet/

Follow

Get every new post delivered to your Inbox.

Join 238 other followers