Archive for the ‘Cyber Crime’ Category

tv-justice

Here is some help for you guys and gals that are looking for some forensic tools, they can also be good fun to mess around with.

1. Disk tools and data capture

————————————————————————————————————–
Arsenal Image Mounter :
Mounts disk images as complete disks in Windows, giving access to Volume Shadow Copies, etc.
https://www.arsenalrecon.com/apps/image-mounter/
————————————————————————————————————–
DumpIt :
Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive.
http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/
————————————————————————————————————–
EnCase :
Create EnCase evidence files and EnCase logical evidence files
http://www1.guidancesoftware.com/Order-Forensic-Imager.aspx
————————————————————————————————————–
Encrypted Disk Detector :
Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes
http://info.magnetforensics.com/encrypted-disk-detector
————————————————————————————————————–
EWF MetaEditor :
Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier)
http://www.4discovery.com/our-tools/
————————————————————————————————————–
FAT32 Format :
Enables large capacity disks to be formatted as FAT32
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
————————————————————————————————————–
Forensics Acquisition of Websites :
Browser designed to forensically capture web pages
http://www.fawproject.com/en/default.aspx
————————————————————————————————————–
FTK Imager :
Imaging tool, disk viewer and image mounter
http://www.accessdata.com/support/product-downloads
————————————————————————————————————–
Guymager :
Multi-threaded GUI imager under running under Linux
http://guymager.sourceforge.net/
————————————————————————————————————–
Live RAM Capturer :
Extracts RAM dump including that protected by an anti-debugging or anti-dumping system. 32 and 64 bit builds
http://forensic.belkasoft.com/en/ram-capturer
————————————————————————————————————–
NetworkMiner :
Network analysis tool. Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing
http://sourceforge.net/projects/networkminer/
————————————————————————————————————–
Nmap :
Utility for network discovery and security auditing
http://nmap.org/
————————————————————————————————————–
Magnet RAM :
Captures physical memory of a suspect’s computer. Windows XP to Windows 10, and 2003, 2008, 2012. 32 & 64 bit
http://www.magnetforensics.com/ram-capture/
————————————————————————————————————–
OSFClone :
Boot utility for CD/DVD or USB flash drives to create dd or AFF images/clones.
http://www.osforensics.com/tools/create-disk-images.html
————————————————————————————————————–
OSFMount :
Mounts a wide range of disk images. Also allows creation of RAM disks
http://www.osforensics.com/tools/mount-disk-images.html
————————————————————————————————————–
Wireshark :
Network protocol capture and analysis
https://www.wireshark.org/
————————————————————————————————————–
Disk2vhd :
Creates Virtual Hard Disks versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V VMs
https://technet.microsoft.com/en-gb/sysinternals/ee656415.aspx

————————————————————————————————————–
2. Email analysis

————————————————————————————————————–
EDB Viewer :
Open and view (not export) Outlook EDB files without an Exchange server
http://www.nucleustechnologies.com/exchange-edb-viewer.html
————————————————————————————————————–
Mail Viewer :
Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases and single EML files
http://www.mitec.cz/mailview.html
————————————————————————————————————–
MBOX Viewer :
View MBOX emails and attachments
http://www.systoolsgroup.com/mbox-viewer.html
————————————————————————————————————–
OST Viewer  :
Open and view (not export) Outlook OST files without connecting to an Exchange server
http://www.nucleustechnologies.com/ost-viewer.html
————————————————————————————————————–
PST Viewer  :
Open and view (not export) Outlook PST files without needing Outlook
http://www.nucleustechnologies.com/pst-viewer.html
————————————————————————————————————–
3. General tools

————————————————————————————————————–
Agent Ransack :
Search multiple files using Boolean operators and Perl Regex
http://www.mythicsoft.com/page.aspx?type=agentransack&page=home
————————————————————————————————————–
Computer Forensic Reference Data Sets :
Collated forensic images for training, practice and validation
http://www.cfreds.nist.gov/
————————————————————————————————————–
EvidenceMover :
Copies data between locations, with file comparison, verification, logging
http://www.nuix.com/Nuix-evidence-mover
————————————————————————————————————–
FastCopy :
Self labelled ‘fastest’ copy/delete Windows software. Can verify with SHA-1, etc.
http://ipmsg.org/tools/fastcopy.html.en
————————————————————————————————————–
File Signatures :
Table of file signatures
http://www.garykessler.net/library/file_sigs.html
————————————————————————————————————–
HexBrowser :
Identifies over 1000 file types by examining their signatures
http://www.hexbrowser.com/
————————————————————————————————————–
HashMyFiles :
Calculate MD5 and SHA1 hashes
http://www.nirsoft.net/utils/hash_my_files.html
————————————————————————————————————–
MobaLiveCD :
Run Linux live CDs from their ISO image without having to boot to them
http://mobalivecd-en.mobatek.net/
————————————————————————————————————–
Mouse Jiggler :
Automatically moves mouse pointer stopping screen saver, hibernation etc.
http://mousejiggler.codeplex.com/
————————————————————————————————————–
Notepad ++ :
Advanced Notepad replacement
http://notepad-plus-plus.org/
————————————————————————————————————–
NSRL :
Hash sets of ‘known’ (ignorable) files
http://www.nsrl.nist.gov/Downloads.htm
————————————————————————————————————–
Quick Hash :
A Linux & Windows GUI for individual and recursive SHA1 hashing of files
http://sourceforge.net/projects/quickhash/
————————————————————————————————————–
USB Write Blocker :
Enables software write-blocking of USB ports
http://dsicovery.com/dsicovery-software/usb-write-blocker/
————————————————————————————————————–
Volix :
Application that simplifies the use of the Volatility Framework
http://www.it-forensik.fh-aachen.de/projekte/volix/13
————————————————————————————————————–
Windows Forensic Environment :
Guide by Brett Shavers to creating and working with a Windows boot CD
http://winfe.wordpress.com/
————————————————————————————————————–
4. File and data analysis

————————————————————————————————————–
Advanced Prefetch Analyser :
Reads Windows XP,Vista and Windows 7 prefetch files
http://www.ash368.com/
————————————————————————————————————–
analyzeMFT :
Parses the MFT from an NTFS file system allowing results to be analysed with other tools
https://github.com/dkovar/analyzeMFT
————————————————————————————————————–
bstrings :
Find strings in binary data, including regular expression searching.
https://binaryforay.blogspot.co.uk/2015/07/introducing-bstrings-better-strings.html
————————————————————————————————————–
CapAnalysis :
PCAP viewer
http://www.capanalysis.net/site/
————————————————————————————————————–
Crowd Reponse :
Windows console application to aid gathering of system information for incident response and security engagements.
http://www.crowdstrike.com/community-tools/
————————————————————————————————————–
Crowd Inspect :
Details network processes, listing binaries associated with each process. Queries VirusTotal, other malware repositories & reputation services to produce “at-a-glance” state of the system
http://www.crowdstrike.com/community-tools/
————————————————————————————————————–
DCode :
Converts various data types to date/time values
http://www.digital-detective.net/digital-forensic-software/free-tools/
————————————————————————————————————–
Defraser :
Detects full and partial multimedia files in unallocated space
http://sourceforge.net/projects/defraser/
————————————————————————————————————–
eCryptfs Parser :
Recursively parses headers of every eCryptfs file in selected directory. Outputs encryption algorithm used, original file size, signature used, etc.
http://sourceforge.net/projects/ecryptfs-p/
————————————————————————————————————–
Encryption Analyzer :
Scans a computer for password-protected & encrypted files, reports encryption complexity and decryption options for each file
http://www.lostpassword.com/encryption-analyzer.htm
————————————————————————————————————–
ExifTool :
Read, write and edit Exif data in a large number of file types
http://www.sno.phy.queensu.ca/~phil/exiftool/
————————————————————————————————————–
File Identifier :
Drag and drop web-browser JavaScript tool for identification of over 2000 file types
http://www.toolsley.com/
————————————————————————————————————–
Forensic Image Viewer :
View various picture formats, image enhancer, extraction of embedded Exif, GPS data
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
Ghiro :
In-depth analysis of image (picture) files
http://www.getghiro.org/
————————————————————————————————————–
Highlighter :
Examine log files using text, graphic or histogram views
http://www.mandiant.com/products/free_software/highlighter/
————————————————————————————————————–
Link Parser :
Recursively parses folders extracting 30+ attributes from Windows .lnk (shortcut) files
http://www.4discovery.com/our-tools/
————————————————————————————————————–
LiveContactsView :
View and export Windows Live Messenger contact details
http://www.nirsoft.net/utils/live_messenger_contacts.html
————————————————————————————————————–
PECmd :
Prefetch Explorer
https://binaryforay.blogspot.co.uk/2016/01/pecmd-v0600-released.html
————————————————————————————————————–
PlatformAuditProbe :
Command Line Windows forensic/ incident response tool that collects many artefacts. Manual
https://appliedalgo.com/
————————————————————————————————————–
RSA Netwitness Investigator :
Network packet capture and analysis
http://www.emc.com/security/rsa-netwitness.htm#!freeware
————————————————————————————————————–
Memoryze :
Acquire and/or analyse RAM images, including the page file on live systems
http://www.mandiant.com/products/free_software/memoryze/
————————————————————————————————————–
MetaExtractor :
Recursively parses folders to extract meta data from MS Office, OpenOffice and PDF files
http://www.4discovery.com/our-tools/
————————————————————————————————————–
MFTview :
Displays and decodes contents of an extracted MFT file
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
PictureBox :
Lists EXIF, and where available, GPS data for all photographs present in a directory. Export data to .xls or Google Earth KML format
http://www.mikesforensictools.co.uk/MFTPB.html
————————————————————————————————————–
PsTools :
Suite of command-line Windows utilities
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
————————————————————————————————————–
Shadow Explorer :
Browse and extract files from shadow copies
http://www.shadowexplorer.com/
————————————————————————————————————–
SQLite Manager :
Firefox add-on enabling viewing of any SQLite
https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/
————————————————————————————————————–
Strings :
Command-line tool for text searches
http://technet.microsoft.com/en-gb/sysinternals/bb897439.aspx
————————————————————————————————————–
Structured Storage Viewer :
View and manage MS OLE Structured Storage based files
http://www.mitec.cz/ssv.html
————————————————————————————————————–
Switch-a-Roo :
Text replacement/converter/decoder for when dealing with URL encoding, etc
http://www.mikesforensictools.co.uk/MFTSAR.html
————————————————————————————————————–
Windows File Analyzer :
Analyse thumbs.db, Prefetch, INFO2 and .lnk files
http://www.mitec.cz/wfa.html
————————————————————————————————————–
Xplico :
Network forensics analysis tool
http://www.xplico.org/
————————————————————————————————————–
5. Mac OS tools

————————————————————————————————————–
Audit :
Audit Preference Pane and Log Reader for OS X
https://github.com/twocanoes/audit
————————————————————————————————————–
ChainBreaker :
Parses keychain structure, extracting user’s confidential information such as application account/password, encrypted volume password (e.g. filevault), etc
http://forensic.n0fate.com/?page_id=412
————————————————————————————————————–
Disk Arbitrator :
Blocks the mounting of file systems, complimenting a write blocker in disabling disk arbitration
https://github.com/aburgh/Disk-Arbitrator
————————————————————————————————————–
Epoch Converter :
Converts epoch times to local time and UTC
https://www.blackbagtech.com/resources/freetools/epochconverter.html
————————————————————————————————————–
FTK Imager CLI for Mac OS :
Command line Mac OS version of AccessData’s FTK Imager
http://accessdata.com/product-download/digital-forensics/mac-os-10.5-and-10.6x-version-3.1.1
————————————————————————————————————–
IORegInfo :
Lists items connected to the computer (e.g., SATA, USB and FireWire Drives, software RAID sets). Can locate partition information, including sizes, types, and the bus to which the device is connected
https://www.blackbagtech.com/resources/freetools/ioreg-info.html
————————————————————————————————————–
PMAP Info :
Displays the physical partitioning of the specified device. Can be used to map out all the drive information, accounting for all used sectors
https://www.blackbagtech.com/resources/freetools/pmap-info.html
————————————————————————————————————–
Volafox :
Memory forensic toolkit for Mac OS X
http://forensic.n0fate.com/?page_id=412
————————————————————————————————————–
6. Mobile devices

————————————————————————————————————–
iPBA2 :
Explore iOS backups
http://ipbackupanalyzer.com/
————————————————————————————————————–
iPhone Analyzer :
Explore the internal file structure of Pad, iPod and iPhones
http://sourceforge.net/projects/iphoneanalyzer/
————————————————————————————————————–
ivMeta :
Extracts phone model and software version and created date and GPS data from iPhone videos.
http://www.csitech.co.uk/ivmeta-iphone-metadata/
————————————————————————————————————–
Last SIM Details :
Parses physical flash dumps and Nokia PM records to find details of previously inserted SIM cards.
http://lastsimdetails.blogspot.co.uk/p/downloads.html
————————————————————————————————————–
Rubus :
Deconstructs Blackberry .ipd backup files
http://www.cclgroupltd.com/Buy-Software/rubus-ipd-de-constructor-utility.html
————————————————————————————————————–
SAFT :
Obtain SMS Messages, call logs and contacts from Android devices
http://www.signalsec.com/saft/
————————————————————————————————————–
7. Data analysis suites

————————————————————————————————————–
Autopsy :
Graphical interface to the command line digital investigation analysis tools in The Sleuth Kit (see below)
http://www.sleuthkit.org/autopsy/
————————————————————————————————————–
Backtrack :
Penetration testing and security audit with forensic boot capability
http://www.backtrack-linux.org/
————————————————————————————————————–
Caine :
Linux based live CD, featuring a number of analysis tools
http://www.caine-live.net/
————————————————————————————————————–
Deft :
Linux based live CD, featuring a number of analysis tools
http://www.deftlinux.net/
————————————————————————————————————–
Digital Forensics Framework :
Analyses volumes, file systems, user and applications data, extracting metadata, deleted and hidden items
http://www.digital-forensic.org/
————————————————————————————————————–
Forensic Scanner :
Automates ‘repetitive tasks of data collection’. Fuller description here
https://github.com/appliedsec/forensicscanner
————————————————————————————————————–
Paladin :
Ubuntu based live boot CD for imaging and analysis
http://www.sumuri.com/
————————————————————————————————————–
SIFT :
VMware Appliance pre-configured with multiple tools allowing digital forensic examinations
http://computer-forensics.sans.org/community/downloads/
————————————————————————————————————–
The Sleuth Kit :
Collection of UNIX-based command line file and volume system forensic analysis tools
http://www.sleuthkit.org/sleuthkit/
————————————————————————————————————–
Volatility Framework :
Collection of tools for the extraction of artefacts from RAM
http://www.volatilityfoundation.org/
————————————————————————————————————–

8. Internet analysis

http://www.nirsoft.net/utils/mzcv.html
————————————————————————————————————–
MozillaHistoryView :
Reads the history.dat of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web page
http://www.nirsoft.net/utils/mozilla_history_view.html
————————————————————————————————————–
MyLastSearch :
Extracts search queries made with popular search engines (Google, Yahoo and MSN) and social networking sites (Twitter, Facebook, MySpace)
http://www.nirsoft.net/utils/my_last_search.html
————————————————————————————————————–
PasswordFox :
Extracts the user names and passwords stored by Mozilla Firefox Web browser
http://www.nirsoft.net/utils/passwordfox.html
————————————————————————————————————–
OperaCacheView :
Reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache
http://www.nirsoft.net/utils/opera_cache_view.html
————————————————————————————————————–
OperaPassView :
Decrypts the content of the Opera Web browser password file, wand.dat
http://www.nirsoft.net/utils/opera_password_recovery.html
————————————————————————————————————–
Web Historian :
Reviews list of URLs stored in the history files of the most commonly used browsers
http://www.mandiant.com/resources/download/web-historian
————————————————————————————————————–
Web Page Saver :
Takes list of URLs saving scrolling captures of each page. Produces HTML report file containing the saved pages
http://info.magnetforensics.com/web-page-saver
————————————————————————————————————–

9. Registry analysis

————————————————————————————————————–
AppCompatCache Parser :
Dumps list of shimcache entries showing which executables were run and their modification dates. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
ForensicUserInfo :
Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file
http://www.woanware.co.uk/forensics/forensicuserinfo.html
————————————————————————————————————–
Process Monitor :
Examine Windows processes and registry threads in real time
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
————————————————————————————————————–
RECmd :
Command line access to offline Registry hives. Supports simple & regular expression searches as well as searching by last write timestamp. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
Registry Decoder :
For the acquisition, analysis, and reporting of registry contents
http://www.digitalforensicssolutions.com/registrydecoder/
————————————————————————————————————–
Registry Explorer :
Offline Registry viewer. Provides deleted artefact recovery, value slack support, and robust searching. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
RegRipper :
Registry data extraction and correlation tool
http://regripper.wordpress.com/
————————————————————————————————————–
Regshot :
Takes snapshots of the registry allowing comparisons e.g., show registry changes after installing software
http://sourceforge.net/projects/regshot/files/
————————————————————————————————————–
ShellBags Explorer  :
Presents visual representation of what a user’s directory structure looked like. Additionally exposes various timestamps (e.g., first explored, last explored for a given folder. Further details.
http://binaryforay.blogspot.co.uk/p/software.html
————————————————————————————————————–
USB Device Forensics :
Details previously attached USB devices on exported registry hives
http://www.woanware.co.uk/forensics/usbdeviceforensics.html
————————————————————————————————————–
USB Historian :
Displays 20+ attributes relating to USB device use on Windows systems
http://www.4discovery.com/our-tools/
————————————————————————————————————–
USBDeview :
Details previously attached USB devices
http://www.nirsoft.net/utils/usb_devices_view.html
————————————————————————————————————–
User Assist Analysis :
Extracts SID, User Names, Indexes, Application Names, Run Counts, Session, and Last Run Time Attributes from UserAssist keys
http://www.4discovery.com/our-tools/
————————————————————————————————————–
UserAssist :
Displays list of programs run, with run count and last run date and time
http://blog.didierstevens.com/programs/userassist/
————————————————————————————————————–
Windows Registry Recovery :
Extracts configuration settings and other information from the Registry
http://www.mitec.cz/wrr.html
————————————————————————————————————–
10. Application analysis

————————————————————————————————————–
Dropbox Decryptor :
Decrypts the Dropbox filecache.dbx file which stores information about files that have been synced to the cloud using Dropbox
http://info.magnetforensics.com/dropbox-decryptor
————————————————————————————————————–
Google Maps Tile Investigator :
Takes x,y,z coordinates found in a tile filename and downloads surrounding tiles providing more context
http://info.magnetforensics.com/google-maps-tile-investigator
————————————————————————————————————–
KaZAlyser :
Extracts various data from the KaZaA application
http://www.sandersonforensics.com/forum/list.php?category/46-Free-Software
————————————————————————————————————–
LiveContactsView :
View and export Windows Live Messenger contact details
http://www.nirsoft.net/utils/live_messenger_contacts.html
————————————————————————————————————–
SkypeLogView :
View Skype calls and chats
http://www.nirsoft.net/utils/skype_log_view.html
————————————————————————————————————–

 If you think that the patches delivered through Windows update can not be laced with malware, think again.
Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations.
Security researchers from UK-based security firm ‘Context’ have discovered a way to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise.

What is WSUS in Windows?

Windows Server Update Services (WSUS) allows an administrator to deploy the Windows software update to servers and desktops throughout the organization.
These updates come from the WSUS server and not Windows server.
Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates. As the admin is the owner of the distribution of these updates.

Intercepting WSUS to Inject Malware into Corporate Networks

By default, WSUS does not use SSL encrypted HTTPS delivery for the SOAP (Simple Object Access Protocol) XML web service. Instead, it uses the non-encrypted HTTP.
This is a major WSUS weakness that should not be ignored now. (At least when it has been exploited and shown to the world).
As WSUS installations are not configured to use SSL security mechanism, hence they are vulnerable to man-in-the-middle (MitM) attacks.
According to researchers Paul Stone and Alex Chapman, the attack is so simple that a hacker with low privileges can set up fake updates that can be installed automatically by connected machines.
All update packages that are downloaded from the Microsoft Update website are signed with a Microsoft signature. Which cannot be altered.
However, Hackers can alter Windows Update by installing malware in the metadata of the update.

By repurposing existing Microsoft-signed binaries, we were able to demonstrate that an attacker can inject malicious updates to execute arbitrary commands,” researchers said in the paper.

A malicious attacker can inject malware in the SOAP XML communication between the WSUS server and the client and making it look purely authentic update to install.
Windows update also includes more than 25,000 of 3rd-party drivers that are developed and signed by other developers, which can also be altered easily.

Our concern is that when plugging in a USB device, some of these drivers may have vulnerabilities that could be exploited for malicious purposes. Everyone is familiar with the ‘searching for Drivers’ and ‘Windows Update’ dialog boxes on their desktops – but these seemingly innocuous windows may be hiding some serious threats.

So, now it can be a big security threat for the new Windows 10. Either the corporates are going to live in the era of old Windows or upgrade and welcome the malware!
The researchers demonstrated the hack at the Black Hat security conference in Las Vegas this week in a talk titled, WSUSpect: Compromising the Windows Enterprise via Windows Update [PDF].

Caintech.co.uk

 

 

In today’s society, every citizen is monitored, tracked, and profiled by their government and affiliated agencies; the American National Security Agency (NSA) and the Great Britain Government Communications Headquarters (GCHQ) are two commonly discussed examples. This page is to provide a resource for learning more about staying secure online.

Basic Security Tips:

  • When discussing potentially sensitive or anti-government issues, make sure to use a fake, online alias.
  • Never reveal your real name when associating with your online alias.
  • Always use a virtual private network.
  • Pay for things associated with your online alias, with a prepaid card. Pay for the prepaid card in cash if possible.

Virtual Private Networks

A virtual private network, also known as a VPN, is a service used to add a layer of security and privacy to networks. VPNs are often used by businesses and corporations to protect sesitive data. Although, using a VPN is becoming increasingly more popular for the average person.

Privacy and security is increased, because when active, the VPN will “replace” the users IP address with one from the VPN provider. It will also “change” your domain name system address, also known as DNS address, which will not allow your internet service provider to view what websites you are visiting. In addition to these privacy and security increases, it encrpyts your internet traffic. Most VPN providers offer at least 128-bit AES encryption, which according to documents leaked by Edward Snowden, has not been broken by the NSA yet. Some also offter 256-bit AES encryption, which is more secure.

Warnings

  • Free VPN providers are likely selling their logs and/or compromising your security.
  • Do not tell anyone what provider you are using.
  • Be sure to read the Terms of Service and Privacy Policy before using a VPN service.
  • Do your own research. Don’t trust random sources.

VPN Providers

Below is a list of paid VPN providers. We do not support or endorse any of the providers listed below. We merely provide this list as a starting point into researching the provider that is right for you.

Private Internet Access

IPVanish

AirVPN

TigerVPN

Perfect Privacy

Hide.Me

TorGuard

View a larger list of VPN Providers here.

DNS Leaking

When utilizing an anonymity service, it is extremely important that all traffic coming from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, an adversary monitoring your traffic will be able to log your activity.

DNS or the domain name system is used to translate domain names such as http://www.duckduckgo.com into numerical IP addresses such as 111.222.333.444, which are required to route packets of data on the internet. Whenever your computer needs to contact a server on the internet, such as when you enter a domain name into your browser, your computer reaches out to a DNS server and requests the IP address associated with that domain name. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your internet activities.

Under certain conditions, although connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity service. DNS leaks are a huge privacy threat since the anonymity service may be providing a false sense of security while data is leaking.

Be sure to check if you are leaking any data by visiting one of the websites below.

DNS Leak Test
IP Leak

Search Engine Tracking

The sad truth is that no matter where we go, big corporations and governments attempt to track, profile, and control us. Even our own “beloved” Google search engine is used to track everything we search for. Everytime you use a regular search engine, your search data is recorded. Major search engines capture your IP address and use tracking cookies to make a record of your searches, the time, and the links you choose – then they store that information in a huge database.

Investigation of those searches reveal a shocking amount of personal information about you, such as your interests, family circumstances, political believes medical conditions, financial status, and more. This database is a modern-day gold mine for government officials, hackers, and marketers. To stop storing your future searches in this database, it is recommended that you use alternative search engines.

Alternative Search Engines

There are many search engine alternatives to Google, Yahoo, Bing, and Yandex that are dedicated to the privacy of their users. The list below is a small list of the alternative search engines available.

DuckDuckGo

StartPage

Disconnect Search

IXQuick

 

tv crime2A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned.
LISTEN AND MAKE PHONE CALLS REMOTELY
The vulnerability (CVE-2015-0670) actually resides in the default configuration of certain Cisco IP phones is due to “improper authentication“, which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request.
Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity.
AFFECTED DEVICES
The devices affects the Cisco’s small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these device may also be affected by the flaw.
It’s likely that some phones have been configured to be accessible from the Internet, so it would be very easy for hackers to locate the vulnerable devices that run on vulnerable software versions by using the popularShodan search engine.

To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device,” the Cisco advisory says. “This access requirement may reduce the likelihood of a successful exploit.

Cisco has confirmed the issue, which was discovered and reported by Chris Watts, a researcher at Tech Analysis in Australia, along with two other flaws — an XSS vulnerability (CVE-2014-3313) and a local code execution vulnerability (CVE-2014-3312).
VULNERABILITY UNPATCHED, YET SOME RECOMMENDATIONS
The company hasn’t patched the problem yet and is working on a new version of the firmware to fix the issue, although the company offers some recommendations in order to mitigate the risk:
  • Administrators are advised to enable XML execution authentication in the configuration setting of the affected device.
  • Administrators are advised to allow network access only to trusted users.
  • Administrators are advised to use Solid firewall strategies to help protect the affected systems from external attacks.
  • Administrators may also use IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
  • Administrators are advised to closely monitor the vulnerable devices.

tv crime2

Ransomware malware threat has forced somebody for the terrible suicide and once again has marked its history by somebody’s blood. Sad, but it’s True!

Joseph Edwards, a 17-year-old schoolboy from Windsor, Berkshire, hanged himself after receiving a bogus email appeared to be from police claiming that he’d been spotted browsing illegal websites and that a fine of 100 pound needed to be paid in order to stop the police from pursuing him.
The scam email pushed the well-known Police Ransomware onto the boy’s laptop and also downloaded malware that locked up his system once it was opened.
Edwards was an A-level student with Autism, a developmental disability, that likely made him more susceptible to believing the Internet scam mail, supposedly sent from from Cheshire police, was genuine, a coroner heard on Thursday.
Edwards was so upset and depressed by the accusation and the extortionate demand that he hanged himself hours after falling victim to the crucial threat. He was found hanged at his family home in Windsor by his mother Jacqueline Edwards, who told the coroner that he probably didn’t understand the implications of his actions.

He didn’t seem to have any worries known to me. I don’t think he really understood,” Jacqueline Edwards told the coroner. “Joseph was subjected to a scam on the internet, a threatening, fake police link that was asking for money,” his mother said in a statement. “He would have taken it literally because of his autism and he didn’t want to upset Georgia [his sister] or me.

As far as we all know, a Police ransomware of this type does not encrypt files and usually asks a victim to pay a small fine that last around £200 or €200. It’s normally much easier to remove the threat from infected systems by using dedicated tools specially designed to remove such infections.
According to Detective Sergeant Peter Wall, it will be almost impossible to trace the fraudsters behind the ‘crude’ email, but believe it may have originated outside the UK.
This is not first time when Ransomware has become deadly reason to take someone’s life. Over a year ago, a Romanian family faced same Police Ransomware threat and the Romanian victim hanged himself and his four-year-old son, scarring that his young son would pay for his mistake and his life would be spend in the moment of delusion.
Ransomware is one of the most blatant and obvious criminal’s money making schemes out there, from which Cryptolocker threat had touched the peak, and cyber criminals have developed many Cryptolocker versions (prisonlocker, linkup, icepole, cryptobit) by which you have to safeguard your system.

TV failure

It’s 2015 and it would be nice to think that people had learned what makes a good password by now. They haven’t. And this list of the 25 most popular passwords of 2014—maybe also make that the worst—proves it.

SplashData’s annual list compiles the millions of stolen passwords made public throughout the year and assembles them in order of popularity. A glance down the list reveals that we’re all still morons, with “123456”, “password”, “12345”, “12345678” and “qwerty” making up the top five. No, really.

Now is clearly a good time to remind yourself not to be one of those morons, and start using sensible passwords, LastPass or some other system to keep your personal information safe. But anyway, enough of that, here’s the list. You’re welcome.
1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345 (Up 17)

4. 12345678 (Down 1)

5. qwerty (Down 1)

6. 123456789 (Unchanged)

7. 1234 (Up 9)

8. baseball (New)

9. dragon (New)

10. football (New)

11. 1234567 (Down 4)

12. monkey (Up 5)

13. letmein (Up 1)

14. abc123 (Down 9)

15. 111111 (Down 8)

16.mustang (New)

17. access (New)

18. shadow (Unchanged)

19. master (New)

20. michael (New)

21. superman (New)

22. 696969 (New)

23. 123123 (Down 12)

24. batman (New)

25. trustno1 (Down 1)

 

tv us ukAgents from the United States and United Kingdom will carry out simulated cyber attacks against each other following talks between President Barack Obama and Prime Minister David Cameron.

A series of “war games” will begin with a staged attack against the financial sector as both countries look to bolster their defences against computerised attacks.

According to the BBC, the first exercise will involve the Bank of England and commercial banks and will also target the City of London as well as Wall Street.

Later exercises will be run to test other areas of critical infrastructure including power suppliers and transport networks.

The two countries will jointly create a “cyber cell” that will include agents from both nations who will conduct the tests and then share information on the threats as well as plans for combatting hackers.

The Guardian reports that the US division of the cell has already been set up with agents from MI5, GCHQ and the FBI. It says a similar cell will be created within the UK shortly.

The planned measures are part of a two day set of talks between Obama and Cameron in which the pair are discussing the economy and terrorism, as well as cybersecurity. The talks come in the wake of the recent Sony hack and the takeover of social media accounts under the control of US Central Command earlier this week.

The new deal on cybersecurity will also see additional funds made available towards the training of the next generation of security experts – an area currently experiencing a huge skills shortage, David Cameron said:

The joint exercises and training of our next generation of cyber-experts will help to ensure that we have the capability we need to protect critical sectors like our energy, transport and financial infrastructure from emerging threats.

As talks continue, Cameron is expected to push for more cooperation from tech and social giants including Google, Apple, Facebook and Twitter. He is likely to ask Obama to exert more pressure on such companies to collaborate with the security services as they look to gather more communications data and intelligence from suspected terrorists.

Earlier this week Cameron said he will, if re-elected prime minister in May’s national election, legislate against encrypted communications that currently pose problems for the security services who are unable to read them.

In an interview with the BBC’s Nick Robinson, David Cameron explained how cyber attacks are one of “the biggest modern threats we face”, stating that 8 out of 10 large companies in Britain have had some sort of cyber attack against them.

Cameron went on to say that the expertise to deal with such threats already exists on both sides of the Atlantic but by combining resources the two countries could create “a system where countries and hostile states and hostile organisations know that they shouldn’t attack us.”

https://nakedsecurity.sophos.com