Topics[edit | edit source]
- What is privacy?
- What are the risks of losing control over my private data? 2014 celebrity photo leaks
- Flow of my private data through the internet to the cloud.
- Why do so many people have problems with security?
- Tooling equipment and their uses.
- What am I worth?: Selling Data
- Anti-Virus: Security(leak)
Hacking[edit | edit source]
Classifications[edit | edit source]
Hacking is often portrayed by the media as being malicious and a danger to unexperienced internet users and also a threat to big companies and their data. However, there are actually two sides of hacking and they are defined by their hat colour. Black hats are considered the "bad guys" and white hats the good. They define themselves by the purposes to which they employ their hacking skills.
White hats use their hacking skills in a more ethical way than the black hats. This means they use their skills to save other people from hacking and also help to protect the data of big companies. Often white hat hackers work for network security companies like Symantec or Kaspersky and help to build antivirus software by trying to hack their way into a system and improve it afterwards.
They also meet up in computer clubs like the Chaos Computer Club (CCC) to work in a team which does not depend on companies to help cleaning the web of malicious software in their free time.
Black hats are the main type of hackers shown in the media. These hackers use their abilities to gain top secret and private intel. Some of these hackers use this data to make money via blackmailing. Other black hats just do these to show their skill and don't care about the intel they gain. They are some times organized in groups for bigger attacks but they mainly depend on themselves.
Grey hats are a small group between the big fronts of the white hats and the black hats.
Grey hats are known to be hackers that are not working for a certain group or company but are highly trained in hacking. Also gray hats are people who are not hacking for their own purpose. They are known for trying to push things the right way even if they have to break a few laws. Grey hats are also known for giving advice to both good and bad hacker lobbys [...]and then watch the fallout - (the group leader of L0pht first group called themselves gray hats in 1998)
The most famous grey hat hacking groups are called Annonymous and Anti-Sec.
Hacking groups[edit | edit source]
Anonymous (first appearance 2003) is the most famous hacking group in the world. They consist of black hats and white hats that's why they're mainly known as a grey hat organisation. The members call themselves "Anon", which stands for Anonymous.
The side shown by the media are malicious attack against servers, companies and other organizations. The goal the hacking group Annonymous wants to achieve is a more open community and less lies our community. By their self justice actions they want to show that laws are non-existent to people with enough power and money and that our law and rights system does not work that well.
Anti-Sec (Anti Security Movement)
Anti-Sec (first appearance 1999) is a hacking group which is known to many security companies as dangerous and harmful. They primarily consist of ex-security company workers and they call themselves a gray hat hacking group.
The goal of the movement is to show people that they don't need to by a expensive anti virus software and that if someone wants to hack you they are goin to hack you. This move ment gives also known for giving advice to other hacking groups.
Chaos Computer Club (CCC)
The Chaos Computer Club (first apperance 1981) is the largest hacking group in Europe. The origin of the club is Germany and other German speaking countries. Their members are against discrimination of sex or skin color and mainly consist of gray and white hats.
The goal of the group is transparency of governments and companies, the freedom of information, the human right of speech and the access to technology infrastructure.
Tooling equipment[edit | edit source]
Hackers are using different types of tools to access, steal or avoid safety devices. Not all tools are used for internet crime and data theft. In the topic "Hacking classifications" the differences of good and bad use are shown. Malware (malicious software) is any software used to disrupt computer operation, gather sensitive information, or gain access to computer systems. It can appear in the form of an executable code (.exe file), scripts, active content and other software. Data theft is a big problem today, not only for companies but also for private users. The target of data theft is the unnoticed recovery of user data.
Keylogger[edit | edit source]
Keyloggers are programs which are logging key strokes of the keyboard to steal login information (e.p. creditcards, bank, email and paypal accounts). They are crypted to hide them from antivirus software and other security Systems and added hidden to the autostart-list to log the victims Computer at every time of use. Keyloggers are disseminated on the internet by infected files on different platforms or emails. Each Keylogger periodically uploads the logged files to a server (e.p. fdp, smtp, ..) where the data thieves have access to.
