CLOUDUSB : Another way to secure yourself....

1.     "Cloud" has been easily the most buzzy term in past few years for the computing industry. Case in point is the CloudUSB distribution, a project that promises to provide automatic backups and data along with privacy protection. The cloud name is catchy but the security is far less than promised....it is actually a USB-based Linux distribution based on Ubuntu 10.04 LTS(though old but works for general user..now I m on 14.04 LTS though). The idea is that you can carry your own Linux distribution with you for use anywhere, thus allowing anyone to use Linux on any computer and keep their data safe in the event the USB key is lost.

2.    CloudUSB uses the Dropbox service to synchronize data, so users who don't already have a Dropbox account will need to set up an account before being able to use the synchronization service. CloudUSB sets up a data and private-data folder for keeping sensitive files in. The setup.sh script that comes with the distribution uses encfs to set up an encrypted directory. It appears the script isn't properly encrypting the directory, though. When the system is rebooted, it does use encfs to mount the Dropbox/private-data directory as Desktop/.private-data. A step by step screen shot is shown below...i run this on a Virtual Box....and this can be downloaded at http://cloudusb.net/?DOWNLOAD

and there you are ready sett...go!!!!!!!!!!!!!

Hardening Linux : BASTILLE-LINUX

1.   Linux is gaining its pace in gaining new user base daily pan globe and with this increase it becomes all the more important to harden it because now Linux will soon be of interest to hackers....and in this post I am giving a brief introduction about Bastille, a software tool that eases the process of hardening a Linux system, giving you the choice of what to lock down and what not to, depending on your security requirements. It bundles many of the tasks routinely done to securely configure a Linux system into one package.It is a set of Perl scripts that run as an interactive program, asking questions for each step of the hardening process. The scripts explain each step well, enabling you to understand what security measures will be introduced by any changes you make and why. Bastille can also optionally save your choice of options to a file for remote deployment to other machines.

2. Bastille currently works with Red Hat, Fedora, SUSE, Debian, Ubuntu, Gentoo, and Mandriva distributions, as well as HP-UX. A beta version is also available for Mac OS X. Most of the distributions Bastille supports have it available as a package that you can install with the default package manager for the distribution. Once it is installed, just run Bastille as root.After you install it vide the Ubuntu Software centre,the ways to use and configure is shown vide screen-shots below :

Google joins the ENCRYPTION Race : End-to-End Extension

1.    After Snowden leaks,one thing that has been most sought after is privacy and encryption and there have been a horde of tools and extensions that offer u the same vide many companies.Like in the last mail I mentioned about PROTONMAIL,there is another one in the offering from the horses mouth itself...ie Google offering an extension by the name of End-to-End extension...that

means data leaving your browser will be encrypted until the message’s intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.It’s a Chrome extension intended for users who need additional security.

2.    Though it is not yet available since still in Alpha stage but as per the Google blog at http://googleonlinesecurity.blogspot.in/2014/06/making-end-to-end-encryption-easier-to.html,it is likely to be available soon for all chrome browser users as an extension.Google wants to make it harder to spy on email by encouraging maximum providers to adopt server-to-server encryption. The new tool is based on OpenPGP and is meant to be a more user-friendly encryption option than programs such as PGP, which can be difficult to configure and use.

3.   So till it releases.....no options other then to wait.....

Encrypted Mail without being Technical : PROTONMAIL for You

1.    Often when we discuss about encrypting messages in emails we see it is generally confined to PGP extensions using Thunderbird, exchanging public keys and generating private keys and other encryption techniques incl Enigmail or installing GPG etc...but even after doing all this the whole thing is a bit complicated ....and no one likes complications....so when techies get complicated...it actually becomes kind of out of bounds for the common user anyway to use encryption in routine mails with each other.But with increasing rise in concern over security and privacy matters by the common user specially after Snowden revelations,the need has given us PROTONMAIL.

2. PROTONMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.It offers a user-friendly experience with full “end-to-end” encryption and encrypts the data on the browser before it communicates with the server, therefore only encrypted data is stored in the email service servers. So, even if someone gains complete access to the server, it will find only the encrypted data. Moreover, there is even a “self-destruct” feature in the email service which ensures your emails are only available for a limited period of time.Isn't it interesting?....

3.  At Protonmail,the decryption uses a combination of asymmetric (RSA) and symmetric (AES) encryption.So we have two cases wherein the user sends a mail from a Protonmail account to another user with Protonmail account and the other in which he sends a mail message to a non Protonmail user....

- For Protonmail to Protonmail emails, implementation of PGP is used where  key exchange is handled. So we have all the public keys. As for the private keys, when an account is created, it is generated on the browser, then encrypted with your mailbox password (which we do not have access to). Then the encrypted private key is pushed to the server so it can push it back to user whenever he/she logins.

- For PM to Outside emails, encryption is optional. If one selects to encrypt,  it uses symmetric encryption with a password that one can set for that message. This password can be ANYTHING. It should NOT be the Mailbox password. It needs to be somehow communicates to the recipient....few useful screenshots seen below :

 This is the screen at LOGIN

 Here you LOGIN

 Here is the second password before you finally LOGIN to the user interface

 Here is as you LOGIN

 This is the screen as you compose a mail.The point to be seen is the feature for choosing to encrypt your message and the expiration time.

 This is the mail received to a non PROTONMAIL user and we see there is a mail link it refers to!!!

 Once you click that link..you get a pop up for a password

 You enter the password and you will be able to decipher the password.

[SOLVED] : result code ns error failure virtualbox

1. If you ever get this message "result code ns error failure virtualbox" while you use virtual box...don't you worry...simple steps will resolve as follows:.

The screens you see are shown below first just to ensure that your and mine problem is same :

2.    So first thing is your remove Virtual box from the Ubuntu Software Centre or you can remove the same manually from terminally as root with the following commands :

sudo apt-get remove virtualbox-\*

sudo apt-get purge virtualbox-\*

init 6

sudo sh -c "echo 'deb http://download.virtualbox.org/virtualbox/debian '$(lsb_release -cs)' contrib non-free' > /etc/apt/sources.list.d/virtualbox.list" && wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add - && sudo apt-get update && sudo apt-get install virtualbox-4.3 dkms

3.     These 4 commands from the terminal should get you through!!! all d best

[SOLVED] Unable to mount SAMSUNG_Android : Error initializing camera: -60 : Could not lock the device

1.   This is a common issue for Ubuntu users trying to transfer files from a Samsung or any Android Mobiles.You get the following screen as seen below :

2.   Two simple terminal commands should be able to solve this issue :

First : sudo add-apt-repository ppa:langdalepl/gvfs-mtp

Second : sudo apt-get update

3.  Running these you will get something like this ready to explore the folders :

Is it Hasta la Vista for True Crypt?

1.    The popular encryption software TRUE CRYPT (...actually my personal favourite for long now) site has been showing some surprising front page news as we reach the original address at www.truecrypt.org/ as seen below :

2.     I wonder why for any reason a open-source established software like TRUE CRYPT would start recommending Bitlocker ex Windows 7?....is it case of a simple web page hack or is it for real?....lets wait and watch for now...

Bullrun And Edgehill @ Secret Decryption Programs

 

1.    Most of the techies who have relied always on their favourite encryption methods to have privacy in store should be in for a shock like me if they have not heard of BULLRUN and EDGEHILL @ Secret Decryption Programs.Below I produce an unedited extract from the Snowden talk at TED last week.He was asked a question by Chris Anderson,the curator of TED and what followed is produced below :

Chris Anderson : Come here, because I want to ask you about this particular revelation. Come and take a look at this. I mean, this is a story which I think for a lot of the techies in this room is the single most shocking thing that they have heard in the last few months. It’s about a program called “Bullrun.” Can you explain what that is?
 

Snowden : So Bullrun, and this is again where we’ve got to thank the NSA for their candor, this is a program named after a Civil War battle. The British counterpart is called Edgehill, which is a U.K. civil war battle. And the reason that I believe they’re named this way is because they target our own infrastructure. They’re programs through which the NSA intentionally misleads corporate partners. They tell corporate partners that these are safe standards. They say hey, we need to work with you to secure your systems, but in reality, they’re giving bad advice to these companies that makes them degrade the security of their services. They’re building in backdoors that not only the NSA can exploit, but anyone else who has time and money to research and find it can then use to let themselves in to the world’s communications. And this is really dangerous, because if we lose a single standard, if we lose the trust of something like SSL, which was specifically targeted by the Bullrun program, we will live a less safe world overall. We won’t be able to access our banks and we won’t be able to access commerce without worrying about people monitoring those communications or subverting them for their own ends.

2.   It was always suspected for long but now the newly leaked documents by Edward Snowden, the NSA and GCHQ are said to have defeated most of the online encryption used by internet users and the likes of Microsoft, Google, Yahoo and even banks.Few important things about these two programs are bought below :

- Bullrun Is the Most Expensive Program Leaked by Snowden.The funding allocated for Bullrun in top-secret budgets dwarfs the money set aside for programs like PRISM and XKeyscore. PRISM operates on about $20 million a year, according to Snowden, while Bullrun cost $254.9 million in 2013 alone. Since 2011, Bullrun has cost more than $800 million.

- Bullrun Began 10 Years Ago

- A majority of the funding for Bullrun goes toward actively engaging tech companies in their product design. The NSA covertly influenced tech companies to insert vulnerabilities into commercial products that would allow the NSA access without consumers’ knowledge. 

- NSA and GCHQ View Encryption as a Threat(That's....incredible....)

- Edgehill started with the initial goal of decrypting the programs used by three major Internet companies, which were unnamed in Snowden’s leak, and 30 Virtual Private Networks.

- GCHQ hopes that by 2015 Edgehill will have decrypted 15 major Internet companies and 300 VPNs.

- NSA Covertly Influenced International Encryption Standards.

3.  Besides BULLRUN/EDGEHILL,the NSA and GCHQ have a number of programs for gathering different types of internet metadata few of which mentioned in Luke Harding's Book are :
   
Prism - Secret access to the servers of Google, Facebook and others.

Boundless informant - Mapping of all secret data to specific countries.

Upstream - Catch as much of the global internet traffic as it passes across the United States

Stellar Wind - liaison with US internet and telephone companies to provide metadata information.

Beam Remote Presence Operations

1.   Recently watched the Snowden Interview/Interaction at TED here as seen below



and got curious to know about the device used and he interacted vide.....and so got this video link with details of the BEAM remote presence operations...a very interesting device to say

2.  More details at https://www.suitabletech.com/