DOCSLIB.ORG

Through the Web, Darkly Through the Web, Darkly

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Through the Web, Darkly Through the Web, Darkly Through the Web, Darkly Through the Web, Darkly © Copyright 2020 William von Hagen. All Rights Reserved. All opinions expressed in this document are the opinions of the author, except where explicitly attributed to someone else. They are just that - opinions. Free thought and speech are still legal, aren't they? Released on Amazon and as donation-ware. If you didn't get this on Amazon and liked any part(s) of this document or found it to be useful, please make a small donation via PayPal to <[email protected]> or in Bitcoin to 35DnXM3Fg9zvirbraGmUGecLy7EPZiBWsT. Thanks! Comments welcome. Updates will be ongoing. Any errors are accidental. Please report them to [email protected] [mailto:[email protected]] to ensure that this document is corrected. Heads up! The cover illustration is a public domain photograph of the skull of St. Wenceslaus [https://commons.wikimedia.org/wiki/ File:St_Wenceslas_skull.jpg]. Merry Xmas, reader! ISBN-13: 978-0-578-56194-3 Version 20200526-002 This legend may not be removed from this document by any party. That would be just plain wrong. Through the Web, Darkly Table of Contents Table of Contents About this book .............................................................................................................. xi 1. Overview ...................................................................................................................... 1 1.1. Cast of hackers ................................................................................................... 2 1.2. Differentiating between privacy and anonymity ......................................................... 4 1.3. Ways of exploring ............................................................................................... 4 1.4. Non-reader's checklists ......................................................................................... 5 1.5. More reasons to worry abut privacy and anonymity ................................................... 6 2. Selecting hardware and an operating system ....................................................................... 7 2.1. Selecting your hardware ....................................................................................... 8 2.2. What OS to use when exploring ............................................................................. 8 2.2.1. How Linux is distributed ............................................................................ 9 2.2.2. To VM or not to VM? ............................................................................... 9 2.3. Putting together a secure system ........................................................................... 10 2.3.1. Dat Mofo' Linux ..................................................................................... 11 2.3.2. Just Browsing, honest! ............................................................................. 12 2.3.3. Kodachi! Gesundheit! ............................................................................... 13 2.3.4. Parrot Linux - Argv, matey! ...................................................................... 14 2.3.5. Qubes OS .............................................................................................. 16 2.3.6. TAILS, I win .......................................................................................... 17 2.3.7. Whonix do you love? ............................................................................... 18 2.4. Recommendation: Which Linux? .......................................................................... 20 3. Installing Linux on a USB stick ...................................................................................... 21 3.1. Partitioning and formatting USB storage ................................................................ 21 3.2. Formatting the partitions on your USB storage ........................................................ 24 3.3. Writing a Linux distribution to USB storage ........................................................... 25 3.4. Now I have a bootable secure OS - Why read more? ................................................ 29 4. How Free Can You Go - Hardware/Pre-OS Security ........................................................... 31 4.1. The Hardware to Software Hand-Off: The Boot Process and GNU .............................. 31 4.1.1. How Modern Booting Works ..................................................................... 33 4.1.2. Boot Process and Other Low-Level Snooping ............................................... 34 4.1.2.1. The Intel Mis-Management Engine (IME) ......................................... 34 4.1.2.2. Itel vPro ...................................................................................... 34 4.1.2.3. AMD In-Secure Technology (AST) .................................................. 36 4.1.3. Finding Freedom with CoreBoot and LibreBoot ............................................ 36 4.1.4. Other Low-Level Scheiss .......................................................................... 36 5. Making a Windows 10 system secure .............................................................................. 37 5.1. Overview of securing a Windows 10 system ........................................................... 37 5.2. Things to think about for a clean install ................................................................. 38 5.2.1. Which version of Windows to start with? .................................................... 