Bot-nets[edit | edit source]
Bot-nets are programs which build a big network with infected computers called "slaves". The owner of the bot-net can control the infected computers for remote control, DDOS-attacks or as vic-proxy ("victim proxy"). There are many Botnet programs out there with many different options, but everyone is built as a "server.exe" which is crypted and bound to a file to hide the backdoor program from antivirus programs, firewalls and users. But the hacker is also able to steal user data of the slaves or use them to infect new computers. One of the most famous botnet is "Blackshades". The software can reportedly be used remotely to deny access to files, record keystrokes or control the webcam on a victimized computer. (BlackShades)
Packet Sniffer[edit | edit source]
Packet Sniffers are programs which give the hacker a lot of useful information about different types of networks. For example Ethernet or Wireless Sniffer. They can intercept and log traffic passing over a digital network or part of a network. The sniffer captures each packet of the data streams between the networks and decodes the packets raw data to show the values of various fields in the packet. But the programs are also able to send packages to check which ports are open and which ones are closed. For example the ports 1-1024 are reserved for windows system applications. So hackers use Sniffing tools to get a lot of information about the victims´ computer system, including information about the ip-address, ports, operating system etc.. With the knowledge of the ip and the open ports, the hacker is able to find exploits to get access to the systems or sensitive user data.
Brute force[edit | edit source]
Brute force programs like "Cain & Abel" are built to "find" passwords. In cryptography a brute-force attack (or exhaustive key search) is a crypt analytic attack that can be used against any encrypted data. It consists of systematically checking all possible keys or passwords until the correct one is found. The hacker is able to reduce the possible options by defining which length, letters, numbers and signs are possible. For example a lot of websites have a minimum password size from 6 to 12 sign. So the hacker can set the password length to a minimum of 6 to a maximum of 12 to reduce the time of trying different passwords. Modern GPUs (graphics processing units) are well-suited to the repetitive tasks associated with hardware-based password cracking because of their extremely fast computing power. (Brute force)
Methods to spread Malware[edit | edit source]
The methods in which it infects its victims spread over a large band of different methods:
- Fake torrent downloads on Person to Person (P2P) sites
- Malicious links spread on social media sites (Facebook, twitter, etc)
- Malicious links spread in chat rooms
- Drive-by attacks
- Java exploits
- Spreading via hacked social media/chat accounts
- Phishing e-mails
Threats[edit | edit source]
Spam[edit | edit source]
What is a spam mail?
A Spam mail or better known as a Junk mail is an unsolicited bulk email message. Every day a large amount of spam mails is delivered. Symantec, a security company, thinks that around 29 billion of spam mails are sent every day. Most spam emails contain fake notifications of banks. They redirect you to a phishing website to steal your personal bank data. Other spam mails are covered with advertisements or are just winning notifications to inject a virus and others again are scam messages.
But where are these spam mails from?
A Spammer has a lot of ways to add real email addresses to his own victim list. He searches with bots in the internet for some valid email addresses by taking a common username and adding valid email domains to it. The chance that the email address, e.g. “Jeff@any provider”, exists is really high. Now, the bot sends an email to that email address and if it doesn’t receive a “This email doesn’t exist” answer, the bot adds the email address to its victim list. Sometimes they use easier methods; Spammers just buy email lists from someone else who already got email addresses in a legal way, e.g. huge community websites.
Phishing[edit | edit source]
In the majority of cases it begins with a spam email in which you are asked to check either your bank, PayPal or eBay account because of an alleged issue regarding your last payment or the security of the account itself. A Hyperlink is to be found in the email, which will redirect you to a phishing website instead of the actually targeted website. You are usually unable to distinguish between the original website and the phishing website you have just been redirected to as the appearances of the websites are likely to look alike, you can yet detect a phishing website by reviewing the URL.
Scam[edit | edit source]
The use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them; for example, by stealing personal information, which can even lead to identity theft. A very common form of Internet fraud is the distribution of rogue security software. Internet services can be used to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Internet fraud can occur in chat rooms, email, message boards, or on websites.
15 Online Scams You Might Get Fooled By:
Adware[edit | edit source]
Adware, or advertising-supported software, is software that automatically displays advertisements on the users’ screen to generate revenue for its author. Adware is a legitimate alternative for users who do not wish to pay for software. On the internet, you can find a lot of adware supported software. The Developer offers their programs for free until you pay for it. Most times when you remove the software the advertisements stops, but sometimes it doesn’t. If you still get advertisements then you might be infected with malicious software.
Software security bugs[edit | edit source]
Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit security bugs (security defects) in system or application software to spread. Software development strategies that produce large numbers of bugs will generally also produce potential exploits.
