Recent Posts
Categories
Qubes os update, new for windows
Greetings all
Got a nice update to my windows qube during one of the past Qubes-os updates. If you have been following this blog sections, I have been using qubes as my main laptop OS for some months now. So far its been quite enjoyable to use. Yes, a few little things I have had to work around, or do differently, but for the most part its been quite enjoyable to use. The one big issue has been windows usage, things like connecting USB devices to the qube so I can copy off data, have of late been non usable. Its not surprising or unexpected, due to the security focus of the operating system.
But as of a few days ago some of the issues seem to have been solved. From one of the updates, not sure which one, I am now able to connect a USB device to the windows Qube. I am also able to resize the qubes window by using the mouse, that is a nice addition. My windows Qube is win 7 so not sure about any of the newer versions and if they work or not.
Hope the updates keep on this track, I would recommend this operations system if you need a ‘reasonably secure’ system. It can be difficult to configure at times, but its worth the price for what you get.
Thanks again
Status of Tor, I2P and FreeNet install and usage
Status of Tor, I2P and FreeNet install and usage
This entry is an update to the ongoing Qubes OS testing as a usable operating platform. For this I tested the installing of Tor, I2P and Freenet in a Qube and in a standalone VM. I must admit I had better sucess then I expected on all of them. I will first describe my configuration for the test, the Qube and the Standalone VM. Yes, I am running two installs, but only use one for my day to day testing. The day to day testing is the Qube or as the document state an APPVM. The Standalone VM is Ubuntu 12.04, patched up to 14.04 at this time. I am finding a few stability issues with the Standalone VM if I patch up to 16.04 and 18.04. Most of them are graphic problems that most likely are with Xen. The standalone VM is mostly for verify testing that what I have on the AppVM should be working.
The AppVM is a clone of the Debian 9 installed templet that I called SecureMachine. I like to use cloned templets for testing, so I always have a source of clean base templet. Also, backups are easy to run before I do any tinkering with apps on the templet. The following is the sections and what status is for them:
Tor:
- Tor was the easiest of all to install. I did not need to modify the SecureMachine’s templet at all. I just started the AppVM, opened the Firefox browser. and pulled down the Tor bundle from the Tor site. Ran the install and Wala, installed into the private section of my home directory. It is true that I could just use the Whonix AppVM, (which I do most of the time), But it was for a test anyway. I need to run it from a command line currently, other than that it starts the Tor circuit, then Tor browser as required. So am happy with the outcome. I will still be using the Whonix Qube for my primary Tor access. I also set up a Tor hidden service on a StandaloneVM running Ubuntu server. that was least as well. I needed to add the Tor source location into the package list. did an APT install of Tor, modified the Torrc entry for hidden service and rebooted the StandAlone VM to bring the service up. I also set up a connection to one of my normal Personal AppVM to the Ubuntu Standalone VM so it can be reached by that AppVM.
I2P
- The I2P install was a bit more of an issue, I needed to install it first in the templet then again in the AppVM. The reason for this is it needed helper apps first, things like cryptolibs and other special libs. This will depend on your patch lever and apps installed. Then I did a reinstall in the AppVM and it installed in the private directory with no issues. Running I2P needed to be started from the terminal command line, after changing to the i2p directory. It stared the browser, but I needed to modify a setting in the browsers network to use the proper port. Your setup may vary if you need to or not do this. It runs stable and seems to be quick. The peering and gathering of connections have been quick. I was able to install plugins and even set up a page for access by others. I am using the default install settings at the moment, later I may modify a few to see if any speed or operation changes occur.
Freenet
- Freenet was not too bad. I could not use the browser-based install, so I need to do the command line steps. Before that I needed to install java into the Secure_Machine templet. Then install the freenet program into the private home directory section of the AppVM. This as well needed to be down at the command line, so needed to start the terminal. It went well, now to start I need to open a terminal and run the freenet program with java. It runs and opens the browser, it runs quite quickly and stable. As mentioned before I first installed freenet into the StandAlone Ubuntu Desktop VM, using the same general steps as the AppVM for testing. Here as well I am using the AppVM most of the time now.
