InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘Tor’

Using PortableTor on a USB for Anonymized Browsing

Posted by Jaime Raphael Licauco, CISSP, GSEC on April 15, 2009

Back in January, I wrote about Anonymization and mentioned PortableTor from a USB stick. The Easter break allowed me to try it on a USB I just got from CD-R King (Php 480 for 4GB ain’t bad). Long story short, Tor was originally made by the US Naval Research Lab and has been said to be used by some three letter US Agencies to shadow people on the net. It works by bouncing your packets around a distributed network of relays run by volunteers all over the world. However, its also been used by some hackers to keep their anonymity even though Wikipedia describes its limitations as:

“Tor cannot (and doesn’t try to) protect against an attacker who can monitor both traffic going into the Tor network and also traffic coming out of the Tor network, such as the United States government which has the capability to monitor any broadband internet traffic under the Communications Assistance For Law Enforcement Act and can therefore see both ends of the Tor connection. Tor tries to protect against traffic analysis, but Tor does not have the ability to prevent traffic confirmation (also called ‘end-to-end correlation’).”

Being in Manila, I wonder what capability the Philippine government has with regard to monitoring broadband traffic. I know they have some, I’m just not sure about the extent.

You can check out the Tor Project site here.

I’ll be re-doing it from scratch for this article and will be giving step by step instructions. I recommend running from a USB for people who frequent Net Cafe’s. For this article I’ll just be using Portable Firefox and not the whole suite available at Portable Apps and will be using an old 512MB drive on L:

Typical caveat: I have no idea if this will work for you and please do back up before you try this.

Step 1
Get Mozilla Firefox Portable then download it to your USB drive (Around 8 MB)
step-1b

Step 2
Download the PortableTor Application to your USB drive (Around 7.8 MB)

Step 3
Click on the Portable Tor App executable on your USB drive and extract it to your USB drive
step-4b

Step 4
Do the same for Mozilla Firefox Portable (I had to point to my USB drive letter which in this case is drive L:)
step-4b

Step 5 (Optional)
Delete the Installer Files (NOT the folders).

Step 6
Go into the PortableTor folder and click on PortableTor.exe
You should then see additional icons on your system tray (typically on the lower right which contains the clock), and if you have a an application firewall (and you should), it will prompt you if you want to allow the applications (yes its plural) access to the Internet
step-6
step-6c

Step 7
Go back to your Firefox Portable folder and click on FirefoxPortable.exe (You are then prompted whether or not to store your session on your USB stick)

Step 8
Once Firefox is running from your USB, go to Tools>Options>Advanced>Network
Then click on Settings and check if you are using local host and port 8118 (You can change this port but I won’t be discussing that here) which is the default port of PortableTor

step-8b

Tools>Options>Advanced>Network>Settings

Step 9
Head over to What Is My IP Address? to check if it works.

Your IP Address

What is My IP Address?

Step 10
You can then check where your assigned IP is by clicking on the number, in this case, Stockholm… yes I’m in Stockholm because I couldn’t stand the summer heat of Manila… NOT.
step-10

So that’s it, you can run more anonymously on the net using PortableTor, albeit much slower than usual (also dependent upon the particular proxy you’re using). In my limited, unscientific testing, my download speeds varied from 1/5th to 4/5th’s its usual speed. The Tor network also encourages you to run a relay (the bandwidth of which you can limit) so that the overall speed of their network becomes a bit faster.

I haven’t tried this out for Instant Messaging, but I soon will.

If you found the above do it yourself USB for Anonymized Browsing interesting, you might also want to check out the XeroBank Browser which its site says to be, “the most popular free and open-source anonymous web browser in the world, with over 9 million downloads.”


