RSS

Category Archives: IT stuff

“Some things Man was never meant to know. For everything else, there’s Google.”

My Top200 RSS info sources for ethical activism and global research

bizarroworldThis post is for all divergent thinkers, critical thinkers, researchers, writers, ethical activists, ‘curious cats’ and pretty much anyone else interested in trying to find out what’s actually going on in this profitdriven Bizarro World we live in…I’m writing this as part of my “how-to” practical tutorial series and it focuses on the Top200 RSS information sources I’m actively using to keep up to date with the global agenda and with local developments in Roumania, Europe and the world. Please note that unless you’re a researcher, you most likely don’t need all of these sources for a “normal” periodical update, therefore feel free to select only the sources you like/require. The reason why I’m using so many sources is because for the last 5 months I’ve been working on/off on an independent (secondary) research project. Since “all the easy problems have already been solved”, I decided to try and compile a map and a report on: Highly Dangerous Global Trends & Risks to humanity. I self-started this personal project in 2014 and my goal was (and is) to:

  1. Analyse public data & media info which may be related to major threats to the well-being of people living on Earth, with a focus on Europe, particularly Roumania and Eastern Europe;
  2. Identify dangerous trends, sort and rank the main threats in the following categories: Environment, Human Society, Economy, Geo-politics and Technology;
  3. Attempt to produce accurate ethical insights which reflect the real truth, and not some profit-driven agenda (e.g. corporate/academic/governmental/private-driven agenda);
  4. Suggest viable ethical solutions using my existing and newly gained knowledge.

Therefore, in the last 5 months I read a fair amount of info from multiple sources (many of them didn’t actually make this list because of their too strong bias), and what you see below is my curated list of balanced-bias information sources. While my self-driven purpose is to find as much factual information as possible about what’s really going on, I’m well aware that the complexity is enormous and I can only cover a tiny percentage. However, based on my progress to date, I think I’m on the right track, so with a bit of luck I’m hoping to publish my first draft with my findings in the next couple of weeks.

Now to get to the “how-to” part, please note that all the web-links below are for an RSS news aggregator. (i.e. Firefox’s Live Bookmarks or Thunderbird or Liferea). For a comparison between the available RSS news aggregators please see this Wiki page. And if you’ve never used RSS feeds, then you may want to see this short tutorial for Thunderbird. (the principle is the same for all aggregators). So why am I using RSS? At first because RSS is the most efficient way to quickly go through 100s of articles per hour, and considering my goal and scope, time is of the essence. For those who are not familiar with news aggregators, please see the RSS benefits listed below (and for more info visit tutorialspoint):

  • Save time by not visiting each site individually.
  • Control the flow and quality of information you receive.
  • View and scan multiple content streams simultaneously.
  • Ensure your privacy by preventing the need to join each site’s e-mail newsletter.
  • Obtain fresh content automatically, 24 hours a day, 7 days a week.
  • Avoid missing information if you forget to check a certain site.
  • No ads (a well-configured hosts file helps. alt1; alt2).
  • All news sources in one place. For example:

Liferea_ovi So now without further ado, my Top200 RSS info sources for ethical activism and global research are:

==== RSS ROMANIA ====

(all in Roumanian, for English sources just scroll down)

Surse Principale

Mass Media Romania

Economia Romana

==== RSS EUROPE (All in English) ====

EU info sources

==== RSS WORLD ====

Earth and Environment

Essential Sources

Human Rights

Independent Info Sources

Economy and Business

Research Centres

Global Mass Media

Tech and Science

Health and Nutrition

Knowledge and Development

Prepping and Survival

Fun stuff

Jack-Sparrow-Quotes-1

Aye! arrr.. 😀

 
1 Comment

Posted by on April 2, 2015 in Academic, IT stuff, Personal, Romana

 

Tags: , , , , , , , , , , , , , , , , , , , ,

How to communicate securely & privately in today’s digitally surveilled world -and why do so?

Fear is the name of the game when it comes to global mass surveillance.”

This post is a follow up to the series of essays I wrote on the topic of Security and Privacy. In line with my previous posts on security and privacy, I am sharing all this knowledge in the name of human rights to help protect our privacy and to positively inspire others to stand up for similar ethical actions. Since this is a “how-to”, I have compiled the results of my research and expertise in a mindmap with an easy-to-read structure. The mindmap contains a considerable number of highly-secure apps (mostly Open Source & free) and tutorials on how an individual can secure their digital data and online communications by using true encryption (as opposed to snake-oil encryption used for marketing purposes or as Orwellian honey-traps).

This article is dedicated to Aaron Swartz, who in January 2013 (at age 26), died for what he believed in: A free and open digital society. The first sentence of his Open Access Manifesto reads: “Information is power.” It continues with: “But like all power, there are those who want to keep it for themselves.” (ref) – I highly recommend everyone to read his full Manifesto because I think that we all have so much to learn from the work of this extraordinary young man who never had the chance to finish his fight for our digital and intellectual freedom. However, since Aaron’s death two years ago, unfortunately for us things have only changed for the worse. While the Universal Declaration of Human Rights, Article 12, clearly states that: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence. Everyone has the right to the protection of the law against such interference. And the European Parliament’s report on the US NSA surveillance program clearly states that: “privacy is not a luxury right, but the foundation stone of a free and democratic society” (ref.) And Europe’s top civil liberties body has declared on Tuesday the 27th of January that online privacy is a human right, and challenged the British government’s plans to introduce more surveillance on communications technology. Despite all the mentioned formal reports and ethical legislation (plus a lot more!), the recent revelations about the extent to which a number of governments violate everyone’s right to privacy show that unethical governments and corporations will stop at nothing to fulfil their agendas (ref). Under EU data retention law, ISPs can now reveal all of our online and telephone communications, including our digital identity, to the authority upon request; and such data sharing includes the confidential data of investigative journalists too! For example, on Monday, 19 January 2015, it was reported that thousands of emails of journalists in international media organisations were collected by the British intelligence agency..but there was no formal reaction to such profound unethical actions (ref). Furthermore, following decades of mass spying due to various reasons (i.e. cold war, political conflicts etc), now we know that criminalizing people for using privacy tools has a deep chilling effect on everybody, and especially on human-rights defenders, journalists, and activists in particular. Nevertheless, despite this inhumane unethical trend, giving up your basic right to privacy due to fear or embarrassment, is unacceptable. Security and personal privacy are not a crime and should never be treated as such. (ref)