There is other Dark Web type application I may try later. But for now, I will keep testing with the big three, Tor, I2P, and Freenet.
Have a safe, secure, and anonymous internet exploring in all you do.
Last apple product
Last apple product
I have used and owned Apple products for most of my life. But sadly, after I will probably get an iPhone, (not sure yet what one) in 2019 it will most likely be the last Apple product I ever own. I say this with a heavy heart. I have and still have many Apple products, from the original click wheel iPod, iTouch, MBP 17”, to three iPads including the 12”. However, the current crop of Apple products seems to have lost their glamour and reason. The product types and usefulness are now seemed to be driven by form first rather than the balance of function and form together. I place function first in the list then form for a reason. I will explain: While it is true that if the product does not look good it may never get purchased, it also goes that if the product is not sturdy and reliable then the best-looking product is worthless in the long run. Therefore, function and forms must go hand in hand and function must be first in the idea and creation of the product.
I define form and function as follows. Function is the usage of the product, the reliability, the parts and how they interact and work with each other. The strength and long-term reliability are part of the product. Many items in the form line may never been seen or felt. Form is how the product looks, the colors the feel of the product and its parts that are touched and seen. At times form may feel like function and function may feel like form. A keyboard, for example, how it feels and how reliable it is how form and function work together. Having a speck of dirt being lodged in a part that can only be replaced by replacing the entire lower section is a failure even if the keys are thinner to the look and comfortable to the touch.
In the past, Steve Jobs and early after Steven Jobs passing, the Apple products followed a function over form. Looking close at the current products, except for now the iPhone, it is form over function with less looking at the function aspect. Many of the products like iPads and laptops are much thinner than in the past, but I ask, do they really need to be? Do a few millimeters thickness on an iPad really make the product any better, or just a larger profit for the bottom line? Apple is special and has always been special with its people that make and use the product. Now it seems to be just like any other technology company to use as few materials as you can to make it work and keep the price as high as you can. For a product that is special that is all fine, but lately if you really look at the product, is it really that special any more for the price and quality?
The current headlines of easy to bend iPads, because they are so thin, iMac and iMac pros that have a single speck of dust get sucked into the system and cause the display to have issues because they wanted it to be paper thin and not have a dust filter place in the sections that draw in air to help in cooling, show the form over function loss of direction. I do understand that any company needs to keep the cost of the parts down to have a required percentage profit on each product, you can do that with a function over form focus. It’s been done in the company’s past and they have been quite profitable. Following the form over function focuses may not harm your bottom line for a while, because you have other revenue streams, but it will harm the people’s belief in your later products.
Sadly, again I am one that will most likely never again get an Apple laptop or an iPad, and I am not able to recommend one to others. I like the security of the software bug fix upgrade path better than android for tablets, and the ability to run office products on a mac rather than windows, but I can get a lower priced and better-quality and feel hardware, then put a Linux based operating systems on it and have just as good security that I like to use for me. Being forced to do it because your idea of better only means removing or forcing me to use some new design that you feel looks good but does not work in my environment.
I hope to come back someday… Thanks again for the past.
Month of using Qubes
Current update using Qubes OS.
Going on a month now of using Qubes OS on a Dell laptop. I can say its quite usable, again as long as you have the hardware for it.
My set up is currently as follows,
Debian 9 templet
Debian 9 kali templet
Fedora 26 templet
Fedora 28 Templet
Whonix 13 gw – org install
Whonix 13 ws – org install
Whonux 14 gw – upgraded from 13
Whonux 14 ws – upgraded from 13
Ubuntu 1604 Server – standalone hvm
Kali 2018.3 – standalone hvm
Parriot 4.x – standalone hvm
Windows 7 – standalone hvm
Windows 10 – standalone hvm
AppVM include, some default and some I created.
