6/12/2011

Encrypting your data


This post will deal with the worst case scenario; that your computer has been seized. All of your questionable/incriminating/private data is now in the hands of the authorities or your enemy. You may now face any fate, for you are at the mercy of whomever possesses your data.
How can I secure my data?The best way to secure your sensitive data is to store it in encrypted form. There are several tools that can help you do this, my recommendation is 'TrueCrypt'.
TrueCrypt offers you many options for encryption, the following is taken from the site:
Main Features:





TrueCrypt offers on-the-fly encryption/decryption to and from a virtually mounted disc using any of several algorithms, or even a cascading combination of them.
Summary of encryption algorithms offered by TrueCrypt:Once again taken from truecrypt.org:
AlgorithmDesigner(s)Key Size
(Bits)
Block Size (Bits)Mode of Operation
AESJ. Daemen, V. Rijmen256128XTS
SerpentR. Anderson, E. Biham, L. Knudsen256128XTS
TwofishB. Schneier, J. Kelsey, D. Whiting,
D. Wagner, C. Hall, N. Ferguson
256128XTS
AES-Twofish256; 256128XTS
AES-Twofish-Serpent256; 256; 256128XTS
Serpent-AES256; 256128XTS
Serpent-Twofish-AES256; 256; 256128XTS
Twofish-Serpent256; 256128XTS

AES: Advanced Encryption Standard. AES replaced DES (Data Encryption Standard)  as the standard algorithm used by American government facilities in May 2002. AES is the fastest of the 3 encryption routines supported. Some of the more paranoid members of the cryptography community have security fears over AES as although no published attacks have managed to crack it yet, some have gotten part of the way there, as well as this some people believe that the American government has a back-door for AES  that allows them to decrypt it.
AES is actually the Rijndael cipher. The Rijndael cipher was selected to be employed as AES after a several year long competition to find a suitable encryption routine, Serpent and Twofish were also finalists.
Twofish: Twofish lost out to the Rijndael cipher mainly because of it's performance. the Rijndael cipher has a greater throughput. Twofish uses more rounds of encryption, this is partly why it has a lesser throughput, however in some circumstances, such as when using 256-bit keys Twofish can have a greater throughput than the Rijndael cipher. Twofish is related to the earlier 'Blowfish' cipher.
Serpent: Some consider Serpent to be the most secure of the 3 due to it's 32 rounds, as opposed to the Rijndael cipher's 10, however these extra rounds reduce it's throughput considerably.
How to create an encrypted container using TrueCrypt:Here we will create a mountable encrypted container using TrueCrypt's ability to create a virtual encrypted disc within a file.
Note: I am running Ubuntu.
Step 1:Download and install TrueCrypt from the website.
Step 2:Start it up, you should be presented with this window:

Click the 'Create Volume' button.
Step 3:You should be presented with a window asking you which type of volume you wish to create, for the purpose of this article we will be creating an encrypted file container, so leave this option selected.


Step 4:Leave the first option selected again, in the future you may want to use the second option for added security.


Step 5:Select where to save your TrueCrypt volume.


Step 6:Next a window will appear which will let you select which encryption routine and hash algorithm you wish to use. For the purposes of this article I will select 'Serpent' and 'RIPEMD-160'.


Step 7:The next window to appear allows you to configure how large your encrypted container will be, this is of course all based on what you will be using it for.
I have chosen 20MB for demonstration purposes.


Step 8:Next you decide the password for your volume, I suggest that you follow the advice of the program and create a long, random password.


Step 9:Here you select the file system format you wish to use, select this based on the system you plan to use the volume on (the default is probably fine).

Step 10 (final step):Move your mouse around this next window to generate some random data then click the 'Format' button.
Congratulations you're done! Your volume is now ready to use by using the window found in the first image.


Conclusion:Your data is now secure from prying eyes. This could save you from whatever fate would have befallen you had your sensitive data been available to the authorities.
But this is not a complete solution, remember that option for creating a hidden volume we didn't choose earlier? Well that was for the sake of this article, but in practice you may want to utilise the feature, otherwise you may end up in jail like poor Oliver Drage.
Please leave any suggestions/requests/questions as comments!
Thanks. by - sudo nim.

Www.Secure-World.org

6/11/2011

How to Stay Anonymous Online

Staying Anonymous on the Internet is crucial in this day and age. With the flamboyant dis concern of our personal privacy with networking sites like Facebook and Twitter, we may can be traced and tracked very, very easily, with nothing more than a name or an address. Even your e-mail address can give you away. Owning a website is almost suicide, because anybody can request a WHOIS query and, unless the webmaster has opted for protection, that anybody can look at the address and name, even the telephone number of the webmaster. This will be a brief introduction on how to keep your guard up and not fall prey to giving yourself to the World Wide Web.



First off. Whenever you're registering for any type of web-forums or really anything online, never use real information unless it's needed to, say, send you a check (IE Google ADSense). You can use a myriad of different ways to disguise who you are, but a personal favorite of mine would have to be FakeNameGenerator.



It randomly selects a new identity for you, no questions asked. If you need an e-mail for the site you're registering to, they have an on-board disposable e-mail system too, but it kind of sucks. I'd go with 10minutemail.