Surv500Considering the threat to individual privacy is strongly connected with the dangerous security threats we are experiencing today, we must also be aware of the increasing trend in cyber-warfare, and economic & industrial cyber-espionage which has devastating effects on all of us living in this digital reality. Cyber-threats (cyber-weapons) such as Stuxnet, Duqu, Flame, Gauss, Regin and countless other mal/ransomware & APTs, are not just a digital threat like a pesky computer virus, they are a real physical danger to our core infrastructure, to our personal identities and to our individual security and privacy. Therefore we must find an ethical way to combat such threats through policies, legislation and technology which enforce security against cyber-threats, but without taking away people’s privacy and liberties in the process. I don’t believe in counterbalancing security with privacy, and I’m willing to prove it anytime that this is a myth perpetrated by some to fulfil an unethical agenda! In today’s unethical world, indeed we can’t have privacy without having security, but we can definitely have security without violating people’s privacy and without taking away individual rights!

While some specific malware and APTs made by various (private and governmental) organisations may be used for cyber-warfare, illegal financial gains and other unethical purposes, the recently uncovered mass surveillance programs (i.e. NSA spying timeline, Snowden revelations, EFF list of sources) have more to do with creating a hostile environment for truth rather than sorting through the googolplex of data related to any genuine or manufactured threat under the brand of “national security”. The need for encryption is not coming from the desire to do no-good and hide from the law, on the contrary. The need for using encryption is coming from the strict necessity to protect the individual privacy given the fact that most democratic governments today (which were originally founded on ethical values), are now unethically monitoring (Et tu Hibernia? Et tu Roumania? Et tu Europa?…) all our digital data: telephone calls, emails, texts, SMS, VoIP conversations etc. What is happening in our free world today is the equivalent of the actions which took place during the eras of dictatorships and wars, only that today no war or dictatorship has been declared!

 

The necessity of encrypting everything with your own [strong] keys

encryption_keyA large number of unethical governments have transformed the fair Greek democracy into just a wishful-thinking philosophical concept without any connection to reality other than for propaganda used to justify attacks, conflicts and removal of human rights. As a result of such unethical actions, we now have mass-spying programs which go well beyond monitoring digital data. Such programs are capable of manipulating online polls to channel public opinion in a particular direction, impersonating and discrediting targets, spamming targets with SMS messages, tracking people by impersonating spammers, posting social media content, and with help from human agents can even create false flag operations! (Guardian ref, Intercept ref). As if monitoring all digital data and manipulating the digital info we consume is not bad enough, in the last few years, various corporations and spy agencies have started to use the very term “security” to defend profiteering and crush activism. On top of all this, governmental leaders of countries like USA and UK have openly condemned the use of encryption in Internet communications and demanded a backdoor into all encrypted applications. This literally nullifies ALL digital privacy and leaves the public open to a full scale implementation of  George Orwell’s 1984.

So what can we do!?

We can make use of secure apps implementing true encryption (as opposed to snake-oil encryption used for marketing purposes or as Orwellian honey-traps). We can also follow EFF’s Game Plan for Ending Global Mass Surveillance. Now since I have some professional expertise in this field, I compiled my relevant research into a comprehensive JAVA mindmap. If you click on the mindmap image below, it will open a PNG image at full scale in a new window. However, please note that the PNG image is the compact version of my research. If you wish to see the full & interactive JAVA version (and you have the latest version of JAVA installed on your machine), then click here.

Ovis Apps for Secure CommunicationsClick here for the PDF version (fully expanded)

But…Why?

In line with Voltaire who wisely stated “Judge a man by his questions rather than by his answers”, lets first start with the most essential question we all ask during our childhood (but which we actively suppress as we grow up): WHY? We must use our critical thinking ability to ask meaningful questions on a daily basis.If you’d like to find our how, please watch this 6min video on how to use Critical Thinking anytime anywhere with anything:

Now, in regards to security, here are a few examples of questions which come to my mind:

  • Why care about proper security when just “good enough” is literally considered to be enough to get a product to the paying customers?
  • Why care about digital security and privacy when there’s a gigantic amount of profit to be made from harvesting people’s wants and needs?
  • Why care about people’s privacy at all when analytics and big data are directly based on tracking people’s actions, behaviour and desires?
  • Why care about security and privacy when you think that “you don’t have anything to hide”?
  • Why care at all about privacy?

Since all these are perfectly valid questions (in my opinion), I will provide some suggested answers via the paragraphs below and via the TEDtalk video by the ethical investigative journalist Glenn Greenwald. In October 2014, Glenn Greenwald gave a terrifying TEDtalk on mass surveillance and privacy, and I took the liberty to quote the following from his speech, as an intro to his speech: The renowned socialist activist Rosa Luxemburg once said, “He who does not move does not notice his chains.” We can try and render the chains of mass surveillance invisible or undetectable, but the constraints that it imposes on us do not become any less potent.

I hope Glenn’s words caught your attention and provided you with a soft intro to what I’m about to share. I hope you understood that Privacy is paramount to a free and open society and that it doesn’t just matter as a theoretical concept, but it truly matters in every moment of our lives. And to quote Glenn Greenwald yet again, please remember that the people who say that privacy isn’t really important, [they are knowingly or unknowingly hypocrites because] they don’t actually believe it. And the way you know that they don’t actually believe it is that while they say with their words that privacy doesn’t matter, with their actions, they take all kinds of steps to safeguard their privacy. (for more details please watch Glenn’s video and read more in my post  How to surf (relatively) anonymous in today’s digital world?)

