Social Icons

Showing posts with label anonymous. Show all posts
Showing posts with label anonymous. Show all posts

Sunday, August 13, 2017

Whonix : Debian GNU/Linux based Security-focused Linux distribution

1.     Even if one is not doing anything wrong, he is being watched and recorded in real time as Edward Snowden revealed few years back. Most Internet users value online anonymity, with majority saying they have taken steps to remove or mask their digital footprints, and  reporting that they have taken steps to avoid being observed by specific people, organizations, or governments.Whonix is a Debian GNU/Linux based security-focused Linux distribution which aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux. All communications are forced through the Tor network.This post gives you screen-shots of installation and execution of the virtual appliances involved.

2.    The Gateway VM is responsible for running Tor, and has two virtual network interfaces. One of these is connected to the outside Internet via NAT on the VM host, and is used to communicate with Tor relays. The other is connected to a virtual LAN that runs entirely inside the host.

3.    The Workstation VM runs user applications and is connected only to the internal virtual LAN, and can directly communicate only with the Gateway, which forces all traffic coming from the Workstation to pass through the Tor network. The Workstation VM can "see" only IP addresses on the Internal LAN, which are the same in every Whonix installation.

4.  Download the two virtual machines ie the Gateway and the workstation from https://www.whonix.org/wiki/VirtualBox

5.   Once you download the two machines as above from the link in reference,the following screen-shots will assist you in installation of the same.The two downloaded files are seen below : 
Instead of typically creating a virtual machine and then mounting a vdi,in this case more simply we have to just import the .ova appliance,rest is in auto mode.
Next
Next
Agree to the T&C
Next
Will take few minutes loading
Next
Import
Agree again
Import appliance of the workstation
So u have two machines in the virtualbox console as seen in the bottom two listing below :
Just click both with the start button...and the machine start



Next
Next
Next
Ok
Updated TOR download



Here we see the IP address relating to Budapest Hungary....and thats surely not the user....:-)

Saturday, February 13, 2016

Computer Hacking is LEGAL @ GCHQ

1.  Privacy International , a UK-based registered charity that defends and promotes the right to privacy across the world, lost a case challenging RIGHT TO PRIVACY.

 

So as it stands the GCHQ now has a official tick to itself forcing into hacking devices to obtain intelligence thereby ensuring National Security interests.The court ruled in favor of GCHQ and thus for the first time the GCHQ has confirmed that it has been associated with hacking into IT and computer devices which till date were only thought in anticipation or were believed right based on the NSA whistle blower Edward Snowden.

 Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

Source : http://www.wired.co.uk/news/archive/2015-03/20/gchq-hacking-faq

2.   An extract produced as follows from http://www.bbc.com/news/uk-politics-35558349

"Hackers can remotely activate cameras and microphones on devices, without the owner's knowledge, log keystrokes, install malware, copy documents and track locations among other things"

3.   Another extract produced below from the I
"The use of computer network exploitation by GCHQ, now avowed, has obviously raised a number of serious questions, which we have done our best to resolve in this Judgment. Plainly it again emphasises the requirement for a balance to be drawn between the urgent need of the Intelligence Agencies to safeguard the public and the protection of an individual's privacy and/or freedom of expression."

3.   How much of this stands right or wrong irrespective,but one thing has come out large and clear....there stands no privacy while anyone is on the net...whatever you may do or attempt from your mobile device or the computer,nothing is yours.....

Sunday, July 27, 2014

Harden PRIVACY : PRIVACY BADGER Tool

1.    Till few years back PRIVACY as a word meant the state of being free from unsanctioned intrusion in physical life from your peers/friends/strangers but the whole meaning has taken a new dimension since Snowden released his HIDDEN FILES last year around June.Today not only NSA but a plethora of third party agencies are after you all to track you..profile you...read you.Though in my earlier posts here,I had given a mention of few tools like disconnect.me,Adblock Plus,Ghostery etc but with time technology has further improved and here in this post I discuss about PRIVACY BADGER that is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it's like you suddenly disappeared.Looks Interesting..!!!



