Computer Hacking is LEGAL @ GCHQ

1.  Privacy International , a UK-based registered charity that defends and promotes the right to privacy across the world, lost a case challenging RIGHT TO PRIVACY.

 

So as it stands the GCHQ now has a official tick to itself forcing into hacking devices to obtain intelligence thereby ensuring National Security interests.The court ruled in favor of GCHQ and thus for the first time the GCHQ has confirmed that it has been associated with hacking into IT and computer devices which till date were only thought in anticipation or were believed right based on the NSA whistle blower Edward Snowden.

 Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

2.   An extract produced as follows from http://www.bbc.com/news/uk-politics-35558349

"Hackers can remotely activate cameras and microphones on devices, without the owner's knowledge, log keystrokes, install malware, copy documents and track locations among other things"

3.   Another extract produced below from the Investigatory  Powers Tribunal (IPT) complete copy of which is available for reading at http://www.ipt-uk.com/docs/Privacy_Greennet_and_Sec_of_State%20.pdf reads as follows :

 

"The use of computer network exploitation by GCHQ, now avowed, has obviously raised a number of serious questions, which we have done our best to resolve in this Judgment. Plainly it again emphasises the requirement for a balance to be drawn between the urgent need of the Intelligence Agencies to safeguard the public and the protection of an individual's privacy and/or freedom of expression."

3.   How much of this stands right or wrong irrespective,but one thing has come out large and clear....there stands no privacy while anyone is on the net...whatever you may do or attempt from your mobile device or the computer,nothing is yours.....

Hardening your Android Device : Few Essentials

1.   Android is the most popular mobile platform in the world, with a wide variety of applications, including many applications that aid in communications security, censorship circumvention, and activist organization. Moreover, the core of the Android platform is Open Source, auditable, and modifiable by anyone. Unfortunately though, mobile devices in general and Android devices in particular have not been designed with privacy in mind. In fact, they've seemingly been designed with nearly the opposite goal: to make it easy for third parties, telecommunications companies, sophisticated state-sized adversaries, and even random hackers to extract all manner of personal information from the user. This includes the full content of personal communications with business partners and loved ones. Worse still, by default, the user is given very little in the way of control or even informed consent about what information is being collected and how.

 

2.  This presentation brings out few basic steps that every android phone user should configure to harden his/her device.Although the list is not completely exhaustive but it brings out basic necessities as expected from any smart user.

 

Harden your LinkedIn Settings : A Necessity Now

Most of us are part of various Social Engineering Sites and keep updating ourselves via status updates, pictures and tweeting small life updates. Related Privacy and Security issues in respect of these social engineering sites available is already a serious concern among users. Additionally for these all social engineering sites/applications whether accessible on a desktop or a mobile, we all are not so serious responding and interacting but that’s the difference when we see viz-a-viz LinkedIn. When it is LinkedIn…we are mostly serious…no jokes, no clips, no tagging, no personal comments, no WOWs…it’s all professional. And when most of us take it seriously, we also feed serious inputs on it. But do we take necessary precautions too?...I have mostly seen a negated curve amongst my friend circle….hardly anyone has spared time to configure LinkedIn Privacy and Security settings. In this post I bring you out basic and necessary configuration steps involved to harden your LinkedIn interface to the world.

Harden your LinkedIn Settings : A Necessity Now from anupriti

Configuring and using OPENVPN in UBUNTU@14.04 LTS

1.  VPN as discussed recently in my post here is on-way becoming a routine necessity for each one of us.In this post I bring you a screen shot and command terminal step by step procedure to configure and use OPENVPN,an open source application vide which a Ubuntu user can tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port and additionally configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients.OpenVPN is the best and most recommended open-source VPN software world-wide. It is the most secure VPN option. You need to download the open-source OpenVPN Client and our configuration and certificate bundle from the links on site shown below (use TCP if you cannot connect to UDP due to network restriction).

Steps involved : 

- Open a sudo terminal

- Install openvpn by typing

sudo apt-get install openvpn

Goto http://www.vpnbook.com/freevpn and Download one of the VPNBook OpenVPN certificate bundles as seen available in the screenshot below :

After downloading either of the above certificates as seen....do extract the contents in one folder and these should look like as seen below :

If there is any issue with the installation part,install the openvpn client by synaptics as shown below :

Once done ...go to the sudo terminal and type the following :

openvpn --config vpnbook-euro1-tcp443.ovpn

As you see the message INITIALIZATION SEQUENCE COMPLETED...u r on with the VPN..