Now back to our individual micro-cosmos. You may think and believe that your computer can’t harm you, unless you fiddle with the power supply or its internal wiring – and you’d be generally correct from this physical perspective. However, if you think that the computers (including devices like your phone, laptop, desktop, mac..) which capture and store your personal data with or without your permission and knowledge, can’t harm you in real life, then you’re absolutely wrong and that would be completely understandable. If you’re not a geek like me to spend most of your time absorbing new information,  I’m almost certain that you haven’t noticed that we’re at the beginning of a war fought at digital level. This cyberwar is still in its infancy and we could very well stop it, but unfortunately for us (“the 90%” majority of the planet’s population who are not mil/billionaires, bankers, politicians or military), we are not on track to stop it, quite the contrary. And the reason for that may be because of the ignorance of the majority of the population towards essential issues regarding our interconnectivity. But since this mass ignorance (or controlled mass mobilisation in the wrong direction), has its roots in a very well operated system which keeps us very busy working for it to make profit for its owners, no wonder we can’t see the direction we’re heading to! How could we see the truth when we’re kept in cyclic financial collapses, in austerity campaigns, we are continuously fed digital entertainment and distractions so most people are either too confused or too tired to search for the truth deep enough. ON the other hand, if you’re a journalist or an active citizen looking for the truth because its your job, don’t be surprised if you’re placed in the “threat” category…The man who gave us “The Century of the Self” documentary – Adam Curtis – is currently working on a new documentary which will help us lift the veil on a terrifying global agenda with chilling goals and I can’t wait to see it in a few months time! For more details on the subject, perform a private search and also feel free to read my post on ethical education and my “Imagination is more important than Knowledge” essays.

 

The impact of physical – digital interconnectivity

The regular ethical and honest citizens of this planet may think that they have no reason to worry about the data bits normally found in the world of Tron, because those computer bits are not in our world and therefore have nil (0) impact in the human bio-physical reality. As I disagree, let me remind you that the mechanics of our industry, agriculture, economy and way of life, are directly dependent on the functions performed by computers, and we willingly gave computers the control over our energy, food, transport, security and way of life. While that’s not entirely a bad thing because the computers allowed us to progress exponentially (if only we would have done it in the right direction..), the actual real problem today is that unethical people own those controlling computers and therefore they have control over our way of life (i.e. what food is available, what’s in it, how much it costs etc). Just think about this for a few moments…

 It is paramount that we consciously understand that our world today has an incredibly thin line between Real and Digital with the current balance in favour of the Digital. If ethical people would rule the world, this imbalance and this blur wouldn’t absolutely be a negative thing, and maybe in an ethical world it wouldn’t have happened at all since all things digital would be seen for what they truly are: tools used to reach goals (like a fishing pole-kit used to catch fish and allow an individual to relax while fishing). However, this is not the case in our world today, is it? In our world today, where the virtual borders between people are more vivid in our minds than the clear border between Real and Digital Fantasy, unethical individuals rule the majority. By using their own tools (i.e. mass media, industrial education, political systems etc), these rulers educated us to focus on our struggle to build better tools for them and some toy-tools for us to keep us distracted, instead of spending our free time on this planet to create tools to reach meaningful goals in balance with ourselves and with nature. Continuing my simplistic fishing kit analogy, we are now competing against eachother to make better fishing poles, but with which we’ll never have the time to fish, because we have to go back to work and build more fishing kits so we can receive the money we need to pay in a store for…a fish. Not just that what we’re doing is completely idiotic and we’re only two steps away from Mike Judge’s Idiocracy, but we never get to enjoy doing what we love because first we must do what’s profitable and which aligns with the expectations of the powers that be.. Considering we are the only species on Earth which pays to live here, or else the individual dies, do we actually understand the critical problem with our “civilised” society/world?

In our civilised world we are thought to perceive Digital as “cool” and fun to use/own (and sometimes it is), but while we are not directly thought that Digital is better than Real Life, the effect is very clear – just watch the chaos unfold if your kids or teens are not allowed to use their pad/smartphone or social media for a while. All this may seem like natural human evolution, but a sharp observer will notice that in practice, Digital is subversively used at global scale to guide (and control) not just an unnecessary financial system which is corrupt beyond imagination, but is also used to manipulate our real-life thoughts, words, knowledge, behaviour and actions. funny-human-evoThe digital tools (both software and hardware) are now literally shaping the new generations of humans. This is especially concerning given the fact that some of the controversial world events which took place in the last 14 years, have given Orwellian powers to governments and unethical individuals who own these tools and the “factories” which makes them.  As a result of a very unfortunate combination of events, the Internet itself is now at risk to be owned and used as a power tool for control and profit. And the most unbelievable thing about all this is that the users of Digital are not just ignorant of the dangerous digital trend used against humanity, but they’re also its messengers, happily (or unknowingly) transferring their own real life into digital format and in the process they surrender their identity…To be clear, digital technologies by themselves are not harmful or “evil” and this is not an argument about technology, but about how digital technologies are abused today to create undesirable outcomes for so many free individuals. This is what Aaron Swartz died for, this is why numerous activists and journalists are trapped/incarcerated, this is what Snowden warned us about, and this is why we all need to wake up and stand for what is ethical!

Aaron Swartz3

Image source (Click on the image for The Story of Aaron Swartz)

 
1 Comment

Posted by on January 28, 2015 in IT stuff

 

Tags: , , , , , , , , , , ,

How to surf (relatively) anonymous in today’s digital world?

This post is a follow up to my previous post about online security – “How to surf safe in today’s digital world?” which I ended with a personal statement wrt Internet anonymity and with some basic instructions how to surf the web privately. In this post I will try to offer some more details on how to maintain your Privacy in this intrusive digital world we find ourselves today.

