Jump to content
The CHANI Project Conspiracy Forum
wildcard

Cyber-security 101 Information thread

Recommended Posts

Hey anon, this is kinda old news. I can gain access to most PC's with just the microsoft admin acct. Microsoft, McAfee, Norten they have all been in bed with da gubymint for a long long time. remember that big lawsuit against microsoft a few years ago? Kinda went away with no real conclusion didn't it? hmm wonder why...

Pah!  Regular people are completely at these scumbags' mercy.  I remember uninstalling Picasa 2 or 3 years ago after I installed Kaspersky (which incidentally was the antivirus software which Christpher Story recommended).  I was directed to some website and Kaspersky flagged up a warning - this website wanted to suck all the passwords out of my 'puter!  I was appalled! Appalled, I say!

All these scumbags should be spanked and Bill Gates should be flayed.

Share this post


Link to post
Share on other sites

Hey anon, this is kinda old news. I can gain access to most PC's with just the microsoft admin acct. Microsoft, McAfee, Norten they have all been in bed with da gubymint for a long long time. remember that big lawsuit against microsoft a few years ago? Kinda went away with no real conclusion didn't it? hmm wonder why...

Pah!  Regular people are completely at these scumbags' mercy.  I remember uninstalling Picasa 2 or 3 years ago after I installed Kaspersky (which incidentally was the antivirus software which Christpher Story recommended).  I was directed to some website and Kaspersky flagged up a warning - this website wanted to suck all the passwords out of my 'puter!  I was appalled! Appalled, I say!

All these scumbags should be spanked and Bill Gates should be flayed.

ROFLMAO!! now tell us how you REALLY feel! 8)

Share this post


Link to post
Share on other sites

Ok, this should be a wake up call to some, infuriating to all, and something that should skeer the crap outta everyone (with 2 brain cells to rub together)

http://www.foxnews.com/politics/2013/04/11/irs-tells-agents-it-can-snoop-on-emails-without-warrant-internal-documents-show/?test=latestnews

A lawyer for the agency reiterated the policy in 2010. And the current online version of the IRS manual says that no warrant is required for emails that are stored by an Internet storage provider for more than 180 days.

rut-roh scooby -

The ECPA is the federal law that governs law enforcement access to emails, and draws on what some say is an outdated distinction between email stored on a server for 180 days or less and email that has been opened.

So what does this mean to you? EVERYTHING! A dept. within da gubymint (constitutional or not, legal or not) is opening admitting that they read your email and you have no expectation of privacy...without a warrant. Hell the LAW says anything older than 180 days (6mo) is fair game. If the IRS has manuals saying their agents can do It with emails that are less than 6 mos old, then the other alphabet soup crowd has similar manuals.

How to protect yourself:

Encryption, (AES 256) of your email and attachments BEFORE you hit the send button! Outlook has a built in encryption or you can use one of dozens of other 3rd party software. winzip or other zip utility has a good encryption feature. Remember go for the strongest AES 256! the NSA has stated they have broken 64 bit encryption and I have it on good authority (1 of my CISSP instructors) that they have broken or are about to break 128 bit.

You may be thinking: oh wildcard, I use https: and its all secure... Sorry not from a Govt. Agency, your ISP or a LEO, or a real hacker. Here's why (in laymens terms and in a nutshell) https uses ssl/tls

http://en.wikipedia.org/wiki/HTTP_Secure#Limitations

Hypertext Transfer Protocol Secure (HTTPS) is a widely used communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.

Limitations:

SSL comes in two options, simple and mutual.

The mutual version is more secure, but requires the user to install a personal certificate in their browser in order to authenticate themselves.

Whatever strategy is used (simple or mutual), the level of protection strongly depends on the correctness of the implementation of the web browser and the server software and the actual cryptographic algorithms supported.

SSL does not prevent the entire site from being indexed using a web crawler, and in some cases the URI of the encrypted resource can be inferred by knowing only the intercepted request/response size.[18] This allows an attacker to have access to the plaintext (the publicly available static content), and the encrypted text (the encrypted version of the static content), permitting a cryptographic attack.

