Archive for the 'Security' Category

Remote File Handling

Published on January 30, 2012 in Dirty Tricks, Due Diligence, Methods, Privacy and Security. 0 Comments Tags: , .

High Risk Files

When doing IIR, I often come across files that I don’t want to handle for security reasons. These can be Word documents, PDF documents, PostScript, or even Gzipped PostScript files. These file may include a load of malicious code. I sometimes don’t want any record of viewing the file on my computer. To accomplish this I must load these files remotely and safely so they don’t touch your system (the web cache should be disabled to accomplish a true remote viewing of the file as should the swap and home partitions, if the whole system isn’t encrypted).

Unless you verify each file through checksum verification (like MD5 or GPG) there’s a chance they could’ve been trojaned or the file may contain phoning home instructions or some other type of malicious feature within the file. If I don’t want to be recorded as a recipient of the file via something like ReadNotify then the file must be verified clear of such code or it must be viewed remotely.

The Remote File Viewer

I use the site at http://view.samurajdata.se/. I have only used it with PDF and Word documents. PDF and Word files are transformed into single paged graphics which you may navigate through. Most of the time it works, occasionally a PDF does not load. It doesn’t require Flash and works without cookies or javascript enabled.

I don’t know anything about the site’s privacy policy and how that might that might affect anonymity.

 

 

The Clean Machine

Published on January 27, 2012 in Methods, Power User Tips, Private Investigator, Security and The Investigator's Computer. 0 Comments Tags: , .

When doing IIR, the computers must be free of malicious code (S. 31 Canada Evidence Act). We often set aside a computer for this purpose after doing some Spring-Cleaning. But how we prepare the machine for the installation of the clean version of the OS and application software is important.

We use Darik’s Boot and Nuke (“DBAN“) which is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which also makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer prepartation for IIR. It is also a good way to periodically clean a Microsoft Windows installation of viruses and spyware.

 

Securing Firefox – Configuration Settings

Published on January 23, 2012 in How to Become a Professional Private Investigator, Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 0 Comments Tags: , .

This is about stopping the dreaded disease, Data Diarrhea. The websites you visit can leave behind a trail of data on your computer and in their server logs. All of this Data Diarrhea can identify the Investigator and this can complicate the problem he is trying to solve. Lax privacy & configuration settings may also leave the Investigator’s computer vulnerable to attack by hackers.

This article describes more advanced methods of customizing Mozilla applications, by editing the configuration files.

about:config entries

about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. Using about:config is one of several methods of modifying preferences and adding other “hidden” ones.

Editing the user.js and prefs.js files are an alternative method of modifying preferences and recommended for very advanced users only. Unless you need a prefs.js and/or user.js file modified for a specific purpose, you should use about:config instead.

This article refers to the Firefox V. 9 edition of the browser. These entries may have adverse effects on Thunderbird and Mozilla Suite/SeaMonkey and older versions of Firefox. These settings will affect all profiles of the browser.

In Firefox, type about:config in the Location Bar (address bar) and press Enter to display the list of preferences. You may get a warning page next, just click OK and move on.

about:config > browser.display.use_document_fonts > change value to 0

0: Never use document’s fonts
1: Allow documents to specify fonts to use
2: Always use document’s fonts (deprecated)

Don’t let the site access to the fonts on your computer. That grants too much access that can be abused.

about:config > browser.sessionhistory.max_entries > change value to 2

The maximum number of pages in the browser’s session history, i.e. the maximum number of URLs you can traverse purely through the Back/Forward buttons. Default value is 50.  Set it to 2 so that the site you visit can’t see where you have been during your Investigative Internet Research (IIR) assignment.

about:config > dom.storage.enabled > double click to false

dom.storage.enabled is a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” Although use of session storage is subject to a user’s cookie preferences, this preference allows it to be disabled entirely.

about:config > geo.enabled > double click to false

True is location aware browsing enabled. Default is true. You want to disable this. See http://www.mozilla.com/en-US/firefox/geolocation/ for details of geolocation in Firefox.

 

Securing Firefox – General Privacy Settings

Published on January 20, 2012 in How to Become a Professional Private Investigator, Methods, Private Investigator, Search Leakage, Security, The Investigator's Computer, Training & Education and Web Worker. 2 Comments Tags: , .

General Firefox Privacy Settings

The basic privacy settings in general settings, are found in the options bar in Firefox 9.0 (Firefox > Options > Options) or for iOS, Preferences.

