Archive for the 'Privacy' Category

Remote File Handling

Published on January 30, 2012 in Dirty Tricks, Due Diligence, Methods, Privacy and Security. 0 Comments Tags: , .

High Risk Files

When doing IIR, I often come across files that I don’t want to handle for security reasons. These can be Word documents, PDF documents, PostScript, or even Gzipped PostScript files. These file may include a load of malicious code. I sometimes don’t want any record of viewing the file on my computer. To accomplish this I must load these files remotely and safely so they don’t touch your system (the web cache should be disabled to accomplish a true remote viewing of the file as should the swap and home partitions, if the whole system isn’t encrypted).

Unless you verify each file through checksum verification (like MD5 or GPG) there’s a chance they could’ve been trojaned or the file may contain phoning home instructions or some other type of malicious feature within the file. If I don’t want to be recorded as a recipient of the file via something like ReadNotify then the file must be verified clear of such code or it must be viewed remotely.

The Remote File Viewer

I use the site at http://view.samurajdata.se/. I have only used it with PDF and Word documents. PDF and Word files are transformed into single paged graphics which you may navigate through. Most of the time it works, occasionally a PDF does not load. It doesn’t require Flash and works without cookies or javascript enabled.

I don’t know anything about the site’s privacy policy and how that might that might affect anonymity.

 

 

Securing Firefox – Configuration Settings

Published on January 23, 2012 in How to Become a Professional Private Investigator, Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 0 Comments Tags: , .

This is about stopping the dreaded disease, Data Diarrhea. The websites you visit can leave behind a trail of data on your computer and in their server logs. All of this Data Diarrhea can identify the Investigator and this can complicate the problem he is trying to solve. Lax privacy & configuration settings may also leave the Investigator’s computer vulnerable to attack by hackers.

This article describes more advanced methods of customizing Mozilla applications, by editing the configuration files.

about:config entries

about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. Using about:config is one of several methods of modifying preferences and adding other “hidden” ones.

Editing the user.js and prefs.js files are an alternative method of modifying preferences and recommended for very advanced users only. Unless you need a prefs.js and/or user.js file modified for a specific purpose, you should use about:config instead.

This article refers to the Firefox V. 9 edition of the browser. These entries may have adverse effects on Thunderbird and Mozilla Suite/SeaMonkey and older versions of Firefox. These settings will affect all profiles of the browser.

In Firefox, type about:config in the Location Bar (address bar) and press Enter to display the list of preferences. You may get a warning page next, just click OK and move on.

about:config > browser.display.use_document_fonts > change value to 0

0: Never use document’s fonts
1: Allow documents to specify fonts to use
2: Always use document’s fonts (deprecated)

Don’t let the site access to the fonts on your computer. That grants too much access that can be abused.

about:config > browser.sessionhistory.max_entries > change value to 2

The maximum number of pages in the browser’s session history, i.e. the maximum number of URLs you can traverse purely through the Back/Forward buttons. Default value is 50.  Set it to 2 so that the site you visit can’t see where you have been during your Investigative Internet Research (IIR) assignment.

about:config > dom.storage.enabled > double click to false

dom.storage.enabled is a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” Although use of session storage is subject to a user’s cookie preferences, this preference allows it to be disabled entirely.

about:config > geo.enabled > double click to false

True is location aware browsing enabled. Default is true. You want to disable this. See http://www.mozilla.com/en-US/firefox/geolocation/ for details of geolocation in Firefox.

 

Security & Privacy Add-ons for Firefox

Published on January 13, 2012 in Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Search Strategies and Security. 2 Comments Tags: , .

Firefox is the online researcher’s best friend. No other browser gives so much control to the user as Firefox. It is more customizable than either Google Chrome or Internet Explorer.

Like any browser, you must be aware of what data you are releasing when you visit a Web site. The following add-ons help eliminate two serious security threats that occur when doing Investigative Internet Research (IIR).

BetterPrivacy—This add-on is pretty basic, but a must have. BetterPrivacy deletes flash cookies (LSOs/SuperCookies).

KeyScrambler—Check out Alex Long’s post from Null Byte for information about what KeyScrambler is and how it works.

I have already written about:

  • NoScript— NoScript allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the “trust boundaries” against cross-site scripting attacks (XSS). Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!). This is a must-have for IIR.
  • HTTPS Everywhere—This is a must-have add-on provided by the Electronic Frontier Foundation. HTTPS Everywhere enables a secure connection on pages that have SSLCertificates.  For example, when you use Google search most people use the unencrypted version. This add-on will force Google to deploy its SSL certificate. The DuckDuckGo (DDG) search engine also uses a version of this.

