SECURITY - TOOLS
SECURE YOUR CODE
Software companies should either make their products open source so buyers can see what they’re getting and tweak what they don’t like, or suffer the consequences if their software failed. If they get a really low score, “we can guarantee that … they’re doing so many things wrong that there are
vulnerabilities” in their code. — Sarah Zatko
Peiter Zatko and his wife, Sarah, a former NSA mathematician, have developed a first-of-its-kind method for testing and scoring the security of software — Cyber Independent Testing Lab. The technique involves, in part, analyzing binary software files using algorithms created by Sarah to measure the security hygiene of code.During this sort of examination, their algorithms run through a checklist of more than 300 items known as “static analysis” because it involves looking at code without executing it, the lab is not looking for specific vulnerabilities, but rather for signs that developers employed defensive coding methods to build armor into their code.
Software developers can test their code for conformance to CERT secure coding standards by using the CERT Program's Source Code Analysis Laboratory, or SCALe. To learn more, watch a free webinar about SCALe.
Most software vulnerabilities stem from a relatively small number of common programming errors. Coding standards encourage programmers to follow a uniform set of rules and guidelines determined by the requirements of the project and organization, rather than by the programmer's familiarity or preference. Once established, these standards can be used as a metric to manually or automatically evaluate source code.
Members of the CERT Secure Coding Initiative have analyzed thousands of vulnerability reports to identify insecure coding practices and develop secure coding standards, which software developers can use to reduce or eliminate vulnerabilities before deployment.
The Hacking Technologies Used by Law Enforcement [code word: Tailored Solutions]
NIST Special Publication 800-88 Guidlines for Media Sanitization NIST/DOD instructions for wiping storage media.
Christopher Soghoian, Principal Technologist, ACLU first ever law-school discussion panel on law enforcement hacking at Yale. FBI hacking, ACLU's comments to the federal rules committee is a must read.
|Security Tools for beginners|
How To EliminateTop Ten Security Threats
|SURF AND EMAIL ANNONYMOUSLY||
|How To Safely Integrate Technology Tools into the Classroom|
Campaign Contributions -
who gave what to who
Censorware Companies and Saudi Arabia Censorship
|How to Obscure Any URL|
|VIRUS ALERTS & URBAN LEGENDS|
NSA Playset Forget intrusion software, and get yourself some unregulated intrusion hardware! Inspired by the NSA ANT catalog, we hope the NSA Playset will make cutting edge security tools more accessible, easier to understand, and harder to forget. Now you can play along with the NSA!
THE BEST VPN SERVICE - Snowden urges consumers to adopt more secure file storage systems which are less susceptible to government surveillance.
- Securedrop originally created by the late Aaron Swartz
Dropboxis hostile to privacy,
- zero knowledge' Spideroak
Find and remove malware with the free Sophos Virus Removal Tool
3/11/14 World's first 3-D acoustic cloaking device hides objects from sound "...Using little more than a few perforated sheets of plastic and a staggering amount of number crunching, Duke engineers have demonstrated the world's first three-dimensional acoustic cloak. The new device reroutes sound waves to create the impression that both the cloak and anything beneath it are not there. The acoustic cloaking device works in all three dimensions, no matter which direction the sound is coming from or where the observer is located, and holds potential for future applications such as sonar avoidance and architectural acoustics...."
There are a ton of reasons why someone would need to record the keystrokes of a keyboard including monitoring your child's internet activity, an unfaithful spouse, an employee or just making sure no one is monitoring you.
There are two types of sniffers, the hardware kind and the software kind. With a software sniffer, you need to be able to access the computer you want to monitor and install the software.
If the computer has a password you're out of luck. If you do manage to log into the system, then chances are that whatever antivirus / anti spyware system is running, it will detect your keylogger. Hardware keyloggers only require that you have physical access to the pc; you simply unplug the keyboard, plug the keyboard sniffer into the computer, then attach the keyboard to the sniffer and walk away.
A few days later, simply unplug the device and attach the keyboard back to the computer and head home. Once you are on your computer, you'll attach the device as before, enter your secret code and you'll have access to all the recorded keystrokes. You can expect to pay about $60 – $150 for a keyboard sniffers that you plug into the keyboard, not free, but considering the hassle of installing a software keylogger, it may just be the best route. If you're interested in checking out the free keylogger BFK, visit bfk.sourceforge.net
The GNU Privacy Handbook Copyright © 1999 by The Free Software Foundation
Even if you have nothing to hide, using encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. If you do have something important to hide, you are in good company; GnuPG is one of the tools that Edward Snowden used to uncover his secrets about the NSA.