  1. Content: Enable block popup windows and disable Javascript when it isn’t needed.
  2. Privacy: Enable the DNT (Do-Not-Track). For History, use custom settings. “Always use private browsing mode” should be enabled. “Remember my browsing history”, “Remember download history” and “Remember search and form history” should be turned off. “Accept cookies from sites”, but un-check “Accept third party cookies” as they aren’t needed often. Location bar: select “Suggest nothing”.
  3. Security: Enable “Warn me when sites try to install add-ons”, “Block reported attack sites” and “Block reported web forgeries”. Under Passwords, disable “Remember passwords for sites” and use a master password.
  4. Advanced – General – System Defaults: Disable “Submit crash reports and performance data”.
  5. Advanced – Network – Offline Storage: Check “Override automatic cache management and limit cache to 0MB space”. Further—you can un-check “Tell me when a website asks to store data for offline storage use”.
  6. Advanced – Encryption: Ensure both “Use SSL 3.0 and Use TLS 1.0″ are enabled. Then click validation > check “When an OCSP server connection fails, treat the certificate as invalid”.

 

 

Security & Privacy Add-ons for Firefox

Published on January 13, 2012 in Methods, Power User Tips, Privacy, Private Investigator, Search Leakage, Search Strategies and Security. 2 Comments Tags: , .

Firefox is the online researcher’s best friend. No other browser gives so much control to the user as Firefox. It is more customizable than either Google Chrome or Internet Explorer.

Like any browser, you must be aware of what data you are releasing when you visit a Web site. The following add-ons help eliminate two serious security threats that occur when doing Investigative Internet Research (IIR).

BetterPrivacy—This add-on is pretty basic, but a must have. BetterPrivacy deletes flash cookies (LSOs/SuperCookies).

KeyScrambler—Check out Alex Long’s post from Null Byte for information about what KeyScrambler is and how it works.

I have already written about:

  • NoScript— NoScript allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the “trust boundaries” against cross-site scripting attacks (XSS). Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!). This is a must-have for IIR.
  • HTTPS Everywhere—This is a must-have add-on provided by the Electronic Frontier Foundation. HTTPS Everywhere enables a secure connection on pages that have SSLCertificates.  For example, when you use Google search most people use the unencrypted version. This add-on will force Google to deploy its SSL certificate. The DuckDuckGo (DDG) search engine also uses a version of this.

 

 

Temporary Email Addresses

Published on November 2, 2011 in How to Become a Professional Private Investigator, Methods, Privacy, Private Investigator and Security. 0 Comments

An email address is often required to download or activate any registration page.  Unfortunately, that email address often becomes the target of spam. Perhaps you don’t want anybody to know you have registered for use of that site.  A solution to these problems is a temporary email address.

Mailinator

Mailinator requires no sign-up. Send email to a name, and the account is created automatically. You cannot send mail from this. Visit mailinator.com and type in the email name where it says “Check your inbox!”, then click “Go!”, and Mailinator will display the list of email waiting. there is no password.  The mailbox will only hold 10 messages at once. All attachments – pictures, binary files, etc. – are stripped out. The mailbox doesn’t disappear on any set schedule.

Use this for items that don’t require a high level of security.  Create your Mailinator address using an email account only accessed via Tor and only for signing-up to things like Mailinator.

10 Minute Mail

Go to 10 Minute Mail and copy the e-mail address to your clipboard and use it for registration.  Your e-mail address will expire in 10 minutes.

ChangeIP Proxy

Published on August 1, 2011 in Communication, Methods, Privacy, Private Investigator and Security. 0 Comments Tags: .

ChangeIP, states that its Private Proxy is an encrypted change IP proxy that not only changes your IP address, but also encrypts your Internet browsing sessions to keep you safe and protected.

Perhaps this is better than Zerobank, but perhaps not, I have not tried it yet.  It may offer some utility over TOR in that it may allow viewing YouTube and similar video content, but I doubt it will offer the anonymity of TOR.

CPIC Not Updated in a Timely Fashion

Published on June 13, 2011 in Canada, Risk Management and Security. 0 Comments Tags: , , , .

The most recent Auditor-General report reveals some problems at the RCMP that I have suspected for years. Auditor-General reports going back to 2000 have criticized the CPIC system (see 7.86) regarding timely delivery of criminal record data.

The problem we encounter most often is the backlog of criminal records that has seen the updating of some records taking 3 years.

The Auditor-General estimates that the RCMP takes an average of 14 months to update an English criminal record in CPIC. The French updates take an average of 36 months. The stated goal is updating a record in 24 hours. Unfortunately, reality is an average time of 334 working days (see 5.60).

At some point this is going to result in tragedy. Even more unfortunate, is the fact that the RCMP and the government is judgment-proof for this negligent behaviour. The investigation company used by employers and  their insurance companies aren’t as lucky. Even if a claim is rejected by the courts, the legal expenses may destroy the company for reporting in good faith what was on CPIC.

How will this play out when a sex offender is hired to work with vulnerable people. What will happen when that same offender follows his natural instincts and victimizes someone.

