|
Greythorne's
Privacy Nexus
[ Quick Privacy Switchboard
] [ IP Spoofing ] [ Encryption
Notes and Chat ] [ SSH Connections
] [ Instant Messengers ]
[ Mail2News and Mail Relays
] [ Proxy Tools ] [ IRC
] [ Firewalling ] [ Intrusion
Detection ] [ Getting Online
Privately ]
[ Router Tricks ] [
Useful Tools ] [ Data
Recovery ] [ Cleaning Tracks
Off Your System ][ Spyware
] [ Antivirus ]
[ Making Safe Anonymous Payments
By Mail?!? ] [ How (And Why)
I Do Things To Protect Myself ]
[ Send Me A Message ] [ What's
New ]
-=-
This section is for web based tools that are available
to us, I prefer the direct approach. Most of these
are ready-to-use right as you click the link.
NOTE - WHEN ANON SURFING DO NOT LET BROWSERS SHOW
SECURE CONTENT - PROXIES NOT SSL ENCRYPTED WILL REVEAL
YOU
Also be sure to read the privacy policies at a site
before using - some have much different protection
policies than others.
Fravia is still online! -- Visit him
at SearchLores
or Fravia.com
His classic anonymity
lab page is as always an excellent resource
If you linked here from somewhere else, you can go
to my link menu (see top of page) here
or here.
My updated PGP public key is here.
Thanks
go out to all of you friends who have been
aiding me in my projects and my old friends
on the net. Among others, in no particular
order: (cheezy
GREETZ section here)
Pipacs, Razzi, Crackz, Letterman, Devine9,
Muad`Dib, Dynm8, Chrizz, Flugh, Wulfric,
Carpathia, Pr1mus, Elessar, Potsmoke, and
of course Fravia :) |
|
Check out the METASPLOIT
page to get some useful reversing tools that let you
get INSIDE windows
-=-
Those of you who have been in contact with me lately
are aware of my interests in anonymity and other security
issues. This page is for that reason, and for the people
who have wanted to hear more about some handy tools
or options that are out there. If you have anything
to add, please feel free to contact me, I would love
to include more information from the ever increasing
world of the web. As with everything, there is always
some risk, though with some of these things available
to us, that risk can be seriously reduced if not completely
alleviated. This is a work-in-progress, more to be added.
|
MOST
INTERESTING: http://www.oxid.it/projects.html
<-- Real IP Spoof
and Sniffers
This site has some very effective software
(overwhelming ARP data to mask your IP
(and MAC Address) on a local network)
STERM, CAIN, and
IRS on this site use this technique
effectively
They make use of the WinPCap Ethernet
Packet Drivers -- WinPCap
Home
STERM - Spoofing Telnet [BEEN LOOKING
FOR ONE THAT DID THIS RIGHT FOR A LONG
TIME]
CAIN - Spoofing Net Sniffer and
grabs passwords for several popular apps
[EXCELLENT!]
IRS - Scans a machine for TCP flaws
I have tested them (STERM the most) on
both Windows XP and Windows Server 2003
THIS IS THE REAL
DEAL! - Zone Alarm reports the
false IP instead of the real one
Make sure to read the instructions, each
file uses a reg key to set the MAC address
to mask your network card as well as the
IP
They actually took the time to make a
presentation to teach you a bit of the
workings.
Most software I have seen fails to live
up to it's name - this does what it says
That's what I mean by the REAL
DEAL.
Remember that i
am advocating privacy here, not havoc.
Intrusion Detection Software (IDS) can
often detect a change in a MAC address.
(The physical hardware address of your
network card; almost like a fingerprint.)
Though in a grid of machines getting pseudo-random
IP addresses when plugged into
the network and one of them is using an
unidentifiable IP address for some tasks,
It can be very difficult to track down
which machine is reporting the altered
MAC.
especially when not in the same physical
location.
Make sure to set a different MAC and IP
address than any existant on the local
network
(editable from the registry... read the
Docs for each separate application for
the keys)
because if there are two machines on the
same net with identical ones, the net
can freeze.
The important thing is to set the MAC
to something different than your own ethernet
card
is fingerprinted with, so you are not
identified that way when the admins look
at logs.
|
|
One application ( http://www.brswebweaver.com
) has an anonymous surfing feature that was not planned...