Computer viruses[edit | edit source]
A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected". Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user's screen, spamming their contacts, or logging their keystrokes. However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent.
Resident vs. non-resident viruses[edit | edit source]
A memory-resident virus (or simply "resident virus") installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down. Resident viruses overwrite interrupt handling code or other functions, and when the operating system attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target. In contrast, a non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing).
Macro viruses[edit | edit source]
Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs to be embedded in documents or emails, so that the programs may be run automatically when the document is opened. A macro virus (or "document virus") is a virus that is written in a macro language, and embedded into these documents so that when users open the file, the virus code is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected attachments in e-mails.
Worms[edit | edit source]
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.
Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.
Trojan horses[edit | edit source]
A Trojan horse, or Trojan, in computing is a generally non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Anatolia, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.
Social Engineering[edit | edit source]
[edit | edit source]
The weakpoint in social engineering relies on weaknesses in human nature, rather than weakness in hardware, software or networks. So it’s a kind of psychological manipulation of people into performing actions. The most humans are susceptible to persuasion and manipulation through various methods. Lots of damaging activities are not a result of hacking. It its often the work of an employee within the enterprise that causes the most harm.
[edit | edit source]
There are some known techniques, that use “bugs in the human hardware”:
Using an invented scenario to engage a targeted victim in manner that increases the chances that the victim will show information or perform actions that would be unlikely in ordinary circumstances. An elaborate lie (mostly involves some prior research and use of this information for impersonation e.g. date of birth, social security number,..) to establish legitimacy in the mind of the target.
It's a real Trojan Horse. The attacker leaves a malware infected storage media (e.g. USB flash drive, CD-ROM, ..) in a location sure to be found. Further more you give the media a legitimate looking label. Then the attacker relies on the curiosiry or greed of the victim.
In the most case, someone will insert the media into a computer to see the content. The user would unknowingly install malware on the computer.
Another opportunity is to use more attractive things than a simple memory. For example the attacker sent a free digigtal audio player to a "lucky winner". This player is infected with a malware that will affect the computer.
- Quid pro quo
The attacker calls different numbers at a company, and claiming to be calling back from technical support. Maybe the attacker will call someone with a problem, who is grateful to get "help". In this "help" proccess the attacker tells the person to type commands that give the attacker access to the system.
The attacker waits in the near of a entry to a restricted area secured by unattended electronic access control (e.g RFID). If there appears a person who has legitimate access, the attacker simply walks behind this person, so that the person will usually hold the door open for the attacker. The legitimate person may fail to ask for identification, or may accept that the attacker "lost" the identity token.
Countermeasures[edit | edit source]
- Create frameworks of trust on an employee level
- Identify which information is sensitive
- Establishing security problems
- Training employees
- Perform tests
Notable social engineer
Mobile phones/Smartphones[edit | edit source]
General[edit | edit source]
Most people see Malware and every sort of Virus / Worms as a PC phenomena with Microsoft Windows as the most insecure Operating System and MacOS with much more tight protection. Nevertheless, with the fast growing number of Smartphone owners, Smartphones have become a valuable target for Malware and hackers. Thus it is very important for nowadays user to be conscious about these threats and take active measures against it.
History[edit | edit source]
The very first known Malware for a mobile Operating System was a worm called "Cabir" and has been added into the list of Virus definitions of various Antivirus programs. It was developed and released (source code) by a member of the former widely known virus developing group "A29". "Cabir" was spread via Bluetooth to every other single mobile device with activated Bluetooth in reach. The fact that almost any previous mobile phone was running a JavaME runtime made it pretty simple for hackers to reach a wide variety of devices. Whereas fomer viruses aimed for blocking the system thus making it unbootable nowadays viruses are mostly collecting data and private documents such as photos and messages.
source: Mobilephone Malware
Today[edit | edit source]
Before the rise of nowadays Smartphones most Malware was created for SymbianOS. This changed with the introduction and spreading of AndroidOS and iOS which lead to an astounding increase of Mobile malware, from 792 samples in 2011 to 36,699 in 2012. http://fortune.com/2013/04/14/android-gets-97-of-malware-apple-ios-58-of-enterprise/
Whereas iOS with its closed system and app store is spared for the most part by malware, the AOSP is targeted meanwhile by 97% of nowadays Malware. This is mostly due to the fact that AOSP has become the most widespread operating system (>70%) and is an open, developer friendly, OS. Furthermore it is just natural that with a growing number of opportunites comes a growing number of possible threats. http://www.kaspersky.com/internet-security-center/threats/mobile
This does not mean that the AndroidOS is entirely insecure. Most cases of infection happen due to the lack of conscious operating of its user as almost 100% of malicous apps are to be found in after market appstores. In fact, the amount of Malware in the official PlayStore is about 0.1% and with the introduction of googles F-Secure it is possible, once a infected software is detected, to delete it from all Android smartphones.
http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/ But not only the existence of after market app stores is a threat to android users but also the possibility to gain root access. With the introduction of "one-click root" tools it has become possible for almost anybody to root his smartphone without being conscious about its potential risk. Most people do not think about the fact that not only themselves are gaining access to their system but that they are also opening a backdoor for possible attacks. This was the reason for CyanogenMod developers to start to turn off root access by default to protect people are not conscious about possible consequences.
Measures[edit | edit source]
As most cases of infection are caused by a not conscious handling of the user it follows a guideline which is as effective as short.
1. DO NOT INSTALL PROGRAMMS VIA ANY AFTERMARKET STORE 2. DO NOT INSTALL ANY 3rd PARTY APPLICATION WITH UNKNOWN SOURCE 3. DO NOT ROOT YOUR PHONE UNLESS YOU ARE AWARE OF WHAT YOU ARE DOING 4. Keep your OS and installed software up to date 5. (optional) Install an Antivirus program, for example: Kaspersky, AVG
Cryptography[edit | edit source]
The study of techniques for a secure communication in presence of a listening 3rd party.
Cipher: The algorithms used for enrcyption/decryption
Key: A secret, mostly short string of characters needed for the Cipher.
Cryptosystem: An ordered list of elements of finite possible plaintexts, ciphertexts,keys and the ciphers.
Short Historical Outline[edit | edit source]
- First transposition cipher: The greek scytale.
- A stick where the ciphered text is wrapped around and thus produces the plaintext.
- First substitution cipher: Caesar cipher.
- Every character of the plaintext is replaced with a character a determined amount of characters below in the alphabet.
- Both can be cracked through frequency analysis.
- Polyalphabetical ciphers
- Vigenère cipher.
- Shifts every character a different amount of characters.
- Harder to crack but still possible by hand.
- Vigenère cipher.
- 1883 Auguste Kerckhoffs found out, that the security of a cryptosystem does not need the the cipher, but the key to be unknown.
- Early 20th century many mechanical cipher devices were invented.
- Some of them were patented(e.g. the Enigma)
- Today a lot of cipher algorithms exist. They are mostly used by computers and thus can also encrypt audio and video information.
- Examples are DES(Digital Encryption Standard), AES(Advanced Encryption Standard), RSA(Ron Rivest, Adi Shamir, Leonard Adleman; the creators)
Encryption/Decryption Methods[edit | edit source]
There are two basic techniques for encrypting information: symmetric encryption and asymmetric encryption.
Symmetric encryption is the oldest technique.
- Same key for encryption and decryption (not the safest way to encrypt).
- Also known as Secret-Key-Encryption
- A set of rotors changes the flow of an eletrical signal that encrypts the input.
- Sender and receiver use the same key.
- Has a mayor flaw: A character can not be enrypted into itself.
- This helped the Allies to break into the Enigma during WWII.
- Basically a Caesar Ciphre with a shifting of 13.
- Since the alphabet consists of 26 characters, you can get the plaintext by using the same key of 13.
Asymmetric keys, also known as public/private key pairs, are used for asymmetric encryption. Asymmetric encryption is used mainly to encrypt and decrypt session keys and digital signatures. Asymmetric encryption uses public key encryption algorithms.
- Different key for encryption/decryption (safer way as symmetrical)
- Also known as Public-Key-Encryption
- Used to exchange keys over an unsecured connection.
- Based on the discrete logaritm problem.
- Widely used.
- encrypted text = m(Plaintext as integer)first part of public key (mod (second part of public key) )
- decrypted text = (encrypted text)private key (mod (second part of public key) )
- A combination of symmetric and asymmetric encryption.
- The message gets encrypted with a symmetrical encryption.
- The encryption key will be send through an asymmetrical encryption.
Examples in detail[edit | edit source]
- Vigenère cipher:
For the Vigenère cipher you need a message and a key.
For this example we use 'MESSAGE' as the message and 'KEY' as the key.