Email Self-Defense learn how and why you should use GnuPG for your electronic communication.
Zimmerman's $20 a month Silent Circle encryption service. Facebook topping health insurers, banks, and even the federal government as today's No. 1 privacy threat.
Defeat infected vulnerable content-management servers with a customized version of the "itsoknoproblembro" DDoS toolkit, likely using a vulnerability in the default Bluestork Joomla template. [After years of focusing mainly on the malware used in data breaches and financially motivated hacks, some security experts have begun to turn the spotlight on the attacker himself. See Turning Tables: ID'ing The Hacker Behind The Keyboard.] The New Norm The average denial-of-service attack falls far short of the volume of traffic leveled at targeted sites during Operation Ababil. While Arbor declined to give bandwidth figures, DDoS mitigation firm Prolexic stated that the attack reached 70 Gbps and 30 million packets per second against some of its customers. Another source familiar with the attacks, who asked not to be named, pegged the bandwidth as high as 100 Gbps. "If someone said your core enterprise publishing server is being used in an attack, (the security team) would have to get management permission to shut down the server, because it would have a business effect," he says.
Man In The Middlemitmproxy: a man-in-the-middle proxy
sendsafely.com SendSafely offers a radically new way to securely send and receive files. Share files in minutes using 256-bit PGP encryption. Upload files, share the link, grab a sandwich... you're done. It couldn't get any easier.
Do not install Amazon Browser Apps prevent Amazon Man in the Middle Attack
2013 Insecure browser addons may leak all your encrypted SSL traffic, exploits included. Let me show you how you can view all SSL encrypted data, via exploiting Amazon 1Button App installed on your victims' browsers. Plaintext traffic is dead easy to sniff and modify. how you can< view all SSL encrypted data, via exploiting Amazon 1Button App installed on your victims' browsers.
- * Free * Uses recognizable and known encryption algorithms
- * Works sensibly with a container file that can be treated as external data (i.e.: backed up to tape entire)
- * Source code available
- * No adware or "wouldn't you like to buy me now?"
- * Small footprint
- Like anything, it has as many legitimate as illegitimate uses; this is public information and, ironically, was brought to my attention by some of the top security experts in the industry.
Creates a virtual drive inside of any object of your choosing. But goes one better. You can encrypt within the encryption in ways undetectable. Thus you can give a password and allow others to open it and inspect. Those looking will never know that within the encrypted space there is another deeper form of encryption. That said, I'd really hate to see the gov't or someone else shut this down. At the same time, for people traveling who are doing legitimate things that overreaching gov't officials have no right to see (and for which it is too late once compromise), this presents a valid solution. It is also incredibly useful for anyone carrying sensitive information b/c it gives you two layers of protection if your storage device or laptop is stolen. Know that if you mount it to a flash drive, it formats the entire drive. Most people create an object and mount it to that. Also, never, ever forget your password - did that once - and lost 50 megs worth of data. (might want to use roboform, which encrypts and protetcts your passwords). There's no getting inside of this. Ever. It's about as rock solid as it gets.
ENCRYPTION and SECURITY TUTORIAL (Security researcher Peter Gutmann.)
A Cost Analysis of Windows Vista Content Protection by Peter Gutmann Dept. of Computer Science12/27/06
It details how Vista is intentionally crippled, to protect "premium content". Also possible effects on OSS, drivers etc.
Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server).
This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry.
The Vista Content Protection specification could very well constitute the longest suicide note in history. [...]
Disabling of Functionality
Vista's content protection mechanism only allows protected content to be sent over interfaces that also have content-protection facilities built in. Currently the most common high-end audio output interface is S/PDIF (Sony/Philips Digital Interface Format). Most newer audio cards, for example, feature TOSlink digital optical output for high-quality sound reproduction, and even the latest crop of motherboards with integrated audio provide at least coax (and often optical) digital output. Since S/PDIF doesn't provide any content protection, Vista requires that it be disabled when playing protected content. In other words if you've invested a pile of money into a high-end audio setup fed from a digital output, you won't be able to use it with protected content. Similarly, component (YPbPr) video will be disabled by Vista's content protection, so the same applies to a high-end video setup fed from component video. [...]
Elimination of Open-source Hardware Support
In order to prevent the creation of hardware emulators of protected output devices, Vista requires a Hardware Functionality Scan (HFS) that can be used to uniquely fingerprint a hardware device to ensure that it's (probably) genuine. In order to do this, the driver on the host PC performs an operation in the hardware (for example rendering 3D content in a graphics card) that produces a result that's unique to that device type. In order for this to work, the spec requires that the operational details of the device be kept confidential. Obviously anyone who knows enough about the workings of a device to operate it and to write a third-party driver for it (for example one for an open-source OS, or in general just any non- Windows OS) will also know enough to fake the HFS process. The only way to protect the HFS process therefore is to not release any technical details on the device beyond a minimum required for web site reviews and comparison with other products."
P2P What they will find out about you when you use p2p and are tracked. - See What You Share A Showcase of Material Found on Peer-to-Peer Networks throughout the World.
TorrentSpy "The intent behind TorrentSpy is to give the BitTorrent power-user all the information ... TorrentSpy is not meant to replace the normal BitTorrent client, ..."
BitTorrent search site hits back
"The MPAA is in essence trying to outlaw the torrent file format."
Nareos, a developer of p2p distribution technologies, announced the launch of PeerMind, a new peer-to-peer monitoring and data mining service for entertainment industry clients. The service, which the company says does not collect IP addresses of file-swappers, monitors P2P networks including eDonkey and Gnutella, and plans to add FastTrack (Kazaa) and BitTorrent soon. In addition to detailed reports and custom research, Beverly Hills, Calif.-based Nareos will also publish free weekly charts of the most-downloaded songs, movies, software, video games and ringtones on file-sharing services.
PCHelp's Network Tracer
TRACE.BAT is an MS-DOS batch process which uses standard network query utilities to work up a handy report on a given Internet address.
DIGITAL RIGHTS MANAGEMENT
Insecure.org OpenDVD Project Launched and more.
Peer to Peer Technology
peer-to-peer computing is the sharing of computer resources and services by direct exchange between systems. These resources and services include the exchange of information, processing cycles, cache storage, and disk storage for files. Peer-to-peer computing takes advantage of existing desktop computing power and networking connectivity, allowing economical clients to leverage their collective power to benefit the entire enterprise.
Free CD-DA Extractor rips audio CDs and converts audio files. The application supports the following formats: MP3 (MP1, MP2, MP3), MPEG-4/AAC (M4A), OGG Vorbis (OGG), WAV, Monkey's Audio (APE), and FLAC formats.
EphPod is a full-featured, easy-to-use Windows application that connects with Apple's iPod. With a FireWire card and EphPod on a PC, it takes under 30 minutes to transfer 1,000 songs to an iPod. In addition, EphPod supports standard WinAmp (.M3U) playlists, includes powerful playlist creation features, and will synchronize an entire music collection with one click. It imports Microsoft Outlook contacts, in addition to allowing users to create and edit their own contacts. EphPod can also download the latest news, weather, e-books, and movie listings to an iPod.
CD / DVD Backup Workarounds or http://www.cdmediaworld.com/
- WCT/WPPT goals include preventing every unauthorized use
- DMCA goal -- preventing unauthorized copying or use of work
- DRM goal -- their products let publishers control every use of a work, right down to private home viewing.
Copyright law doesn't give publishers the right to control or hinder the public's exercise of their fair use rights by "preventing unauthorized copying or use of work" Some unauthorized copying and some unauthorized uses have always been legal and these workarounds prevent turning copyright from a limited monopoly into an absolute, unlimited monopoly by deciding what is "authorized".