Because SSL operates below HTTP and has no knowledge of higher-level protocols, SSL servers can only strictly present one certificate for a particular IP/port combination.[19] This means that, in most cases, it is not feasible to use name-based virtual hosting with HTTPS. A solution called Server Name Indication (SNI) exists, which sends the hostname to the server before encrypting the connection, although many older browsers do not support this extension. Support for SNI is available since Firefox 2, Opera 8, Safari 2.1, Google Chrome 6, and Internet Explorer 7 on Windows Vista.[20][21][22]

Aside from the above here is another little known fact, when you connect using https you have basically a encrypted tunnel however, when it gets to your ISP's gateway router it strips off this encapsulation so it can read the header info so your message (email, ftp etc.) is basically laid out in plain text for a second they re-encapsulated and sent it on, guess where we put the taps (ISP's)....IN THE GATEWAY ROUTER! So if your message is encrypted BEFORE you ever send it then when the router strips the encapsulation to get teh header then your message or file is still encrypted and (theoretically) safe.

LOTS and LOTS of people mistakenly believe that the gubymint has all these taps and on your data and phones. They do have them but, those are fore long term surveillance or high value targets. Normally what they do is submit a CALEA request to your ISP, the ISP changes a configuration in the router and everything a suspect sends is copied with one going to its regular destination and the other going to either a security group that passes it on or directly to whatever agency wants it depending on priority and sec level.

https helps protect you from man in the middle attacks so long as teh MITM isnt your friggin ISP!

Don;t get me started on google and gmail. ANON has already started a thread here:

http://thechaniproject.com/forum/index.php/topic,5805.0.html

there is some underlying truth in the VT article however, there is ALOT if dsinfo in it as well.

Share this post


Link to post
Share on other sites

Have I posted this yet?

http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/

.... Verizon Wireless aided federal agents in using it to track a suspect.

Court documents in a case involving accused identity thief Daniel David Rigmaiden describe how the wireless provider reached out remotely to reprogram an air card the suspect was using in order to make it communicate with the government’s surveillance tool so that he could be located.....

Share this post


Link to post
Share on other sites

Have I posted this yet?

http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/

.... Verizon Wireless aided federal agents in using it to track a suspect.

Court documents in a case involving accused identity thief Daniel David Rigmaiden describe how the wireless provider reached out remotely to reprogram an air card the suspect was using in order to make it communicate with the government’s surveillance tool so that he could be located.....

dunno if ya did, I read it yesterday on wired. All wireless carriers assist in this way, the tech da gubymint has is pretty damn skeery and I've seen some pretty impressive stuff of late. I've seen stingrays and kingfishers in action, its pretty cool so long as your not the subject of said use.

There are a few things in the article that are wrong. the biggest is that they do a voice call to the aircard...wrong, they ping it aircards cant recieve or make voice cards on their own. They operate on the data portion of the wireless carrier not the voice side. Aslo it doesnt "knock you off" of your connection. If it did the badguys would catch on pretty quick. Aircards like cell phones have a "carrier signal" that is constantly updating its location to the cell tower.

BTW this is the same portion of the signal that your txt messages are carried on hence the 160 char limit. A few years ago I took great pleasure in explaining this to people and then dropping the bomb about how your phone HAS to have this signal and teh wireless carriers just piggyback txt's on it. There is now overhead whatsoever, back when they charged for txt's it was pure profit since the equipment was already in place that could handle the txt you sent AND they already had a dedicated carrier signal to you phone for updating location and service info...used to really piss folks off (im demented like that I guess lol)

Share this post


Link to post
Share on other sites

FYI I just heard on Faux news that they are doing a story on sunday about the NSA's new data center in Utah. In the preview the NSA stated that the place has 5 zetabytes of storage capacity at this facility...thats like 2 Billion iphone 5's !! that if you stacked up on tope of each other they would reach past the moon...the FIGGIN MOON!!

http://en.wikipedia.org/wiki/Zettabyte

A zettabyte (symbol ZB, derived from the SI prefix zetta-) is a quantity of information or information storage capacity equal to 1021 bytes or 1,000 exabytes (or one sextillion (one long scale trilliard) bytes).[1][2][3][4][5]

As of April 2012, no storage system has achieved one zettabyte of information. The combined space of all computer hard drives in the world was estimated at approximately 160 exabytes in 2006.[6] This has increased rapidly however, as Seagate Technology reported selling 330 exabytes worth of hard drives during the 2011 Fiscal Year.[7] As of 2009, the entire World Wide Web was estimated to contain close to 500 exabytes.[8] This is a half zettabyte.