As I am writing these lines, thousands of people all over the world are protesting the NSA spying in US and around the world. So I am writing this in support of the Stop Watching Us campaign, and in support of the Human Rights in the offline and online world.

Firstly I would like to emphasize the following: If you’re a human being, you have the Right to Privacy even if you think/believe that you have nothing to hide.  The Data Protection Commissioner tells you why this matters. Prof. Gavin Phillipson tells you and BBC why it matters, and the PrivacyRights organisation tells you why it matters. Please take a few minutes of your time and read the info, document yourselves to learn a lesson from history and understand the catastrophic consequences of mass digital & personal surveillance. Such unethical and unconstitutional actions as mass/personal surveillance cannot be allowed to continue so please act! (an if you’re still debating the implications of these actions, please take a look around on eff.org or read this article on why privacy matters, or this one on why should you care, or this one on key takeaways)

Before I start my tutorial, please review/follow my security post1 , security post 2 and Top 5 Myths of Safe Web Browsing (by Sophos). I can’t stress this enough: If you want digital privacy, you have to make sure you are using a secure Internet enabled device! If your hardware & software environments are not secure, you will achieve the same level of anonymity online as in the attached photo above. 🙂

Without further a due, here are the high level links in any average day of browsing the internet (in reverse order):

Webpage on webserver -> WAN -> Local network -> Your Internet device -> Your Browser -> YOU.

EFF has a thorough tutorial on the Free Speech weak links and I’d highly recommend you to go through it!

In summary, if an individual or an organisation wishes to monitor your digital life, they can do it at any of the connection points described in the EFF’s tutorial or by me above. And this is how they may achieve this (presented at high level & in reverse order):

  1. Through scripts of various kinds running on the webserver(s) which hosts the website(s) you are accessing through your browser. These scripts load automatically and detect you as an individual, not just your machine. This technique is called fingerprinting  -Read more tech details here.
  2. The WAN hardware can be monitored at ISP level, DNS level and/or raw level: HW fibre optic tapping (which includes ALL digital communications including telephones & VOIP).
  3. Your LAN hardware can have various levels of poor security and the security level only depends on hardware and software config. Since WiFi networks are most common these days, here is a list of vulnerabilities.
  4. Your Internet enabled devices (Desktop or laptop PC, Macs, tablets of all kinds, mobile phones, smartwatches etc) are the absolute weakest link. These devices run the software environment which in turn allows the browsers to make the queries through the Internet and display the content you desire.
  5. The browser. This is where it all begins and also ends in full cycle. Your browser security depends on many of the points above but it also depends on its internal profile configuration.  Your browser identifies you.

anonymous

To achieve a reasonable level of anonymity a user should at least consider securing the 3 points which has control over. These would be:

  1. The Local Area Network (yes, incl WiFi)
  2. The Internet device (SW & HW)
  3. The Internet browser used.

In my previous security post I described the absolute minimum steps which I would recommend for hardening the security on a personal LAN and a computer running Windows (weak), OSX (better than Windows) or Linux (highly recommended). I also gave some tips on configuring Firefox and Chromium based browsers for a better online experience. Now I will take this one step further and present 2 usability scenarios: A. Quick config for Day to Day Internet surfing and B. Quick config for Advanced private comms.

Finally, please note this disclaimer: This tutorial is an FYI only. While it can be used in regions of the world affected by the Chilling Effect or by mass surveillance systems like PRISM, it doesn’t present the full details on how to achieve invisibility while connected to the Internet and you, the reader and/or user, take full responsibility for following any advice described in this post and for any consequences that may follow from your actions. My tutorial is FYI only. Regardless of how you choose to use this information, please obey the law in your country, please respect life and guide your actions by ethical standards. Thank you.

A. Quick configuration for D2D surfing

windows mac (Photo credit: Sean MacEntee)

A1. Windows PC & Apple Macs

Windows machines are probably the least secure machines out of all PCs connected to the Internet. The good news is that they are easy to configure for good security. Here’s how in 3 easy steps:

1.First backup all your user data to external drive/cloud/secure media. 2.Second: Format the Windows partition. 3.Install Linux and if you really need windows, put it in a virtual machine on Debian. Done. Not joking! 🙂

If the above suggestion is not feasible then please secure your LAN and your Windows/Mac OS (basic instructions are provided in my other post), and when you’re comfortable that your LAN and your OS passes penetration security tests (eg tutorial, NetworkTools, SecurityTools, FW test, AuditmyPC or search4more) move on to:

1. Get a secure VPN package from JonDonym or proxy.sh or Privacy.io Or from a Swiss or Irish SP.

    • If you prefer free packages then you can use the free services from JonDonym or TOR

2. Configure OpenVPN on your computer and test the VPN connection (response time is more important than bandwidth as long as you have at least 1Mbps). Connecting to Ireland, Switzerland or Netherlands would be a good choice to start with.

3. Configure a profile on your software Firewall to block all Internet traffic that is not going through VPN. If the VPN connection drops (it happens), it is essential that your firewall will stop you from accessing those secure Internet sources through your normal connection. And depending on the level of threat you may find yourself under in your country, this only needs to happen once, to be a serious issue for you in real life.

4. Pair your VPN with a browser that you never use for your social media, email or any other services that require you to login. JonDoFox is a good choice here.

    • By “pairing” I mean, use that browser only after you start your VPN, you activate the firewall VPN profile and after you are safely connected to the VPN.
    • This goes without saying but I will write it anyway: If you want to maintain your privacy, do not login on any website or service. From the moment you logged in, you lost your privacy in that session, or on the server you connected to, and depending on your VPN SP, you lost it on your VPN account too.

5. Configure the DNS on your network card(s) to force use the DNS from your VPN provider. And for everyday use to use OpenDNS with DNScrypt, or one of these from OpenNIC or an OpenDNS server listed by TechAthena here or by a DNS listed by wikileaks under their /wiki/Alternative_DNS link.

