Darknet Part 3: How people got caught

10/07/2018

Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!

Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught.  TL;DR: it’s all down to faulty OpSec.  Be careful all the time, use your common sense, and all well be well.  So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…

But this isn’t too long to watch.  So watch it!  Even if you don’t use the darknet it is hugely informative and entertaining.  And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch.  So watch it!

tor-browser1

There’s a special browser that leads to a secret web…

bmc-yellow


Apple closes security loophole in iPhones and other iOS devices

14/06/2018

Today Apple is closing a security loophole in iPhones and other iOS devices that enabled law enforcement to hack into criminals’ devices, inculding one of the San Bernadino killers.

They have introduced “Restricted USB Mode”, which will stop hackers from extracting data through an iPhone’s lightning port an hour after being locked.  It is believed that this is how the FBI were able to read data from the iPhone belonging to a gunman involved in the shootings in San Bernadino.

Apple says this is part of their usual security reviews, and is not aimed at thwarting law enforcement but is to protect users from criminals.

GreyKey-box

The GreyKey device that hacks into locked iPhones via its Lightning port

This will protect iPhones from the iPhone hacking tool GreyKey.

The new default settings will have a feature Apple call a “USB restricted mode” which has been present in developer betas for both iOS 12 and iOS 11.4.1. With this feature, all communication through a Lightning port to USB connection will be blocked on unlocked and dormant devices.

US law enforcement uses a tool called a GrayKey, which is a small box with two Lightning cables that can unlock password encryptions on iPhones and extract data from  iPhones.  The Restricted USB Mode will cut off the GreyKey’s access.

hacked-iphone

The GreyKey device reveals a locked iPhone’s passcode in as little as 30 seconds

Of course the cops believe this is aimed firmly at law enforcement, and will result in criminals and terrorists getting away with serious crimes.

“I think that privacy protections are on a collision course with responsible law enforcement actions to conduct legitimate investigations,” said Ronald Hosko, a former assistant director of the FBI who is now president of the Law Enforcement Legal Defense Fund, which raises money to defend officers accused of misconduct. “Terrorists or other criminal organizations will do something that’s heinous, in a way that is blocked from lawful law enforcement view. They will to some extent get away with it. We will lose lives, we will lose infrastructure in a big way, and then we will be having a different conversation.”

bmc-orange


ibVPN – safe web browsing for not much money

08/06/2018
ibvpn-4616-reviews

ibVPN – a high-rated VPN service with more than 180 servers world-wide

A VPN (Virtual Private Network) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet. VPN technology was developed as a way to allow remote users and branch offices to securely access corporate applications and other resources. Nowadays VPNs are widely used to encrypt and secure an otherwise insecure connection (such as a public wifi access point – an eavesdropper can see everything you do over McDonalds’s wifi if it isn’t encrypted!); some people use VPN service to access restricted online service – eg if you live in the UK you won’t be able to use the US Netflix service as that is geographically restricted to users in the USA.  But if you use a VPN server based in the USA, Netflix won’t be able to tell that you’re not in the USA yourself – all Netflix can see is that your traffic is coming and going from that US-based server.  This feature also lends some anonymity to the internet connection, which is another reason some people use a VPN.

And  it’s not just geographical restrictions that VPN use can help you circumvent: some work and school networks stop users accessing some sites like Youtube for instance (your employer may want you to work rather than look at cat videos) or hacker sites (schools tend to block sites with crime-related content, and as so many people associate hacking with crime, anything containing the word “hacker” gets banned).  So, the local network won’t let you view what you want?  Use a VPN, and all the local net can see is data going to/coming from the VPN server.  It knows nothing about goddamn cat memes or how to crack Facebook accounts!