A vulnerability
and exploit data that was posted to the security
mailing lists causes it to not even log when you using
their service
You can subscribe to these lists at http://www.security-focus.org/subscribe
-=-
NewsLeecher app download
area - fun application for download from usenet
newsgroups
| Anonymous Encrypted Web Surfing Tip
For Use With Proxify.com |
Make a Link Button on your web browser
or bookmark one of these links:
(both of these have a address bar that shows
at the top of the page so you can go anywhere)
SSL
Anonymous Google Search As Proxified Start
(scripts and cookies allowed*)
*Scripts and cookies are allowed by default
in this link so you can use sites that need
them in order to login etc...
SSL
Anonymous Google Search As Proxified Start
Page (no scripts or cookies allowed for
more security) |
| For those of you who don't know how
to make a link button in your web browser
to a link, do this: |
For
Internet Explorer (MSIE): (In the
menu at top of the browser check: "View
-> Toolbars ->Links" if your
Links are not showing up)
Use your mouse to drag one of
the links (drag & drop) onto the Links
bar at the top of your web browser
For Netscape 6+:
Use your mouse to drag one of the links
(drag & drop) onto the Bookmark bar
at the top of your web browser
For Opera:
(In the menu at top of the browser check:
"View -> Personal Bar -> at TOP"
if your personal links are not showing up)
Click to go to the link you want, then choose
the Bookmarks menu option at the top, enter
the Personal Bar folder, and in the little
pop up menu click: Add Page Here |
|
A
LITTLE MORE ABOUT ENCRYPTION AND CHAT
PureNoise is a SOCKS 4/5 proxy application that works
to encrypt irc chatting as a firewall/proxy running
on port 663
for example:
Set firewall (type=BOTH) in MIRC and tell it to use
address 127.0.0.1 (or localhost) and port 663
when you are chatting, unencrypted data starts with
"--" (2 dashes)
to start encryption mode, type "===" (3 equal
signs)
to end encryption mode, type "###" (3 number
signs)
PureNoise handles all of the key generation by itself,
you have no config needed.
-=-
(I tend to use PGP, RC4, and Blowfish for my secure
software applications)
PGP Notes -- Version 8 at the PGP
international download section supports RSA and
also plugs into Outlook and Outlook Express.
Create keys using RSA legacy (2048 bit) to be compatible
with all applications, or RSA (4096 bit) to handle
newer apps.
I made keys for both security
levels, so that all of you can CONTACT
ME no matter what their software.
Recent Windows versions have built-in file and data
encryption but I would feel better trusting PGP or
BestCrypt for this task.
ENCRYPTED
SSH TERMINAL CONNECTIONS
NOTE: SSH.COM
now has a good free SSH terminal client which also
installs an SSH ftp (file transfer) client as well
The non commercial one in their downloads
section is limited but still a very nice free
application
-=-
WHAT IS SSH ENCRYPTION FOR ANYWAY
?!?
If you want to connect to a machine where you have
to type in a password, BE CLEAR ON THE FACT
that the companies and
administrators, or anyone else using a sniffer
to look on the network for passing data will see them
IN PLAIN TEXT.
This means any data you are transferring is an open
book for anyone on the network to see if they are
looking.
The first solution, SSL web browsing, is covered
already, but for remote terminals (client-server applications)
we need something
more than a web proxy. If we already have a machine
we access remotely as a server, we need just the client
software.
Free client software (PuTTY) is available for Windows
based machiness.
Either download (includes FTP software) it HERE
or to check for new releases go to the PuTTY
Home Page
There is quite a bit there, but putty ssh client and
ftp client are probably all you need for general purposes.
If you have a web site on the server you can access,
MindBright came up with a great Java applet SSH client
so that you can make an encrypted link via SSH to
your machine from virtually any web browser on the
planet.
Your MindTerm Web Page Link To Your Account:
Unzip this file into your
web directory, change the name 'address.com' in ssh.htm
to match the domain name
of the machine you are trying to contact, and presto,
as long as that machine supports ssh you are all set.
Most Linux machines and most other unix based servers
out there have ssh server support.
If you are connecting to a machine running a windows
based operating system, all is not lost:
Excellent Windows Software Source:
Van Dyke Technologies
supplies Vshell (server), SecureCRT (SSH Client),
and SecureFXP (SSH FTP Client)
for Windows operating systems (ssh1, ssh2 and more).
Vshell needs WinNT, Win2000, WinXP, or Win2003.
It doesn't matter which version of windows you have
to run a client program however.
INSTANT
MESSAGING
PSST encrypted
Instant Messenger software available at SourceForge
Connect to the IP of a friend directly encrypted,
no setup needed.
