Personal > Blogs

Personal blogs.

<1234567...58>
No user evaluation yet
Windows
TrueCrypt

WARNING: As of 28 May 2014, TrueCrypt is no longer maintained by its developers, which might have security implications. However, TrueCrypt version 7.1a is generally still considered safe. [1]

Step 1: Get TrueCrypt
Step 2: Install TrueCrypt
Step 3: In Truecrypt select the “Create Volume” option
Step 4: Follow the instructions of the "TrueCrypt Volume Creation Wizard"
Step 5: Select a drive letter in the main TrueCrypt window
Step 6: Select your TrueCrypt container or drive using the "Select File..." and "Select Device..." button
Step 7: Click the "Mount" button and enter your password. A new drive will now pop up in "My Computer"
Step 8: Store your sensitive files on that drive
Step 9: Click the "Unmount" button to unmount the drive

For additional security, encrypt your bootdrive with TrueCrypt.
You need to login to report a site Details
Last check 2017-09-28 07:25 UTC Online (0 sec)
No user evaluation yet
Firefox and SELinux

Update: it seems that updating the confined version of Firefox doesn't work. To work around this, temporarily disable SELinux before updating. Once the update process finished, you'll need to reset the file contexts on the files by running the command "restorecon -F -R -v ~/firefox-strict". Without doing this, Firefox will run unconfined after the update!

This guide has been written to help people out there creating a safe Firefox installation which is only allowed to browse through Tor. This means no other network traffic (eg. DNS requests, direct HTTP or FTP requests) is permitted to be sent from the process preventing any kind of data leakage possible by abusing the process (eg. memory leaks, buffer overflows, bugs in the code etc). This greatly increases the protection of your anonymity as it prevents all attempts to send your real IP address and other sensitive data to 3rd parties (like in the case of the recent FH attack where IP and MAC addresses and hostnames have been sent to a clearnet server).

Note that if you dedicated your system to the risky or illegal activities you do (eg. you use a VM inside your normal system or have a dual-boot setup), a better way to defend yourself is to simply block all outbound connections using a firewall and then configure your system to use the SOCKS proxy of Tor to connect to HTTP hosts on the internet. Otherwise, if you share your system between different activities and use a RHEL-based Linux distribution, you may follow this guide to make your browsing sessions more secure.

First of all, SELinux is a pretty hard-to-understand thing, so I won't go into technical details too much. Basically, think about SELinux as an additional security layer on top of the usual POSIX rights set on files, directories and other filesystem objects. POSIX rights are provided to grant read/write/execute/browse privileges for the owner user, the owner group and "everybody else" which means anyone having a user account on the system. SELinux extends this security scheme by creating application domains which are strictly separated from each other, applications from different domains cannot access each other's resources. All processes run in their confined security contexts (domains) which ensures they only have access to resources they really need access to.

To strengthen the security of the browser, I created a policy package for firefox which permits only connections to the SOCKS proxy of Tor. The steps below describe how to install and use the package:
You need to login to report a site Details
Last check 2017-09-28 07:30 UTC Online (0 sec)
No user evaluation yet
Aaron Marchers private website / blog about security, networking, linux, ...!
You need to login to report a site Details
Last check 2017-09-03 05:05 UTC Online (1 sec)
No user evaluation yet
National Security Agency | Cent
You need to login to report a site Details
Last check 2017-11-13 00:20 UTC Online (1 sec)
No user evaluation yet
Privacy and anonymity have been reduced to the point of non-existence in recent years (Thanks Obama). Our personal, private information is stockpiled and sold to the highest bidder like so much inventory at a warehouse. National Security Letters are written to make countless requests for records from our search engines, libraries, and book stores with no court oversight. Email and especially searchable data is practically unprotected from anyone who might ask to have it. All our electronic communications are tapped. Massive governmental data mining schemes are being built to record everything we publish on the web. In many workplaces, employers spy on and control their employees' Internet access, and this practice is widely considered to be acceptable.

These are dark times. The Fourth Amendment has all but disappeared, thanks to the Wars on Drugs, Porn, and Terror. Any practicing trial lawyer will tell you that you can no longer rely on unreasonable search to be the basis for excluding evidence, especially for digital evidence in the hands of a third party. Likewise the First Amendment has been shredded with exceptions and provisos, and is only truly available to those with the money to fight costly (and usually frivolous) court battles against large corporations. In short, you can say what you want so long as it doesn't affect corporate profits.

How we got to a legal state where all this activity is the accepted norm, I'm not quite sure. It seems to stem from an underlying assumption that our function at work and at home is that of a diligent slave - a single unit of economic output under the direct watch and total control of our superiors at all times; that we should accept this surveillance because we should have nothing to hide from our benevolent overlords who are watching us merely to protect us from evil.

I believe this view is wrong. Moreover, I believe it is time to reverse the tide. This document seeks to provide the means to protect your right to privacy, freedom of speech, and anonymous net access even under the most draconian of conditions - including, but not limited to, both private and criminal investigation (which happens far more often to innocent people than one might like to think). "So what are you saying? That I can dodge bullets?" "No.. What I am trying to tell you is that when you're ready, you won't have to."
You need to login to report a site Details
Last check 2017-09-25 22:55 UTC Online (1 sec)
No user evaluation yet
In Praise of Hawala by J. Orlin Grabbe

When I was teaching at Wharton, I remember one student who was amazed that he could "wire" his Treasury bill from a bank in Chicago to a bank in Manhattan. Of course there was no mystery to the process. Treasury bills only exist as accounting entries on the books of the Federal Reserve: there is no physical token or quality printed document involved.

The bank in Chicago was the registered owner of the T-bill on the Fed's books, and it simply sent instructions to the Fed to turn the T-bill over to the bank in Manhattan — i.e. to attach the Manhattan bank's name as the owner of the T-bill on the Fed's books. Meanwhile, the bank in Manhattan handed the student a computer-printed receipt, showing that the student was the owner of the T-bill from the bank's point of view.

In this Federal Reserve transaction we have the essence of the hawala system, a system currently under frontal assault from the U.S. because it is efficient, low-cost, and unregulated. As in the hawala system, a person in Chicago (the student) goes to an agent (the Chicago bank) and asks for the transfer for something of value (the T-bill). Through a centralized record- keeping system (the Federal Reserve), value is transferred to an agent elsewhere (the bank in Manhattan) and given to a person at the remote location (in this case, the student again, but it could have been anyone). A typical hawala transaction in Dubai, here on the shore of the Persian (Arabian) Gulf, might go like this. Iqbal, a Pakistani working in the Jebel Ali Free Zone, gets paid in cash, in UAE dirhams. He wants to send money to his family in Karachi, so he goes to a hawaladar and gives him 5000 dirham. The hawaladar sends an email or a fax to his uncle in Karachi (who is also a hawaladar), along with an agreed code for collecting the money. Iqbal's wife picks up 80,000 rupees from the hawaladar in Karachi. The transaction is simple and efficient by comparison to most of the alternatives. Iqbal pays on one day and his wife picks up the money the next day. Iqbal doesn't need a bank account, no one asks him to fill out elaborate forms or show a government ID number. Nor does he need to deal with an artificial exchange rate set by the Pakistani central bank — a rate of exchange intended to rip off (tax) Pakistanis in foreign countries who are purchasing rupees with their repatriated earnings. Instead, the local hawaladar in Karachi deals on the white market and gets a market-determined exchange rate. (The central bank calls the free market in currencies a "black market," but since the market involves voluntary exchanges between individuals, it should be referred to as a "white market" — or maybe not, depending on your psychological associations with colors.)

Why does the system work? The hawaladars are reliable and trustworthy. As even Interpol observed, "the delivery associated with a hawala transaction is faster and more reliable than in bank transactions." And "the components of hawala that distinguish it from other remittance systems are trust and the extensive use of connections such as family relationships . . ." It takes honest people to run this "illegal" business.
You need to login to report a site Details
Last check 2017-09-25 23:00 UTC Online (1 sec)
No user evaluation yet
You need to login to report a site Details
Last check 2017-09-15 16:45 UTC Online (1 sec)
No user evaluation yet
You need to login to report a site Details
Last check 2017-10-16 19:35 UTC Online (1 sec)
No user evaluation yet
You need to login to report a site Details
Last check 2017-09-25 09:05 UTC Online (1 sec)
No user evaluation yet
/pol/ - Politiikka
You need to login to report a site Details
Last check 2017-10-03 06:40 UTC Online (1 sec)
<1234567...58>