    1,000,000,000,000,000,000,000 bytes = 10007 bytes = 1021 bytes

Share this post


Link to post
Share on other sites

http://www.freep.com/article/20130427/FEATURES01/304270049/LivingSocial-hacked

LivingSocial hacked, 50 million customers impacted

Guess they think people are really stupid....err well guess people are. IF and thats a big IF they had the passwords encrypted as they say in the article then it would be no worry right? There may be a follow on story later stating that the hackers either got the main database password to decrypt the passwords or oops we had the passwords saved in clear txt in our database (fyi companies do this to save space which saves $$$)

friggin dumbarses!!

Everybody should use different passwords for each site. I know this can be very difficult to remember all the different passwords.

This is what we use at my work:

http://keepass.info/

It stores all your passwords locally with 256 bit encryption. It will even generate passwords of pretty much any length.

example, the passwords we use at work (23 different systems I log into) have a minimum password length of 12 characters. All my passwords are 15-20 characters in length. Upper/lower case, numbers, and special characters and you can't have the same characters within the last 5, passwords are reset every 30-90 days depending on the system. It uses a master password to log into the program, so someone cant just access your pc and have all your passwords. So the only password I actually remember (and know TBH) is my master password.

keypass safe can setup to remind you when to change your passwords, has a keyboard shortcut that links to individual programs and or websites. It is VERY secure. We use it for everything, work and personal.

Share this post


Link to post
Share on other sites

I strongly encourage everybody to watch this faux news report and pay very very close attention to what Judge Napalitano says and the way he says it.

There is a very ill wind blowing...

http://video.foxnews.com/v/2338264680001/surrender-your-digital-privacy-or-face-a-fine/?intcmp=HPBucket&playlist_id=929831913001

Share this post


Link to post
Share on other sites

Oh BOY! more friggin good news

http://www.foxnews.com/tech/2013/05/01/firefox-company-has-hijacked-brand/

LONDON –  The maker of one of the Internet's most popular browsers is taking on one of the world's best known purveyors of surveillance software.

The Mozilla Foundation — responsible for the Firefox browser — accuses Britain's Gamma International Ltd. of hijacking the Firefox brand to camouflage Gamma's electronic espionage products.

Researchers have found several samples of Gamma's FinFisher spy software disguised as a Firefox file, apparently in an effort to fool computer users into believing the virus is harmless.

Mozilla says in a statement that it has formally demanded Gamma end the practice, which it calls abusive.

Gamma, based in the English town of Andover, has recently found itself in the spotlight over the surveillance software it markets to governments and law enforcement.

Gamma did not return emails seeking comment Wednesday.

Guess its time to start diggin thru your firefox files and search for this nasty little friggin program! Also I would advise that in the mean time everyone switch to either chrome or ...damnit...Intertard Exploder (sorry just couldn't say it!)  :-X

We are currently digging thru our firefox files in search of finfisher...ill report back when I know more...stay tuned

Share this post


Link to post
Share on other sites

Here is some further information from Firefox:

http://blog.mozilla.org/blog/2013/04/30/protecting-our-brand-from-a-global-spyware-provider/

It "appears" at this time that so long as you downloaded Firefox from Mozzilla.org you "should" be ok.

From the above blog:

Through the work of the Citizen Lab research team, we believe Gamma’s spyware tries to give users the false impression that, as a program installed on their computer or mobile device, it’s related to Mozilla and Firefox, and is thus trustworthy both technically and in its content. This is accomplished in two ways:

    When a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as “Firefox.exe” and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to “Firefox and Mozilla Developers.”

    For an expert user who examines the underlying code of the installed spyware, Gamma includes verbatim the assembly manifest from Firefox software.

Share this post


Link to post
Share on other sites

Thanks for the information wildcard, its very nice to have a view from the inside so to speak :)

Share this post


Link to post
Share on other sites

wildcard, thanks

Does that mean that if I run a scan and come out clean, I'm OK?

I use the free Avast software.

Nope, from what I understand it entirely hijacks firefox, It looks just like firefox.exe to your antivirus software. I'm waiting to hear back from some other security guys at mozilla about how to tell the difference with your version and also what C&C servers the spyware is communicating with. I will update when I know more.

Share this post


Link to post
Share on other sites

UPDATE:

I have been reading 2 reports here: (read the actual PDF files

https://citizenlab.org/2013/04/for-their-eyes-only-2/

and

https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/

So long as you dont live in malaysia, the middle east or Asia and dont open political documents about elections AND you got Firefox from mozilla.org you should be ok....atleast for now. The larger implications that this thing can be dropped on any one or any group. Antivirus software will either totally miss it or label it a generic trojan (8 did in a test these guys did).

The world we live in is changing faster than most can comprehend, I believe that in the first .pdf they have screenshots of what the firefox install looks like, there are only 2 subtle changes of note, the file size and the creation date.

Share this post


Link to post
Share on other sites

We have determined that the finfisher/finspy doesn't actually install a version of firefox. It disguises the setup files to look like firefox's setup files. It doesn't install a browser.

Share this post


Link to post
Share on other sites

So long as you dont live in malaysia, the middle east or Asia and dont open political documents about elections AND you got Firefox from mozilla.org you should be ok....atleast for now....

Here's why Malaysia has been targeted:

https://www.accessnow.org/page/s/keep-malaysia-online

Keep Malaysia Online

... In countries where the media is controlled by governments, the internet is often the most important source of information, and state authorities often have many incentives to filter, throttle, or block the internet.

That's what is happening in Malaysia right now. On Sunday, Malaysians will vote in their 13th election since independence. But since the election was announced last month, news sites have been taken offline by massive cyber attacks, and local internet service providers are selectively blocking access to key news and opposition sites that report what the mainstream media do not.

Share this post


Link to post
Share on other sites

Wildcard is there any way you could give us the actual file names to be wary of? My Firefox is from Mozilla but has been acting strange lately freezing more often and running slowly..I attributed to solar flares but maybe I am just being naive?  :-\

Thanks for all the updates this is interesting watching this whole fiasco play out..

Share this post


Link to post
Share on other sites

It is not firefox itself but a it hides by saying it is the firefox setup.exe file.

Have you updated your firefox to the latest version? USCIRT put out an alert today about firefox needing to be updated.

National Cyber Awareness System:

Mozilla Releases Multiple Updates

05/16/2013 08:46 AM EDT

Original release date: May 16, 2013

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities.

• Firefox 21.0

• Firefox ESR 17.0.6

• Thunderbird 17.0.6

• Thunderbird ESR 17.0.6

These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or operate with elevated privileges.

US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 21.0, Firefox ESR 17.0.6, Thunderbird 17.0.6, and Thunderbird ESR 17.0.6 and apply any necessary updates to help mitigate the risk.

Share this post


Link to post
Share on other sites

Firefox plug-in warns users of NSA surveillance...

Justin Blinder released a plugin for the Web browser Firefox this week, and he’s already seeing a positive response in the press if not just based off of the idea alone. His “The Dark Side of the Prism” browser extension alerts Web surfers of possible surveillance by starting up a different song from Pink Floyd’s 1973 classic “The Dark Side of the Moon” each time a questionable site is crossed.

14.jpg

PRIsm

Blinder told the Guardian that he built the program over the course of four hours with the hopes he could "create some sort of ambient notification that you are on a site that is being surveiled by the NSA."

http://rt.com/usa/prism-floyd-nsa-surveillance-723/

Share this post


Link to post
Share on other sites

What we need is a plug in that creates a mirror of nominal events to surround your online actions effectively creating 10 times more smoke around your true activities.

If they want to gather the information multiply it out for them to sort out.

For instance if I surf to Chani the plug in will create 30 web address hits simultaneously for the record and so on... another words the data collection becomes irrelevant because I am effectively appearing in multiple locations at the same time..

Hard to explain but simply if they want info give it to them and lots lots lots more flame the data

At the end of the day if a decent CME hits our identities will effectively cease to exist anyway... even if our record locator number still exists in the bowels of some memory bank.  ;)

Share this post


Link to post
Share on other sites

A cookie that has a million cookies within it.

And lots of multi-coloured 100s and 1000s on top of them...(couldn't resist it, Arc! :P )

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×