Info Sec News
(BusinessWorld Online) BSP urges tighter e-banking security
(Computerworld Ph) CICT: Timetable for 2010 automated polls tight
(Inquirer.net) COMELEC Chief Says, ‘No more debates on poll automation’
(PhilStar.com) UP Diliman holds first campus-wide automated polls
(IT Matters.com.ph) Online filing system bogs down one day before April deadline
(IT Matters.com.ph) BPO office builders ditch expansion plans
(IT Matters.com.ph) Ayala outsourcing unit bullish of prospects amid downturn
(IT Matters.com.ph) Convergys opening three more contact centers, to hire 3,100

(Reuters) Facebook, YouTube at work make better employees: study

The H Security Conficker Information Site
(The H Security) Conficker test
(The H Security) Simple Conficker test for end users (Description)
(University of Bonn) Conficker Online Infection Indicator

(Computerworld UK) Police e-crime unit teams with banks for first arrest
(SearchSecurity) RSA panel to discuss surveillance, privacy concerns
(Wash Post Security Fix Blog) Report: China, Russia Top Sources of Power Grid Probes
(The Register) Student sentenced for F-ucked up grade hack

(SecurityFocus) Microsoft patches a passel of flaws
(SecurityFocus) Twitter targeted by XSS worms
(SearchSecurity) Oracle issues 43 updates, fixes serious database flaws
(Reuters Video) Symantec sees more malicious threats (approx 2 mins)
(Inquirer.net) Book a bed and breakfast, catch a ‘virus’

(SC Mag US) Despite downturn, IT security spending to increase
(Computerworld) Privacy rules hamper adoption of electronic medical records, study says
(Computerworld) ‘Mafiaboy’ spills the beans at IT360 on underground hackers
(Computerworld) 1 in 5 Windows PCs still hackable by Conficker
(Computerworld) Botnet operators may be able to profit from Conficker update
(Trend Micro News) Trend Micro Discovers New Variant of Conficker: WORM_DOWNAD.E


Site News
Updated the following links pages:
“Software Vulnerabilities” links to “Software Vulnerabilities and Dataloss” and included DatalossDB;
Security Policy and Best Practices” links to include Information Security Policy World, Windows Security.com’s PDF, Princeton University’s PDF;
“Web App Security” to “Secure Coding and Web App Security” and included US Homeland Security’s Build Security In website


Posted in Anonymization, News, tools | Tagged: , , , , , , , , , , , , , , , | 1 Comment »

Info Sec News, Jan 19, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on January 19, 2009

Secure Coding and Application Dev
What is probably the most significant security news item of the past week is the release of SANS and Mitre of their Top 25 errors and how to fix them. It’s been said that around 85% of criminal activities on the net stem from the current crop of Top 25 flaws. The Top 25 list is divided into three broad categories namely: Insecure Interaction Between Components, Risky Resource Management, and Porous Defenses.

The PDF version of the Top 25 is available here.

The Software Assurance Forum for Excellence in Code (SAFECode) has made two publications available to help eliminate the Top 25 errors, its Guide to the Most Effective Secure Dev Practices in Use Today, and Software Assurance: An Overview of Current Industry Best Practices.


Social Engineering
A rehash of old tactics can be seen in an E-mail purportedly from Northwest Airlines (but actually carries a zipped trojan file), and malware spreading websites that claim US President elect Obama won’t be taking the oath of office on the 20th. This just strengthens the argument that your personnel and their security awareness training are now your first line of defense, and not your perimeter firewall.

This is related to the fake Christmas and holiday greetings that been sent every year for the past few years, which was seen again this past Christmas.


Malware
The Downadup (also known as Conficker) Worm versions A, B and C that exploits what Microsoft released an out of band patch for in late October ’08, and weak Admin passwords, is said to have infected an “amazing” 9 million PC’s according to F-Secure researchers. If you’re wondering how they got to this astonishing figure, check out F-Secure’s Blog.

(PC World) UK Ministry of Defence Stung by Rapidly Spreading Virus


Secure deletion, reuse or disposal
According to new research led by Craig Wright, it just takes one re-write to securely wipe the data from a hard drive. This talks about a complete sector by sector overwrite of a hard drive.

