Security & privacy: Difference between revisions

Topics

• Basic
  • What is privacy?
  • What are the risks of losing control over my private data? 2014 celebrity photo leaks
  • Flow of my private data through the internet to the cloud.
  • Why do so many people have problems with security?
  • Tooling equipment and their uses.

Hacking classifications

[...]

Hacking is often portrayed by the media as being malicious and a danger to unexperienced internet users and also a threat to big companies and their data. However, there are actually two sides of hacking and they are defined by their hat colour. Black hats are considered the "bad guys" and white hats the good. They define themselves by the purposes to which they employ their hacking skills.

• White hats

White hats use their hacking skills in a more ethical way than the black hats. This means they use their skills to save other people from hacking and also help to protect the data of big companies. Often white hat hackers work for network security companies like Symantec or Kaspersky and help to build antivirus software by trying to hack their way into a system and improve it afterwards.

They also meet up in computer clubs like the Chaos Computer Club (CCC) to work in a team which does not depend on companies to help cleaning the web of malicious software in their free time.

• Black hats

Black hats are the main type of hackers shown in the media. These hackers use their abilities to gain top secret and private intel. Some of these hackers use this data to make money via blackmailing. Other black hats just do these to show their skill and don't care about the intel they gain. They are some times organized in groups for bigger attacks but they mainly depend on themselves.

• Grey hats

Grey hats are a small group between the big fronts of the white hats and the black hats.

Grey hats are known to be hackers that are not working for a certain group or company but are highly trained in hacking. Also gray hats are people who are not hacking for their own purpose. They are known for trying to push things the right way even if they have to break a few laws. Grey hats are also known for giving advice to both good and bad hacker lobbys [...]and then watch the fallout - (the group leader of L0pht first group called themselves gray hats in 1998)

The most famous grey hat hacking groups are called Annonymous and Anti-Sec.

Hacking groups

• Anonymous

Anonymous (first appearance 2003) is the most famous hacking group in the world. They consist of black hats and white hats that's why they're mainly known as a grey hat organisation. The members call themselves "Anon", which stands for Anonymous.

The side shown by the media are malicious attack against servers, companies and other organisations. The goal the hacking group Annonymous wants to achieve is a more open community and less lies our community. By their self justice actions they want to show that laws are non-existent to people with enough power and money and that our law and rights system does not work that well.

• Anti-Sec (Anti Security Movement)

Anti-Sec (first appearance 1999) is a hacking group which is known to many security companies as dangerous and harmful. They primarily consist of ex-security company workers and they call themselves a gray hat hacking group.

The goal of the movement is to show people that they don't need to by a expensive anti virus software and that if someone wants to hack you they are goin to hack you. This move ment gives also known for giving advice to other hacking groups.

• Chaos Computer Club (CCC)

The Chaos Computer Club (first apperance 1981) is the largest hacking group in Europe. The origin of the club is Germany and other German speaking countries. Their members are against discrimination of sex or skin color and mainly consist of gray and white hats.

The goal of the group is transparency of governments and companies, the freedom of information, the human right of speech and the access to technology infrastructure.

Tooling equipment

Hackers are using different types of tools to access, steal, avoid of a safety device. Not all tools are used for internet crime and data theft. In the topic "Hacking classifications" the differences of good and bad use are shown. Malware (malicious software) is any software used to disrupt computer operation, gather sensitive information, or gain access to computer systems. It can appear in the form of executable code (.exe file), scripts, active content, and other software. Data theft is a big problem today, not only for company's but also for private users. The target of data theft is the unnoticed recovery of user data.

Keylogger

Keylogger are programs which are logging key strokes of the keyboard to steal login informations (e.p. Creditcards, bank, Email and Paypal accounts). They are crypt-ed to hide them from antivirus software and other security Systems and added hidden to the autostart-list to log the victims Computer at every time of use. Keylogger are disseminated on the internet by infected files on different platforms or emails. Each Keylogger periodically uploads the logged files to a server (e.p. fdp, smtp, ..) where the data thief's have access to.

Bot-nets

Bot-nets are programs which build a big network with infected computers called "slaves". The owner of the botnet can control the infected computers for remote control, DDOS-attacks or as vic-proxy ("victim proxys"). Their are many Botnet programs out there with many different options, but every one is build as a "server.exe" which is crypt-ed and bind to a file to hide the backdoor program from antivirus programs, firewalls and users. But the hacker is also able to steal user data of the slaves or use them to infect new computers. One of the most famous botnet is "Blackshades". The software can reportedly be used remotely to deny access to files, record keystrokes or control the webcam on a victimized computer BlackShades

Wifi-Sniffer

Wifi-Sniffer are program who give the hacker informations about different wifi networks in range. It does sent packages to the victims network and checks which ports are open and which ones are closed. Port 1-1024 stands for different windows applications. If the package is sent back the program/hacker knows if the computer is online or offline and which port is open. With the knowledge of which port is open, the hacker is able to use different exploits for different ports and their applications.