38 5.2.2. Storage encryption is job one .................................................................... 39 5.2.2.1. Using Microsoft's Device Encyption ................................................. 39 5.2.2.2. Using Microsoft's BitLocker disk encryption ...................................... 39 5.2.2.3. Using third-party disk encryption ..................................................... 40 5.2.3. Installation requirements ........................................................................... 42 5.2.3.1. Creating a new account .................................................................. 43 5.2.3.2. An island is better than a peninsula .................................................. 43 5.3. Locking down a Windows 10 system .................................................................... 44 5.3.1. Creating a save point ............................................................................... 44 5.3.2. Creating a new user for "experimentation" ................................................... 47 5.3.3. Stopping personal data donation ................................................................. 49 5.3.3.1. Disabling general eavesdropping and data collection ............................ 50 © 2019, William von Hagen iii Table of Contents Through the Web, Darkly 5.3.3.2. Eliminating data collection details .................................................... 52 5.3.3.3. Customizing application and personal security .................................... 56 5.3.4. Locking down and expediting Windows Updates ........................................... 64 5.4. Selecting and running anti-virus software ............................................................... 64 5.5. Selecting a browser and maximizing browser security ............................................... 65 5.5.1. Chrome .................................................................................................. 65 5.5.2. Edge ..................................................................................................... 65 5.5.3. Firefox .................................................................................................. 65 5.5.4. Exensions for any browser ........................................................................ 65 5.6. Random security and usability optimizations ........................................................... 65 6. Dress for success, er, privacy ......................................................................................... 67 6.1. Protecting your data and the box it comes in ........................................................... 67 6.1.1. Physical protection: Faraday cages and you .................................................. 67 6.1.2. Counter-Surveillance Devices .................................................................... 68 6.1.2.1. Counter-Surveillance Hardware Devices ............................................ 68 6.1.2.2. Counter-Surveillance Software ........................................................ 68 6.1.3. Data protection: passwords and encryption ................................................... 68 6.1.3.1. Passwords and the boot sequence ..................................................... 69 6.1.3.2. Setting a Win/Lintel BIOS or UEFI password .................................... 69 6.1.4. Encryption is still job one ......................................................................... 71 6.2. Wiping your electronics quickly ........................................................................... 71 7. My kingdom, or 0.005 bitcoin, for a VPN ........................................................................ 73 7.1. Why a VPN? .................................................................................................... 73 7.2. What is 5 EYES and why do they suck? ................................................................ 74 7.3. How does the Patriot Act bite you in the ass? ......................................................... 75 7.4. Censorship is to knowledge as lynching is to justice ................................................
Load more

Recommended publications
  • Operating System Boot from Fully Encrypted Device
    Masaryk University Faculty of Informatics Operating system boot from fully encrypted device Bachelor’s Thesis Daniel Chromik Brno, Fall 2016 Replace this page with a copy of the official signed thesis assignment and the copy of the Statement of an Author. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Daniel Chromik Advisor: ing. Milan Brož i Acknowledgement I would like to thank my advisor, Ing. Milan Brož, for his guidance and his patience of a saint. Another round of thanks I would like to send towards my family and friends for their support. ii Abstract The goal of this work is description of existing solutions for boot- ing Linux and Windows from fully encrypted devices with Secure Boot. Before that, though, early boot process and bootloaders are de- scribed. A simple Linux distribution is then set up to boot from a fully encrypted device. And lastly, existing Windows encryption solutions are described. iii Keywords boot process, Linux, Windows, disk encryption, GRUB 2, LUKS iv Contents 1 Introduction ............................1 1.1 Thesis goals ..........................1 1.2 Thesis structure ........................2 2 Boot Process Description ....................3 2.1 Early Boot Process ......................3 2.2 Firmware interfaces ......................4 2.2.1 BIOS – Basic Input/Output System . .4 2.2.2 UEFI – Unified Extended Firmware Interface .5 2.3 Partitioning tables ......................5 2.3.1 MBR – Master Boot Record .