Articles on this can be found on Heise Security and SecurityFocus. The paper was presented at the Fourth International Conference on Information Systems Security (ICISS) in Hyderabad, India and can be purchased here.


Encryption
Heise Security has published an in depth article on how modern cryptological attacks are done in their article, “Cheap Cracks“.


Patches and Change Management
Oracle released fixes for 41 different flaws this month and Microsoft released a single patch that closed three flaws.

(Heise Security) Numerous security updates from Oracle
(Heise Security) Microsoft closes three holes in Windows
Microsoft issues patches for ‘nasty’ Windows bugs

A vulnerability in SAP GUI has also been found and a patch has been released and is available to registered SAP users.


Other InfoSec News:
In relation to the Anonymization article I wrote about a few days ago, the makers of Tor has announced that their software has zero known bugs.

(Computerworld) Two big, bad botnets gone, but replacements step up

(Computerworld) Critical security projects escape the budget ax

(Heise Security) Banking details can be stolen through a new JavaScript exploit

(Computerworld) Six Worst Internet Routing Attacks

(GO San Angelo.com) US Air Force planning to train hundreds yearly in cyber warfare skills

(Information Week) Thief Steals Sony Ericsson Prototypes

The Windows 7 Beta Team has removed the 2.5 million download limit as stated in the Windows 7 Blog. People can get the Beta until January 24.

Secunia Advisories


Tips:

(Computerworld) How to Secure your Vista PC in 10 easy steps

(Computerworld Blog) Removing malware from an infected PC

The Windows Security Blog has announced a new Beta called Sundance that could help secure Windows and Office 2007 installations.

In relation to what I wrote about around a month ago regarding wireless networks, the crack in the WPA protocol only affects the TKIP version and not AES, so the solution is to simply switch from TKIP to AES as is detailed in this article from Search Security.com, “Cracks in WPA? How to continue protecting Wi-Fi networks“.

(PC Magazine) The Top Tech Tips of 2008 Part 1

(PC Magazine) The Top Tech Tips of 2008 Part 2

Posted in ISMS, News, social engineering, Windows | Tagged: , , , , , , , , , , , , , , , | Leave a Comment »

Anonymization Sites and Devices

Posted by Jaime Raphael Licauco, CISSP, GSEC on January 15, 2009

Disclaimer: Some of the following info comes from a very informative Microsoft SCP seminar I attended around two months ago. So not all below come from my research.

There’s a good article on Anonymous Surfing at AuditMyPC.com and one should take heed of that authors advice that, “Not all proxy servers do as they claim and in fact, there are a ton of junk proxy servers out there that give people a false sense of security or worse, record everything you do in hopes to score a password or two!”

Anyway there are a bunch of freely available Anonymization Services on the web like:
Anonymizer.ru
Anonymous Web Browser
Anonymouse.org
Guardster Free Web Proxy
Megaproxy (limited, more of a demo)
Proxify
ProxyLord
Shadow Surf
SnoopBlocker
the Cloak
Web Warper

The funniest of which is probably Borat Proxy 🙂

I personally use some of the sites above and they seem fine, although I cannot vouch for all.

TechFAQ.com has link page to proxy sites.

Since some may suggest it and its related, Meebo (used for IM) is a proxy service but obviously not for anonymization.

You can also check out the freely available (although not the high speed version) XeroBank Browser. Anonymizer.com also allows you to download free trial software.

PortableTor is also worth checking out since it “allows you to connect into the Tor anonymous internet system from any computer with your flash or thumb drive. This allows you to browse the internet anonymously from public locations, such as internet hotspots, library, or school computers and public terminals.” Yes its also free.

And since you might already be thinking of making an Anonymization Flash Drive (The CD-R King Website lists some 8 GB flash drives for around P700), Portable Apps is also a good site.

Posted in Anonymization | Tagged: , , , , , , , | 1 Comment »