 

 

Power-Searcher Add-ons for FireFox

Published on November 30, 2011 in Methods, Power User Tips, Privacy, Private Investigator and Search Leakage. 0 Comments

WorldIP

This displays the IP address of the page you are visiting and the IP data that you are revealing about yourself. The IP data seems more up-to-date than a whois search.

Ghostery

Ghostery  lets you see who’s tracking your web browsing when you visit a webpage. It looks for third party page elements (3pes) on the web pages you visit. These can be things like social network plugins, advertisements, invisible pixels used for tracking and analytics, etc. Ghostery notifies you that these things are present, and which companies operate them. You can learn more about these companies, and if you wish, choose to block the 3pes they operate.

LongURLPlease

This replaces short urls with the originals, so you can see where links will send you.

 

Temporary Email Addresses

Published on November 2, 2011 in How to Become a Professional Private Investigator, Methods, Privacy, Private Investigator and Security. 0 Comments

An email address is often required to download or activate any registration page.  Unfortunately, that email address often becomes the target of spam. Perhaps you don’t want anybody to know you have registered for use of that site.  A solution to these problems is a temporary email address.

Mailinator

Mailinator requires no sign-up. Send email to a name, and the account is created automatically. You cannot send mail from this. Visit mailinator.com and type in the email name where it says “Check your inbox!”, then click “Go!”, and Mailinator will display the list of email waiting. there is no password.  The mailbox will only hold 10 messages at once. All attachments – pictures, binary files, etc. – are stripped out. The mailbox doesn’t disappear on any set schedule.

Use this for items that don’t require a high level of security.  Create your Mailinator address using an email account only accessed via Tor and only for signing-up to things like Mailinator.

10 Minute Mail

Go to 10 Minute Mail and copy the e-mail address to your clipboard and use it for registration.  Your e-mail address will expire in 10 minutes.

Hide From Social Site Tracking

Published on August 5, 2011 in Privacy and Social Sites. 0 Comments Tags: .

Buttons like these allow Facebook, Google, LinkedIn, and others to track your online browsing activities on every site that includes one of these buttons, even if you never click the buttons and (in some browsers) even if you have third-party cookies disabled?

Google +1 button LinkedIn button Tweet button Facebook Like button

[example images of buttons only -- these buttons are not clickable]

ShareMeNot is a Firefox add-on designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you until you actually click on them. Unlike traditional solutions, ShareMeNot does this without completely removing the buttons from the web experience.

ChangeIP Proxy

Published on August 1, 2011 in Communication, Methods, Privacy, Private Investigator and Security. 0 Comments Tags: .

ChangeIP, states that its Private Proxy is an encrypted change IP proxy that not only changes your IP address, but also encrypts your Internet browsing sessions to keep you safe and protected.

Perhaps this is better than Zerobank, but perhaps not, I have not tried it yet.  It may offer some utility over TOR in that it may allow viewing YouTube and similar video content, but I doubt it will offer the anonymity of TOR.

Asymmetric Warfare & Business Continuity

Published on June 16, 2011 in Business Continuity, Communication, Encryption, Espionage, Industrial Espionage, Intellectual Property Rights, Intelligence Services, Privacy and Risk Management. 0 Comments

In a previous article, I wrote about a system that created a single point of failure. In a strategic sense, computers and IT as a whole have become a single point of failure in both government and industry.

Chinese military leaders call automation the great equalizer, since its enemies heavily depend upon computers. An effective attack upon their enemy’s IT infrastructure provides an immediate and disproportionate impact which is the core concept of asymmetric warfare.

This asymmetry benefits the attacker, regardless of his motives or methods.

Android Phone Security Risk

Published on May 17, 2011 in Communication, Identity Fraud, Identity Theft, Privacy and Security. 0 Comments Tags: , , , , , .

Android handsets ‘leak’ personal data

Many applications installed on Android phones interact with Google services by asking for an authentication token …

Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot…

Armed with the token, criminals would be able to pose as a particular user and get at their personal information.

Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.

Now what might an unscrupulous person do with this? Might one be able to observe a person using his Android phone, capture the  token, then use it to find-out more about the person?

Disabling Geolocation

Published on April 11, 2011 in Methods, Power User Tips, Privacy, Private Investigator and Search Leakage. 0 Comments Tags: , , , .

In a recent article about the DuckDuckGo search engine, I wrote about search leakage.  Many programs leak your location. Internet Explorer does not have a geolocation feature yet, but Firefox and its associated email program do.  Here is how to disable this annoying feature that may reveal that you are investigating a person or  company by your visits to their websites.  It doesn’t take a genius to figure-out that if he defrauded somebody in Toronto that web site visits from someone in Toronto might mean he is being investigated.

To test your browser, first go to this site, then make the changes below and revisit it to see the difference.

Firefox

• Type ‘about:config’ in the address bar without the ‘ ’
• Discard the warning by hitting ‘yes
•Scroll down until you reach ‘geo.enabled’ or you can simply search for ‘geo.enabled
• Doubleclick the item and it will change from its default value ‘True’ to ‘False
• Scroll down until you reach ‘geo.wifi.uri’or you can simply search for ‘geo.wifi.uri
• Rightclick the Value of ‘geo.wifi.uri’ and click ‘Modify
• Type in ‘localhost’ and hit ‘OK’

Thunderbird

• Goto ‘Tools
• Goto ‘Options
• Goto ‘Advanced
• Hit ‘Config Editor’ on the General tab
• Discard the warning by hitting ‘yes
• Scroll down until you reach ‘geo.enabled’ or you can simply search for ‘geo.enabled
• Doubleclick the item and it will change from its default value ‘true’ to ‘false

Search Engine Results

Doing a test search in Bing and Google revealed that turning off the geolocation feature changes the results rather dramatically.  All the search results in my test search went from Canada-centric before turning off the geolocation to U.S.-centric after it was turned off.

New Standard for Privacy on Ontario Work Computers

Published on April 4, 2011 in Canada, Courts, Forensics, News and Privacy. 0 Comments Tags: , , , , .

I think R V. Cole, 2011 ONCA 218 will become the leading case on an employee’s expectation of privacy on a work-provided computer. This appeal was a partial victory to a Sudbury high school teacher charged with possession of child pornography. The Ontario Court of Appeal ruled that police violated his Charter rights when they searched his laptop without a warrant.

A search of Cole’s computer by the high school’s IT staff found sexually explicit photos of a Grade 10 student that he acquired from the student’s email account. The laptop was then turned over to the police and searched without a warrant. The proceeds of the police search were excluded while the IT technician’s search was proper as it was for the purposes of maintaining the school board’s network and the laptop.

Justice Karakatsanis wrote for the Ontario Court of Appeal which found the employee had a reasonable expectation of privacy in the contents of his laptop based on the following factors:

  • he had exclusive possession of the laptop;
  • he had permission to use it for personal use;
  • he had permission to take it home on evenings, weekends and summer vacation;
  • there was no evidence the board actively monitored teachers’ use of laptops;
  • the school board had no clear and unambiguous policy to monitor, search, or police the teacher’s use of his laptop.

This seems consistent with the prevailing case law regarding the recognition of an employer’s right to govern the use of their systems through policy, but it also recognises the rising privacy expectations of employees in the personal use of an employer’s system.

Encryption Makes ISP Logs Useless

Published on January 31, 2011 in News, Privacy and Security. 0 Comments

Swedish ISP Will Automatically Encrypt All Traffic To Protect Privacy Under New Data Retention Laws

Detecting Firesheep

Published on November 29, 2010 in Identity Theft, Methods, Privacy, Security, Social Sites, Surveillance and The Investigator's Computer. 0 Comments Tags: , , , , , , , .

I wrote about Firesheep awhile back. Predictably, a countermeasure has appeared called Blacksheep.

New Firefox Add-On Detects Firesheep, Protects You on Open Networks

If you’re concerned about using open Wi-Fi networks because of Firesheep, the highly popular new hacking tool, you should check out BlackSheep, a Firefox add-on that makes surfing on open networks safe once again.

Hijacking Social Network Connections

Published on November 8, 2010 in Identity Theft, Methods, Privacy, Security, Social Sites, Surveillance and The Investigator's Computer. 1 Comment Tags: , , , , , , , .

The Firesheep Firefox plugin makes it easy to hijack someone’s social network connections. For example, Facebook authenticates the client using cookies. If someone logs on using a public WiFi connection, the cookies are sniffable. Firesheep uses Wincap to capture the authentication information which allows you to hijack the connection.

Protect yourself by forcing the authentication through TLS or stop logging into Facebook using public networks.

Facial Recognition for the Masses

Published on October 25, 2010 in Privacy, Private Investigator, Search Strategies, Sources and Surveillance. 0 Comments Tags: , , , , , .

Facial recognition software

Enter a photo at  http://developers.face.com/tools/#faces/detect and locate all photos of the same individual on Facebook.  This is limited to your friends at this point, but some developers are putting this on iphone apps. You can snap a photo on the street and get all their info through Facebook and other services this way.  In May 2010 they state that their Facebook apps have scanned over 7 billion photos in total and identified no less than 52 million faces.

This is something to watch as it has some interesting applications for the Investigator.  Of course some people will think the sky is falling due to the  mere existence of this app, but the technological genie was let out of the bottle a long time ago.