For the past few years I have been using ibVPN (“Invisible Browsing”), run by Romanian-based service provider Amplusnet.  It’s not the fastest service out there, but it is competitively-priced and has global availability.  ibVPN boasts of more than 180 servers in 47 countries across the globe.  And there are 4 different service plans:

  • Ultimate, at $4.83 per month –  “Great for strong privacy and securityheavy streamingunblocking restricted websitestorrents & p2p activity. The most complete package”
  • Standard, at $3.08 per month – “Great for regular usagestreamingunblocking restricted websitesprivacy protection. Includes access to VPN and Extensions. No SmartDNS.”
  • Torrent, also $3.08 per month – “Special package for those looking to protect their identity while downloading torrents. Privacy protection. No SmartDNS or Proxy.”
  • IBDNS/SmartDNS, also $3.08 per month – “Special package designed for unblocking restricted websitesand heavy streaming. Includes SmartDNS and access to browser extensions. No VPN.”

Their All-In-One client software/apps is available for Windows, Apple MacOS and iOS, and Android devices, and the services are also compatible with Linux, most routers, smart TVs and gaming consoles.  The interface is clean and efficient (see below).

ibVPN-All-in-one-client

ibVPN All-In-One client interface controls your VPN sessions

If you’re thinking of going with ibVPN but want to try before you buy, they offer a 6 hour free trial period.  And they have a 15 day money back guarantee if you’re not satisfied by the service.  This shows they have confidence in the quality of their product.

The speed of some servers/connections is not always great, but it is rarely appalling and the price is excellent.  All in all, a good service – I’ve been using it for some years now, which is the greatest praise any product could get – if I keep paying for something it’s because it’s the best!!  😉

Buy Me A Coffee


Hack Trump!

22/05/2018

 

“You’ll prise my iphone from my cold dead fingers!” Trump will never stop tweeting – luckily for hackers.

The intel is out: we’re on to hack the Don.  The White House staff tried to tell him that bringing a cell phone into the secure area was to bring in his own gaping goatse security hole.  But he insisted: he needed, not one, but two iphones.  One for calls, one for Twitter.  Cos yeah, we all need a special Twitter phone.

But even though that’s a bit against procedure in the White House, it’s not un-doable.  His predecessor Barack Obama was hooked on crack, I mean Blackberries.  He simply could not exist with his poor-excuse-for-a-smartphone.   So allowances were made and he kept his Blackberry.  But he was aware of   the security risks; he had a specially-modified one made up, without microphone, camera or GPS, and even this “military-grade” Blackberry had to be handed over every 30 days to check for tampering, further modification, any chance that it posed any extra danger.

And Trump’s calls-only iphone is issued by White House staff and swapped out “through routine support operations” to check for hacking and other security concerns (well, any extra security concerns over and above the security concern that he is carrying around a bloody listening device!!).  But he refuses to let them have his Twitter iphone, because it would be a nuisance!

I’m sure it would be difficult to hack Trump’s phone(s).  I’m sure his equipment is especially hardened against threats.  But when a target is as juicy as Trump, and you have potentially nation-state actors moving against him, nothing is hack-proof.

The White House banned its employees from using personal phones while in the West Wing in January. A statement at the time said that the “security and integrity of the technology systems at the White House is a top priority for the Trump administration”.  But Trump’s wandering the West Wing (and the rest of the White House), Twitter-phone ready to tweet.

The personal smartphone of Trump’s chief of staff John Kelly was reportedly hacked during the Trump transition.  And he didn’t replace it until October.  And Trump’s Twitter-phone hasn’t even been checked!!

This is the man who criticised Hilary Clinton for her use of a personal email server.  He is so dependant on Twitter that he needs a phone especially to tweet.  Note that he needs this phone (not device, oh no, it has to be a phone) to tweet (not to use for other electronic communication, oh no, he hasn’t used email since he came into office, he needs it only to tweet).

The guy is an idiot.  Don’t know if you’ve noticed that yet.

bmc-orange


So all you want is bloody poetry huh?

17/04/2016

I try to blog as often as I can.  But I’m really depressed that only my poems get Likes.  My political, cultural and other entries get next to no interest.  I’m not going to stop posting stuph about politics, culture, privacy, security and the other subjects that get me riled.  And the poetry of course (bread and circuses FFS).  I’d just be happier if my “serious” posts got more attention.