It is also conceivable that this situation will also thicken our border with the U.S.A. as  their authorities start to act upon their distrust of CPIC. Frequent border-crossers, such as truck drivers, will be subjected to additional delays. If that extends to airports we can expect more security searches, questioning, and delays.

The problems we see with CPIC should be a warning about all supposedly trusted and sole source systems. All such systems break-down!

When we are forced to trust one system, especially a critical system, and that system fails, we are all vulnerable. It doesn’t matter it is health care or CPIC, without reliable alternatives, people will be hurt.

Android Phone Security Risk

Published on May 17, 2011 in Communication, Identity Fraud, Identity Theft, Privacy and Security. 0 Comments Tags: , , , , , .

Android handsets ‘leak’ personal data

Many applications installed on Android phones interact with Google services by asking for an authentication token …

Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot…

Armed with the token, criminals would be able to pose as a particular user and get at their personal information.

Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.

Now what might an unscrupulous person do with this? Might one be able to observe a person using his Android phone, capture the  token, then use it to find-out more about the person?

The Olde Ways

Published on March 7, 2011 in Espionage, Industrial Espionage, Methods, Private Investigator, Security and Surveillance. 0 Comments Tags: , , , , .

I was summoned to a meeting with a client. The client firm is over a century old. This successful firm has learned a thing or two about security.

I was asked to surrender my electronic gadgets. Being of the old school, I had none. This pleased the gatekeeper. I was led to a room furnished with only a curious table and four old wooden bankers chairs. No telephone, no electrical outlets, one florescent light fixture above the table.  The gatekeeper had to unlock the room. She then waited at the open door until my contact arrived.

My contact enters and places pieces of chalk and a chalkboard eraser on the the table. Most of the table top is painted with chalkboard paint.

We eventually compose a handwritten Memorandum of Agreement regarding the engagement, sign it, and off we go.

These people understand the rules, especially Rule #1 — If you don’t want it overheard, don’t say it. But I must admit, I have never seen a “Magic Slate” table before.

Erase Data with a Hammer

Published on February 28, 2011 in Forensic Science, Forensics, Methods, Private Investigator, Security and The Investigator's Computer. 1 Comment Tags: , , , , , , .

Flash-based solid-state drives nearly impossible to erase

Researchers from the University of California at San Diego delivered a paper at the FAST-11 Conference in San Jose, Calif., last week that shows it’s almost impossible to reliably erase data from a solid state drive.

The report, Reliably Erasing Data from Flash-Based Solid State Drives (PDF), goes through all of the known techniques for erasing data and they found the best method was a big hammer.

Encryption Makes ISP Logs Useless

Published on January 31, 2011 in News, Privacy and Security. 0 Comments

Swedish ISP Will Automatically Encrypt All Traffic To Protect Privacy Under New Data Retention Laws

Scroogle

Published on January 14, 2011 in Search Engines, Search Leakage, Search Strategies and Security. 0 Comments Tags: , , , .

Anonymous Searching

In the past I have written about hiding your tracks as you search the Internet and about the Google SSL search interface.

Scroogle via SSL

Now let me introduce you to the SSL version of Scroogle.  Like the SSL Google, it hides your search terms from IP logging.  No one snooping between your browser and Scroogle can figure out what you were looking for, because the information is encrypted.  Unlike the SSL version of Google, your IP address is dropped before your search terms are sent to Google. Therefore, Google has no idea who is conducting the search.

When you click on any of the links in the Scroogle results on the secure results page, SSL does not allow the browser to record the address of where that secure page came from, and attach it to any outgoing non-SSL links on that page. Using SSL blanks-out this referrer, so that any non-SSL site you click on from a Scroogle SSL page won’t even know that you arrived at their site from Scroogle or anywhere else.

Using Scroogle

In practice, Scroogle isn’t the greatest for finding video and clicking on a link does not open a new window in Firefox. This makes it somewhat awkward when doing high-volume searching, but it offers excellent security.

URL Shorteners

Published on January 12, 2011 in Security. 0 Comments Tags: , .

An article on URL shorteners was recently published in the Share section of FUMSI.

The FUMSI article doesn’t address the security issues surrounding the use of these things.  For the security issues, see these articles on Evil URL Shorteners and How to Preview Shortened URLs.  The ability to preview the shortened link is key to the proper use of URL Shorteners.

Now you know everything you need to know about URL Shorteners.

Detecting Firesheep

Published on November 29, 2010 in Identity Theft, Methods, Privacy, Security, Social Sites, Surveillance and The Investigator's Computer. 0 Comments Tags: , , , , , , , .

I wrote about Firesheep awhile back. Predictably, a countermeasure has appeared called Blacksheep.

New Firefox Add-On Detects Firesheep, Protects You on Open Networks

If you’re concerned about using open Wi-Fi networks because of Firesheep, the highly popular new hacking tool, you should check out BlackSheep, a Firefox add-on that makes surfing on open networks safe once again.