At first we need to make the key as long as the message, by repeating it as often as needed. 'Message' has 7 characters, so our new key wil be 'KEYKEYK'. Now we use the Vigenère grid to help us in encrypting. For the encryption we now replace every character of the plaintext with the intersection character of the plaintext character row and the key character column. So the M of Messages will turn into a W.
Our key: KEYKEYK Our message: MESSAGE Our encrypted text: WIQCEEO
To decrypt a message we need to look at the column of the current key character and search the row were this column is the current encrypted character. The starting character is the current character of the plaintext. For example the W of our encrypted message will turn back into a M.
Our key: KEYKEYK Our encrypted message: WIQCEEO Our decrypted message: MESSAGE
- Diffie-Hellman Key-Exchange:
For every cipher we need a key. But what if we can't exchange that key privately. Here the Diffie-Hellman key-exchange helps us.
Let's say Alice and Bob want to communicate with each other, but without a third person, here Eve, listening.
They agree publicly on a prime number p(here 23) and a primitive root as a base g(here 5).
They then both choose a private number known only to themselves.
Alices chooses a(here 6) and Bob b(here 15). Alice then sends Bob A = ga mod p (here 8). Bob sends Alice B = gb mod p (here 19). Alice and Bob can now calculate a secret number s. Alice uses s = Ba mod p (here 2). Bob uses S = A b mod p (here 2). Eve now knows only A,B,p,g. She cannot compute s out of these numbers.
In this example we use relatively small numbers. But if we would use p with at least 300 digits and a and b at least 100 digits long, then even the fastest modern computers cannot find a,b or s. The problem a computer has with this is called the discrete logarithm problem. On the other hand, g(the base), does not need to be that big (2,3,5... would be enough).
Protection[edit | edit source]
Antivirus software[edit | edit source]
Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software.
Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets, DDoS attacks.
Many websites run by antivirus software companies provide free online virus scanning, with limited cleaning facilities (the purpose of the sites is to sell antivirus products). Some websites—like Google subsidiary VirusTotal.com—allow users to upload one or more suspicious files to be scanned and checked by one or more antivirus programs in one operation. Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use).Microsoft offers an optional free antivirus utility called Microsoft Security Essentials, a Windows Malicious Software Removal Tool that is updated as part of the regular Windows update regime, and an older optional anti-malware (malware removal) tool Windows Defender that has been upgraded to an antivirus product in Windows 8.
Some viruses disable System Restore and other important Windows tools such as Task Manager and CMD. An example of a virus that does this is CiaDoor. Many such viruses can be removed by rebooting the computer, entering Windows safe mode with networking, and then using system tools or Microsoft Safety Scanner.System Restore on Windows Me, Windows XP, Windows Vista and Windows 7 can restore the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files and does not exist in previous restore points.
AntiVirus programs best friend or the evil within
In May 2014 Brian Dye a senior vice president of the software giant Symantec said in an interview that anti-virus software is death. With this statement he got a lot of attention. IT professionals think that this statement might mislead users don't to use anti virus software any more, but this is an important misunderstanding. What he meant was that a virus scanner alone is not enough to make a computer secure. And that protection is more about a security suite, that is able to detect and block even treats and security leaks that are not already known to the scanner. Source
A big disadvantage of virus scanner and security suites is that they consume a good potion of the computer systems resources. Even if there is no thead.
Botnets describes a network of infected computers, who are executing commands by a (unknown) third party. Botnets are often used to attack targets.
The most popular use are DDOS-Attacks.
- Any more famous security leaks?
- Reasons to create an alternative payment system
- How does it work?
Bitcoin is a cryptographic based currency. Unlike classical currency it is not regulated by organizations.
A short introduction of the Bitcoin
- Why Bitcoin instead of other virtual payment methods? What is so special about it?
- Bitcoin mining
- Bitcoin mining pools
- The relation to the Darknet
- Tracking methods
- Near field communication (NFC)
- What can normal users do to minimize their risk of vulnerability?
Ghostery is a free privacy-related browser extension, which detect and control web bugs.
A Web Bug is an object that is embedded in a web page or email and is usually invisible to the user but allows checking that a user has viewed the page or email. Many Experts say that Ghostery only seems like to secure the users and that they sell the user information's to other industries.
"According to Evidon, Ghostery does not collect any information which could be used to identify users or target ads specifically at individual users. Additionally, Ghostery would collect data only when Ghostrank is enabled. The collected data would be shared with the Better Business Bureau and offered to university students, researchers and journalists to support their studies." Source - Evidon FAQ
- Tools and techniques (to ensure privacy and security)
- Why setting up a vpn network? What are the advantages?
- How to setup an vpn network?
- Near field communication (NFC)
Access Control Systems
An Access Control System gives permissions who, where and when a person can get access to enter a private area in a building. For example you can enter a closed bank with an EC-Card. There are active, passive and biometrical access control systems.
- (following soon)
- (following soon)
- Examples for biometrical scans to identify or verify are fingerprint, iris and retina scan, palm of hand print.
Passwords[edit | edit source]
- How to build a good password with system?
- Alternative password systems (picture password, one-time-password, and so on)
- Single-use passwords (e.g. TAN)
- Time-synchronized one-time passwords
- Biometric (e.g. fingerprints, irises, infrared signature)
- Graphical password or graphical user authentication (GUA)
- Images Could Change The Authentication Picture
- Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites
- Windows Picture Passwords - are they really as "easily crackable" as everyone's saying?
- Researchers develop attack framework for cracking Windows 8 picture passwords
- Patent shows Apple working on image-based password alternative
- 2D Key
- Cognitive password
- Security-Tokens (e.g. USB device, Smart card, RFID, mobile phone, weight of your keys)
- Three alternatives to using passwords
- How does the password cracker work?
- Die Passwortknacker
- Social network research, and so on
Special Networks And Connection Methods[edit | edit source]
Proxy Servers[edit | edit source]
A proxy server is located between the customers client and the server that the customer wants to access
If a proxy is used, there is no direct connection between the remote server and the customers computer. Therefor the remote server does not know the real internet address from the customer.
A risk of using a prox is that the proxy server can change the content in favor of the owner.
For example advertising can change or can be added or more important some meanings can be changed. E.g. in news
Also a proxy server can use their log files to create statics over customers and use them however they want.
Virtual Private Network (VPN)[edit | edit source]
A virtual private network extends a private network over a public network like the World Wide Web.
To keep the network secure it make use of encryption techniques and it typical only allows only authenticated access. To make sure this is possible there is a software needed.
So the data are more secured if they get send over a virtual private network.
VPN connections often used by employees to securely access theier company's intranet, from home or generally outside from the office.
There are two types of VPN's. One is the Site-to-Site VPN (connecting two networks) and the other is the Remote-access VPN .
Site-to-site VPNs connect entire networks to each other, this means, site-to-site VPN can be used to connect a branch or remote office network to a company headquarters network. Each site is equipped with a VPN gateway, such as a router, firewall, VPN concentrator, or security appliance.
The VPN gateway is responsible for encapsulating and encrypting all outbound traffic from a particular site and sending it through a VPN tunnel over the Internet to a peer VPN gateway at the target site. On receipt, the peer VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network.
In a Remote-access VPNs, individual hosts or clients, such as telecommuters, mobile users, and extranet consumers, are able to access a company network securely over the Internet. Each host typically has VPN client software loaded or uses a web-based client. A remote-access VPN host or client typically has VPN client software like supervpn or any other. Whenever the host tries to send any information, the VPN client software encapsulates and encrypts the information before sending it over the Internet to the VPN gateway at the edge of the target network. On receipt, the VPN gateway handles the data in the same way as it would handle data from a site-to-site VPN.
To prevent disclosure of private information, VPNs typically allow only authenticated remote access and make use of encryption techniques.
VPNs provide security by the use of tunneling protocols and through security procedures such as encryption. The VPN security model provides:
- confidentiality such that even if the network traffic is sniffed at the packet level, an attacker would only see encrypted data.
- sender authentication to prevent unauthorized users from accessing the VPN.
- message integrity to detect any instances of tampering with transmitted messages.
OpenVPN is an open-source software application, created by James Yonan, that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels.
OpenVPN offers several internal security features. It has up to 256-bit Encryption through OpenSSL library although some service providers may offer lower rates effectively making the connection faster.It runs in userspace, instead of requiring IP stack (and therefore kernel) operation. OpenVPN has the ability to drop root privileges, use mlockall to prevent swapping sensitive data to disk, enter a chroot jail after initialization and apply a SELinux context after initialization.
Tor Project[edit | edit source]
Tor ("The Onion Router") is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.
Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user.
The term "onion routing" refers to application layers of encryption, nested like the layers of an onion, used to anonymize communication.
Tor encrypts the original data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it.
The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address. Because the routing of the communication is partly concealed at every hop in the Tor circuit, this method eliminates any single point at which the communication can be de-anonymized through network surveillance that relies upon knowing its source and destination.
The "onion routing" was developed by an U.S. Naval Research Labortory for the primary purpose of protecting government communications.
On a general level, Tor is useful for anyone who wants to keep their internet activities out of the hands of advertisers, ISPs, and web sites.
For an example, you live under a dictatorship or you're a journalist in an oppressive country you can use Tor to anonymize your traffic.
DarkNet[edit | edit source]
The deep web is also called the Deepnet, Invisible Web Hidden Web and so on. Content on this web is not indexed by standard search engines.
Darknets are Peer-to-Peer networks in which users connect manually to each other using non-standard protocols and ports.
Everything that is shared in a Darknet is anonymous and the IP addresses are also not publicly shared, which makes Darknets pretty interesting for file-sharing, therefore users can communicate with little fear of punishment. This is a big point for dissident political conversations and illegal activities.
Access to the DarkNet
The content is intentionally hidden from the regular web. With the software "Tor" you can get access to the sites of the DarkNet. Websites on the DarkNet have .onion addresses, which is a anonymous hidden service of the Tor network. .onion addresses are 16-character non-mnemonic hashes of alphabetic and numeric strings.
Content on the DarkNet
The general size of the dark net is hard to estimate. Files such image files, Usenet archives, .PDF and .DOC documents used to form a part of the DarkNet. You can also find a lot of illegal things on the DarkNet like drugs, illegal transactions, weapons, pirated software and black markets. The Darknet contains information that might not be avialable on the visible web.
A popular website at the darknet that sold drugs was Silkroad. It was taken down at the end of 2013 after a 2-year long investigation by multiple federal organizations.
- Highly secured against attackers because only a few people know the existence of the Darknet
- New members have to be invited by existing members
- Data is transferred and saved encoded
- Normally less than 10 members
- Data transfer between people e.g. file-sharing like movies, music or other copyrighted material
- Freedom of speech (e.g. China)
The most important thing is to have anti-virus protection. You also have be intelligent about what links you click, because the DarkNet is full of Phishers and if you don't want to see any disturbing images or content, simply browse as text only.
Origin of the name 'Darknet'
The 'Darknet' arose from the article 'The Darknet and the Future of Content Distribution' published 2002, in this article four Microsoft employees, argued that the existence of 'Darknet'
is a big obstacle in the development of working technology for digital rights management
Anonymity[edit | edit source]
Anonymity means that one person or a group of persons can´t be identified (synonymous to incognito).
Nicknames allow the user pseudonymity on the internet.
Anonymity can be achieved on the internet by using various techniques, but they are limited because during every data exchange the IP address is exchanged.
Actions in order to become anonymous in the internet:
Anonymizer are employed to make use of another IP address while surfing on the internet to keep your own identity secret. The most common methods are proxy servers or Virtual Private Networks (VPNs).
However, there are also risks that operators of proxys can make log files where protocols, the IP address, time and data are saved. The operator is forced to give these logs files to authorities if they demand them. Because of retention law in many countries they ere committed to this.
Defiance of these log files to ensure anonymity can be achieved by using tools which build up a chain of proxies which exchange encrypted data. It is hoped that at least one proxy does not save log files, but this variant slows down the connection. However this method makes it almost impossible to trace the connection.
Anonymous file sharing
Anonymous file sharing programs offers the opportunity to exchange data over the internet anonymously. Anonymity is achieved by using anonymous Peer-to-Peer networks where the data becomes encrypted and the exchanging clients do not create a direct IP connection and instead the data gets IDs and will be sent over the proxy to the receiver.
Anonymous file sharing programs are: I2P (with i2psnark, iMule, l2Phex), Freenet or GNUnet.
Using Darknet networks
More comming soon!
Paying with personal data[edit | edit source]
\'If you don't have to pay, you are the product.\' Internet service providers like Google, Facebook and Linked-In provide their services for free – but we pay with data, personal data. The industry is paying from 0.00005 to 0.75 USD for personal information. A complete set of data can be worth multiple dollars. These datasets are bought in amounts of 1000. FT.com is providing an example calculator here. The biggest problem is that most people are not willing to pay for their privacy and instead pay with their privacy.