(they need support to add features)
Hush
Messenger encrypted Instant Messenger is free
from the makers of HushMail
You create a HushMail
account with them here (used like screen names on
AIM and your also get encrypted email)
AIM and MSN Messenger tend to get hacked pretty regularly
though lately the worst has been YAHOO Messenger
in that there exist hacks that allow people to walk
right into your system past a firewall if it is not
RECENTLY updated.
There is a web page script hack out for AIM that steals
passwords from users for example.
Considering that most IM's are plaintext, I prefer
to only use them for situations that do not require
security.
AIM is creating an SSL certificate based pay-based
add-on so it is looking at least somewhat promising.
For the most part, I have had to disconnect myself
from the IM software on the net for both security
and time.
Can't get much done while sending messages back and
forth ;)
MAIL2NEWS
(AND EMAIL) POSTING WITH ANONYMITY
With DejaNews ("Google Groups" now that
Google owns it) we have a virtually permanent record
of news postings...
complete with the email address and name of the individual
who posted the message. With that kind of information
longevity, it should not be considered dumb to find
a way to post without making permanent tracks if not
wanted.
If you think otherwise, look back on something you
wrote when you were much younger, and imagine how
it could be
a tad embarrassing to have everyone see it today...
Web based anon web2news posting, like in the switchboard
(above) are great for simple messages, but are not
really
capable of handling more complex possibilities, and
often can be down -- so email gateways can be a solution
disappear.
This section is not meant as a reinvention of the
wheel, but as an update since these types of servers
Mail2News Instruction Sources
Fravia's
Classic Anonymous Mail and News Page (has instructions
and gateway addresses to try)
Dizum.com
- Secure website with full mail2news instructions
EZ
Mail2News Instructions from a WebTV user (a group
of users who definately need this ability)
https://xs4all.nl/
??? (Seems to try and connect but may be down)
Mail2News Gateway Email Addresses
| mail2news_nospam@dizum.com |
| mail2news_nospam@shinn.net
|
| mail2news_nospam@anon.lcs.mit.edu |
In mail2news_nospam@dizum.com
(as opposed to just mail2news@dizum.com)
'nospam' mangles your email address in postings to
help you avoid getting spammed
Be sure to realize that only some mail2news are
anonymous by default, but using an anonymous mailer
will get the desired result.
Anonymous Remailers, Tools, and Much more information
are HERE
at the G.M.S. Freedom Project
And also at Electronic
Frontiers Georgia
Address: remailer@anon.efga.org
They have an extensive set of Anonymous
Remailer Lists
Also check out the Anonymous
Remailer FAQ
While we are discussing email... you might want
to know HOW
TO Retrieve FTP Files By Email
Beware of a German Proxy called JAP which was originally
a very nice Java Proxy...
(Java
Anonymous Proxy)
It was court ordered to have a Back Door and sends
data to the German Police
Read More about this serious problem HERE,
HERE,
or HERE
IRC
PROXIES (How yours truly moved out of the dark ages)
[ You should check out the Invisible
IRC Project, it definately looks like a good
tool in the making ]
[ Also check out Ultimate
Anonymity - offers many different services ]
Many tricks are available, though lately it is nice
to get a BNC (bouncer) to proxy into IRC using nearly
any popular client
PsyBNC is very nice (though complicated to configure)
and remembers your data such as the last chat rooms
you were in
Be sure to get the syntax right on the 'change password'
feature... if you don't do it exactly right it can
screw up the PsyBNC server
If you can possibly do it, and locate fast ones,
using a couple bouncers at once makes it less easy
to track you
It really doesn't matter which type(s) you use,
but some have more options than others.
Most of the time you must be trusted by someone
who can give you a password to a BNC to get access,
but proxying by any method will keep most script
kiddies (among others) from messing with you easily
OR you could go to a place like pyroshells.com
and pay for a BNC package at $2 per month (no kidding!)
Their rates on just about any internet service are
unbelievably low
By getting out of the dark ages... I mean that I
used ssh connections chaining from one unix box
to another
and using text based IRC links. Sure it was protective,
and people thought I was logging in under my real
ident,
but features such as DCC file transfer were completely
unavailable
Sometimes I would in the past use a WinGate
proxy to bounce into IRC and protect
my IP from easy viewing
It is increasingly harder to find useful wingate
proxies however - but they are handy when you find
them
You can search for them on a batch of IP's with
the wingate scanner
(originally found here
among other small apps)
Digital-Root.com
carries many
texts, including wingate
proxy usage instructions, though many things
there are dated
It is also possible to use other types of sites
on the net as proxies as well, though not all servers
will accept
them. Dnam8 made a good observation that if you
find a domain name or ip address that you can FTP
to, it will often
also allow you to use it as a proxy. MIRC settings
for basic proxy usage are like so:
- set the 'FIREWALL' option -
choose the BOTH + PROXY choices (don't choose SOCKS)
assume port 80 (many use other ports but this one
is a good bet)
[ You CAN use a proxy AND
BNC's at the same time for more security ]
If you are using a scripting IRC program like MIRC,
a handly little script called proxy
monitor watches when people come online
and reports to you which proxy connection they are
using. When you run it, you tell it which ports
to watch in several boxes.