Facebook and Law strings

1.   The way Facebook has made an impact pan globe in most of our lives is undoubtedly phenomenal.Facebook has become a way of life for many who are addicted...it gives us a medium to express self in the digital world with a digital self avatar.It is seen that people who remain silent in their physical lives may become more verbose on Facebook...people who generally remain non reactive in informal group discussions become unexpectedly high on expressing themselves ...and so it be that for the first few years when every one was expressing loudly on the Facebook ...it didn't matter but now with the IT act and laws propping up in each country...things are not so easy to express.Each time anyone expresses anger or happiness over something... it is associated and linked with a act which may or may not be legally authorized.Here in this post ahead I bring you few FAQs which each one of us will associate with our lives and associated punishments effected as per IT act 2008 amended (India).

FAQs ex ROHAS NAGPAL @ http://www.facebooklaw.in/

Is it legal to ridicule a Government official or Minister on Facebook?

NO. This is a very serious offence and could get someone in jail for life! And unlike what is shown in Hindi movies, life imprisonment means imprisonment for life and not just 14 years! Ridiculing a Government official or Minister on Facebook could be illegal under the following laws:

Sedition
Defamation
Sending offensive electronic messages

Plus, if the Minister or official is a woman, it could also be covered under indecent representation of women

Is it legal to ridicule a celebrity or even an ordinary person on Facebook?

No. This is a serious offence and could get someone in jail for upto 3 years! Ridiculing a celebrity or even an ordinary person on Facebook could be illegal under the following laws:

Defamation
Sending offensive electronic messages

Is it legal to ridicule a religion on Facebook?

No.This is a serious offence and could get someone in jail for upto 3 years! Ridiculing a religion on Facebook could be illegal under the following laws:

Promoting enmity on grounds of religion8
Outraging religious feelings9
Wounding religious feelings10
Sending offensive electronic messages11
Imputations, assertions prejudicial to national-integration

Is it legal to call someone an “idiot” on Facebook?

No.This is a serious offence and could get someone in jail for upto 3 years!The dictionary meaning of “idiot” is a “person of low intelligence” or a “mentally deficient person”.Since it is impossible to prove that a person is actually an “idiot”, calling someone an idiot would amount to defamation and would be punishable under two laws:

Defamation
Sending offensive electronic messages

I have ordered some stuff from a famous ecommerce website. They have not sent
it even after a month but my credit card has been charged for the transaction. Is it legal to post my complaint about this on my Facebook wall?

Is it legal to open a Facebook account in a fake name?

No.This is a serious offense and simply creating the account in a fake name (or someone else’s name) makes the creator liable for 2 years imprisonment.If the person sends even one message, posts one comment or sends even one friend request using this account, the liability could be another 3 years in jail!Simply creating the account in the fake name (or someone else’s name) amounts to forgery.If the account is used, then it amounts to sending offensive electronic messages.Further if the fake account was created for the purpose of harming someone’s reputation, then it amounts to forgery for purpose of harming reputation.

If I use asterisk marks instead of abusive words, can I still get into trouble?

Yes.Even if you use asterisk marks (e.g. instead of fool, you say f**l), if the meaning is apparent, then it would be punishable with upto 3 years imprisonment.

 

As a joke, I have put a morphed photo of my friend on Facebook. She has taken
it as a joke, but her father is very angry with this. Can he file a case against me?
What kind of posts can land me in prison?

Yes.If her father finds it offensive, he can file a case and it can be penalized as “sending offensive messages” and is punishable with upto 3 years imprisonment.If the photo is obscene then there is an additional liability for 3 years imprisonment.

Someone has sent me a threatening message on Facebook. Is that a crime?

Yes.Sending threatening messages on Facebook can be penalized as “sending offensive messages” and is punishable with upto 3 years imprisonment.Additionally, depending upon the threat in the message, additional punishment could vary from 2 years imprisonment to 7 years imprisonment.Additionally, if the threatening message is sent using a fake account (or in any manner to hide the name and details of the sender), then an additional 2 years punishment can be given.