Brute force

Brute force programs like "Cain & Abel" are build to "find" passwords. In cryptography a brute-force attack (or exhaustive key search), is a crypt analytic attack that can be used against any encrypted data. It consists of systematically checking all possible keys or passwords until the correct one is found. The hacker is able to reduce the possible options by define which length, letters, numbers and signs are possible. For example a lot of websites have a minimum password size from 6 to 12 sign. So the hacker can set the password length to a minimum of 6 to a maximum of 12 to reduce the time of trying different passwords. Modern GPUs (graphics processing units) are well-suited to the repetitive tasks associated with hardware-based password cracking because of their extremely fast computing power Brute force

Social Engineering

What is social engineering?

The weakpoint in social engineering relies on weaknesses in human nature, rather than weakness in hardware, software or networks. So it’s a kind of psychological manipulation of people into performing actions. The most humans are susceptible to persuasion and manipulation through various methods. Lots of damaging activities are not a result of hacking. It its often the work of an employee within the enterprise that causes the most harm.

Techniques of social engineering

There are some known techniques, that use “bugs in the human hardware”:

• Pretexting

Using an invented scenario to engage a targeted victim in manner that increases the chances that the victim will show information or perform actions that would be unlikely in ordinary circumstances. An elaborate lie (mostly involves some prior research and use of this information for impersonation e.g. date of birth, social security number,..) to establish legitimacy in the mind of the target.

• Phishing
• Baiting
• Quid pro quo
• Taligating

Countermeasures

following soon

Notable social engineer

following soon

Threats

Spam

A Spam mail or better known as a Junk mail is an unsolicited bulk email message. Every day a large amount of spam mails is delivered. Symantec, a security company, thinks that around 29 billion of spam mails are sent every day. Most spam emails contain fake notifications of banks. They redirect you to a phishing website to steal your personal bank data. Other spam mails are covered with advertisements or are just winning notifications and others again contains scam messages.

Phishing

In the majority of cases it begins with a spam email in which you are asked to check either your bank, PayPal or eBay account because of an alleged issue regarding your last payment or the security of the account itself. A Hyperlink is to be found in the email, which will redirect you to a phishing website instead of the actually targeted website. You are usually unable to distinguish between the original website and the phishing website you have just been redirected to as the appearances of the websites are likely to look alike, you can yet detect a phishing website by reviewing the URL.

Scam

The use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them; for example, by stealing personal information, which can even lead to identity theft. A very common form of Internet fraud is the distribution of rogue security software. Internet services can be used to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Internet fraud can occur in chat rooms, email, message boards, or on websites.

15 Online Scams You Might Get Fooled By-https://www.youtube.com/watch?v=cDioXDrgVsE

Worms

A worm is a Malware that is injected by email attachments or USB devices and spreads over the network to all clients. The Email worm, for example, checks the infected user email contacts and send itself to all of them.

Computer virus

A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected". Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user's screen, spamming their contacts, or logging their keystrokes. However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent.

Resident vs. non-resident viruses

A memory-resident virus (or simply "resident virus") installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down. Resident viruses overwrite interrupt handling code or other functions, and when the operating system attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target. In contrast, a non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing).

Macro viruses

Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs to be embedded in documents or emails, so that the programs may be run automatically when the document is opened. A macro virus (or "document virus") is a virus that is written in a macro language, and embedded into these documents so that when users open the file, the virus code is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected attachments in e-mails.

Software bugs

Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit security bugs (security defects) in system or application software to spread. Software development strategies that produce large numbers of bugs will generally also produce potential exploits.

??

Virus removal

Many websites run by antivirus software companies provide free online virus scanning, with limited cleaning facilities (the purpose of the sites is to sell antivirus products). Some websites—like Google subsidiary VirusTotal.com—allow users to upload one or more suspicious files to be scanned and checked by one or more antivirus programs in one operation. Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use).Microsoft offers an optional free antivirus utility called Microsoft Security Essentials, a Windows Malicious Software Removal Tool that is updated as part of the regular Windows update regime, and an older optional anti-malware (malware removal) tool Windows Defender that has been upgraded to an antivirus product in Windows 8.

Some viruses disable System Restore and other important Windows tools such as Task Manager and CMD. An example of a virus that does this is CiaDoor. Many such viruses can be removed by rebooting the computer, entering Windows safe mode with networking, and then using system tools or Microsoft Safety Scanner.System Restore on Windows Me, Windows XP, Windows Vista and Windows 7 can restore the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files and does not exist in previous restore points.

• • What is a botnet?

• Heartbleed
• Any more famous security leaks?

• Bitcoin
  • Reasons to create an alternative payment system
  • How does it work?
  • Why Bitcoin instead of other virtual payment methods? What is so special about it?

• Tracking methods
  • 1x1 Pixel-Tracking
  • Cookie
  • Browser tracking through "canvas fingerprinting"
  • HTML5 Canvas Fingerprinting

• Near field communication (NFC)

Passwords

• How to build a good password with system?
  • Passwort-Schutz für jeden
  • Passwortliebe - Komm' zur Sache Schätzchen!

• Alternative password systems (picture password, one-time-password, and so on)
  • Single-use passwords (e.g. TAN)
  • Time-synchronized one-time passwords
  • Biometric (e.g. fingerprints, irises, infrared signature)
    • CCC Anleitung Fingerabdruck fälschen
  • Graphical
    • Graphical password or graphical user authentication (GUA)
    • Images Could Change The Authentication Picture
    • Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites
    • Windows Picture Passwords - are they really as "easily crackable" as everyone's saying?
    • Researchers develop attack framework for cracking Windows 8 picture passwords
    • Patent shows Apple working on image-based password alternative
  • 2D Key
    • User Manual for 2-Dimensional Key (2D Key) Input Method and System
    • Methods and Systems to Create Big Memorizable Secrets and Their Applications in Information Engineering
  • Cognitive password
  • Security-Tokens (e.g. USB device, Smart card, RFID, mobile phone, weight of your keys)
  • Three alternatives to using passwords

• KeePass Password Safe

• How does the password cracker work?
  • Die Passwortknacker
  • Social network research, and so on

Cryptography

The study of techniques for a secure communication in presence of a listening 3rd party.

Cipher: The algorithms used for enrcyption/decryption
Key: A secret, mostly short string of characters needed for the Cipher.
Cryptosystem: An ordered list of elements of finite possible plaintexts, ciphertexts,keys and the ciphers.

Short Historical Outline

• First transposition cipher: The greek scytale.
  • A stick where the ciphered text is wrapped around and thus produces the plaintext.
• First substitution cipher: Caesar cipher.
  • Every character of the plaintext is replaced with a character a determined amount of characters below in the alphabet.
• Both can be cracked through frequency analysis.

• Polyalphabetical ciphers
  • Vigenère cipher.
    • Shifts every character a different amount of characters.
    • Harder to crack but still possible by hand.

• 1883 Auguste Kerckhoffs found out, that the security of a cryptosystem does not need the the cipher, but the key to be unknown.
• Early 20th century many mechanical cipher devices were invented.
  • Some of them were patented(e.g. the Enigma)
• Today a lot of cipher algorithms exist. They are mostly used by computers and thus can also encrypt audio and video information.
  • Examples are DES(Digital Encryption Standard), AES(Advanced Encryption Standard), RSA(Ron Rivest, Adi Shamir, Leonard Adleman; the creators)

Encryption/Decryption Methods

• Symmetric
  • Same key for encryption and decryption.
  • Also known as Secret-Key-Encryption
  • Examples:
    • Enigma:
      • A set of rotors changes the flow of an eletrical signal that encrypts the input.
      • Sender and receiver use the same key.
      • Has a mayor flaw: A character can not be enrypted into itself.
      • This helped the Allies to break into the Enigma during WWII.
    • ROT13:
      • Basically a Caesar Ciphre with a shifting of 13.
      • Since the alphabet consists of 26 characters, you can get the plaintext by using the same key of 13.
• Asymmetric
  • Different key for encryption/decryption
  • Also known as Public-Key-Encryption
  • Examples:
    • Diffie-Hellman
      • Used to exchange keys over an unsecured connection.
      • Based on the discrete logaritm problem.
    • RSA
      • Widely used.
      • encrypted text = m(Plaintext as integer)^{first part of public key} (mod (second part of public key) )
      • decrypted text = (encrypted text)^{private key} (mod (second part of public key) )
• Hybrid
  • A combination of symmetric and asymmetric encryption.
  • The message gets encrypted with a symmetrical encryption.
  • The encryption key will be send through an asymmetrical encryption.

Examples in detail

will follow soon.

DarkNet

Darknets are Peer-to-Peer-networks in which Users connect manually to each other using non-standard protocols and ports.

Everything what is shared in a Darknet is anonymous also the IP Addresses are not publicly shared, this makes Darknets pretty interesting for file-sharing therefore users can communicate with little fear of punishment.
This is a big point for dissident political conversations and illegal activities.

Security
- Highly secured against attackers because only a few numbers of people know the existence of the Darknet
- New members have to be invited by existing members
- Data is transferred and saved encoded
- Normally less than 10 members

Use
- data transfer between people e.g. file-sharing like movies, music or other copyrighted material
- freedom of speech (e.g. China)

Origin of the name 'Darknet'
'Darknet' rose from the article 'The Darknet and the Future of Content Distribution' published 2002, in this article four Microsoft employees, argues about that the existence of 'Darknet'
is a big obstacle in the development of working technology for digital rights management

Protection

• What can normal users do to minimize their risk of vulnerability?
  • Open source alternatives to Ghostery: Adblock Plus, NoScript
  • DuckDuckGo search engine: an alternative to Google search

• AntiVirus programs, best friend or the evil within

• Ghostery
  • A Popular Ad Blocker Also Helps the Ad Industry
  • Die Geister, die ich rief

• Tools and techniques (to ensure privacy and security)
  • DarkNet
  • Proxy-Server
  • VPN
    • Why setting up a vpn network? What are the advantages?
    • How to setup an vpn network?
  • Near field communication (NFC)

Resources

• Alessandro Acquisti: What will a future without secrets look like?
• Glenn Greenwald: Why privacy matters
• https://www.khanacademy.org/computing/computer-science/cryptography
• http://en.wikipedia.org/wiki/Cryptography
• http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29