Author Topic: Internet Vulnerability & Exploits (Read 1889 times)

TooCold · « **Reply #20 on:** November 11, 2010, 06:05:05 AM »

Quote from: Hex on October 21, 2010, 08:26:40 PM

You would gain another 'layer' of security. I see security as like an onion. I only bother encrypting emails to ONE person (because they are the only person I email about anything potentially 'odd') and we have a few layers. layers upon layers man. Manual encoding using our own (non sophisticated) cipher method (which key-changes a LOT, but is VERY simplistic and probably easy to crack), then GnuPG and then hushmail it just for that extra layer. The emails themselves are 'sanitized' of any identifying shite, and so on. Also as a rule I only access my hushmail accounts from 'borrowed' WiFi hotspots, wiping router logs when I am done. I tend to also use TOR while doing this.

It is all about the layers man. Each one is another layer of insulation to help CYA

My point is that your are not really gaining anything by using hushmail. As hushmail holds your keys and would gladly sell you out if asked to do so by court order. You would be much better off using your time to secure your own computer in other ways than encrypting already strongly encrypted info with a secondary insecure systems like hushmail. It would be like covering a safe with play-doh and saying "its all about layer man".

lugh · « **Reply #21 on:** November 11, 2010, 04:17:16 PM »

Using encryption such as pgp/gpg within a hushmail message does hide the fact that one is using encryption from those who monitor packets sent over the internet so layering does make such communications much more discrete

Stating that it doesn't enhance security is simply not realistic in view of Echelon

xxx · « **Reply #22 on:** December 19, 2010, 05:42:02 AM »

I am trying to (Begin) to write a .pdf on 'anonymizing your browsing' and 'securing your privacy'. Basically simple ways to put more layers of REAL security between YOU and THEM. Based on both serious crypto and deniability.

The more layers between you and it the better!

Wizard X · « **Reply #23 on:** December 21, 2010, 05:35:30 AM »

Since this Internet Security related I'll post this here...

Since WinRescue backs up the Registry and important configuration files, and you can restore in DOS mode with WinRescue - any malware will be neutralized since the Registry and important configuration files are restored from backup(s), thus avoiding a complete Windows reinstall.

REF: http://127.0.0.1/talk/index.php/topic,1650.msg17623.html#msg17623

Readme.txt file in OS.zip The OS.zip file has been scanned with Avast, SpyBot, & Trojan Remover and all OK.

CTMOUSE is the DOS mouse driver for IMAGE & GHOST2K3 in DOS mode.

IMAGE & manual are for full hard drive imaging (full hard drive snapshot backup) in DOS.

GHOST2K3 is for full hard drive imaging (full hard drive snapshot backup) in DOS.

SC is a file explorer/management DOS (commandline utility) that show ALL HIDDEN FILES AND FOLDERS. Copy to C root. C:\
Look at sc.jpg to see example.

WinRescue XP 1.08.04 & Serial.

Pablo Commander V1.4 is a file manager like Norton Commander from http://www.pablosoftwaresolutions.com
Excellent tool for file managemet & exploration.

Wizard X · « **Reply #24 on:** January 08, 2011, 10:16:42 PM »

BEWARE!

Security predictions for 2011. http://www.v3.co.uk/v3/analysis/2274043/security-predictions-2011-key

Facebook profile helps to catch a thief. http://www.computerworld.com/s/article/9203058/Facebook_profile_helps_to_catch_a_thief?taxonomyId=17

Mobile users more vulnerable to phishing scams. http://www.v3.co.uk/v3/news/2274065/mobile-devices-hit-phishing

Researchers confirm Googler's Internet Explorer bug. http://www.computerworld.com/s/article/9203461/Researchers_confirm_Googler_s_Internet_Explorer_bug?taxonomyId=17

Recalculating the telephony security equation. http://www.networkworld.com/columnists/2011/010511-andreas.html

Feds subpoena Twitter for info on WikiLeaks backer. http://www.theregister.co.uk/2011/01/08/feds_subpoena_twitter/