Try these - though people can use many others: 6667,
1080, 80, 8080, 3128
Many proxies are not accessible to you - specifically
if they have password access, but occasionally you
can use it too.
since the topic came up...
(And since they are 'kissing cousins' to proxies...)
Firewalling
Try using two at once like ZoneAlarm AND BlackICE
[together].
They do some different tasks that complement eachother.
BlackIce asks you whether to allow execution of
programs where ZoneAlarm checks only net accesses.
Other firewalls also do this, such as TINY
FIREWALL (This one has a ton of features!)
Besides, if one is disabled by an attack (such as
a virus or trojan), the other still lives.
Do research regular on them however, you want to
keep up do to date to avoid being hacked.
A good place to find many
firewalls is here: http://www.all-internet-security.com/firewall/
Linux users have the firewall IPChains
among other firewall options.
-=-
Recently KAZAA (and
others as well) media users have come under fire
due to lawsuits from music artists.
PeerGuardian (a type of free firewall) was designed
to combat the scanning of
individual machines by making a publicly updatable
list of IP's that the software will block
whenever people find that they are being scanned
by those IP's.
At last time I checked there were over 50,000 IP
addresses blocked by PeerGuardian.
Download PEERGUARDIAN
here
INTRUSION
DETECTION
Akin to the firewalls is Intrusion Detection (IDS)
-- basically because the firewalls not only block
intruders
but inform you of ip addresses and ports where someone
is attempting to break into your system.
There is much more to both types, but to protect
yourself, you should be using both.
One IDS currently getting good reviews is Demarc's
PureSecure IDS (Free for personal use of course)
It installs mySql Database on your machine for it's
storage needs, and has a client application called
'Snort'
which allows you to access the machine where the
IDS is installed whether you are running Snort
on the main machine (usually the server or gateway
machine) or on one of the other local machines.
I find the tiny windows that open and close on occasion
a little annoying, but it seems to do a very good
job.
There have been people worried about a back door
in Demarc's product, though from what I have read
those worries do not have any real merit. Granted,
any public product will be actively assaulted by
the hacker community, but again, that is a problem
that all firewalls or IDS software has to deal with.
HOW
YOU GET ONLINE CAN BE THE MOST IMPORTANT ANONYMITY
SOLUTION
The first thing I can tell you is to walk into a
public library or other free net service location
and see if their machines
will allow you to surf the net without having to
identify who you are. Many are just windows based
machines
or MacIntoshes that are always on and don't have
any method of identifying the user. This makes life
easy if many users are online.
Without going to a public place, there are still
options!
Dialup accounts (and some cable and DSL modems)
give you a random IP address when you log in.
When you log off then that address is free (unassigned)
and gets put on the next machine that comes online
with the service.
Think about this carefully... If you are using a
service where you use a login and password to get
in, YOU ARE LOGGED.
Cable modems tend to tell the ISP your data anyway.
They tend to store the hardware address of your
modem with your phone number
in their database at the main office. That is how
they are able to look at the logs and see if your
modem is having troubly remotely.
FOR BEST RESULTS use the dialup method here or cloning
(in the next section)
Some dialup services are allowing people to try
the service with no need for a credit card, and
are allowing free internet time.
(Don't you just love a system where companies want
to offer you free stuff to get you hooked?)
NetZero for one offers a 10 hour monthly free service
and you can create your own login ID and information.
Remember that the smart thing to do when you are
done with your online task is to hang up the modem
to free up the ip
and ALSO delete the dialup software and user
ID. Reinstall it next time you want to get
online with a COMPLETELY DIFFERENT
ID.
If at all possible, get a private unlisted number.
Caller ID will not work on the other end.
If you do not have that, in the USA there is usually
a way to disable remote caller ID by typing a code
before the number.
Your phone company will gladly tell you what that
code is because it is a service they offer to protect
you...
and themselves so they don't get sued by people
who don't know their phone number is so obvious.
In my area, *67 is the caller-id-disable command
code... the counterpart to *69 (general caller-id
command code)
[using the made up phone number (999) 999-9999 for
the next examples]
In your dialup settings (windows machine example
here) either set the number you call to *67,999-999-9999
or even better (because it protects ALL modem calls...)
go into your modem dialup settings and enter
*67,
as the number for the blank that reads somethig
like: 'i need to dial a number to get an outside
line'
the comma is important and means 'wait a sec before
dialing the next digits' because the command needs
time to go through
(often cell phones can do this too... my service
is like so: *679999999999 - no comma needed)
This is not as good as
a private number
Private numbers tend not to send your phone number
over the line.
You may not know that *67 styled codes do not always
stop your number from being relayed...
It still can be sent, but the phone on the other
end gets the order not to display the caller id
data.
The authorities (not regular companies or people)
have modified phones that ignore the code.
It is of course better to not even dial from home
since there are other ways (ANI and Police Traces)
to track you.
What ISP's will do if they
can't otherwise track someone in particular
ISP's will often watch the logs when they are tracking
someone by a username to see if that person logs
in.
While logged in, the ISP can have the authorities
trace the call and find your phone number.
It is of course nice if you are not at your home
number.
Before there were free dialup accounts, and one
wanted anonymity, it was much harder.
[This is what I did when I 'met' Fravia, so I am
only talking about the mid 1990's]
Some of you already know how I handled that one...
I called a local university library and asked if
they had a dialup number to access the card catalog.
Now many libraries have internet web browsers so
it is not unusual.
Many accessed the net even back then, only just
for specific applications.
The card catalog had a search engine in it, even
though they were using text based web access only.
The administrator had disabled the TELNET:// command
from the search tool and set it just to search LYCOS
and a few other well known engines. I had an idea
that panned out nicely... you couldn't type it,
but you could
click a TELNET link on a web page and it would in
fact work. That option is not as easy now in most
places.
So, on one of my "Greythorne" pages, i
made telnet links (and of course many other types)
to internet services I liked to use
and then registered that specific page on all of
the search engines that the library was using.
Then all I had to do was dial the library card catalog
service, enter the 'net search' for my own page
then go to any link I wanted [ Free Anonymous Internet!
]
Things like that are not illegal, and are available
to the creative individual who spends time looking
at what is out there.
Smart sysadmins tend to remove modems from the servers
nowadays so it may not be available in your locality.
You just have to call and find out if that is available.
ROUTERS
AND IP CLONING (MORE ON GETTING LOST IN THE CROWD)
Above, in the section on CAIN and
IP Spoofing, I brought up local network IP and
MAC Address spoofing.
(Re-iterating here that MAC addresses are the unique
hardware ID for your ethernet card... so a local
net KNOWS
you.)
This solution is one using hardware. On a network
the sysadmins may not notice, or the network often
just appears to have
a misconfigured router on it somewhere. You assign
some MAC address to it and in most the IP can be
set manually.
Some of my contacts set the data to match that of
a machine in the local area.
Note: Cable modems reported to me by techs
in the field do not do as well in that they have
their own MAC address,
and the cable company uses that to identify the
modem in use, DSL modems reported to me
however are different in that they report the MAC
address of the machine they are connected to
So for the examples reported to me, DSL is spoofable
and Cable modems are not.
IP6 will get rid of the chances for IP spoofing
that exist like this but for now, IP4 allows a few
tricks still.
There is a hack available for several types of cable
modems where you set the router to have the same
address
data as the machine at your ISP over the cable line
in order to up the transfer rate, but I would definately
consider long and
hard before doing it. If I were the sysadmin at
a cable modem source ISP I would have a script watching
such changes.
Anything you do should be checked by going online
and checking your IP such as in the tools section
below.
It would also be wise for you to reset your MAC
and IP back to what they should be once you are
done working.
 |
|
www.whois.sc
- The best domain information site I have ever
seen
(I found this in the tracks of a would-be hacker
who tried to mess with me) |
DATA
RECOVERY
These tools can be very handy but can also be your
worst enemy when you wanted to delete something but
not really 'erased.'
EnCase is used by law enforcement agencies to get
evidence about people from data removed from their
machines.
If someone has been using your PC it can be very handy
to find out what has been done to it.
Go to www.EnCase.com in their downloads section
to try out their software.
Easy Recovery Pro
was very easy and helped me get back a ton of files
after a system crash.
It works by dropping recovered files to a separate
partition or an FTP location so it doesn't overwrite
unrecovered data with data that it is currently recovering.
There is also PC
Inspector File Recovery by Convar (A German Company).
Another one with good reviews is VirtualLab
Data Recovery though I have not tested either
of these last two.
Erasure tools for cleaning up for secure deletion
are in the next section.
Since recovery tools and erasure tools both are available
to you, it is easy to test them against eachother.
CLEANING
UP THE MESS
With all that junk that tends to fill up our hard
drives, data is recorded and stored all over our pc's
about what we do and where we go.
These tools are my favorites for getting rid of those
tracks.
Some classic specifics are described in Fravia's
Anonymity Lab
OS's have been changed MUCH and new things added.
Software hasbecome available to make many of these
tasks easier, such as removing tracks from specific
applications.
Tracks Eraser Pro
- These guys are great, like in Proxomitron, they
have user-creatable plug-ins.
When you find a program that is not cleaned by T.E.
Pro, go to OPTIONS tab and click the UPDATE button
and check for new plug-ins or read the docs on how
easy it is to create (and post) your own.
You could also just go straight to their plug-ins
download page to get the ones you want.
Evidence
Eliminator - This one is also a very nice cleaner.
Both T.E. and E.E. show you a running log
window of things they are doing to eradicate junk
on your hard drive and in your registry.
It also has a way for you to create customized plug-ins
with a downloadable
plug-in creation tool.
The US Government has security regulations state that
10 complete erasures of a file will securely delete
it.
[ This is done by overwriting a deleted file 10 times
with ones and zeroes ]
Setting a program like Tracks Eraser to automatically
do this is very nice for security.
If you are using MS-DOS you can still get the Real
Delete TSR program to do this for that operating
system.
SPYWARE
If that wasn't enough, the deluge of spying ad software
and also surveillance software on the net today
is enough to make anyone want to leave computers behind
and become a monk. (Okay, maybe not EVERYONE...)
This section is for both removal and usage of these
software types.
-=-
Software in this section (Quick Links)
Anti Ad-Ware Software: Ad-Aware,
SpyBot Search&Destroy, Spy Sweeper
Anti-Surveillance Spy Software: SpyCop
Privacy Scanner, Anti-Keylogger
-=-
Well, there are several pieces of software to help
us fight this onslought of computer infecting privacy
thieves
For the Ad software, there is Ad-Aware which gets rid of many of the latest junk advertisements
that can hassle
you again and again by slowing down your machine and
outright crashing applications. (msbb for example)
Another one, SpyBot
Search & Destroy, has removed some that Ad-Aware
didn't find.
You really ought to try Spy Sweeper, I am really pleased with it's results.
it is smart and tells you if the adware you are removing is going to stop a program from working,
and it lists the program that would be affected
It does a great job to clean drives and is updated much better than adaware or spybot s&d
It also installs an antivirus-like thing (anti-spy)
it only installs once for free, uninstalling and reinstalling will not work, it requires you to buy it
also – make sure you are online when you install it the first time
because it will allow you on install to download the anti-spy updates
(like Norton and mcafee's auto update feature)
but if you install it and you are not live on the internet,
it will not allow you to download any updates unless you pay for it
-=-
For the more intrusive ones out there, here are some
good ones (plus some field observations I have made)
These two I have had some interesting results with
when doing contract work for a surveillance company
(not kidding).
(For those of you who do that, be sure to research
the latest infiltrative nasties in case the software
doesnt see them yet)
I will say that I ran about half a dozen different
scanning applications on the machine, but these next
ones were
the only ones which found the offender: Spector from SpectorSoft (This was in early 2003).
They BOTH found
an instance of SPECTOR on the client's machine, but with an interesting difference:
SpyCop Privacy Scanner found the software itself in the system directory:
c:\windows\system\rvnwkgdi.dll
c:\windows\system\wswinntfp.exe
Anti-Keylogger found the encrypted log files on the hard drive:
c:\windows\system\netext\*.tpr
(file dates are false to fool the unsuspecting)
It was great from a reverse engineering point of view,
in that it definately exposed the belly of the beast
to use both of them.
SpyBot Search & Destroy also kills some of this kind of
spyware, though Spector was not listed in their website.
IT CAN BE HELPFUL TO USE SPYWARE TO PROTECT YOURSELF
Very often, especially if you have a lot of visitors,
people could be using your machine for things when
you aren't looking.
You should always know what goes on in your own computer.
If you do, however, know that the software is designed
to write the data to a log, so MAKE SURE
you know where those logs are so you can remove them
should the need arise.