A2. Mobile devices (phones, tablets etc)

This should be a post on its own considering the complexity involved in masking your identity while using your phone and surfing the Internet. Therefore I am only describing the very high level steps:

1. Try to use a pre-2003 GSM phone eg Nokia 3330 (but with a headset! OK just kidding)

firefox-os-logo

2.Try to use a smartphone with Android, Firefox OS or any other Open Source OS.

3. If you choose to use an Android powered device then you may want to root it to benefit from its full capabilities and also to gain root (admin) rights on the OS. Check out XDA Devs for goodies. Please note that rooting is voiding warranty in all cases, there are certain risks involved, including freezing your device, and if you choose to do this you do it on your own responsibility.

4. Configure the secure VPN service (mentioned above) on your device and connect to it

    • As an alternative, you could use Orbot and Orweb browser
    • Same as above, while connected to the VPN or Orbot, do not log in to anything.

5. Use secure apps for all comms. The Guardian Project is a good start.

A3. Tools & relevant info

B. Quick advanced config for private comms on Desktops, laptops, Macs

Same as above, this is a “quick config description, only meant to give you a high level view of the model you could use. The actual details are waiting to be found and tested 🙂

  • Install VirtualBox  or your favorite Virtualization software
  • Download Whonix and load it in VirtualBox.
  • Or else you may be more comfy with Linux Mint (if you’re a pro then BSD is prob 4u :p)
  • After you loaded the VM image regardless of OS, save snapshot 1.
  • Get a VPN package from JonDonym or proxy.sh or Privacy.io Or from a Swiss or Irish SP.
    • If you prefer free packages then you can use the free services from JonDonym or TOR
  • Setup the VPN package in your VM. Or else setup TOR in your VM.
  • When you’re done and you’re happy everything is ok, just take snapshot 2.

A VPN or TOR on its own will not provide anonymity. Your browser needs to be configured correctly!

  • The easiest way to achieve it is by using a pre-configured OS like Whonix or a browser like the Tor Browser or JonDoFox (which can be used outside the VM as well with TOR/VPN)
  • Adv. If for some reason you need extreme security then use a pre-paid mobile ISP (min 3G) and put a secure VPS between your VM and the open Internet. eg: PC-VM-VPN-VPS-VPN2/TOR-Destination (your VM connects to the VPS through an encrypted VPN1 and then connects to the destination website / service through a 2nd encrypted VPN2 or TOR account)
  • Happy surfing!

Best Practices:

  • DO NOT login to any personal websites while using anonymous browsers or services.
  • Do use a search engine and read more.
    • Feel free to search more and read articles on online surveillance, PRISM, Snowden etc.
  • Do obey the law!
 
3 Comments

Posted by on October 27, 2013 in IT stuff

 

Tags: , , , ,

How to surf safe in today’s digital world? (periodically updated)

This post will serve as a tutorial on personal online safety and privacy. Due to the mixed technical knowledge of any audience, I’m going to write it mainly for the general computer users but I will add advanced sections for tekkies. My advice will apply mainly to Windows users due to its low security level and the amount of vulnerabilities and threats targeted at this operating system, but you will find Linux & Mac sub-sections as well. Just to note, I’m not planning to detail on corporate security here, but you’re welcome to get in touch with me if you’re a corporate/business user interested in my services.

Before I start, I’d like to mention 2 things: 1. This tutorial should be considered a guideline. As I am not performing the service on your machine in person, I take no responsibility for any issues that you may encounter while following my advice. If you choose to apply any of the information available in my post, you do so on your own responsibility. And 2, this post will be periodically updated so feel free to bookmark it (add it to your favourites) and come back to check for new info.

Three steps to what I think good security is for anyone surfing the Internet from home/office:

1. A secure computer = Up to date operating system, clean from malware, with a complete security solution installed (eg. Kaspersky Internet Security , Eset Smart Security or BitDefender Internet Security)

2. An up to date secure browser that is configured correctly: Mozilla Firefox (recommended), Comodo Dragon or SRWare Iron (both based on Chromium, just like Google Chrome, but with high privacy and security, without the tracking features of Chrome and Chromium)  Please note that Internet explorer is NOT a secure browser! See below for my tutorial on enhancing security of your browser.

3. A secure network = Connect to the internet through a network that’s protected by a hardware firewall. Most routers today come with a built-in software firewall that provides basic protection, at least use one from a well-known manufacturer (eg. Cisco, DrayTek, LinkSys, NetGear, D-Link). If connected over WiFi, secure it with WPA2 AES and a strong password!

Part 1. How to secure your computer?

1.1 I’m going to start with Windows users

A) The most reliable way to secure your PC is to backup your essential data to an external hard drive (if available, also backup your critical data using an online backup service like SpiderOak) then format your hard drive(s). Unplug the network cable from the pc, disconnect all peripherals except your keyboard, mouse and monitor, then install the latest version of Windows 7 SP1. After Windows 7 has finished installing and is up and running, restart your computer. Now install your preferred security solution. I strongly recommend Kaspersky Internet Security which at the moment is at version 12. Can be purchased from Amazon for a discounted price, check it out. After you’ve got KIS installed, reboot your pc. Log into Windows, connect your computer to the internet and update Kaspersky. Reboot if required. Then install the optional updates from Microsoft updates that are new drivers for your hardware, and ALL updates under the Important Microsoft Updates section. Be patient, it will take a while and your computer will need to restart once or twice. When that’s done, you’ve got a secure computer for sure! Now you can plug-in all your peripherals, install the necessary software, restore your data and customise your PC.