Adobe Flash sandbox security busted by researcher. http://news.techworld.com/security/3255735/adobe-flash-sandbox-security-busted-by-researcher/

TooCold · « **Reply #25 on:** January 09, 2011, 01:27:08 AM »

Quote from: lugh on November 11, 2010, 04:17:16 PM

Using encryption such as pgp/gpg within a hushmail message does hide the fact that one is using encryption from those who monitor packets sent over the internet so layering does make such communications much more discrete Stating that it doesn't enhance security is simply not realistic in view of Echelon

It does not hide the fact your are using encryption because hushmail uses encryption. It does not make it more discreet. Also, by using a hushmail email address you are drawing more attention to yourself anyway.

lugh · « **Reply #26 on:** January 09, 2011, 04:46:48 AM »

Packet sniffing by the NSA isn't going to be able to detect the fact that a hushmail message was encrypted with plain text pgp/gpg encryption, while it will notice that such encryption is being used in gmail

Apparently agreements between the NSA and various telecommunications service providers is news :

h**p://www.usatoday.com/news/washington/2006-02-05-nsa-telecoms_x.htm

hushmail can be compromised by subpoena:

h**p://www.theregister.co.uk/2007/11/08/hushmail_court_orders/

the Scarfo and the Alba/Forrester cases have demonstrated the utility of plain text encryption

Wizard X · « **Reply #27 on:** January 22, 2011, 11:27:22 PM »

Israel tested Stuxnet worm, says report. http://www.computerworld.com/s/article/9205338/Israel_tested_Stuxnet_worm_says_report?taxonomyId=17

Coming soon: A new way to hack into your smartphone. http://www.computerworld.com/s/article/9205318/Coming_soon_A_new_way_to_hack_into_your_smartphone?taxonomyId=17

Creepy as hell: Facebook developers get to know you better. http://www.theregister.co.uk/2011/01/17/facebook_privacy/

Hackers arrested for iPad data breach. http://www.v3.co.uk/v3/news/2274296/fbi-goatse-research-ipad-apple

Experts warn of global black market in stolen bank details. http://www.v3.co.uk/v3/news/2274326/panda-security-cyber-crime

Trapster hack may have exposed millions of iPhone, Android passwords. http://www.computerworld.com/s/article/9205660/Trapster_hack_may_have_exposed_millions_of_iPhone_Android_passwords?taxonomyId=17

Get more out of encryption than compliance with a mandate. http://www.networkworld.com/newsletters/techexec/2011/110121bestpractices.html

Wizard X · « **Reply #28 on:** February 26, 2011, 11:37:53 PM »

New bank Trojan employs fresh tricks to steal account data. http://www.computerworld.com/s/article/9210764/New_bank_Trojan_employs_fresh_tricks_to_steal_account_data?taxonomyId=17

Solid state drive erasure proves harder than expected. http://www.v3.co.uk/v3/news/2274933/ssd-erasure-wipe

Security shocker: Android apps send private data in clear. http://www.theregister.co.uk/2011/02/24/android_phone_privacy_shocker/

Night Dragon hackers targeted Shell, BP and Exxon. http://www.v3.co.uk/v3/news/2274971/shell-bp-exxon-mobil

Wizard X · « **Reply #29 on:** March 10, 2011, 04:50:42 AM »

British Airways IT found guilty of plotting terror attack. http://www.theregister.co.uk/2011/02/28/british_airlines_it_expert_convicted/

Mobile security vulnerabilities increased eight-fold since 2006. http://www.v3.co.uk/v3/news/2275046/ibm-pulse-mobile-security

DHS seeks systems for covert body scans, documents show. http://www.computerworld.com/s/article/9212681/DHS_seeks_systems_for_covert_body_scans_documents_show?taxonomyId=17

Google pulls infected apps from Android Market. http://www.zdnet.co.uk/news/security-threats/2011/03/03/google-pulls-infected-apps-from-android-market-40092018/

Wizard X · « **Reply #30 on:** March 26, 2011, 02:28:34 AM »

Student used spyware to steal passwords, change grades. http://www.computerworld.com/s/article/9214898/Student_used_spyware_to_steal_passwords_change_grades?taxonomyId=17

Hacking wireless network routers no longer illegal in Holland.http://news.techworld.com/mobile-wireless/3266058/hacking-wireless-network-routers-no-longer-illegal-in-holland/

Fraudulent SSL certs force browser updates. http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/fraudulent-ssl-certs-force-browser-updates-10022054/

SCADA vulnerabilities prompt U.S. government warning. http://www.computerworld.com/s/article/9214990/SCADA_vulnerabilities_prompt_U.S._government_warning?taxonomyId=17

European Commission suffers 'serious' cyberattack. http://www.zdnet.co.uk/news/security-threats/2011/03/24/european-commission-suffers-serious-cyberattack-40092260/

Google patches five flaws with Chrome update. http://www.v3.co.uk/v3-uk/news/2037599/google-patches-flaws-chrome-update

Mozilla regrets keeping quiet on SSL certificate theft. http://www.computerworld.com/s/article/9215077/Mozilla_regrets_keeping_quiet_on_SSL_certificate_theft?taxonomyId=17

Wizard X · « **Reply #31 on:** April 09, 2011, 11:05:57 PM »

RSA hackers exploited Flash zero-day bug. http://www.computerworld.com/s/article/9215444/RSA_hackers_exploited_Flash_zero_day_bug?taxonomyId=17

RSA SecurID Breach Shows Why Everybody Must Stay Vigilant. http://www.eweek.com/c/a/Security/RSA-SecurID-Breach-Shows-Why-Everybody-Must-Stay-Vigilant-595858/

FAQ: Epsilon email breach. http://www.computerworld.com/s/article/9215527/FAQ_Epsilon_email_breach?taxonomyId=17

U.S. can conduct offsite searches of computers seized at borders, court rules
http://www.computerworld.com/s/article/9215554/U.S._can_conduct_offsite_searches_of_computers_seized_at_borders_court_rules?taxonomyId=17

Popular open source DHCP program open to hack attacks. http://www.theregister.co.uk/2011/04/07/dhcp_remote_vuln/

Wizard X · « **Reply #32 on:** April 19, 2011, 02:17:46 AM »

Adobe confirms critical Flash zero-day bug. http://www.computerworld.com/s/article/9215721/Adobe_confirms_critical_Flash_zero_day_bug?taxonomyId=17

Hacker breaks into Barracuda Networks database. http://www.computerworld.com/s/article/9215723/Hacker_breaks_into_Barracuda_Networks_database?taxonomyId=17

Three Firewalls Flunk Stability Tests, NSS Labs Reports. http://www.networkcomputing.com/wan-security/three-firewalls-flunk-stability-tests-nss-labs-reports.php

Can IPS appliances remain useful in a virtual-machine world? http://www.networkworld.com/news/2011/041211-ips-appliances-virtual-machines.html

Hacker arrested after showing off skills on TV. http://www.v3.co.uk/v3-uk/it-sneak-blog/2043687/hacker-arrested-skills-tv

Hackers gain root access to WordPress servers. http://www.computerworld.com/s/article/9215809/Hackers_gain_root_access_to_WordPress_servers?taxonomyId=17

Wizard X · « **Reply #33 on:** April 23, 2011, 10:09:10 PM »

iPhone secretly tracks user location, say researchers.
http://www.computerworld.com/s/article/9215984/iPhone_secretly_tracks_user_location_say_researchers?taxonomyId=17

Apple faces questions from Congress about iPhone tracking.
http://www.computerworld.com/s/article/9216058/Apple_faces_questions_from_Congress_about_iPhone_tracking?taxonomyId=17

Top-secret US lab infiltrated by spear phishers. http://www.theregister.co.uk/2011/04/19/us_lab_security_breach/