    [Show full text]
  • Effective Crypto Ransomawre Detection Using Hardware
    Effective Crypto Ransomawre Detection Using Hardware Performance Counters John Podolanko Department of Computer Science & Engineering The University of Texas at Arlington Supervisor Jiang Ming, PhD In partial fulfillment of the requirements for the degree of Master of Science in Computer Science May 2019 Abstract Systems affected by malware in the past 10 years has risen from 29 million to 780 million, which tells us it is a rapidly growing threat. Viruses, ransomware, worms, backdoors, botnets, etc. all come un- der malware. Ransomware alone is predicted to cost $11.5 billion in 2019. As the downtime, data loss, and financial damages are ris- ing, researchers continue to look for new ways to mitigate this threat. However, the common approaches have shown to yield high false posi- tive rates or delayed detection rates resulting in data loss. My research explores a dynamic approach for early-stage ransomware detection by modeling its behavior using hardware performance counters with low overhead. The analysis begins on a bare-metal machine running ran- somware which is profiled for hardware calls using Intel R VTuneTM Amplifier before it compromises the system. By using this approach, I am able to generate models using hardware performance counters extracted by VTuneTM on known ransomware samples collected from VirusTotal and Hybrid Analysis, and I use that data to train the de- tection system using machine learning techniques. I have shown that hardware performance counters can provide effective metrics for use in detecting and mitigating the ever-growing ransomware threat faced by the world while ensuring no data is lost. ii Acknowledgements The author thanks the supervisory committee for all their guidance, support, and patience.
    [Show full text]
  • Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses
    Poster: Introducing MassBrowser: A Censorship Circumvention System Run by the Masses Milad Nasr∗, Anonymous∗, and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] ∗Equal contribution Abstract—We will present a new censorship circumvention sys- side the censorship regions, which relay the Internet traffic tem, currently being developed in our group. The new system of the censored users. This includes systems like Tor, VPNs, is called MassBrowser, and combines several techniques from Psiphon, etc. Unfortunately, such circumvention systems are state-of-the-art censorship studies to design a hard-to-block, easily blocked by the censors by enumerating their limited practical censorship circumvention system. MassBrowser is a set of proxy server IP addresses [14]. (2) Costly to operate: one-hop proxy system where the proxies are volunteer Internet To resist proxy blocking by the censors, recent circumven- users in the free world. The power of MassBrowser comes from tion systems have started to deploy the proxies on shared-IP the large number of volunteer proxies who frequently change platforms such as CDNs, App Engines, and Cloud Storage, their IP addresses as the volunteer users move to different a technique broadly referred to as domain fronting [3]. networks. To get a large number of volunteer proxies, we This mechanism, however, is prohibitively expensive [11] provide the volunteers the control over how their computers to operate for large scales of users. (3) Poor QoS: Proxy- are used by the censored users. Particularly, the volunteer based circumvention systems like Tor and it’s variants suffer users can decide what websites they will proxy for censored from low quality of service (e.g., high latencies and low users, and how much bandwidth they will allocate.
    [Show full text]
  • PV204: Disk Encryption Lab
    PV204: Disk encryption lab May 12, 2016, Milan Broz <[email protected]> Introduction Encryption can provide confidentiality and authenticity of user data. It can be implemented on several different layes, including application, file system or storage device. Application encryption examples are PGP or ZIP compression with password. Encryption of files (inside filesystem or through independent layer like Linux eCryptfs) provides more generic solution. Yet some parts (like filesystem metadata) are still unencrypted. However this solution provides encrypted data with private key per user. (Every user can have own directory encrypted by own key.) Encryption of the low-level storage (disk) is called Full Disk Encryption (FDE). It is completely transparent to the user (no need to choose what to encrypt – the whole disk is encrypted). The encrypted disk behaves as the same as a disk without encryption. The major disadvantage is that everyone who knows the password can read the whole disk. Often we combine FDE with another encryption layer. The primary use of FDE is to provide data confidentiality in power-down mode (stolen laptop does not leak user data). Once the disk is unlocked, the main encryption key remains in system, usually directly in system RAM. Exercise II will show how easy is to get this key from memory image of system. Another disadvantage of FDE is that it usually cannot guarantee integrity of data. Encryption is fully transparent and length-preserving, the ciphertext and plaintext device are of the same size. There is no space to store any integrity information. This allows attacks by direct modification of ciphertext.
    [Show full text]
  • Webrtc IP Address Leaks Nasser Mohammed Al-Fannah Information Security Group Royal Holloway, University of London Email: [email protected]
    1 One Leak Will Sink A Ship: WebRTC IP Address Leaks Nasser Mohammed Al-Fannah Information Security Group Royal Holloway, University of London Email: [email protected] Abstract—The introduction of the WebRTC API to modern browsers and mobile applications with Real-Time Commu- browsers has brought about a new threat to user privacy. nications (RTC) capabilities1. Apparently, identifying one or WebRTC is a set of communications protocols and APIs that provides browsers and mobile applications with Real-Time Com- more of the client IP addresses via a feature of WebRTC was 2 munications (RTC) capabilities over peer-to-peer connections. first reported and demonstrated by Roesler in 2015. In this The WebRTC API causes a range of client IP addresses to paper we refer to the WebRTC-based disclosure of a client IP become available to a visited website via JavaScript, even if a address to a visited website when using a VPN as a WebRTC VPN is in use. This is informally known as a WebRTC Leak, Leak. and is a potentially serious problem for users using VPN services The method due to Roesler can be used to reveal a for anonymity. The IP addresses that could leak include the client public IPv6 address and the private (or local) IP address. number of client IP addresses via JavaScript code executed The disclosure of such IP addresses, despite the use of a VPN on a WebRTC-supporting browser. Private (or internal) IP connection, could reveal the identity of the client as well as address(es) (i.e. addresses only valid in a local subnetwork) enable client tracking across websites.
    [Show full text]
  • An Investigation Into the Security and Privacy of Ios VPN Applications
    An Investigation Into the Security and Privacy of iOS VPN Applications Jack Wilson Division of Cybersecurity School of Design and Informatics Abertay University, Dundee A thesis submitted for the degree of Bachelor of Science with Honours in Ethical Hacking 1st May 2018 Word Count: 11,448 Abstract Due to the increasing number of recommendations for people to use VPN’s for privacy reasons, more app developers are creating VPN apps and publishing them on the Apple App Store and Google Play Store. In this ‘gold rush’, apps are being developed quickly and, in turn, not being developed with security fully in mind. This paper investigated a selection of free VPN applications available on the Apple App Store (for iOS devices) and test the apps for security and privacy. This includes testing for any traffic being transmitted over plain HTTP, DNS leakage and transmission of personally-identifiable information (such as phone number, IMEI 1, email address, MAC address) and evaluating the security of the tunnelling protocol used by the VPN. The testing methodology involved installing free VPN apps on a test device (an iPhone 6 running iOS 11), simulating network traffic for a pre-defined period of time and capturing the traffic (either through ARP spoofing, or through a proxy program such as Burpsuite). This allows for all traffic to be analysed to check for anything being sent without encryption. Other issues that often cause de-anonymisation with VPN applications such as DNS leakage can be tested using websites such as dnsleaktest.com. The research found several common security issues with the VPN applications that were tested, with a large majority of the applications tested failing to implement HTTPS.
    [Show full text]
  • Lightweight Distros on Test
    GROUP TEST LIGHTWEIGHT DISTROS LIGHTWEIGHT DISTROS GROUP TEST Mayank Sharma is on the lookout for distros tailor made to infuse life into his ageing computers. On Test Lightweight distros here has always been a some text editing, and watch some Linux Lite demand for lightweight videos. These users don’t need URL www.linuxliteos.com Talternatives both for the latest multi-core machines VERSION 2.0 individual apps and for complete loaded with several gigabytes of DESKTOP Xfce distributions. But the recent advent RAM or even a dedicated graphics Does the second version of the distro of feature-rich resource-hungry card. However, chances are their does enough to justify its title? software has reinvigorated efforts hardware isn’t supported by the to put those old, otherwise obsolete latest kernel, which keeps dropping WattOS machines to good use. support for older hardware that is URL www.planetwatt.com For a long time the primary no longer in vogue, such as dial-up VERSION R8 migrators to Linux were people modems. Back in 2012, support DESKTOP LXDE, Mate, Openbox who had fallen prey to the easily for the i386 chip was dropped from Has switching the base distro from exploitable nature of proprietary the kernel and some distros, like Ubuntu to Debian made any difference? operating systems. Of late though CentOS, have gone one step ahead we’re getting a whole new set of and dropped support for the 32-bit SparkyLinux users who come along with their architecture entirely. healthy and functional computers URL www.sparkylinux.org that just can’t power the newer VERSION 3.5 New life DESKTOP LXDE, Mate, Xfce and others release of Windows.
    [Show full text]
  • Mcafee Foundstone Fsl Update
    2016-AUG-18 FSL version 7.5.841 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 20369 - Splunk Enterprise Multiple Vulnerabilities (SP-CAAAPQM) Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-2013-0211, CVE-2015-2304, CVE-2016-1541, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE- 2016-2109, CVE-2016-2176 Description Multiple vulnerabilities are present in some versions of Splunk Enterprise. Observation Splunk Enterprise is an operational intelligence solution Multiple vulnerabilities are present in some versions of Splunk Enterprise. The flaws lie in multiple components. Successful exploitation by a remote attacker could lead to the information disclosure of sensitive information, cause denial of service or execute arbitrary code. 20428 - (HT206899) Apple iCloud Multiple Vulnerabilities Prior To 5.2.1 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-1684, CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4607, CVE- 2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619 Description Multiple vulnerabilities are present in some versions of Apple iCloud. Observation Apple iCloud is a manager for the Apple's could based storage service. Multiple vulnerabilities are present in some versions of Apple iCloud. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive data, cause a denial of service condition or have other unspecified impact on the target system.
    [Show full text]
  • De-Anonymizing Live Cds Through Physical Memory Analysis
    De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case [email protected] Digital Forensics Solutions Abstract Traditional digital forensics encompasses the examination of data from an offline or “dead” source such as a disk image. Since the filesystem is intact on these images, a number of forensics techniques are available for analysis such as file and metadata examination, timelining, deleted file recovery, indexing, and searching. Live CDs present a serious problem for this investigative model, however, since the OS and applications execute in a RAM-only environment and do not save data on non-volatile storage devices such as the local disk. In order to solve this problem, we present a number of techniques that support complete recovery of a live CD’s in-memory filesystem and partial recovery of its deleted contents. We also present memory analysis of the popular Tor application, since it is used by a number of live CDs in an attempt to keep network communications encrypted and anonymous. 1 Introduction Traditional digital forensics encompasses the examination of data from an offline or “dead” source such as a disk image. Under normal circumstances, evidence is obtained by first creating an exact, bit-for-bit copy of the target disk, followed by hashing of both the target disk and the new copy. If these hashes match then it is known that an exact copy has been made, and the hash is recorded to later prove that evidence was not modified during the investigation. Besides satisfying legal requirements, obtaining a bit-for-bit copy of data provides investigators with a wealth of information to examine and makes available a number of forensics techniques.
    [Show full text]
  • Youwipe Assurance Test Report by KÜRT .Pdf
    HDD DATA ERASURE ASSURANCE REPORT TR/yw/20-10-22 KÜRT had been asked to process a detailed analysis of YouWipe edition v4.1.93.2010221419-945f40cc data erasure tool capabilities on hard disk drives with data recovery tools. 1. ASSIGNMENT In response to YouWipe engagement KÜRT Data Recovery Lab have performed the test of the erasure capabilities of YouWipe tool on the following HDD devices: 1. Model : Seagate Barracuda ST1000DM003 Serial number: Z1D6GVFS 2. Model: Western Digital WD20EZRX-00D8PB0 Serial number: WCC4M5LSR3A0 2. ACTIVITIES KÜRT test was performed in accordance with data recovery current technological standards and included the procedures considered necessary in the circumstances to obtain a reasonable basis for rendering the last opinion. 3. TEST LEVELS Examination can include different Test Levels in the context of a desired defense against a certain Risk Level (ADISA) or Effort Level (NIST). 1. Test Level 1: NIST Clear, ADISA Risk level 1 (Low) 2. Test Level 2: NIST Purge, ADISA Risk Level 2 (Medium) KÜRT Data Recovery performed the tests on Test Level 1 and Test Level 2. 4. EXAMINATION PROCESS The examination was performed during the period 5 - 21. October 2020 and included the following steps: 1. A special - KÜRT specific - data pattern was written on the HDD’s, filling the full available capacity of the HDD’s. 2. Using YouWipe v4.1.93 software with “EXT HMG Infosec High” HDD Erasure Method, the HDD’s were wiped following the instructions given with YouWipe software. 3. The HDD’s were analyzed on low level (sector by sector) with several KÜRT Data Recovery software tools.
    [Show full text]
  • Antix Xfce Recommended Specs
    Antix Xfce Recommended Specs Upbeat Leigh still disburden: twill and worthful Todd idolatrizes quite deuced but immobilizing her rabato attitudinizedcogently. Which her Kingstonfranc so centennially plasticizes so that pratingly Odin flashes that Oscar very assimilatesanticlockwise. her Algonquin? Denatured Pascale Menu is placed at the bottom of paperwork left panel and is difficult to browse. But i use out penetration testing machines as a lightweight linux distributions with the initial icons. Hence, and go with soft lower score in warmth of aesthetics. Linux on dedoimedo had the installation of useful alternative antix xfce recommended specs as this? Any recommendations from different pinboard question: the unique focus styles in antix xfce recommended specs of. Not recommended for! Colorful background round landscape scenes do we exist will this lightweight Linux distro. Dvd or gui, and specs as both are retired so, and a minimal resources? Please confirm your research because of recommended to name the xfce desktop file explorer will change the far right click to everything you could give you enjoy your linux live lite can see our antix xfce recommended specs and. It being uploaded file would not recommended to open multiple windows right people won, antix xfce recommended specs and specs and interested in! Based on the Debian stable, MX Linux has topped the distrowatch. Dedoimedo a usb. If you can be installed on this i have downloaded iso image, antix xfce recommended specs and specs as long way more adding ppas to setup further, it ever since. The xfce as a plain, antix can get some other than the inclusion, and specs to try the.
    [Show full text]
  • Coreboot - the Free firmware
    coreboot - the free firmware Linux Club of Peking University April 9th, 2016 . Linux Club of Peking University coreboot - the free firmware April 9th, 2016 1 / 30 1 History 2 Why use coreboot 3 How coreboot works 4 Building and using coreboot 5 Flashing 6 Utilities and Debugging 7 Contribute to coreboot 8 Proprietary Components 9 References . Linux Club of Peking University coreboot - the free firmware April 9th, 2016 2 / 30 History: from LinuxBIOS to coreboot coreboot has a very long history, stretching back more than 15 years to when it was known as LinuxBIOS. While the project has gone through lots of changes over the years, many of the earliest developers still contribute today. Linux Club of Peking University coreboot - the free firmware April 9th, 2016 3 / 30 LinuxBIOS v1: 1999-2000 The coreboot project originally started as LinuxBIOS in 1999 at Los Alamos National Labs (LANL) by Ron Minnich. Ron needed to boot a cluster made up of many x86 mainboards without the hassles that are part of the PC BIOS. The goal was to do minimal hardware initilization in order to boot Linux as fast as possible. Linux already had the drivers and support to initialize the majority of devices. Ron and a number of other key contributors from LANL, Linux NetworkX, and other open source firmware projects successfully booted Linux from flash. From there they were able to discover other nodes in the cluster, load a full kernel and user space, and start the clustering software. Linux Club of Peking University coreboot - the free firmware April 9th, 2016 4 / 30 LinuxBIOS v2: 2000-2005 After the initial success of v1, the design was expanded to support more CPU architectures (x86, Alpha, PPC) and to support developers with increasingly diverse needs.
    [Show full text]