FAQs ex ROHAS NAGPAL @ http://www.facebooklaw.in/

Your ANDROID APPLICATIONS : Mining your profile

1.    It is common for us to hear a company promoting its phone or tablet showcasing that lakhs of android applications are available for free...and the poor(???) customer generally falls for it...so he buys the device and immediately starts exploiting the world of millions of applications on the net and the Google play store...now off course Google just does not upload a application for download once the up loader does his part of the formalities and registration...it checks under its set of QRs if the application is ok from the point of being malicious in nature or not but that does not always works....so many times android applications even in the Google play-store have been found to be suspected...now lets keep suspected apart...does the typical user even checks the terms and conditions of any application before installing?...the blind rule is JUST ACCEPT IT!!!and this goes against the user...this allows invasion to privacy...why should a company ask to access your phone contacts..your location..your system settings...your configuration settings before it allows to install it application on your device...BUT NO ONE THINKS ABOUT THIS!!!!

Back in February of this year, Google announced it was hardening its stance on Android security, unveiling an app-scanner (codenamed Bouncer) to weed out malware uploaded to Android Market (now Google Play) through automatic scanning. Since then, Google has taken more steps to protect Android users: it acquired VirusTotal back in September and in Android 4.2 Jelly Bean introduced an optional app verification feature that enables users to identify dangerous and potentially-dangerous apps on their devices, even if they downloaded them from the Web or got them from an app store other than Google Play.

How have Google’s efforts to combat Android malware been working out? Perhaps not so well. Security researchers were quickly able to analyze how Bouncer operated and find easy ways to circumvent Google Play’s automated scanning — techniques publicly available now to malware authors if they hadn’t managed to think of them on their own. Further, Xuxian Jiang of North Carolina State University has published an assessment of Jelly Bean’s app verification capability. The results? Google’s app verification service identified just over 15 percent of malware samples thrown at it from the Android Malware Genome Project

Source : http://www.digitaltrends.com/mobile/who-can-fight-android-malware-not-google/

2.     Mobile malware is lately becoming a organised crime with complex sophistication in terms of tracking back....and this makes the attack surface for the hacker and the black hats more big and the user more vulnerable at the same time....The most common victim is the one who looks for free applications in various heads of education...technology and not to forget the games section which is a big hit among-st all...the users love the games for which he has to pay nothing and the attacker gets a lot of attack surface to play around...and then the DO IT YOUR SELF TOOLS again add to the attack surface.

WHAT CAN YOU DO TO AVOID THIS?

- Keep your android updated: Now in this case most of the devices till 4.2.1 may not support upgrades..but then you have to keep your fingers crossed!!!

- Refrain from android applications other then google play store.STill you have to be careful...wherever possible read the Terms and Conditions before installing

-  Avoid public open wifi connections

-  Limit your greed to free applications.You may google about the application on google before you install it on your device.

Spying your friend at WhatsApp : Cause of concern

1.   In my last post here,I discussed about the growing lure of using WhatsApp and the basic security concerns that comes with it from point of a naive user.Now will take you one step higher to the level of a script kiddie....

2.  How does WhatApp identify you in billions?The answer is the unique MAC address that each digital device on this earth holds. If any one changes his/her device,then automatically the MAC address also changes and the user is requested to re-verify their WhatsApp account. Means he/she cannot access same WhatsApp account from two devices. But is MACSPOOFING not existing ?So,if the Mac is spoofed,then who stops from seeing your friends traffic that includes his/her chats,downloads etc!!!although for a naive user this may be look of some technical nature but for the young gen which has lots of techno enthusiasts there should be no stopping....that would include rooting your phone and installing Busybox. How to get your friends MAC address,here it goes :

For Android phone users simply go to settings—> About phone—> Status—> Wi-Fi MAC address.

For iPhone users go to Settings—> General—> About—> Wi-Fi address.

For Windows Phone users go to Settings—> About—> More info—> MAC address.

and for BlackBerry users go to options—> Device—> Device and Status info—> WLAN MAC.

3.   And the best part is that your Andorid can be anyone starting from 1.6 on wards till date.

Security Issues : Whats App !!!!