I.R.C. - Used to transfer big files that would be rejected by an e-mail system without burning a disc and putting it in the mailbox. The file-transfer capability in I.R.C. may be the most convenient way. The F.B.I. is interested in the best way to monitor the traffic. IRC started in the 1980's, communicate in real time chat rooms, known as channels. The whole idea behind I.R.C. is freedom of speech. This is where to find illegal software vaults on the Internet where pirates generally used I.R.C. to communicate and coordinate with one another. Warez, pronounced like wares, is techie slang for illegally copied software. It is generally a text-only medium, it does not require high-capacity Internet connections, making it relatively easy to run a private I.R.C. server from home. I.R.C. server software developed by William A. Bierman, known online as billy-jon. Also find public I.R.C. networks, like DALnet, EFNet and Undernet. Each typically ties together dozens of individual chat servers that may handle thousands of individual users each. Rob Mosher, known online as nyt (for knight), runs a server in the EFNet network. First, the user downloads an I.R.C. client program the most popular is a Windows shareware program known as mIRC (www.mirc.com). When users run the I.R.C. program, they can choose among dozens of public networks. Within a given network, it does not really matter which individual server one uses. If users know the Internet address of a private server, they can type in that address. Once logged in to a public server, the user can generate a list of thousands of available channels. On an unmoderated network, the most popular channels are often dedicated to trading music, films and software. In addition to supporting text-only chat rooms, I.R.C. allows a user to send a file directly to another user without clogging the main server. irc://undernet/gettogether see http://www.irc.org/
VIDEO CODECS - K-Lite Codec Pack, Tsunami Codec Pack, Nimo Codec Pack, DivX Free, ACE Mega CoDecS, Koepi's XviD, Codec Pack All in 1
AUDIO CODECS - LAME MP3 Encoder, BladeEnc, Fraunhofer Radium MP3, AC3 Filter, Vorbis Ogg ACM Codec, AC3 Decoder, MPEG Layer-3 Codec
TOOLS - Real Alternative, QuickTime Alternative, BSplayer, Media Player Classic, GSpot, VideoLAN, Winamp
Traveling with a laptop
U.S. agents can seize travelers' laptops: report
"U.S. federal agents have been given new powers to seize travelers' laptops and other electronic devices at the border and hold them for unspecified periods"
Keep Your Data Safe at the Border, CNet, May 5, 2008,
use cloud computing or your own home server or whatever, and transfer it in encrypted form end-to-end.
How-to create your own virtual machines.
http://www.lorenzoferrara.net/old-site/blog/pivot/entry.php?id=73 http://www.hackaday.com/2005/10/24/how-to-vmware-player-modification/ The only "safe" way to get your laptop into the US would be to create a VM containing your chosen OS and data and then leave this at home. Travel without a laptop until you arrive at your destination. At this point you can acquire a machine, generate a keypair and export the public key. A trusted third party then encrypts the VM and makes it available for download, probably with a service like Amazon's S3.
Amazon S3 is based on the idea that quality Internet-based storage should be taken for granted. It helps free developers from worrying about how they will store their data, whether it will be safe and secure, or whether they will have enough storage available. It frees them from the upfront costs of setting up their own storage solution as well as the ongoing costs of maintaining and scaling their storage servers. The functionality of Amazon S3 is simple and robust: Store any amount of data inexpensively and securely, while ensuring that the data will always be available when you need it. Amazon S3 enables developers to focus on innovating with data, rather than figuring out how to store it.
The VM can contain all your actual data contained in encrypted volumes to minimize the risk of having to trust a third party (though this would require transporting a private key inside the VM). This way you avoid the problem of taking data through the border and also of taking a password through with you, the keys don't exist yet so how could you reveal the password? Nothing carried through and nothing concealed.
If you're willing to expose a port on your home network, then from your destination you could use scp to transfer the VM to your location using password authentication. Then you do not have to trust a third party.
- Electronic Frontier Foundation
- The Center for Democracy and Technology
- Peter Swire Privacy Senior Fellow, Center for American Progress
DSL ONLINE SECURITY running a test attack courtesy of Steve Gibson's (Gibson Research). To run this test, click on his Shields Up message. You will then be given an opportunity to initiate an immediate remote test attack on your computer's current defenses (fire walls) and ports.
IBM 4758 cryptographic coprocessor, designed to destroy itself if it detects an intrusion attempt. Coprocessor features "physical penetration, power sequencing, temperature, and radiation sensors to detect physical attacks against the encapsulated subsystem." The U.S. government has certified it to meet the FIPS 140-1 standard at level 4, the most secure.
Not a law firm. Web Site Assists Defrauded Investors Ex-Wall Streeters, who bring their expertise directly to the investing public. Free proprietary service called Advanced Investor Response they provide investors with an insider's view of how the brokerage industry works.
FOR MISSING AND ABUSED CHILDREN - REPORT INTERNET SEXUAL MISCONDUCT ONLINE AS IT is HAPPENING - 1-800-843-6578
The computer spy that steals your passwords and credit 
ABOUT three weeks ago, Cheryl Lambert bought a £179 surfboard on eBay for her daughter. Soon after, she noticed her computer started to behave erratically and within a few days it had ground to a halt.
"It just completely crashed," said Lambert, 38, a community worker who lives in Helston, Cornwall. "The anti-virus software was saying the computer was infected, but it just couldn't fight it. The computer got slower and slower and then it just stopped."
A few days after her desktop machine was unplugged from the internet, Lambert's personal details appeared on a Russian website.
Her home phone number, her address, her credit card number and her e-mail address with Tesco were all listed on a forum where criminals and computer hackers trade stolen identities. Lambert cancelled her gold Lloyds TSB card when she was alerted by The Sunday Times to what had happened, but one fraudulent transaction for £10.70 had already been made.
Lambert is believed to have fallen victim to malicious "trojan" software. This can be unwittingly downloaded from an e-mail attachment or website and then quietly records details of passwords, security codes and credit card numbers used on secure websites. The information is relayed back to the author of the malicious software.
The Russian website that posted Lambert's details, is one of a network of sites which trade in stolen identities. Thousands of passwords for e-mail accounts, security numbers for credit cards and access codes for shopping websites are offered for sale online after being "harvested" from trojan software.
In a four-week investigation a Sunday Times reporter approached users on Russian websites who were offering stolen identities for sale. The site includes a step-by-step guide to stealing identities and using the information without detection.
The reporter was offered stolen data on British citizens ranging in price from $2 to $5 per person. She requested a free sample and at 11.50pm on August 23 the details of more than 30 individuals were posted online, 13 of whom were British.
Max Haffenden, 27, an IT worker from Bexhill-on-Sea in East Sussex, was among those on the list and he confirmed last week that The Sunday Times had obtained his secret password from the Russian website. He uses the password - which has now been cancelled - for his personal Yahoo! e-mail account, payment transfers using PayPal and online shopping accounts.
"I am amazed someone could have got access to these details," he said. "I have a good idea of how computers work and how to be as secure as possible. I only trust a site with my details if it has a "padlock" to show it is a secure server."
Haffenden, who used a computer firewall and anti-virus software, said his computer's systems alerted him to malicious software, which he said might have been a trojan, about a year ago. He was unable to fix the problem but said it did not affect the performance of his computer.
Others on the list said there had been no apparent problems with their machines. Nick Riches, 40, from Basingstoke in Hampshire, who also works in the computer industry, was among those targeted. He confirmed his "standard secure password" had been obtained by the Russian website, along with his Hotmail access, his home address and details of a NatWest card. He said he regularly scanned his computer for viruses but had not been aware of any malicious software.
There was evidence last week that the fraudsters had already used some of the personal data to steal money. Cards belonging to Haffenden and Riches had been used without their permission on an internet gambling site, Unibet, in the past month with payments of £400 and £512.50.
Stolen data offered on foreign websites is usually obtained from hacking into the database of an online company to obtain customers' details or from infiltrating a personal computer.
While nearly all computer users are alert to the threat from viruses, many are unaware of trojans, which can covertly install themselves via a website or e-mail attachment.
Carole Theriault, senior security consultant at Sophos, an internet security company, said: "Viruses basically had bells and whistles to say "we've got you" and spread rapidly around the internet. Trojans are very different. They don't spread on their own and may not even affect the performance of your computer, but when you go on sites like eBay or check your account online, they can record the keys you press.
"About 70% of the reports of new threats of malicious software are trojans. The people who send them out don't hit so many computers because they don't want to make the headlines."
Theriault said that a firewall and regularly updated anti-virus software would help reduce the threat from trojans, but there was no 100% solution. "It's like driving a car," she said. "There's always a risk. You just have to do everything you can to reduce it."
One of the problems is that some trojans are not always identified by anti-virus software. One trojan, called A311 Death or Haxdoor, has infected an estimated 35,000 computers worldwide, including 10,000 in Australia.
A warning from the Australian Computer Emergency Response Team stated: "If your computer is already compromised with an input/output monitoring trojan, SSL (encryption) cannot prevent the trojan from capturing web form data, keystrokes, and passwords."
In the UK many people are unaware of the threat. An official Home Office leaflet providing advice on identity theft does not even mention the importance of computer security. The government does, however, support a website, Get Safe Online, which provides information on protecting a home computer.
Despite the warnings and security software available, obtaining personal data stolen from British computers is easy. It is also cheap, with passwords being traded online for as little as £1.
Using an internet Cyrillic keyboard to enter the word "carding" on the Google search engine, a Russian-speaking Sunday Times reporter was presented with an array of sites offering stolen data and bogus identity documents.