Also, even the poems get next-to-no Comments.  I need Comments so I can hopefully improve. Please please, poetry Likers, could you also Comment?  I’d really appreciate it.  Thanks for reading.

UPDATE: as of 18 April (day after posting) I’ve received two Likes: from anthonymize and Juansen Dizon.  Just general, click-the-Like-button likes, and no comments.  Likes please me, as I have an ego that enjoys beeing stroked; but the whole point of this post is that I want Comments too.  If you’re too shy to make Comments readable by everyone who visits the blog post, there’s a Contact Form button at the top of the page.  You can put your Comments there, abd if you want anonymity that’s what I’ll give you – your name etc will not be kept on record if that’s what you want.

sad-face-sticker

Leave Comments, damn your eyes!

This blog isn’t an anthology of what I consider my best work.  I put works-in-progress here, meh stuph that I’d love to be reviewed and love to get Comments on.  So pleeeze! – if you have the time, write something in the Comments or Contact Form.  Comment on my blog, I’ll come look at your blog, if you have a blog of course, and if I can create a window in my already bursting bag of commitments.  That last bit is a joke of course.  But in all serious, Comment on me and I’ll Comment on yours.  Quid Pro Quo I think it’s called: washing each others’ backs.

Cheers, Martin X!


free web stat


The draft “snooper’s charter” does not protect people’s privacy says Commons intelligence committee

09/02/2016

The intelligence and security committee, set up by prime minister David Cameron to scrutinise new investigatory law, has said that home secretary Theresa May’s draft “snooper’s charter” bill “fails to cover all the intrusive spying powers of the security agencies and lacks clarity in its privacy protections.”

The unexpectedly critical intervention by the intelligence and security committee comes just days before a key scrutiny committee of MPs and peers is to deliver its verdict on the draft legislation aimed at regulating the surveillance powers of the security agencies.

Central to the committee’s complaint is the fact that privacy is an add-on to the bill, rather than being an integral backbone of the proposed legislation.

The ISC said in its report that it supported the government’s intention to provide greater transparency around the security services’ intrusive powers in the aftermath of the Edward Snowden mass surveillance disclosures.

“It is nevertheless disappointing that the draft bill does not cover all the agencies’ intrusive capabilities – as the committee recommended last year,” said Dominic Grieve, former Conservative attorney general and chair of the committee.

The committee had expected to find that privacy would form an integral part of the bill, around which the legislation would be built.  But instead it seems that privacy concerns are an afterthought, and the legislation is not at all transparent in this regard.

“Given the background to the draft bill and the public concern over the allegations made by Edward Snowden in 2013, it is surprising that the protection of people’s privacy – which is enshrined in other legislation – does not feature more prominently,” said the committee, which also proposed three amendments to the bill:

  • On “equipment interference” or computer hacking powers, the ISC said the bill only covered the use of these powers to gather intelligence and did not regulate their use for attack purposes.
  • On “bulk personal datasets” – data bought or obtained from other bodies – it said these included personal information about a large number of individuals that was sufficiently intrusive to require a specific warrant. The bill’s provision for “class bulk dataset warrants” should therefore be deleted.
  • On “communications data”, it said the government’s approach was inconsistent and confusing and clear safeguards needed to be set out on the face of the bill.

“We consider these changes necessary if the government is to bring forward legislation which provides the security and intelligence agencies with the investigatory powers they require, while protecting our privacy through robust safeguards and controls,” Dominic Grieve said.

I believe that any future legislation should ensure that proper warrants from judges are required before investigators can begin retrieving personal data.  There may be occasions when urgency demands authorization from the home secretary; but in general permission should be sought from a judge, not a politician; and there should be real evidence to prove that intrusion into privacy is needed.  This seems to me a no-brainer: just as the police need a warrant before they can search private premises, so investigators should need a warrant before rooting through an individual’s private data and communications.