1.   WhatsApp had set a new record with 27 billion messages in a day on 13th Jun 2013...now that's hell of a lot!!!!!a huge success by any means in terms of revenue generation and collection of info...as I really wonder if all these naive users most of them who are actually not aware of the kind of critical information they have allowed to be passed on...such applications are currently enjoying huge success banking on the naive users....who don't actually realize the repercussions owing to this valuable personal info loss.....just read these few eye raising conditions before any one installs this app :

- Prevent Phone from sleeping

- Change Wifi state

- write sync settings

- Modify/delete SD card contents

- read phone state

- Read contact data

- Write contact data

- Record audio

- Read my location

- Read my other accounts credentials

2.  If one goes through the deeper insights of all these aspects that the user has to invariably accept for enjoying the application thinking its free(when he has given invaluable personal info to a stranger) from point of view of security...it starts getting scary...!!!!going through the above terms it is invariably understood that all your contacts info is already gone....now how much is that info depends on how much have you stored...if you have stored the residential address,his email,his other phone numbers etc...that's all gone the moment you install!!!!..and add to this location and hardware details....from a hacker point of view the attack surface is already prepared vide one shot of installation only.....

3.  If Whatsapp says that they respect user privacy and would not submit all the info to any advertising agency or any third party...then y are they collecting all this ?Whats their security architecture?How reliable is that?Do they guarantee a NO-HACK situation?......

How to be Anonymous on Internet ?

1.   Every one of us who is aware and conscious of the repercussions of cookies,trackers,malware's, ad-wares, extensions in browsers,privacy issues on the internet would always dream of if he/she could be anonymous on the internet whilst surfing....and in my few posts in past here , here and here, I have discussed few ways and tools that could make you anonymous on the web.But in recent times after having surfed for a while I have compiled a list of LIVE DVDs and few OS that can help you maintain anonymity.These along with the website and the name are mentioned below :

Mandragora Linux: Gnome desktop built on Ubuntu, to be used for digital forensics during incident response and vulnerability assessments. It comes with hacking tools like nmap (port scanner), Wireshark (packet sniffer), Kismet (Wi-Fi monitoring) and enhancing privacy tools like the tor proxy, torchat and i2P.Website at : 

 Jondo Live-CD / DVD : Jondo Live-CD/DVD offers a secure, pre-configured environment for anonymous surfing and more. It is based on Debian GNU/Linux. The live system contains proxy clients for JonDonym, Tor Onion Router, I2P and Mixmaster remailer. JonDoBrowser is pre-configured for anonymous web surfing, Thunderbird for e-mails, Pidgin for anonymous instant messaging and chats, Parole media player, MAT for cleaning documents and more application are part of the live-cd.Website at : https://anonymous-proxy-servers.net/en/jondo-live-cd.html

Privatix Live System: This is a live distro based on Debian. It is an easy to operate, safe and portable system that can be booted from a cd-rom, an usb flash drive or an external hard drive and ensures your privacy and confidentiality while using the internet and communicating or editing and encrypting sensitive data. Private data and settings, documents, e-mails, or pgp-keys are not saved on the computer that you use but instead those are saved on the encrypted usb flash drive or on the encrypted external hard drive. In case of loss or theft of the data medium your personal data is going to stay protected by a password. Privatix Live System allows for anonymous web surfing using Tor, Firefox and Torbutton.Website at http://www.mandalka.name/privatix/index.html.en

The Amnesic Incognito Live System (TAILS): Based on Debian this is a live distro aimed at preserving your privacy and anonymity. All outgoing connections are forced through the Tor network. Also no trace is left on local storage devices. TAILS comes with bundled software with software like OpenOffice, Claws Mail with OpenPGP and Pidgin.Website at https://tails.boum.org/

Polippix: Polippix is based on  Kubuntu and was made by the IT-Political Association of Denmark as a protest against the anti-terror laws being passed in Denmark. It uses Tor for anonymous Internet surfing, MAC address changer, GnuPG for encryption and driftnet for traffic sniffing.Website at : http://www.polippix.org/

Ubuntu Privacy Remix (UPR): Ubuntu Privacy Remix runs from a modified Live-CD based on Ubuntu.The goal of Ubuntu Privacy Remix is to provide an isolated working environment where sensitive data can be dealt with safely. This is achieved by storing all user data in encrypted form in the removable storage media. Warning: UPR is to be used for encrypting sensitive data and not for anonymous web surfing. It doesn’t allow network connections.Website at : https://www.privacy-cd.org/

Liberte Linux: This is live linux distribution based on Gentoo  that is secure, lightweight and easy to use. It uses Tor for anonymous network communication and has features such as persistent storage on a virtual partition, Netfilter IP firewall and more.Website at : http://dee.su/liberte

Whonix: Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible.Website at : http://sourceforge.net/p/whonix/wiki/Home/

Ipredia: IprediaOS is a fast, powerful and stable operating system based on Linux that provides an anonymous environment. All network traffic is automatically and transparently encrypted and anonymized. Many applications are available in IprediaOS, including mail, peer-peer, bittorrent, IRC chat and others. Contrary to other anonymity enhancing Linux distributions, Ipredia does not use Tor but prefers the I2P anonymizing network.Website at : http://www.ipredia.org/

Qubes OS: Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. Qubes implements Security by Isolation approach by providing a user with ability to easily create many security domains.Website at : http://qubes-os.org/trac

2.    Thanks : http://www.kimpl.com

Browser fight continues : CHROME continues topping too!!!