3.   Once installed as seen above we get a red hexagon..indicating installed and this has color indicators as follows :
  • Green means there's a third party domain, but it hasn't yet been observed tracking you across multiple sites, so it might be unobjectionable. When you first install Privacy Badger every domain will be in this green state but as you browse, domains will quickly be classified as trackers.
  • Yellow means that the thirty party domain appears to be trying to track you, but it is on Privacy Badger's cookie-blocking "whitelist" of third party domains that, when analyzed, seemed to be necessary for Web functionality. In that case, Privacy Badger will load content from the domain but will try to screen out third party cookies and supercookies from it.
  • Red means that content from this third party tracker has been completely disallowed.
4.   Currently available for CHROME,here I have used the beta for Mozilla browser ...though the site says they will soon release the extension for other browsers incl opera and safari too.....!!!!

Sunday, November 03, 2013

ENCRYPTED E-MAILS @ DARK MAIL ALLIANCE

1.   How often we keep reading so much about privacy and IT security issues across the web and daily surf's!!!....but we only have more to believe that privacy with times to come will be a matter of past...be it your mobile with loads of applications inbuilt already or your exchange on yahoo or gmail etc..every one is trying to vie for your data in some form or the other...your sms..your mms...your contacts..your stored data on the SD card,your browsing history or your location at various times of the day etc etc.....every one wants all this to make your profile and then in the long run use all this to market or even blackmail you(who knows!!!!!)...future will buzz a lot with our past....

2.  In such times it is good to read about "Dark Mail Alliance". Extract from their website is produced below for general direction of purpose :

" To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email. As founding partners of The , both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind."

3.   Silent Circle’s team as mentioned in the extract is a unique and eclectic mix of world-renowned cryptographers, Silicon Valley software engineers, German VoIP engineers, Latvian system analysts and former US Navy SEALs & British Special Air Service (SAS) security experts....while Lavabit was an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government.So the combo of these two majors can be a force to reckon with provided the policies and strategies do not bar them again in some manner...till then lets give a "good night" to privacy!!!

4.   More at http://darkmail.info/

Monday, August 12, 2013

Pirate Bay Web browser : Yess!!! it's here....

1.   This is another tool to make you access that you cannot.Majorly known for allowing movie downloads,the pirate bay has launched this browser to celebrate its 10th anniversary....PirateBrowser is a bundle package of the Tor client (Vidalia), FireFox Portable browser (with foxyproxy addon) and some custom configs that allows you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The Netherlands, Belgium, Finland, Denmark, Italy and Ireland impose onto their citizens...
The website at http://piratebrowser.com/ says "PirateBrowser - No more censorship!"

2.  We all have heard of TOR...so you configure that TOR more tightly and should be able to access what is not allowed....while it uses Tor network, which is designed for anonymous surfing, this browser is intended just to circumvent censorship — to remove limits on accessing websites your government doesn't want you to know about....

3.   But except for few of security guys and some extended circle of those guys...the general crowd would still keep using the chrome and Internet browser.....because most of them do not understand the long term effects of invasion of privacy and neither anyone is interested!!!!

CARRY ON....SURFING!!!!!!more at http://piratebrowser.com/

Friday, May 31, 2013

How to be Anonymous on Internet ?

1.   Every one of us who is aware and conscious of the repercussions of cookies,trackers,malware's, ad-wares, extensions in browsers,privacy issues on the internet would always dream of if he/she could be anonymous on the internet whilst surfing....and in my few posts in past here , here and here, I have discussed few ways and tools that could make you anonymous on the web.But in recent times after having surfed for a while I have compiled a list of LIVE DVDs and few OS that can help you maintain anonymity.These along with the website and the name are mentioned below :
Mandragora Linux: Gnome desktop built on Ubuntu, to be used for digital forensics during incident response and vulnerability assessments. It comes with hacking tools like nmap (port scanner), Wireshark (packet sniffer), Kismet (Wi-Fi monitoring) and enhancing privacy tools like the tor proxy, torchat and i2P.Website at : 

 Jondo Live-CD / DVD : Jondo Live-CD/DVD offers a secure, pre-configured environment for anonymous surfing and more. It is based on Debian GNU/Linux. The live system contains proxy clients for JonDonym, Tor Onion Router, I2P and Mixmaster remailer. JonDoBrowser is pre-configured for anonymous web surfing, Thunderbird for e-mails, Pidgin for anonymous instant messaging and chats, Parole media player, MAT for cleaning documents and more application are part of the live-cd.Website at : https://anonymous-proxy-servers.net/en/jondo-live-cd.html

Privatix Live System: This is a live distro based on Debian. It is an easy to operate, safe and portable system that can be booted from a cd-rom, an usb flash drive or an external hard drive and ensures your privacy and confidentiality while using the internet and communicating or editing and encrypting sensitive data. Private data and settings, documents, e-mails, or pgp-keys are not saved on the computer that you use but instead those are saved on the encrypted usb flash drive or on the encrypted external hard drive. In case of loss or theft of the data medium your personal data is going to stay protected by a password. Privatix Live System allows for anonymous web surfing using Tor, Firefox and Torbutton.Website at http://www.mandalka.name/privatix/index.html.en

The Amnesic Incognito Live System (TAILS): Based on Debian this is a live distro aimed at preserving your privacy and anonymity. All outgoing connections are forced through the Tor network. Also no trace is left on local storage devices. TAILS comes with bundled software with software like OpenOffice, Claws Mail with OpenPGP and Pidgin.Website at https://tails.boum.org/

Polippix: Polippix is based on  Kubuntu and was made by the IT-Political Association of Denmark as a protest against the anti-terror laws being passed in Denmark. It uses Tor for anonymous Internet surfing, MAC address changer, GnuPG for encryption and driftnet for traffic sniffing.Website at : http://www.polippix.org/

Ubuntu Privacy Remix (UPR): Ubuntu Privacy Remix runs from a modified Live-CD based on Ubuntu.The goal of Ubuntu Privacy Remix is to provide an isolated working environment where sensitive data can be dealt with safely. This is achieved by storing all user data in encrypted form in the removable storage media. Warning: UPR is to be used for encrypting sensitive data and not for anonymous web surfing. It doesn’t allow network connections.Website at : https://www.privacy-cd.org/

Liberte Linux: This is live linux distribution based on Gentoo  that is secure, lightweight and easy to use. It uses Tor for anonymous network communication and has features such as persistent storage on a virtual partition, Netfilter IP firewall and more.Website at : http://dee.su/liberte

Whonix: Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible.Website at : http://sourceforge.net/p/whonix/wiki/Home/

Ipredia: IprediaOS is a fast, powerful and stable operating system based on Linux that provides an anonymous environment. All network traffic is automatically and transparently encrypted and anonymized. Many applications are available in IprediaOS, including mail, peer-peer, bittorrent, IRC chat and others. Contrary to other anonymity enhancing Linux distributions, Ipredia does not use Tor but prefers the I2P anonymizing network.Website at : http://www.ipredia.org/

Qubes OS: Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. Qubes implements Security by Isolation approach by providing a user with ability to easily create many security domains.Website at : http://qubes-os.org/trac

2.    Thanks : http://www.kimpl.com




Wednesday, May 08, 2013

Central Monitoring System : Another step in the Wrong Direction ?


1.    The month of "May" has become started with a "Will" from Indian Government.Now after so many still unresolved issues on Facebook posts and similar things in respect of issues of privacy,it has come up now with Central Monitoring System(CMS).The concept was placed in parliament  some time in December 2012 by the then information technology minister Milind Deora on which the government plans to spend Rs 400 crore and this would "lawfully intercept internet and telephone services"

2.  Now this means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities.Every byte of what is being exchanged by you over the net would be monitored.....but is it actually required?I have doubts per-se owing to the amount of further investment it would require.At a time when Big Data analytics is still maturing,investing so much on monitoring and storing some portion of it pan India would be a herculean task.The key points that I found interesting are dotted below :

- With the lack of privacy laws to protect Indian citizens against potential abuse,this would set another example of wrong feather in the cap.

- CMS has been prepared by the Telecom Enforcement, Resource and Monitoring (TREM) and the Centre for Development of Telematics (C-DoT) and is being manned by the Intelligence Bureau. 

- Without any manual intervention from telecom service providers, CMS will equip government agencies with Direct Electronic Provisioning, filter and provide Call Data Records (CDR) analysis and data mining to identify the personal information and provide alerts of the target numbers.

- The estimated cost of CMS is Rs. 4 billion. It will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Is their any thing on Mother India Earth left to monitor?

3. Now I fail to understand that how Government expects to monitor cyber criminals by this CMS? Does government actually intend to find out the actual potent and dangerous Cyber Criminals or are they only interested in finding love affairs of local boys and girls!!!coz if the intention is former,would the cyber gang do it without tricks?...without encryption?...without spoofing?...when things like stegnography,TOR,Anonymous etc are still to be deciphered....the cyber crime would go on as it is.The focus should have been on analyzing of what is floating around rather then monitoring open text and messages.

4.  For example if a person with malicious intent,uses Whonix or anonymous kind of OS from a local cyber cafe and then places his message vide a steganographed image that is encrypted,is their any way that this can be deciphered?....technology does not exist today to decipher all this quickly ..still time is there when we reach such a stage....few months back in Dec 2012 when torrent was apparently blocked on directives from Govt Of India,anonymous group had given a open letter shared at http://www.geektech.in/archives/9924.

5. Well it is very clear that the decision makers in such moves are unclear on technological reality but also provisions for a scenario like WAR within....each step in such a direction has to be taken carefully because these are really critical.Additionally,outsourcing such moves to unreliable or may be foreign firms may become a serious threat.....

6.  Well at the end of the day,it is just my view per-sewhich no body is bothered...but the repercussions are serious to be avoided and ignored

Tuesday, March 26, 2013

Whonix : Not just another ANONYMOUS OS!!!

1.     When u simply Google on "How to surf Anonymously on the web ? ".....u get a whooping 5,510,000 results in 0.19 seconds!!!!!but when u have such a plethora of options..how do u actually decide on which is actually worth? So there is TOR, then there is Anonymous OS.....did some one think Incognito?....:-)..so we have millions in the line!...so now what I am going to mention here is about Whonix OS.....few points about this as follows :

- An anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor.

- By Whonix design, IP and DNS leaks are impossible.

- Not even malware with root rights can find out the user's real IP/location.

- Whonix consists of two (virtual) machines.

-  One VM solely runs Tor and acts as a gateway, which we call Whonix-Gateway.

-  The other VM, which we call Whonix-Workstation, is on a completely isolated network.

-  Only connections through Tor are possible.

2.  When you download the image from the source forge site at http://sourceforge.net/projects/whonix/files/whonix-0.5.6/ you get basically three files.Two in the appliance format and one as a vmdk.So here is the basic diagram explaining the working architecture in WHONIX.

(Click on the image to enlarge)

3.   There is a small difference when we install this OS.Unlike the regular OSs wherein you get the .iso image of the OS and you install it in the typical manner,here the files you need to install are actually virtual appliances in form of .ovf and .ova format.How the installation is done is shown in the video cast below :



Thursday, October 18, 2012

Internet Freedom : ULTRASURF

1.     While I have earlier talked about TOR,Anonymous OS etc and maintaining privacy on Internet...likewise there is no dearth of such options on the net.Another hugely respected :-) and proven software is ULTRASURF.This software is available at http://ultrasurf.us/ offcourse as a free download. :-).
 
2.   This was originally created to help internet users in China find security and freedom online and has subsequently grown to become one of the world's most popular anti-censorship, pro-privacy software, with millions of people using it to bypass internet censorship and protect their online privacy.

3.    Among other features,few as I felt important are jotted below :

- Protect your privacy online with anonymous surfing and browsing.
 
-  Hides your IP address,clears browsing history, cookies,and more.

-  Using industry standard, strong end-to-end encryption to protect  data transfer from being seen by third parties.

-  Bypasses internet censorship to browse the internet freely.

- Only supports Windows OS.

- Works with IE like TOR with Mozilla.

-  One interesting thing is that the company keeps logs bare minimum information for anti blocking purposes. They  keep your logs for maximum of 30 days to comply by the exisiting law protocols of the hosting country.

4.  More at   http://ultrasurf.us/

Monday, March 26, 2012

TOR : ITSELF VULNERABLE!!!

At my earlier post here about TOR...the one who makes you anonymous online is now vulnerable it self....:-)..all the features that I mentioned just few days back...are all vulnerable....latest from Gentoo Linux Security Advisory gives the following details :

- Prone to multiple vulnerabilities as on date.