It seems that the government wants enshrined in law the illegal powers the intelligence and security services were found to use thanks to NSA whistle-blower Edward Snowden’s revelations.  For instance, GCHQ, with its TEMPORA program, has been sifting through the private communications that pass through the underwater cables between Britain and the USA.  Such bulk collection of data should not be allowed.  If the security services believe that an individual is communicating data about unlawful plots, they should present a judge with their evidence and the judge can then decide if data collection is called for. The idea of allowing Theresa May to micro-manage cases is ludicrous: she is not in a position to make judgement calls of this nature while also carrying out her other duties.  The result of the proposed bill would be the home secretary signing off on cases she knows nothing about: basically giving the police and intelligence and security agencies a blank cheque.

Invasion of privacy is a serious matter, and a citizen’s right to privacy should be breached only if there is a good reason.  A judge would be better placed to make this call than a politician in London who has neither the time nor resources to check each case on its merits.  When agencies are given carte blanche to do whatever they want, history indicates that they go too far.  They need to be reigned in.

 

giffgaff1

CLICK ON STEWIE FOR AMAZING MOBILE DEALS!!

 


ibVPN could save you from ID theft, stolen bank details and so much more!

14/01/2016

Nowadays, there’s a lot going around about online secrecy, security, anonymity, theft of bank details and personal info… and a whole lot more.  For instance, did you know that you could decide to take advantage of McDonald’s free wifi while supping on a coffee… and someone else, with a gizmo like the Hak5 Pineapple, could snaffle all your data right out of the air.  And if you’d engaged in online shopping or banking, or even just putting in a password, your economic and personal freedom could possibly be stolen!

Of course, these “man-in-the-middle” attacks are nothing new.  But as tech like the pineapple gets more sophisticated, and cheaper, there are more and more evil computer-aided villains out there willing to sit near free hotspots waiting for a non-security-minded person to get tangled in their web of deceit.  In fact, these crooks don’t necessarily need a laptop to carry out these attacks – a smart phone will do much of the time.  And think about it, how many bods with smart phones do you see in McDonald’s, Burger King’s, Subway, etc etc?  That’s a lot of potential crime… and as anyone who’s suffered this before will tell you, re-securing your bank and other details is no laughing matter!

One way round these criminals is with the use of a Virtual Private Network (or VPN).  When you’re connected to the wev via a VPN, all your outgoing and incoming data is encrypted, meaning that a potential eacesdropper can’t make heads or tails out of anything you send or receive.  An excellent VPN service provider is ibVPN (invisible browser VPN).  You can get a free trial, it increases your online privacy and securely unblocks geo-restricted websites (eg you can watch BBC iPlayer even when you’re not in Britain, if you use a Brit-based server).  You can choose from +95 VPN servers in 39 countries, 63 locations, including servers set up for p2p (bittorrent etc) traffic.  You can surf the internet completely anonymously – hence the name “invisible browser”.  And their online support is extremely good – they have helped me out in the past, figuring our the most baffling problems.

Despite what you may hear on the news, enccryption and secrecy is not just for perverts, crooks or the paranoid.  In fact, that kind of thinking actually helps the crooks, putting you off using this technology to save you from criminals.

Believe me, sending an unencrypted email is like sening a letter on a postcard – easily read by anyone who can get his or her paws on it.  And with the scanning tech available, just about anyone can get a look.  Yes, you might not mind sending a “wish you were here” postcard to your mates when on holiday… but would you send sensitive info on the back of a postcard?  I know I wouldn’t.

Don’t fall prey to the crooks.  Use a service like a VPN.  And if you choose to use a VPN, ibVPN is a very good option.  They provide a very good service.

Go on, get a free trial from ibVPN.  No commitment necessary, and it could save you from the robbers and scammers!

ibvpn-logo

PS: Are you sick of crap mobile phone service?  Join GiffGaff, the mobile network run by YOU!  Get a free SIM card here.

 

free web stat

 


%d bloggers like this: