InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘botnet’

Using PortableTor on a USB for Anonymized Browsing

Posted by Jaime Raphael Licauco, CISSP, GSEC on April 15, 2009

Back in January, I wrote about Anonymization and mentioned PortableTor from a USB stick. The Easter break allowed me to try it on a USB I just got from CD-R King (Php 480 for 4GB ain’t bad). Long story short, Tor was originally made by the US Naval Research Lab and has been said to be used by some three letter US Agencies to shadow people on the net. It works by bouncing your packets around a distributed network of relays run by volunteers all over the world. However, its also been used by some hackers to keep their anonymity even though Wikipedia describes its limitations as:

“Tor cannot (and doesn’t try to) protect against an attacker who can monitor both traffic going into the Tor network and also traffic coming out of the Tor network, such as the United States government which has the capability to monitor any broadband internet traffic under the Communications Assistance For Law Enforcement Act and can therefore see both ends of the Tor connection. Tor tries to protect against traffic analysis, but Tor does not have the ability to prevent traffic confirmation (also called ‘end-to-end correlation’).”

Being in Manila, I wonder what capability the Philippine government has with regard to monitoring broadband traffic. I know they have some, I’m just not sure about the extent.

You can check out the Tor Project site here.

I’ll be re-doing it from scratch for this article and will be giving step by step instructions. I recommend running from a USB for people who frequent Net Cafe’s. For this article I’ll just be using Portable Firefox and not the whole suite available at Portable Apps and will be using an old 512MB drive on L:

Typical caveat: I have no idea if this will work for you and please do back up before you try this.

Step 1
Get Mozilla Firefox Portable then download it to your USB drive (Around 8 MB)
step-1b

Step 2
Download the PortableTor Application to your USB drive (Around 7.8 MB)

Step 3
Click on the Portable Tor App executable on your USB drive and extract it to your USB drive
step-4b

Step 4
Do the same for Mozilla Firefox Portable (I had to point to my USB drive letter which in this case is drive L:)
step-4b

Step 5 (Optional)
Delete the Installer Files (NOT the folders).

Step 6
Go into the PortableTor folder and click on PortableTor.exe
You should then see additional icons on your system tray (typically on the lower right which contains the clock), and if you have a an application firewall (and you should), it will prompt you if you want to allow the applications (yes its plural) access to the Internet
step-6
step-6c

Step 7
Go back to your Firefox Portable folder and click on FirefoxPortable.exe (You are then prompted whether or not to store your session on your USB stick)

Step 8
Once Firefox is running from your USB, go to Tools>Options>Advanced>Network
Then click on Settings and check if you are using local host and port 8118 (You can change this port but I won’t be discussing that here) which is the default port of PortableTor

step-8b

Tools>Options>Advanced>Network>Settings

Step 9
Head over to What Is My IP Address? to check if it works.

Your IP Address

What is My IP Address?

Step 10
You can then check where your assigned IP is by clicking on the number, in this case, Stockholm… yes I’m in Stockholm because I couldn’t stand the summer heat of Manila… NOT.
step-10

So that’s it, you can run more anonymously on the net using PortableTor, albeit much slower than usual (also dependent upon the particular proxy you’re using). In my limited, unscientific testing, my download speeds varied from 1/5th to 4/5th’s its usual speed. The Tor network also encourages you to run a relay (the bandwidth of which you can limit) so that the overall speed of their network becomes a bit faster.

I haven’t tried this out for Instant Messaging, but I soon will.

If you found the above do it yourself USB for Anonymized Browsing interesting, you might also want to check out the XeroBank Browser which its site says to be, “the most popular free and open-source anonymous web browser in the world, with over 9 million downloads.”


Info Sec News
(BusinessWorld Online) BSP urges tighter e-banking security
(Computerworld Ph) CICT: Timetable for 2010 automated polls tight
(Inquirer.net) COMELEC Chief Says, ‘No more debates on poll automation’
(PhilStar.com) UP Diliman holds first campus-wide automated polls
(IT Matters.com.ph) Online filing system bogs down one day before April deadline
(IT Matters.com.ph) BPO office builders ditch expansion plans
(IT Matters.com.ph) Ayala outsourcing unit bullish of prospects amid downturn
(IT Matters.com.ph) Convergys opening three more contact centers, to hire 3,100

(Reuters) Facebook, YouTube at work make better employees: study

The H Security Conficker Information Site
(The H Security) Conficker test
(The H Security) Simple Conficker test for end users (Description)
(University of Bonn) Conficker Online Infection Indicator

(Computerworld UK) Police e-crime unit teams with banks for first arrest
(SearchSecurity) RSA panel to discuss surveillance, privacy concerns
(Wash Post Security Fix Blog) Report: China, Russia Top Sources of Power Grid Probes
(The Register) Student sentenced for F-ucked up grade hack

(SecurityFocus) Microsoft patches a passel of flaws
(SecurityFocus) Twitter targeted by XSS worms
(SearchSecurity) Oracle issues 43 updates, fixes serious database flaws
(Reuters Video) Symantec sees more malicious threats (approx 2 mins)
(Inquirer.net) Book a bed and breakfast, catch a ‘virus’

(SC Mag US) Despite downturn, IT security spending to increase
(Computerworld) Privacy rules hamper adoption of electronic medical records, study says
(Computerworld) ‘Mafiaboy’ spills the beans at IT360 on underground hackers
(Computerworld) 1 in 5 Windows PCs still hackable by Conficker
(Computerworld) Botnet operators may be able to profit from Conficker update
(Trend Micro News) Trend Micro Discovers New Variant of Conficker: WORM_DOWNAD.E


Site News
Updated the following links pages:
“Software Vulnerabilities” links to “Software Vulnerabilities and Dataloss” and included DatalossDB;
Security Policy and Best Practices” links to include Information Security Policy World, Windows Security.com’s PDF, Princeton University’s PDF;
“Web App Security” to “Secure Coding and Web App Security” and included US Homeland Security’s Build Security In website


Posted in Anonymization, News, tools | Tagged: , , , , , , , , , , , , , , , | 1 Comment »

Opinion: On Tolentino’s CONfidence

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 22, 2009

I was chatting with an IT Security expert (who wishes to remain anonymous) the other day regarding Comelec’s Executive Director Jose Tolentino’s views about the coming implementation of PCOS machines as being un-hackable… yes, Tolentino’s views come even BEFORE its implemented. The reason why I’m posting it here is because I agree with the IT Security expert’s views.

Excerpts from the chat:

IT Sec Expert: such a display of confidence seems to be borderline misinformation
Me: true, i wonder what machine they used and if its possible to play around with it
IT Sec Expert: wel, they should worry more about organized crime, not hackers
Me: organized crime with hackers
IT Sec Expert: would the people handling such a new technology, na foreign made pa, be competent enough?
IT Sec Expert: that system would be closed circuit
Me: wires can easily be tapped, i wonder what encryption they’ll be using
IT Sec Expert: they’ll probably have dialup
Me: inside job na lang
IT Sec Expert: it would have been better had they had it publicly assessed and offer a bounty for the successful hacker
Me: why don’t you put your comments?
IT Sec Expert: you know how people are in the philippines, they always take things personally

I personally think that it’s great that the Comelec is trying something new regarding minimizing election fraud. However, time and again, its been shown that computers can be hacked, and challenging hackers is typically the first sign that a system will be hacked. Tolentino’s statements make me feel all so warm and fuzzy that the Comelec’s system is probably more secure than NASA, the US Pentagon, Royal Dutch Shell and hundreds of supposedly secure systems that have all been hacked. Maybe the Comelec’s people can consult for the Pentagon and teach them how to secure a system. No, really… seriously….

Our country’s history has shown that our own people are easier to hack (Social Engineering), which begs the question regarding not just the competency of the operators, but their integrity… will the Comelec be conducting background checks? I now wonder if the Comelec has had their system assessed, and if so by who and how was it assessed? I also hope that there will be transparency in the assessment.

Bernie Lopez wrote an insightful article which came out in PDI today entitled, “Computers can be hacked.” No, duh. Unfortunately Director Tolentino, one of the main people in the Philippines entrusted with keeping the sanctity of the ballot, thinks otherwise.


Social Networking
I was planning on writing about Facebook privacy, however PDI’s Bianca Consunji wrote a good article on it in “Knowing about privacy on Facebook.”


Botnets
BBC’s Click programme for Mar 13 was about botnets. They acquired control of over 20,000 infected computers all over the world (yes, you can now buy time on other people’s computers without their knowing it). Top botnets have more than a few hundred thousand computers under their control – up to an estimated million. They also talk about how to protect your computer here (warning tiny video, slightly muffled sound… they should’ve just used You Tube). They actually got in hot water because of this.

Posted in Philippines, Privacy | Tagged: , , , , , , , , | Leave a Comment »

Info Sec News, Jan 19, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on January 19, 2009

Secure Coding and Application Dev
What is probably the most significant security news item of the past week is the release of SANS and Mitre of their Top 25 errors and how to fix them. It’s been said that around 85% of criminal activities on the net stem from the current crop of Top 25 flaws. The Top 25 list is divided into three broad categories namely: Insecure Interaction Between Components, Risky Resource Management, and Porous Defenses.

The PDF version of the Top 25 is available here.

The Software Assurance Forum for Excellence in Code (SAFECode) has made two publications available to help eliminate the Top 25 errors, its Guide to the Most Effective Secure Dev Practices in Use Today, and Software Assurance: An Overview of Current Industry Best Practices.


Social Engineering
A rehash of old tactics can be seen in an E-mail purportedly from Northwest Airlines (but actually carries a zipped trojan file), and malware spreading websites that claim US President elect Obama won’t be taking the oath of office on the 20th. This just strengthens the argument that your personnel and their security awareness training are now your first line of defense, and not your perimeter firewall.

This is related to the fake Christmas and holiday greetings that been sent every year for the past few years, which was seen again this past Christmas.


Malware
The Downadup (also known as Conficker) Worm versions A, B and C that exploits what Microsoft released an out of band patch for in late October ’08, and weak Admin passwords, is said to have infected an “amazing” 9 million PC’s according to F-Secure researchers. If you’re wondering how they got to this astonishing figure, check out F-Secure’s Blog.

(PC World) UK Ministry of Defence Stung by Rapidly Spreading Virus


Secure deletion, reuse or disposal
According to new research led by Craig Wright, it just takes one re-write to securely wipe the data from a hard drive. This talks about a complete sector by sector overwrite of a hard drive.

Articles on this can be found on Heise Security and SecurityFocus. The paper was presented at the Fourth International Conference on Information Systems Security (ICISS) in Hyderabad, India and can be purchased here.


Encryption
Heise Security has published an in depth article on how modern cryptological attacks are done in their article, “Cheap Cracks“.


Patches and Change Management
Oracle released fixes for 41 different flaws this month and Microsoft released a single patch that closed three flaws.

(Heise Security) Numerous security updates from Oracle
(Heise Security) Microsoft closes three holes in Windows
Microsoft issues patches for ‘nasty’ Windows bugs

A vulnerability in SAP GUI has also been found and a patch has been released and is available to registered SAP users.


Other InfoSec News:
In relation to the Anonymization article I wrote about a few days ago, the makers of Tor has announced that their software has zero known bugs.

(Computerworld) Two big, bad botnets gone, but replacements step up

(Computerworld) Critical security projects escape the budget ax

(Heise Security) Banking details can be stolen through a new JavaScript exploit

(Computerworld) Six Worst Internet Routing Attacks

(GO San Angelo.com) US Air Force planning to train hundreds yearly in cyber warfare skills

(Information Week) Thief Steals Sony Ericsson Prototypes

The Windows 7 Beta Team has removed the 2.5 million download limit as stated in the Windows 7 Blog. People can get the Beta until January 24.

Secunia Advisories


Tips:

(Computerworld) How to Secure your Vista PC in 10 easy steps

(Computerworld Blog) Removing malware from an infected PC

The Windows Security Blog has announced a new Beta called Sundance that could help secure Windows and Office 2007 installations.

In relation to what I wrote about around a month ago regarding wireless networks, the crack in the WPA protocol only affects the TKIP version and not AES, so the solution is to simply switch from TKIP to AES as is detailed in this article from Search Security.com, “Cracks in WPA? How to continue protecting Wi-Fi networks“.

(PC Magazine) The Top Tech Tips of 2008 Part 1

(PC Magazine) The Top Tech Tips of 2008 Part 2

Posted in ISMS, News, social engineering, Windows | Tagged: , , , , , , , , , , , , , , , | Leave a Comment »

Info Sec News, Dec 2, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 2, 2008

A rootkit was found in an Enterprise Information Security software, reports Heise Security and The Register.

Another vulnerability was found in the popular VLC media player. So if you can, update.

The Chicago Tribune reports that a new round of cyber attacks has the Pentagon worried. They normally get a whole number of attacks per day, however, the magnitude and way the new attacks are being done are apparently designed to specifically attack military networks. Heise also covers the same topic here and here.

The Linux on iPhone project has released the first results of its project.

Anti-virus seems to be ineffective versus new malware that makes zombies out of PCs. Stuart Staniford talks about it in his blog.

WordPress update fixes XSS vulnerability.

Google denies security hole in GMail.

Microsoft adds malware detection to its Webmaster tools. Speaking of Microsoft, a new windows worm builds a massive botnet worth around half a million computers and growing.

For the first time, Apple quietly recommended Anti Virus software in a technote. About.com has Mac Anti-Virus recommendations. iAntivirus and ClamXav are free.

Posted in News, vulnerability | Tagged: , , , , , , , , , , , | Leave a Comment »