Concerned about your privacy, who and what is tracking you during your internet browsing?

Take a look at Ghostery, it is a util that will show (and enable you to block) who is tracking you..
http://www.ghostery.com

Works on most popular browsers.

How to install guide (IE);

This is quite clever (as long as you are vigilante);

http://supergenpass.com/

You know the deal, you need to create a new account and have to supply username, email and password to do so.  You may have learned or heard that it is NOT a good idea to use the same password for different sites (if one gets compromized ALL your logins would thus be vaunerable), but also you really can’t remember 1031 different passwords…  well SuperGenPassword.com CAN help you with this!?

What is does is quite simple you enter sitename (the url/site you are creating the login for) and password (your generic/master password) into SuperGenPassword and viola it provides you with a “unique” password for the site – the clever part is that you wont have to remember this password!?  You simply remember the generic/master password, and next time you visit the site you use SuperGenPassword to generate the password you need for the site..  This is done simply by hashing (http://en.wikipedia.org/wiki/Hash_function) the site/url salted (http://en.wikipedia.org/wiki/Salt_(cryptography)) with your generic/master password.

Lets take an example;

Password on url test.dk become l5zuZo0qa2
Password on url test.com become eipalNBj0T
Secret on url test.dk become nY8BEihJsR
Secret on url test.com become dXt1E8tILH

As you can see the same password makes a different hash depending on the url.

Now SuperGenPassword even offers some clever scripting shortcut so you can generate these passwords automatically and insert them into the password field on web-sites, I would advice against this as the scripting they use has been proven to be vaunerable to interception by malicious sites/scripts which can thus obtain your generic/master password.  Instead use http://supergenpass.com/mobile/ their mobile solution and generate the password manually in a different tab and paste the password into the site you wish, a bit more work but a lot more security..  also a good trick is to pad the password with a “pin”, lets say the hash from the data you entered into http://supergenpass.com/mobile/ become dXt1E8tILH – then normally you would use this as the password – however if you add padding to the start eg. added TOAD to the beginning the “final” password would thus become  TOADdXt1E8tILH, thus even if someone found out you were using SuperGenPass and somehow got hold of your password then it would be useless for them as only you would know to add TOAD to the password generated by SuperGenPass.

Here is a YouTube video that explain a bit about SuperGenPass, note that he is USING the scripting which I advice you do NOT.. But you may get the idea a bit better though..

So DO NOT use the script, use http://supergenpass.com/mobile/ instead..

Should you ever see a device like the one below then your mobile devices may be close to loosing their virginity 🙁

Police and Homeland Security in the USA have obtained devices like this that allow them to clone/extract ALL data from your cellphone/pda/ipod/ipad/iphone etc in minutes, it does not even matter that you erased data this device will get ANYTHING “sector by sector”….  some states even allow this device to be used during routine traffic stops..  My fear as an EU citizen is that if I at some time wish to travel to the USA, then I may be met by a Homeland Security officer at the border with a device like this in his hand..  Not that I have anything to hide, but the idea that someone else will have FULL access to my very private data is VERY disturbing to me..

Read more here;
http://redtape.msnbc.msn.com/_news/2011/04/20/6503253-gadget-gives-cops-quick-access-to-cell-phone-data

As you may have heard Dropbox suffered a major security breach this weekend, for almost 4 hours ALL dropbox accounts (including data) was accessible to ANYONE without password (or rather you were asked for a password, but it would accept anything)..

The major problem here is that ANYTHING in your Dropbox is unencrypted, and thus anyone that gets access to your Dropbox has access to your data…

This is, besides a major concern for Dropbox users, a wakeup call for users of cloud solutions – I totally have to agree with Steve Gibson (www.grc.com/securitynow) that we need PIE – Pre Internet Encryption, everything we store in the colud really NEED to be encrypted before it leave our servers/lan.

Obviously this Dropbox breach was not good 🙁  but never fear there is a solution, still in Beta but still very promising..  The solution is called SecureSync, it creates an encrypted folder in your dropbox and anything stored here is encrypted (you HAVE to access the folder via the “SecureSync” shortcut in MyDocuments though, if you look directly in the encrypted folder you will only get encrypted data – this however is quite clever as you can still syncronize with machines that do not have SecureSync installed, for Dropbox the encrypted data is merely data and is thus synchronized just as other data – however once you instal SecureSync on the target machine you can suddenly read the encrypted data via the “SecureSync Shortcut”.

SecureSync is free (at the moment at least) and still in Beta, but it seem to work fine although especially the install routine obviously will be improved.

Get it here;
http://getsecretsync.com/ss/getstarted/

Seems like I have been sleeping in class 🙂  Backtrack 5 was released in May without my noticing it :-/

Download it here and take it for a spin 🙂
http://www.backtrack-linux.org/downloads/

BackTrack 5 – Penetration Testing Distribution from Offensive Security on Vimeo.

I just read about IATA’s newly proposed security screening process and I must say I am very sceptical 😐 it would seem to rely heavily on sensitive personal data being shared with authorities and cross country borders.. Being a privacy advocate I really don’t like the way things are heading… This newfound “fear” of terror seem to create a number of loopholes in the protection of peoples privacy. I am very concerned about the level og details I have to share with airlines already, having to share more is very unattractive to me, I would prefer them hireing more airport police instead..

Also I don’t think I should be treated like a crook or second class traveler just because I care about my privacy.

Recently I mentioned the Microsoft Security Scanner (https://readmydamnblog.com/?p=2011) a portable/standalone scanner for your pc, well it seem Microsoft is stepping up their Anti Malware/Rootkit effords – link to their new beta project;  http://connect.microsoft.com/systemsweeper

The link is to a beta project from Microsoft introducing a bootable ISO that will help getting rid of rootkits and what now (Rootkits which logically are notorious difficult to detect and remote from within the OS installation).

It’s still in Beta, but looks interesting indeed.

32 bit version; http://go.microsoft.com/fwlink/?LinkId=215854

64 bit version; http://go.microsoft.com/fwlink/?LinkId=215855

Microsoft site; http://connect.microsoft.com/systemsweeper

It is also worth noticing that the latest version of Microsoft DART “ERD commander” (the old Winternal/Sysinternal utility to boot, modify and fix Windows installations) now also contain a malware scanning and removal utility (Standalone System Sweeper) – this is however sadly only available to Microsoft corporate license holders.

A very interesting ‘webcast’ on what could be named “Filter bubbles”, it is an interesting observation on how Google and Facebook automatically filter certain information away for you (all in good faith I hope, but still)..  Your search on “Egypt” may thus bring very different results than the same search done on a friends computer, good or bad?  well it is hard to tell but it offers some scary prospects.  Take the 9 minuts and listen to this, it is interesting stuff.

Microsoft has released a no-nonsense simple to use, free and downloadable tool – Microsoft Security Scanner – to check and cleanup virus infections (or suspected infections).

This tool is not intended as an antivirus, it is intended as a cleanup utility for infected computers or as a tool you can download and do a double-check to confirm you are not infected (say your installed antivirus is unable to detect a certain virus/malware, then you can double check using Microsoft Security Scanner).

You can download it free from here (note the download only works for 10 days, then you have to re-download an updated version, this is to ensure the virus detection patterns are always fully up to date);
http://www.microsoft.com/security/scanner/en-us/default.aspx

A good thing to also do is to run Microsoft Malicious Software Removal Tool from time to time – this is done automatically as part of  Windows Update, however this is only the ‘fast/quick’ scan – by starting the MRT.EXE manually you can do a FULL scan.  The Malicious Software Removal Tool is installed on all windows machines and updated/maintained via Windows Updates.

to run it;

Btw; McAfee has  a similar yet not so comprehensive utility called Stinger (also free download);
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

It is stated in;
http://www.governmentattic.org/4docs/NSA_AmerCryptColdWarBk4_1999.pdf  (around page 11 in the PDF)

That the CIA in the 1980’s found an early version of what was basically a keylogger in US Typewriters (IBM Selectrics), it was suspected that these had been installed by KGB during their way through Russian or Polish customs, data collected from the typewriters was collected and emitted via radio transmissions.

With that in mind, I am afraid to think what is possible today with the technology we have now 🙂