Adobe patches Reader bug early as PDF attacks begin.
http://www.computerworld.com/s/article/9216062/Adobe_patches_Reader_bug_early_as_PDF_attacks_begin?taxonomyId=17

Cops refuse to say if they secretly snarf cellphone data. http://www.theregister.co.uk/2011/04/21/police_cellphone_searches/

akcom · « **Reply #34 on:** April 29, 2011, 04:24:44 AM »

Quote from: Hex on December 19, 2010, 05:42:02 AM

I am trying to (Begin) to write a .pdf on 'anonymizing your browsing' and 'securing your privacy'. Basically simple ways to put more layers of REAL security between YOU and THEM. Based on both serious crypto and deniability.

The more layers between you and it the better!

The tutorial could be one sentence long:
go to http://www.torproject.org

Quote from: TooCold on January 09, 2011, 01:27:08 AM

Quote from: lugh on November 11, 2010, 04:17:16 PM
Using encryption such as pgp/gpg within a hushmail message does hide the fact that one is using encryption from those who monitor packets sent over the internet so layering does make such communications much more discrete Stating that it doesn't enhance security is simply not realistic in view of Echelon

It does not hide the fact your are using encryption because hushmail uses encryption. It does not make it more discreet. Also, by using a hushmail email address you are drawing more attention to yourself anyway.

Layering GPG is ineffective, in fact it increases the chance of a successful KPA. Hushmail will hand over your emails (decrypted) to the authorities with a simple request, no warrant required. Hushmail is nice if you encrypt the messages on your own, but only because they scrub the IP address. You're just as safe using something like safe-mail or cyber-whatever + GPG

lugh · « **Reply #35 on:** April 29, 2011, 04:43:03 AM »

Quote

Layering GPG is ineffective, in fact it increases the chance of a successful KPA. Hushmail will hand over your emails (decrypted) to the authorities with a simple request, no warrant required. Hushmail is nice if you encrypt the messages on your own, but only because they scrub the IP address. You're just as safe using something like safe-mail or cyber-whatever + GPG

According to:

h**ps://secure.wikimedia.org/wikipedia/en/wiki/Known-plaintext_attack

modern cyphers such as AES aren't susceptable to known plaintext attacks, perhaps you could explain why the Wikipedia article is wrong

There are certainly many alternatives to hushmail, it's simply the best known

akcom · « **Reply #36 on:** April 29, 2011, 04:51:07 AM »

Because we're not talking about AES, we're talking about a PKI built on either RSA, DSA, or ECC (in some extreme cases).

Regardless of whether or not it decreases the security of the algorithm, it certainly does not increase it.

edit: hushmail is the best known and most heavily watched. steroid bust anyone?

lugh · « **Reply #37 on:** April 29, 2011, 02:01:33 PM »

Quote

hushmail is the best known and most heavily watched. steroid bust anyone?

Those fools were selling their products using publicly advertised hushmail accounts as some other braniacs are doing with research chemicals

There seems to be some confusion about what modern encryption is capable of :

h**ps://secure.wikimedia.org/wikipedia/en/wiki/Public-key_cryptography

practical attacks usually involved the private key

akcom · « **Reply #38 on:** April 29, 2011, 02:13:39 PM »

Yes, and hushmail will gladly hand over your private key to the authorities.

lugh · « **Reply #39 on:** April 29, 2011, 05:26:04 PM »

Quote

Yes, and hushmail will gladly hand over your private key to the authorities.

That's why one uses plain text encryption if one wants to securely communicate using hushmail

Author Topic: Internet Vulnerability & Exploits (Read 1889 times)

TooCold

Re: Internet Security & Exploits.

lugh

Re: Internet Security & Exploits.

xxx

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

TooCold

Re: Internet Security & Exploits.

lugh

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

akcom

Re: Internet Security & Exploits.

lugh

Re: Internet Security & Exploits.

akcom

Re: Internet Security & Exploits.

lugh

Re: Internet Security & Exploits.

akcom

Re: Internet Security & Exploits.

lugh

Re: Internet Security & Exploits.