B) Considering most users are not willing to go through the hassle of reinstalling everything (you should do it on Windows if you want to be sure that you’ve got a safe computer), I’m going to write a list of basic steps that should help you secure your machine:

  1. Reboot your PC.
  2. Use your Internet browser to download and install CCleaner. Run it with Admin rights, check ALL the options in the first tab except the last one that says “Wipe Free Space”. Do not check that as it will take a long time to finish and its only necessary in data sanitary conditions. Click on the second tab called Applications and check all options. Now select Analyse, wait for it to finish, then click on Run Cleaner. Restart your computer.
  3. Click on the Start orb at the bottom left of your screen and search for “msconfig” (without the quotes). Run it, go to services and check the box “Hide all Microsoft services”. Now disable (uncheck) all the services that you don’t recognise (make sure you know what you’re doing!). Then click on the Startup tab and uncheck the items that you don’t recognise. Reboot. (Tutorial here and video tutorial here -not mine)
  4. If you suspect an infection on your machine, then you should use an online virus scanner before you go any further. Chose any of these: Kaspersky Online ScannerBitDefender Online ScannerEset Online ScannerTrendMicro Online Scanner
  5. (Adv.) Further on, if you suspect a rootkit, then download and run Kaspersky Virus Removal tool, or Hijack This, or Rootkit Buster, or Sophos Anti-Rootkit, or GMER
  6. Now uninstall all the unnecessary software from your machine and reboot.  (Start-Control Panel-Programs and Features). Win7 performance optimisation tutorial by Microsoft here
  7. After rebooting, run CCleaner one more time (Right click on Recycle bin and select Run CCleaner). Unless you’ve got a good Internet security suite installed on your machine, uninstall it, reboot and then install Kaspersky Internet Security. Comes with 30 days trial. For free solutions, use one of these

1.2 Linux users – well most of you already know what you’re doing so I’m not gonna brag about it. Here are 3 steps for more novice Linux users and 1 for advanced:

  1. Use a popular distro that provides regular security updates and has a 6-9 months release cycle. eg. the multiple flavours of Ubuntu, Linux Mint, OpenSuse, Mandriva, Fedora, CentOS. Always keep your distro up to date! (I run sudo apt-get update / sudo apt-get upgrade every time I log into my Linux)
  2. Use ClamAV. Set it up to update and scan automatically. This tutorial shows you how to set it up in Debian based distros.
  3. Use a software firewall. Select one from here that suits you but I recommend using the integrated firewall on your distro, or else (Adv.) use iptables or a dedicated firewall solution eg. SmoothWall
  4. (Adv.) Harden the Kernel. Hardening tutorial for Ubuntu here.

1.3 Mac users – no offence to anyone promoting no threats on Macs, but if you’re one of them allow me to tell you this politely: you are an idiot and you should switch to Windows asap because you’re a n00b. Thanks! 🙂 Seriously now, the threats on Linux and Macs get onto your machines through your browsers or your open ports (and on Mac there are plenty). Linux is a very very secure operating system because is based on the UNIX architecture. Apple’s OSX is also based on Unix since version X but while its better than Windows, its far from the security of Linux. If I were to put the top 3 most secure OSs out there, then it would be: OpenBSD – Linux – Solaris. Yeah, Windows and OSX are not there, here is why and here and here and finally here. Now my advice for you guys:

  1. Always install ALL updates from Apple. If they release a new cat on the marker, be sure to be on it as its faster and more secure than the previous generation. If your Mac’s hardware doesn’t support it, at least upgrade to the latest available OS for your hardware, then follow my advice in this post.
  2. The serious threats on Macs come through your browser. Use the latest version of Firefox for Mac for your OS. Use the latest version of Safari. Configure them correctly (see below my advice on how to configure browsers securely). How to properly clean your mac regularly.
  3. DO use a security suite on yr Mac if you’re not an experienced user, or at least an antivirus + the built-in firewall. If you choose to install a security suite, then pick one from here (Sophos or BiDefender would be my choice for premium and iAntivirus or Clam as free options)
  4. Take a look at Apple’s own security support page. Report findings if you have concerns.
  5. Keep an eye on securemac.com as they’ll keep you up to date with the latest threats on your platform.

Part 2. How to secure your browser?

At first I really think you should read this article if you’ve got a basic understanding of Internet encryption. Towards the end of the page, you’ll find “How to force use of 256-bit AES for secure web and secure email”

  1. Always use the latest version of Firefox, Chrome, Dragon, Iron, Safari or Opera
  2. Regularly use CCleaner on Windows, BleachBit on Linux and CleanMyMac on Macs to get rid of all temp files, cache, cookies etc
  3. How to automatically clear history in Chrome /Chromium/ Dragon here
  4. How to automatically clear history in Safari here; advanced tutorial for Mac here

Due to the fact that Firefox is the most secure browser, is the one I recommend you to use! Here’s how to configure it:

  1. Set Firefox to always clear your browsing history upon exit. Mozilla instructions here 
  2. Uninstall useless addons and extensions (all toolbars included)
  3. Install the following Add-ons for Firefox: HTTPS Everywhere, AdBlock, TrackMeNot, BetterPrivacy, Lightbeam, Flagtfox, NoScript and Ghostery. Please note that NoScript requires user interaction and manual approval of scripts. Ghostery updates itself but make sure u select it to block everything by default. You can allow whatever you want as you browse. However, allow only the scripts from websites you’re familiar with, don’t enable any other ones when visiting websites!
  4. (Adv.) Use the instructions in this article to set your Firefox to use 256bit AES SSL encryption on available sites.

For those of you that prefer Chrome, I strongly recommend you to use Comodo Dragon instead (if you’re on Windows). Or else Iron if you’re on any flavour of Linux.  Dragon & Iron are virtually Chrome but with enhanced privacy and no tracking features. You can download Comodo from here  and Iron from here

These are the extensions you should install on all Chromium browsers for high security and privacy (Dragon, Iron, Chrome etc) : AdBlock, Do Not Track Plus, Ghostery, HTTPS Everywhere, PrivDog, IBA Opt-out, SecBrowsing and the addons from Kaspersky Internet Security.

Part 3. How do you secure your network?

3.1 Basic steps to secure your Internet connection:

  • Use a hardware firewall if you’re open to Internet access due to certain Internet services you provide (you should also be on Linux and take all necessary security measures)
  • Use one of the routers I mentioned above or [highly recommended] one that’s compatible with DD-WRT
  • Use an interactive software firewall that filters everything and learns from your choices. Comodo, Kaspersky or Eset are good choices.
  • Use an SSL VPN for complete traffic security between your machine and any other Internet machines

3.1 Basic steps to secure your WiFi connection:

  • There are soo many tutorials on the Internet on this that I’m not even gonna attempt to write one. I’ll only specify 3 things:
    1. Use one of the routers mentioned that do the job properly, preferably with DD-WRT on it
    2. Secure your WiFi with WPA2 AES and choose a strong password. Tutorial here and here
    3. Enable mac filtering and configure it to allow access only for your devices.

Advanced instructions for Internet Anonymity:

I believe that people have the right to choose to live a private digital life if they really want to. Therefore I will summarise 3 ways on how to achieve real Internet surfing anonymity but I won’t go into specifics. To achive this you obviously need to have followed at least my advice above to secure your computer.

  1. Install and configure Tor. Heres how
  2. Browse the internet (optional: from within VMs installed) on your computer that is configured to use SSL VPN tunnelling eg. OpenVPN
  3. Feel free to follow my instructions in the post “How to surf (relatively) anonymous in today’s digital world?

Other resources:

 
2 Comments

Posted by on April 7, 2012 in Business, IT stuff

 

Tags: , , , , , , , , , , , , ,

July – the security awareness month

Anonymous with Guy Fawkes masks at Scientology...

Considering I’ve started the month with various online security posts (and I’m not done yet), I will continue with this post that will serve as introduction to my How to surf safe in today’s digital world? post.

OK at first let me explain what’s the story with my focused interest on security these days. If you’re working in the media or IT, there’s a very slim chance that you haven’t heard of LulzSec, Anonymous and the recent rise of multiple other hacker groups all over the Internet. If you don’t work in the 2 mentioned sectors then let me fill you in with a summary on the recent events:

According to Panda Security‘s latest research report on the state of cybercrime, the second quarter of 2011 was “one of the worst on record” for global IT security. They blame the hacking groups like Anonymous and LulzSec for causing widespread mayhem to organizations such as RSA Security, the U.S. Defense Department, F.B.I. and various US Defence Department contractors, the Church of Scientology, the International Monetary Fund, Sony, Citigroup, SEGA, Visa, MasterCard, Federal and National Police departments in multiple international locations (at the time of writing of this post, they just released data from FBI contractors IRC Federal, and the German Federal Police), they all fell victims to the attacks. *Update 11-7@12:00PM: Something really big is about to happen today. One of the members of Anonymous twitted a few hours ago: “ATTN: Tomorrow will be two of the biggest releases for Anonymous in the last 4 years. Everyone brace. This is literally explosive.”

So who are Anonymous & Co.? See the image below for a “Family Tree” of hackers put together by a talented intern at Geekosystem. Original post here

From their Twitter page (where they make all public announcements), they describe themselves as: “We are Anonymous, we are AntiSec, we are LulzSec. And we are the people, who will be silent no more. Expect us. The Internet is ours and you’re not gonna take it back from us. Please also realize that we are not your enemy but your citizens.”  Anonymous to the Machine video with statement here: http://youtu.be/9TG4RTwctlw

Now that you know who they are (well sort of), lets see what exactly do they want? From what I read and seen, the answer is quite simple: they’re a team of anonymous hackers located all over the world that want to fight against corrupt and abusive organisations even if they’re doing it through highly illegal means (sort of like Watchmen). They are targeting mainly governmental organisations all over the world, their contractors and law enforcement departments with 2 purposes: 1. to expose their abusive actions and intentions and 2. to expose security threats in their users database by publicly dumping their users database.

I know some would agree with the 1st purpose, but at first sight the 2nd one sounds very malicious doesn’t it? Well don’t judge a book by its cover and don’t jump to hasty conclusions just yet, things might not be what they seem; I am not a supporter or involved with them but I am an objective observer of events. And this is (not) just my opinion here, but just like Watchmen they are doing everyone a favour in the long run by exposing the wrong doings of agencies that are supposed to be the “law enforcement”. The agencies which should work in the best interest of the population and are bound by ethical laws before the legal ones! They are also pointing out serious security flaws in the infrastructures of multiple large corporations or organisations. They say that if they can easily get their hands on your data, so can malicious hackers. The difference is that they release it publicly for the purpose of transparency, they make a big buzz about it (mainly for “the lulz” = to laugh at someone’s claimed high security), and they force those organisations to implement actual security that protects the users databases properly.

Hmm so now you might ask yourself: “if these vigilantes are doing something good in the end…and considering I’m not corrupt or involved with any of those agencies, why should I be worried? I’m just a good citizen minding my own business”  My answer to that is: Well you should be very worried for your private digital data that resides on any physical hard drive, be it on your computer at home/office, on an email server or on any other machine connected to the Internet. Allow me to explain:

Anonymous might not be a threat to you or your firm directly (unless you’re corrupt and/or up to no good), but there are other very malicious hackers, crackers, cyber psychos and various evil intended individuals whom you should be very worried about!  These people create viruses that automatically plant silent trojans, root-kits and all sorts of “bugs” into your computers, websites, email accounts, smartphones etc,  that allows them to monitor your actions, conversations, transactions and your private data without your awareness. Some of them can even take control of your computer’s processing power and its Internet communication ability. Remember my words, the most dangerous hackers are the ones you don’t hear about! (and those that get caught after committing serious crimes against other people/companies. eg. Stuxnet creators). They are the real threat for the mass population not these vigilantes which like the spot light. Not defending or promoting illegal actions here but if anything, Anonymous managed to successfully increase the security awareness all over the world. They’re actually helping me and other security consultants prove a point that I was trying to make since I started working in IT as a consultant:

  • DO NOT TAKE YOUR PRIVACY FOR GRANTED!
  • DO NOT REUSE PASSWORDS!
  • DO THE RIGHT THING THE FIRST TIME!

So not only that they are exposing bad-doings of various organisations (check the media, all the firms they exposed got all the black balls) but they are forcing security “WhiteHats” to implement proper security solutions not just claimed security = marketing stunts = ROI generators = users take the damage if something goes wrong because are completely clueless abt their private data being accessible by 3rd parties (fb much?).  They’re also finally convincing users to protect themselves against maliciously intended individuals. And with this I’m going to end of this post and start a more useful one about How to surf safe in today’s digital world?

 
2 Comments

Posted by on July 10, 2011 in IT stuff, Personal

 

Tags: , , , , , , , , , , ,

Hacker threat! Crucial Steps to Protecting Yourself Online

Logo

Image via Wikipedia

The U.S. Senate, Citigroup, Sony and Google have all been hacked in the past few months. Recently, 2 Major hacking groups have joined forces, mainly against corrupt and/or abusive governments and organisations. I wish I can say that you’ve got nothing to worry about if you’re not part of any of them, but that couldn’t be further from the truth. The rule of thumb is: as long as you’re connected to the Internet, you are susceptible to various threats that not even security experts know about.

My previous post is about how to protect your email accounts. This post is based on an article I found here and is about 9 steps for safe Internet use which should keep you protected online:

1. Use powerful unique passwords: The more complicated the password, provided you can still remember it, the better. A combination of letters, numbers, upper-case, lower-case and special characters is best. Also make sure you use a password that is not intricately connected to information about you, such as your date of birth or your mother’s name, because thieves might be able to track down that information.

2. Use a security suite with anti-malware detection: I recommend Kaspersky Internet Security and Eset Smart Security as main security solutions for all PCs. Malwarebytes for all malware detection on Windwos platforms, and ClamAV on Linux. There are also several free options available online like AVG and Avast that provide basic protection. For Macs Sophos or McAfee do a good job.

3. Don’t reuse the same ID and password: Just like you have a ring of keys, you have a key to your house and a key to your car, you need a different key for each site. If someone gets your Facebook account, because your email account is your logon, then that person probably also has your email account. And then he/she can probably get your bank account and other more personal things like that.”

4. Google yourself: Be aware of the information about you that is available online. One of the ways in which individuals are compromised is when a hacker or con man uses information that they’ve found out about you through a simple search and manipulate it.

5. Be wary of “phishing” attacks: Any time you see a link in an email, be wary. The problem is these are all games of abuse of trust. They want you to trust the email so you’ll click the link. If they’ve compromised your best friend’s email, you’re going to get an email from your best friend. Hover with the mouse cursor over the link before you click on it and check the address in the status bar of your Firefox browser!

A good rule is: When in doubt, type it out. Although the URL may look trustworthy, con men hide bad links in hyperlinks. If you type in the link/email yourself, you’ll be able to see if that link/email was real or not.

In general, read the URL and use a common sense approach. If it says “.ru” instead of “.com,” ask yourself, “Does it make sense that my bank site is being hosted in Russia?”

6. Pay attention to misspellings: If the site doesn’t look right, check your spelling. If you spell Google or Disney wrong, you might not be in the right place. People buy domains with names similar to the real ones and monetize off of those. They make money if you click on a link and it takes you some place else. You loose time by doing so and also risk to have your machine infected with various malware/adware.

7. Understand how your data is shared: Although you might have provided your contact information to your local supermarket, they might not be the ones storing that information. Many companies outsource that kind of storage to a third party. The answer is not to say, ‘I will never use the Internet’. The answer is to say, ‘I’m going to hold the companies I do business with, both online and offline, accountable for their actions.’

8. Try to use one credit card for online purchases: This way, if your information is compromised, you know exactly which card is breached. If you are notified of a breach, get a new card. Although your credit card company might offer monitoring services, you will be safer getting a new card, especially if you only have one credit card.

9. If in doubt, change the password and security questions: Many people simply change their passwords if they believe there accounts have been compromised. Make sure you also change the security question that many sites ask in conjunction with a password. Use common sense, if you talk about your current pet on social networks, it might not be best to use its name as the answer to your security questions.

For security news, keep an eye on:

ICTTF – International Cyber Threat Task Force icttf.org – A not for profit organisation formed to create an international community of people concerned with dealing with cyber threats, such as cyber crime or cyber warfare.

 
3 Comments

Posted by on July 6, 2011 in IT stuff

 

Tags: , , , , , , , ,

How to stop unauthorised access to your email account?

Image representing Gmail as depicted in CrunchBase

While the 2 step verification applies only to Gmail for now, the other steps apply to all email providers. This is how you reduce your chances of your email account being hacked:

1. Set up “Two step verification” on your Gmail account (if on Gmail, Google has made two-step verification easy to set up.)
2. Check if your email messages are being forwarded without your permission. Check your filters!
3. Where is your email account being accessed from? Check your logs!
4. Choose a unique, hard-to-crack password. DO NOT REUSE PASSWORDS!
5. Secure your computer. If you’re on Windows, use an Antivirus, a Firewall, an Antimalware and always install all updates from Microsoft. If you’re on Linux or other platforms, always install the latest security updates, harden the kernel, use a firewall.
6. Why are you storing sensitive information in your email account? Download it to your computer, encrypt it (TrueCrypt) and store it securely.

7. Always use the latest version of Firefox! Install the following add-ons: AdBlock, HTTPS everywhere and NoScript. Allow scripts only from genuine websites that you trust.

More details here: http://nakedsecurity.sophos.com/2011/06/02/how-to-stop-your-gmail-account-being-hacked/

If anyone requires assistance with online security, feel free to get in touch with me. OviTech.eu

 
Leave a comment

Posted by on July 5, 2011 in IT stuff

 

Tags: , , , , , , ,

 
%d bloggers like this: