Anonymizing google searches with Firefox

GoogleSharing is a special kind of anonymizing proxy service, designed for a very specific threat. It ultimately aims to provide a level of anonymity that will prevent Google from tracking your searches, movements, and what websites you visit. GoogleSharing is not a full proxy service designed to anonymize all your traffic, but rather something designed exclusively for your communication with Google. Our system is totally transparent, with no special “alternative” websites to visit. Your normal work flow should be exactly the same.

Check out GoogleSharing! or more info for the geeks … /. comments!

Locale… the downside
A disadvantage is that it only works with google.com. As a firefox user you probably know that Firefox uses your locale to match your “local google”. (f.e. google.be).
So you have to change the search engine xml to use google.com instead… How to do this? Check this article at “Random Nothings”.

Protecting your Laptop, or better finding the thief!

The article “Protect And Track Your Laptop In Case Of Theft” has a good breakdown of the service of The Laptop Lock. It kind of reminds me of iAlertU on Mac…

How to properly erase your hard disk?

A whopping 40% of the used hard drives on eBay contain easily recoverable personal data. Use the following guide to ensure your personal data never makes it out into the wild.

Pretty scary words ain’t it… but it’s not far from the truth! Read the article to tutor yourself about the matter as you probably don’t want anyone to invade your privacy.

The first step in securing your data is bolstering your understanding of how data is stored and what happens when you delete it. Many people operate under the impression that when they delete a file it’s gone, as though they had torn a page from a book. But the way most operating systems handle such events is by simply removing the little marker that points to the file. That’s more like having information written on a chalk board in columns, each column labeled with a header, and then simply erasing that header to signify that column is “deleted” and available for future writing over. Anyone who looks at the board can read everything written in the column, until someone starts writing over it.

False Libelous Info About Yourself?

Bloggers are usually well aware of the dangers of being accused of libel, and that’s why most independent online journalists are very careful to make sure that everything they write about someone on their blog is backed with documentation and evidence. But when someone writes something libelous about you, you need to be well prepared to fight back hard.

So what can you do? Read the article @ makeuseof.com!

Sidenote
In November a Dutch waitress got “shut down” by a Belgian politician after comments about his visit to NY. I guess that’s the downside to the “libel” part, who’s the judge in right/wrong?

Re: Spideroak

A while ago I posted about Mozy. As a response to this post, Maya Zarchan contacted me with the following note:

I read your piece discussing Mozy and thought you might be interested in
another vendor, SpiderOak. They provide a free, secure, automated approach for
storing, backing up, accessing, and sharing personal files. SpiderOak is the
only backup software to work across ANY platform (Mac, Linux, and PC) – it
also has unparalleled anonymity, there is literally no visibility into anything
being stored – not even SpiderOak employees have access to the data.

I must admit that I haven’t tried out SpiderOak, but it seems to offer the same kind of service as Mozy. So it’s only fair that I’d give it the same spotlight…

2 GB of Free Online Backup

Today I want to talk about Mozy. It provides a Simple, Automatic & Secure way to backup your files online. Enjoy peace of mind in knowing that your data is encrypted and stored in a safe, remote location. Maybe the last point might frighten you, as your data/information is kept on infrastructure that isn’t yours. Then you might think to add an extra layer of encryption yourself.

The features of Mozy;

• Block-level incremental backup: After the initial backup, MozyHome only backs up files that have been added or changed, making subsequent backups lightning fast.
• Open/locked file support: Mozy will back up your documents whether they’re open or closed.
• 128-bit SSL encryption: The same technology used by banks secures your data during the backup process.
• 448-bit Blowfish encryption: Secures your files while in storage, providing peace of mind that your private data is safe from hackers.
• Automatic: Schedule the times to back up and MozyHome does the rest.
• New and changed file detection: MozyHome finds and saves the smallest changes.
• Backs up Outlook files: Disaster-proof email protection.

An the last thing… You get 2GB of free online storage space! This might help you to keep important data safe?!?

TrueCrypt secures your information

What’s TrueCrypt? It’s a free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux. It’s main features include:

• Creates a virtual encrypted disk within a file and mounts it as a real disk.
• Encrypts an entire partition or storage device such as USB flash drive or hard drive.
• Encrypts a partition or drive where Windows is installed (pre-boot authentication).
• Encryption is automatic, real-time (on-the-fly) and transparent.
• Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.

I use it for my usb sticks. I encrypt a part of the disk (about 50%) where I use the encrypted part for my sensitive information and the “public” part for non-sensitive information. After using it for about two months, I can assure you that’s it’s relativily easy to use for security software. It provides you with a tool to secure your data in a simple manner.

Fingerprint Security, think again…

Today I was reading a post about biometrics on Johan’s blog. As the blog post is in dutch, I’ll be so free to provide a small translated excerpt from it:

Biometrics for authentication is fundamentally wrong!
Why?
Because it doesn’t fulfill the necessary requirements, like for instance “revocation”.

• If someone figures out your password, you have the ability to change your it.
  (and you don’t leave it lying around anywhere)
• If someone copies your bankcard, you can request a new one
  (and you don’t leave it lying around anywhere)

What will you do when they copy your fingerprint? And you DO leave your fingerprints lying around EVERYWHERE.

I already referenced multiple times towards the insecurity of biometrics:

• Mythbusters bust Fingerprint Security
• Fingerprint authentication & RFID Implants

But to show you that it isn’t really that hard to fake, check out this article! Which will show you that copying a fingerprint is about that easy than what they do in “CSI [insert city name here]” to retrieve them …

References
Biometrie voor authenticatie… (dutch)

Linux Kernel 2.6.17 – 2.6.24.1 vmsplice Local Root Exploit

A proof of concept for a local root exploit to hack linux kernels between version 2.6.17 and 2.6.24.1 has been released by ‘milw0rm’. I guess I won’t be the only one who says “feck…” to this.

$ gcc exploit.c -o exploit
$ whoami
heikki
$ ./exploit
———————————–
Linux vmsplice Local Root Exploit
By qaaz
———————————–
[+] mmap: 0×0 .. 0×1000
[+] page: 0×0
[+] page: 0×20
[+] mmap: 0×4000 .. 0×5000
[+] page: 0×4000
[+] page: 0×4020
[+] mmap: 0×1000 .. 0×2000
[+] page: 0×1000
[+] mmap: 0xb7d90000 .. 0xb7dc2000
[+] root
$ whoami
root
Kernel 2.6.22-14-generic

References:
LKML
milw0rm.com
Launchpad
Debian Bugs

UK next in line to ban hacking tools

The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called “hacking tools”. Germany has preceded the UK in these steps, causing security researchers to challenge this law.

So how far would the definition of “hacking tools” go?

• Nmap – Okay, it’s a scanning tool, but I often use it for my profession too… Same goes for WireShark.
• IDE – An ide can be used to code malicous programs, are those going to be banned too?
• OS – Why not ban linux or windows? Windows because it’s the most popular system to be compromised, and linux because we can’t trust those people offcourse!

To me this is once again a situation where goverments fail to provide decent measures to cover a certain objective. It’s even a case of shooting yourself in the foot. Why block your researches from having certain tools to block the “bad guys”? Where these attacks are often foreignly based. A more interesting attempt would have been to try to setup an international code/organisation that would make it more easy to find & prosecute these violators.