1.    Not long back we all have seen or might have experienced when violent and pornographic images were fed across facebook profiles of FB friends without the knowledge of the online FB user when he used to simply click on a tempting link!!!!All that happened owing to so many malwares but the exact launching vulnerability was indeed in the BROWSER!!!!!

2.    The openweb is full of options for seemingly good browsers viz Mozilla Firefox, Google Chrome, and Microsoft’s Internet Explorer. But who is the best?.....though when u google u find so may individual claims but third party tests are always welcome on such issues...specially when they have huge evidence to support....like few years back I posted on ACID3 test for the browsers...this one comes from Accuvant...and its actually huge in terms of a conclusive report that's 139 pages in toto......:-)

3.   The full report can be accessed by clicking here...so the Accuvant study revealed that Chrome ranks as the most secure web browser when compared to Internet Explorer and Firefox. Interestingly, German government named Chrome the most secure browser, perhaps lending weight to the study. 

4.   The criteria to test these browsers included factors like ASLR,GS,Sandboxing,JIT Security etc as shown below :

(CLICK ON THE IMAGE TO ENLARGE)

5.   Please google if you wish to know the criteria factors mentioned above in the image.Thanks http://www.accuvant.com/

Internet Freedom : ULTRASURF

1.     While I have earlier talked about TOR,Anonymous OS etc and maintaining privacy on Internet...likewise there is no dearth of such options on the net.Another hugely respected :-) and proven software is ULTRASURF.This software is available at http://ultrasurf.us/ offcourse as a free download. :-).
 

2.   This was originally created to help internet users in China find security and freedom online and has subsequently grown to become one of the world's most popular anti-censorship, pro-privacy software, with millions of people using it to bypass internet censorship and protect their online privacy.

3.    Among other features,few as I felt important are jotted below :

- Protect your privacy online with anonymous surfing and browsing.
 

-  Hides your IP address,clears browsing history, cookies,and more.

-  Using industry standard, strong end-to-end encryption to protect  data transfer from being seen by third parties.

-  Bypasses internet censorship to browse the internet freely.

- Only supports Windows OS.

- Works with IE like TOR with Mozilla.

-  One interesting thing is that the company keeps logs bare minimum information for anti blocking purposes. They  keep your logs for maximum of 30 days to comply by the exisiting law protocols of the hosting country.

4.  More at   http://ultrasurf.us/

The Lightest Browser : BROWZAR

1.  In the world of browsers when we have chrome...mozilla...safari...opera..and many others.fight it out at ACID3 benchmarking levels...we have a small browser here....thats only in KBs....by the name of BROWZAR.Few good things and features are mentioned below :

-  Takes seconds to download

-  No installation

-  No registration

-  One of the smallest, fastest browsers in the world

-   Just download and go

-   Doesn't save Cookies, History, Temp files, Passwords, Cache

-   Secure delete

-   Great for Banking and Cloud applications

-   Carry it with you on a USB stick

-   Great for shared computers

-   Use it on a friend's PC, Internet Cafe, Work PC, on Holiday

-   Automatically cleans up when you've finished

-   Only 222Kb...u read that right!!!only 222Kb

2.   Test and Download at http://www.browzar.com/.

TAILS - Privacy for anyone anywhere

The video above(my first screen cord :-) ) shows the screen cord for installing TAILS on a virtual Box.For those of you who do not what TAILS is all about....Tails is a live CD or live USB that aims at preserving your privacy and anonymity.It helps you to :

Firstly,use the Internet anonymously almost anywhere you go and on any computer.

Secondly,all connections to the Internet are forced to go through the Tor network.

Thirdly,leaves no trace on the computer you're using unless you ask it explicitly.

Fourthly,uses state-of-the-art cryptographic tools to encrypt your files, email and instant messaging...Please visit https://tails.boum.org/ for more details