Several of the more modern monitoring (and anti-monitoring)
software (such as Spector) are available HERE
and a rather comprehensive collection is at http://www.monitoring-software.net
A couple more sites where you can get trial versions
of these pieces of software:
Global Shareware
Downloads - ExploreAnywhere
Downloads
It would be worth your while to try them out and see
if there are any that the scanners miss.
ANTIVIRUS
SOFTWARE
I don't need to describe this section, though I can
say that I have extensively studied these things to
learn their innards.
(I had about 5000 of the dang things on a zipdisk
somewhere from a while back)
Some of you may remember my SYMBIOTE which was based on virus code to allow
programmers to add title pages and integrity checks
to their programs easily.
It was designed to allow attachment of your own code
to an MS-DOS .COM or .EXE file
No it isn't a virus, because once it is launched at
a file, it combines itself but cannot replicate.
The funny thing is that because it does attach itself,
virus scanners mistaken it for one :)
McAfee seems to
be more of a memory hog than Norton
Antivirus (trialware available)
Just be sure that if you use the Norton's Protected
Recycle Bin with the corporate version
that you remember to empty that after you empty the
regular recycle bin files.
It is a recycle bin for your recycle bin, so deleting
things doesn't mean they go away.
I tend to turn that feature off - it is there for
people who need backups of their work.
I have come to really appreciate the capabilities
of F-PROT and
some associates of mine
swear by AVP/KasperSky which also has 'anti-hacker' software.
You can also run a full online
virus scan of your machine from Trend
Micro if Java is enabled in your browser
MAKING
SAFE ANONYMOUS PAYMENTS BY MAIL
IDEAS SPAWNED BY LATE NITE RANTING
Okay so I am having a little fun late at night, and
wasting time on the web...
And many of you already have thought of this one...
But ANYWAY... this will work :)
1) Pay cash for a money order at a supermarket (best
if you aren't a regular and there is a crowd)
This is smart to do in a different town, money orders
tend to show their purchase location.
You don't have to sign a money order in front of the
clerk, especially if you are in a hurry
(and cash can be too easily stolen from envelopes
en route anyway)
When filling in the blanks, try using your other hand
- Don't worry about bad handrwriting,
that is something that many people have anyway, and
usually looks nothing like your own.
Money orders are like checks, only the recipient can
cash them
and they are already paid for, so people are not going
to turn them down
2) Type your letter, don't provide a return address
If you are really paranoid you should seal it with
water dabbed on a tissue or
sponge rather than saliva that can be DNA tested ;)
3) Mail your letter using the 'Blue Box' public mail
drop locations
This one is also best if you go to a different town
since the postmark will show where it came from.
4) If you had to include contact info, there are many
free email locations on the net
Other methods aren't quite so easy though I can't
very well impress upon you how hard it is to have
mail sent
to a home with no tenants and not get noticed at some
point :)
(Hey, people do it! -- and no I am not one of them
- this could get you into trouble so I would avoid
doing it)
Ever wondered how people make anonymous donations?
Besides, some online services even allow check or
money order purchases.
Well, there u have it!
( It is also legal. )
Have Fun!
Note - If you have any anonymity tips that I might
find interesting, drop me a line,
I might even add them to the site.
HOW
( AND WHY ) I DO THINGS TO PROTECT MYSELF
(The Paranoia Principle?)
There have been many questions about my site directly
from people I meet on IRC regarding what I feel safe
with.
This section is a summary of this site, as well as
some of my way of thinking.
First of all, I will not give you any information
I wouldn't use - and will attempt to warn you about
issues that may exist
should they come up - in any event (like the JAP proxy
issue on this page for example ) that would not protect
you.
That out of the way...
Many admins between you and some server on the net
(specifically ones where you work or go to school)
have running sniffers
watching data go by, and law enforcement and government
people do the same. Personal privacy with any information
that you wish to send or receive is important to everyone,
and snooping you in some cases is even legal even
though it shouldn't be.
I have seen it and we know examples because of things
that go across the news every day.
I don't go on IRC without going through a proxy --
as myself.
If I cannot get to a proxy in a hurry, I login under
a different nickname
(sometimes a good idea anyway to see what is going
on when you aren't there).
Much of the time I set a basic remote proxy in my
IRC client, and go through a BNC proxy or two as well.
Just getting on IRC tends to mean people try to connect
to my machine or network via my exposed IP, which
is a real problem.
Many of them are trying to hack for information or
to be able to use programs on my machine. Many surf
IP's for free software.
Many just try to find out more about who I am.
(I know or have met people who have done all of the
above)
Firewall software is a MUST here. Keep people out
of your machine and you are much better off.
The last thing you want is a snooper placing a trojan
on your system either directly or via email.
Virus scanners are the brothers of the firewalls and
you really shouldn't get on the net without either
one.
For any network access, I tend to try to find a place
to connect to the net where it is public and people
cannot watch my screen.
GOOD Encryption Is Best Served Anonymously.
No matter what I want to do on the net, if encryption
is possible, I take it.
People can't snoop you if your message is unreadable.
If they can't even figure out where the message or
connection comes from that's even better.
Sometimes you can have one or the other and not both
when it comes to a specific thing you wish to do.
Basically: you have to think about what is the important
issue for each different thing you wish to try:
Is it safe enough to connect and be seen as the person
connecting... if they can't read my message...
OR is it safe enough to send a clear
text message... if they can't figure out who sent
it or where it came from?
If you do have to do something anonymously... BY ALL
MEANS test the results if at all possible before you
rely on something.
Read the documentation on the resources available
to you - things DO change.
Some resources don't log you at all, some do but refuse
to give anything away to protect your safety.
Some places only protect you if you are not doing
specific activities through their service.
Many resources have a good amount of information regarding
how they protect you and your right to privacy.
You just have to read the documentation which is usually
available with the resource or on a website.
For web browsing, I tend to set a remote proxy in
my browser, and then go to a secure place like proxify.com.
Also - vary which emailer, web anonymizer, news
service, etc... you use.
If people around you notice that you use a certain
service, it isn't all that anonymous anymore is it
:)
So just change services regularly so there is no way
for someone to single you out.
I do try to make anonymous payments when it comes
to an online service that accepts money orders (when
available).
Sometimes it is very necessary to prove I am who I
say I am (say when purchasing something online) but
the need
for encryption is majorly important. All of us are
concerned about credit card purchases online so no
example is needed.
Note: when you have to make a credit card payment
-- DO NOT USE A PROXY!
It is best to do that direct and encrypted, because
anonymity does not mean a hill of beans in this case.
Why? because a credit card has your name on it anyway,
and a proxy is a relay to another location.
Someone at a proxy location can see your information
- best to make an anon payment by mail or just go
direct.
I use secure FTP and SSH for any transactions or file
uploads so some sniffer can't read my passworded accounts.
when FTP is not available, it is often possible to
use SZ and RZ (old zmodem protocol)
to upload or download through an SSH connection. It
may be old but it is nice when the other is not available.
Major need to securely delete data on your machine
for your personal safety:
I also use Tracks Eraser with plug-ins based on the
software I use that leaves 'recently opened items'
traces that you see when you open a program. Data
recovery software will scare you when you see
how much can be recovered from your hard drive that
you had no idea was still there long after deletion.
I know of one specific case where someone went through
all kinds of legal problems because someone sent
that person some unnacceptable material via email
and had been deleted. That person had a hard drive
crash,
had to have it taken to a data recovery service, and
was turned in by someone at that service.
That person had not done anything wrong but it took
years to clear up and much bad press was out there.
Keep your machine clean and that will not likely happen
to you.
Remember that even the best of friends will be incapable
of keeping your privacy if they are put in a bad enough
bind.
I know that sounds terrible with the 'trust no one'
philosophy, but it is a rare bird who will take the
fall for someone else.
To keep friendships from being broken, and people
from losing jobs or being kicked out of a college,
etc... it is
just best to do whatever it is you feel you need to
protect privately -- the least number of other people
involved the better.
The number one fatal fault of a gifted hacker/cracker/virus-writer/political-minded/etc...
is the need to brag.
That has gotten many to lose their jobs or even imprisoned.
Like I mentioned, most of the time it is just the
need to keep people from snooping in your business,
but one can really learn a lot from those who have
had public falls after being on top of the world.
-=-
[ Quick Privacy Switchboard
] [ IP Spoofing ] [ Encryption
Notes and Chat ] [ SSH Connections
] [ Instant Messengers ]
[ Mail2News and Mail Relays
] [ Proxy Tools ] [ IRC
] [ Firewalling ] [ Intrusion
Detection ] [ Getting Online
Privately ]
[ Router Tricks ] [
Useful Tools ] [ Data
Recovery ] [ Cleaning Tracks
Off Your System ][ Spyware
] [ Antivirus ]
[ Making Safe Anonymous Payments
By Mail?!? ] [ How (And Why)
I Do Things To Protect Myself ]
[ Send Me A Message ] [ What's
New ]
[ Back to top of page ]
-=-
I am always open to suggestions and additions,
and my email address is listed in the PGP public keyfile
above if you need it.
|