If you're registering to a site that you think you're going to actually want your e-mail for instead of a 10-minute disposable, then definitely make a new e-mail. Actually, stop reading this and go do it right now. You should always have a separate e-mail available to you other than your personal.



If you're ever making a new identity, never use your personal e-mail or any personal information. Any similarities between the old you and the new you can spark suspicion in somebody looking for you. Don't take chances.



Secondly, a proxy. Think of a proxy as an Internet condom. Wear one, and you won't pick up any nasty infections. A proxy will disguise your IP addresses, and can, sometimes, tell a website requesting this information that you're in a complete different country. A simple one would be UltraSurf.





It simply reassigns your IP, and can also bypass webfilters like NetSweeper (the thing that stops you from going on certain sites at work or school). It's not incredible though, and I find it's quite slow. If you really want to do this all the way, download TOR.




TOR is one of the ones I mentioned will have a website read your IP and mislead it into thinking you're in Nevada or something when you're in Libya, or Denmark when you're in Brazil.



Proxies and fake names aren't enough, and they don't even scratch the surface compared to our last tip. If you want to stay Anonymous on the Internet, and believe me, you do, then you have to be afraid. You have to have an incentive to do what you're doing or you simply won't do it. You have to be afraid of what I'm going to do, as a hacker or a police officer, with your information. You have to know that whenever I want to, I can break you, and you handed me the gun. Your information is not something you should be throwing around, especially in such a dark, twisted alley as the Internet, where smart people are anonymous and know you won't get them back. There are very few places you should be inputting your real identity online.



But a step out of the bleak atmosphere that is my method of protecting you. Congratulations; if you can read English, you can now successfully protect and disguise yourself on the Internet.



-Danny, Secure-world.org

6/01/2011

Remote shutdown computers.

Today's article will teach you how to play practical jokes on your work/school friends. It requires the use of command prompt and will also teach you how to look at other computers on your network.

I'll be using a pretty basic example, and I'm using Vista, so this might not be perfect for you. We'll start with the computer names. Go to your start bar, if it's on your desktop, open up your computer "My Computer". It should look something close to this


Now go ahead and look at the navigation pane to the left (the thing that lists all your drives and other fun stuff). Click on Network.



Now, I'm not on a network right now, but if I was, there would other computers listed here with their computer names. Now for the fun part.

A lot of people will say use the run dialogue, as we used in a previous article, but I'm just going to say you're using Vista or 7. I use Vista, personally, and it works the same with 7. Open the start bar and enter "cmd" in the search bar. A black window will open up, and you will feel instantly more of a liability to anybody with an Internet connection.



The black hacker box will look something like this


It's not a hacker box, that was a joke. Moving on. The shutdown part. Type "shutdown -i" in and press enter. A new window will pop up and look a lot like this.



Now you need to click add and a text field will pop open. Enter the computer name.



The rest is pretty basic, and you can fool around with the settings anyway you want. All of that stuff is pretty plain English, though. This is the message that will appear:



5/31/2011

Using a Computer 1001: OpenOffice > MSO

MSO is French for "waste of money", and translates directly to "Microsoft Office". You get a free 60 day trial from your new computer? Congratulations. Use it for 60 days and then uninstall it. From now on, you'll be using the free and much better alternative: OpenOffice.


And yes, it IS one word. It can be downloaded from this site:

http://www.openoffice.org/




And while it is possible I post the direct download link, I prefer people to read what they're downloading from the site and not just from some two-bit moron on the Internet with a 36 hour old blog. Read about it, download it, install it. You should be able to do all of that without my visual aids. It's a rather large file, so be warned, it may take a while.

Alright, now we've got the hottest new office software out there for a free ∞ day trial. That's right folks; it's free, and no, this isn't a sponsorship. I wish people paid me to do this.

So run it up. You should get a window that looks like this if you just opened the OpenOffice.org application from your start bar or desktop


Now you just click whatever one you want and start doing what you want. As a note, you can also just pick "OpenOffice Writer", as an example, if you wanted to open up a word processor (the equivalent to Microsoft Word).

I strongly recommend following this next piece of advice. Whenever you are saving a document that you've just written, let's say a text file that you wrote in Writer, always save it as a 97/2000/XP doc, because that file is compatible with the current MSO, and most computers you'd want to open it on will open it. OpenOffice will by default save as an .odt, so make sure you "save as" and pick the right file format.


That's about as much help as I can give you with this. The same rule would apply for the Presentation software (equivalent to PowerPoint) and the Spreadsheet (Excel).



As for compatibility, OpenOffice will open any document you ask it to, and as long as you save it as the right file format, you should never have an issue.

5/30/2011

Changing a password without knowing one.

This will be the first real submission to this blog, and will therefore be a poor one.

If you are ever on a computer, at say a library or a friends, or possibly a family computer, and you want to change an account password that isn't yours (obviously, you'd have to be signed on to your account for this to work).

First, open your start menu. If you're on XP, look for the clickable that says "run". If it's Vista or 7, just type run into the search bar.




Open the run dialogue. In the text field, type "control userpasswords2" without the quotes. Press enter. It will open this window:







Click the username of the account you want to change the password of and click "Reset Password".



That concludes the first ever submission to what I'm sure will be the least successful blog on the Internet.