- Most severe of which allows execution of a arbitrary code by a remote attacker.

- Can cause a Denial of Service.

- A remote relay that the user is directly connected to, may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections

SOLUTION : ALL TOR LOVERS TO UPGRADE TO THE LATEST TOR ASAP.

Saturday, December 31, 2011

HIDEMYASS saves its own!!!

1.  The month of September 2011 went so full of embarassment for HMA(Hidemyass) that it would probably like October  to  follow  August  ( September  may just  vanish in the smoke....) All  its  claims  of  telling  being anonymous  and safe, maintaining privacy,being completely hidden etc etc hit a serious setback....the story goes like this...



 2.   The case pertains to Lulz Security aka LulzSec,a computer hacker group that claims responsibility for several high profile attacks including SONY,CIA etc.So in the month of September this year an alleged Lulzsec member who had carried out attacks on various organizations including Sony and the UK’s Serious Organised Crime Agency, had used this ‘anonymous’ VPN service supplied by HideMyAss.But his plan failed in the biggest way imaginable. HideMyAss (HMA) keeps all yourlogs and as a UK company when given a court order to cough up information, they did so. After matching timestamps to IP addresses, in the blink of an eye Luzlsec member ‘Recursion’ became 23-year-old Cody Kretsinger from Phoenix. The FBI got their man.....so whats the use.....!!!!

3.   But I feel that anything to do with some serious crime should always be contained....like this way...but what about you and me....our surfing habits will always be known....our info will always be under cloud....:-(

4.   This is what HMA had to say :

“Our VPN service and VPN services in general are not designed to be used to commit illegal activity,” said Hide My Ass. “It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences.”

5.  Thanks vpn-reviews.net and  Torrentfreak

Friday, December 30, 2011

PROXY SERVER : ARE THEY LEGAL TO BE USED IN INDIA?

1.   Few days back I was surfing  few sites via proxy server at HIDEMYASS. Just like a that,a thought came to mind that if the Indian Government on one hand is trying all ways out to monitor nefarious activities on net...and in the name of this monitoring they are monitoring u and me as well....what would they be able to do for those actual ones who use proxy servers?.....

2.   Though it is understood that not all proxy server sites are as safe as they claim...most of them have actually a life of not more then 4-5 days...they actually are born to steal and vanish...we call that 9 2 11....But sites like those have been existing for more than 4-5 years like hidemyass,proxy.org etc are actually doing the work they are supposed to do ie PRIVACY!!!

3.   If any of the readers have some idea or can guide to some link w.r.t legality issues of using proxy servers in India...i would be grateful....and lastly if anyone has some disagreements on the comment earlier that INDIAN GOVERMENT IS MONITORING YOU...just check the ANONYMITY CHECKER at https://xerobank.com/.

Saturday, December 03, 2011

"LIKE" Button in Facebook : Tracks u!!!


1.   Internet users tap Facebook Inc.'s "Like" and Twitter Inc.'s "Tweet" buttons to share content with friends. But these tools also let their makers collect data about the websites people are visiting.

2.   These so-called social widgets, which appear atop stories on news sites or alongside products on retail sites, notify Facebook and Twitter that a person visited those sites even when users don't click on the buttons, according to a study done for The Wall Street Journal.Few things about these widgets :

- Prolific widgets

- Already added to millions of web pages in the past year. 

- The widgets, which were created to make it easy to share content with friends and to help websites attract visitors, are a potentially powerful way to track Internet users. 

- They could link users browsing habits to their social-networking profile.

- For example, Facebook or Twitter know when one of their members reads an article about filing for bankruptcy on MSNBC.com or goes to a blog about depression called Fighting the Darkness, even if the user doesn't click the "Like" or "Tweet" buttons on those sites.

- A person only needs to log into Facebook or Twitter once in the past month. The sites will continue to collect browsing data, even if the person closes their browser or turns off their computers, until that person explicitly logs out of their Facebook or Twitter accounts.

- Facebook places a cookie on the computer of anyone who visits the Facebook.com home page, even if the user isn't a member. 

Powered By Blogger