One website - called carders0.tripod.com - had a virtual shopping basket of identity fraud, with "buy now" icons next to every item. The products on sale included credit cards - both fake and real - driving licences, travellers' cheques, fake passports and machines to make credit cards. The site included starter packs for fledgling fraudsters as well.
The same site also offered a service called Rebirth in which visitors were offered the chance to "buy a whole new identity from Britain or Ireland". Costing £13,000, the package offered a new passport and a birth certificate. The Sunday Times was unable to confirm whether genuine documents would be exchanged for an online payment.
At the lower end of the scale, a range of websites offered stolen data that could be used to access subscription services, pay for goods online or transfer funds. Some of the data are even posted for free as samples to interested buyers. After using the data, one user of http://www.carder.info commented on the website: "Thanks, found some valid stuff. Put up more."
The batch of stolen data provided to the reporter included passwords for e-mail accounts, credit card numbers and home telephone numbers of people in Bishop's Stortford in Hertfordshire, Spalding in Lincolnshire, Blackpool, Hartlepool and Glasgow.
A week after the reporter was given the sample, she was able to retrieve the passwords for the PayPal accounts of 19 Britons from the site. The information would enable fraudsters to gain access to accounts and transfer funds.
The www.carder.info site is registered to 340 Pushkinskaya in Moscow. The house number does not exist. The Russian-based company that hosts the site, Net of National Telecommunications, would not comment last week, but is understood to be in contact with police about any suspected illegal transactions.
Lennart Ehlinger, group security controller for the London-based Unibet, said it was difficult to detect fraudulent use of credit cards if the fraudster was able to provide a security code, number and home address.
A spokesman for Apacs, the UK payments association, said hackers who stole personal information often evaded detection by using a network of foreign websites.
A spokesman for PayPal said its servers were secure, but information on passwords was sometimes compromised by trojan software and "phishing", which uses spoof websites to obtain user information.
HOW TO STAY SAFE ONLINE
The risks can never be wholly eliminated, but experts recommend:
* Never go online without first ensuring your computer is protected with a firewall and anti-virus software. An unprotected computer is on average infected within 12 minutes of being plugged into the internet, according to research by Sophos, the computer security company.
* Always make sure you have the latest anti-virus software
* Consider installing software that scans your system for downloads that secretly monitor your computer use. Products such as Spybot Search & Destroy (www.safer-networking.org) can be downloaded free.
* Never download software from unknown sites. The downloads can harbour trojans. Similarly, never open e-mail attachments from unknown sources.
* When entering details on a banking website or payment service, such as PayPal, carefully check the website address. A trojan can direct a computer to a spoof site.
* If your computer is performing erratically or slowing down, then scan it with anti-virus software.
SPYWARE ROOT KITS
Rootkit Removal Tools by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Rootkits are a growing problem, and as you might expect, the list of tools that can help you prevent rootkit infiltration is also growing. The list of standalone tools that can help with rootkit detection and removal is also expanding. This week, I give you a list of the standalone detection and removal tools that I know about.
The alphabetical list below can be a resource to help you add some useful tools to your security toolkit. As with antivirus and antispyware tools, using multiple rootkit detection and removal tools is a good idea because not every tool can detect and remove every rootkit.
Of the tools listed, I've used RootkitRevealer, F-Secure BlackLight, Sophos Anti-Rootkit, and IceSword, all of which are from entities that I'm familiar with and trust to some extent or other.
A few of the tools on the list (GMER, DarkSpy, and Rootkit Unhooker) look interesting, but I have no idea who the authors are, nor do their Web sites offer much information to lend insight. So although I included them in the list, definitely use your own discretion.
There are undoubtedly other related tools available that I'm not aware of; if you know of one, please send me an email with details. If you've tried one of the tools below, let me know about your experiences with it.
BitDefender RootkitUncover beta, from SoftWin
This tool is currently available as a free beta and looks promising, particularly because it's from SoftWin, makers of BitDefender.
DarkSpy, from DarkSpy Security Group
This tool is from a group of Chinese security researchers that I'm unfamiliar with. The download page for the tool says, "Use at your own
risk," and you'd be wise to take that advice; however, it might give you a little comfort to know that this tool was recently mentioned in the SANS Internet Storm Center's Handler's Diary. Click the second URL under the Helios entry below to link to that mention. http://www.fyyre.net/~cardmagic/index_en.html
GMER, from an unknown independent Polish developer
Although no information is readily available about who developed this tool, its Web site has several screenshots and some movies (in .wmv and .avi format) that show the tool in action. So you can get a good idea of what it's like before using it.
Helios, from MIEL e-Security
This is a new tool, currently in "alpha" development, that looks promising. For some good insight into Helios, go to the second URL below to read the SANS Handler's Diary entry for July 26, in which you can also see some screen shots of the tool in action.
RKDetector, by Miguel Tarasco Acuna
This toolkit comes in two parts: A file system analyzer and an Import Address Table (IAT) analyzer. The file system analyzer scans the file system and registry, and the IAT analyzer scans memory space for
alterations that would allow rootkits to hook into the system. Screen shots are available to give you a good idea of what the tool looks like.
RootKit Hook Analyzer, from Resplendence Software Projects
Although most rootkit detection tools look at kernel hooks, the file
system, the registry, user accounts, and so on, this particular tool
focuses exclusively on kernel hooks.
RootkitRevealer, from Sysinternals
A tool written by Mark Russinovich and Bryce Cogswell, two very well
known Windows experts.
System Virginity Verifier, FLISTER, and KLISTER, by Joanna Rutkowska These tools specifically look for hidden files and at various system
components that might be modified by various rootkit techniques. Source
code is included. Rutkowska is a well-known researcher.
EFF Reveals Codes in Xerox Printers
The Electronic Frontier Foundation says it has cracked the tracking codes embedded in Xerox Corp.'s DocuColor color laser printers. Such codes are just one way that manufacturers employ technology to help governments fight currency counterfeiting.
Public Key Cryptography in One Easy Lesson
Public key cryptography relies on two scrambling devices, called "keys", that have the following relationship. There is a public key P and a private key R. Suppose I write a sweet, sensitive love letter, filled with spiritual values, genetic imperatives, and sexual innuendo, to my current flame Veronica. Let's refer to this letter as the message M. I encrypt it with Veronica's public key P, producing the encrypted message P(M). Anyone looking at P(M) will only see a string of meaningless symbols, gibberish. When Veronica receives it, she will apply her private key R to the encrypted message, producing R(P(M)) = M, turning the apparent randomness into tears, joy, and erotic fantasy.
The key pairs P and R must have the relationship that for any message M, R(P(M)) = M. In addition, it should be practically impossible for anyone to determine M from P(M), without the associated private key R. For any other private key R', R'(P(M)) is not equal to M--it's still gibberish. The key pairs P and R also have the commutative relationship P(R(M)) = M: if you encrypt a message with your private key R, then anyone can decrypt it using your public key P.
Being able to send secure messages is one function of public key cryptography. Another function is authentication. Suppose you sent a message M to Bill. He receives the message M*. Bill doesn't know whether M* is really from you; or, even if it is from you, whether it has been altered in some way (that is, if the M* he receives is the same as the M you sent). The solution to this problem, using public key cryptography, is that you also send Bill a digital signature S along with the message M. Here is how this authentication process works.
For simplicity, assume you don't even encrypt the message to Bill. You just send him the plain message M, saying "Dear Bill: You are wrong and I am right. Here is why, blah blah blah [for a few thousand words]." Then you just sign it by the following procedure.
First you chop your message down to size, to produce a (meaningless) condensed version, where one size fits all. To do this, you need a message chopper called a "hash function." You apply the hash function H to the message M to produce a "message digest" or "hash value" H(M) which is 160 bits long. You then sign the hash value H(M) with your own private key R, producing the signature S = R(H(M)).
The receiver of the message, Bill, applies the same hash function to the received message M* to obtain its hash value H(M*). Bill then decrypts your signature S, using your public key P, to obtain P(S) = P(R(H(M))). He compares the two. If H(M*) = P(R(H(M))), then he knows the message has not been altered (that is, M* = M), and that you sent the message. That's because the equality will fail if either (1) the message was signed with some other private key R', not yours, or if (2) the received message M* was not the same as the message M that was sent .
By some accident, of course, it could be that Bill finds H(M*) = P(R(H(M))) even if the message has been altered, or it is not from you. But the odds of this happening are roughly 1 in 2^160, which is vanishingly small; and even if this happens for one message, it is not likely to happen with the next.
Keep hackers out of your business! PCWorld article will show you how to encrypt your email using PGP Privacy. It will show you how to download, install, and configure PGP on your system. For those who are not familiar with PGP (Pretty Good Privacy), it's software that scrambles your messages so that only the intended recipient can read them. PGP has been around for quit some time and has been proven reliable.
Web bug basics - A Web Bug is a graphic on a Web page or in an Email message that is designed to monitor who is reading the Web page or Email message. Web Bugs are often invisible because they are typically only 1-by-1 pixel in size. Destroying Web Bugs
Download Bugnosis A privacy software package has been launched that specifically targets a new form of Internet tracking.
The Privacy Foundation has unveiled Bugnosis, a special program to detect webbugs. Webbugs are tiny image files which are being used increasingly to identify and track computer users. Bugnosis, which can be downloaded through the World Wide Web, is installed as a plug-in to existing Internet browsers, causes individual computers to say "uh-oh" when a webbug is encountered. It also logs the URL associated with a given webbug as well as further details as to the intruder's properties (such as whether the bug is connected to other digital identification files, including cookies). Moreover, Bugnosis places marks a viewed site so that the user can actually see the exact location of a particular webbug on the page. If the program discovers that a webbug is associated with certain well-known companies (such as Internet advertising giant DoubleClick), it allows the user to send an email message directly to the webbug owner for further queries or outright complaints. The Foundation hopes that this program will increase public awareness and openness about these tracking devices. For example, the organization argues that "Web site privacy policies should disclose the use of Web bugs. In fact, the general practice of online profiling by third-party ad networks should be disclosed in privacy policies, but is rarely mentioned."
Department of Justice
Offers Advice on how to protect against hackers and explains how to report Internet crimes, includes links to Web pages on issues like encryption and electronic privacy. The section on Internet crimes notes which agencies handle which types of crime. The site's advice for victims of computer crime, for example, boils down almost entirely to three marginally helpful words: "Call the FBI." (Anyone who has actually called a local FBI office and asked it to deal with problems such as Internet intruders quickly learns that this is an exercise in futility.) However, the site does contain lengthy arguments for the regulation of cryptography, the expansion of police powers, and the implementation of blocking technologies on the Internet. The pages at http://www.cybercrime.gov/crypto.html, which contain one-sided arguments against the availability of strong encryption and contain serious technical errors (for example, the difficulty of breaking encryption schemes such as single 56-bit DES is grossly overstated), are typical.
FOREIGN TERRORIST ORGANIZATIONS
Designations by Secretary of State Madeleine K. Albright. Released by the Office of the Coordinator for Counterterrorism October 8, 1999. Information from the Secretary of State's office listing and describing which organizations are considered Terrorist Groups according to the U.S. Government. (Subject(s): Terrorism & United States. Department of State)
Computer Crime and Intellectual Property Section (CCIPS)
Attorney staff consists of about two dozen lawyers who focus exclusively on the issues raised by computer and intellectual property crime. Section attorneys advise federal prosecutors and law enforcement agents; comment upon and propose legislation; coordinate international efforts to combat computer crime; litigate cases; and train all law enforcement groups."The site includes press releases, officials' speeches, testimony to Congress, legal texts, and Justice Department reports among other things. They also cover information on prosecuting electronic intruders, privacy, searching and seizing computers, intellectual property piracy, encryption, and international aspects of Cybercrime. Since keeping cyberspace safe is of special interest to all of us, especially children, the site also provides a link to the Internet "Do's and Don'ts" section of the Justice Department's Kids' page.
FBI and the National White Collar Crime Center
a clearinghouse and training center that exists to keep law enforcement agencies up to date on white-collar crime trends. Do you have a complaint about any product, service or company and wish help resolving the complaint from the Government? "File Complaints with the right agency about products and services including online scams, lost luggage, telephone service and more."
The U.S. Federal Bureau of Investigation is using a superfast system called Carnivore to covertly search e-mails for messages from criminal suspects.
Cross-Border E-Commerce Complaints http://www.econsumer.gov
The U.S. Federal Trade Commission and twelve other countries including Australia, Finland, New Zealand, South Korea, and the U.K., unveiled e-consumer.gov, a joint effort to gather and share Cross-Border E-Commerce complaints. The project has two components: a multilingual public Web site and a government, password-protected Web site. The public site will provide general information about consumer protection in all of the participating countries, contact information for consumer protection authorities in those countries, and an online complaint form. All information will be available in English, Spanish, French and German.
FTC: INTERNET AUCTIONS
Guide for Buyers and Sellers