Kali using the Debian 9 kali templet – my creation
Securemachine using the Debian 9 secure machine templet – my creation
The default Personal using Fedora 28 templet – default
The default work also using Fedora 28 templet – default
It also includes disposable VM’s for whonux and general use, most of these were installed with base install of system. It also included personal, work, vault as well. I added kali test and secure machine for testing of special apps base on business work.
Windows 7 and Windows 10 were not too difficult to install, it did take a few times to get the disk space correct. You need to expand the disk using the command line in Dom0, just a note if wondering. I am not able to run windows apps seamlessly like in ver 3 of qubes, maybe at later version or I am still missing something. Other than that, the standalone VM works fine. Even works on external monitor. I am having an issue getting USB devices to connect, but it seems like it’s just windows VM’s that are having the issue. I have installed the qubes-tools but no luck. Using apps like word and excel with no problems.
I first tested installing kali in a standalone VM, it works fine, even wireless works, most of the time. It can still give errors that can’t find the driver for my ALFA USB wifi device. Most everything else works fine, I can do pen testing of machines, and it’s quite quick as well in its functions. Then I created a templet using Debian 9 and by following different instructions got a displayVM version working, that allows me to have my seamless apps running, yay. Also, my ALFA wifi works perfectly, no issues or problems. Parrot OS 4.x is still standalone VM, not been able to find instructions that work for me, oh well. So, my pen testing setup is workable.
I created what I called a ‘securemachine’, this I use to test Apples like i2p, tor stand alone, freenet and other security related applications. The application i2p works great, tor stand alone installs but not able to set up a runtime browser instance on the appvm, freenet not even able to install, all kinds of link errors for that so something to look into, I guess.
With the Ubunti1604Server VM, I was able to get it installed with little issues, the main issue was the networking setup. It did not like the way Qubes OS defiend its IP and mask, I had to define it using what they called CNI settings. A mix of dot notification and slash numbers. With a bit of googling I was able to get it to work. I was able to even get tor and a tor hidden service working. Connections qubes VM to each other is on my list to work with so keep tuned for that.
Qubes OS has a built-in backup and restore program, that works nicely so no complaints as of yet.
Templet/OS system updates run fine, I have to do them manually but that is ok, I would prefer to do that anyway. I currently have an issue with the whonix-gw templet not updating. It will start but will not let me run a terminal. So far not an issue because its only for the whonix VM’s. I may reinstall the whonix updates and templets to see if runs any better. I hope to have the 4.1 version out in a few months with all the updates so no need to worry about it.
Still no way yet to easily burn DVD’s, I have read of option but not able to get them to work with my system, again looking into it. My printer and local wifi works, did not have to do any modifying, it just worked.
Still slow to boot and shutdown on the laptop but did expect that, it’s more designed for a powerful desktop but its usable for me. Most of the time I will start the laptop and keep in running for a few hours before shutting down, so it’s not that big of an issue for me anyways.
Qubes OS – My few weeks so far with using it.
This entry I will give some of my notes of using Qubes -OS. It has been a few weeks that I have been testing it on one of may laptops.
Laptop specs (2016)
Dell Inspron 17” model
i5-3337U CPU
16G memory
1T drive (Western Digital blue)
Qubes OS specs
OS version 4.0
Updated fedora 26 to fedora 28 on containers
Updated whonix from 13 to 14
Using debian 9
What is Qubes OS? The sites web page has a number of very well written sections that describe the system. I will let you do a deeper look for your self in that part, but here is a few things. From the Qubes OS (www.qubes-os.com) web sites introduction page it is described as:
Qubes OS is a security-oriented operating system (OS). The OS is the software that runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software (FOSS). This means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it.
Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes.
This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.
Moreover, all of these isolated qubes are integrated into a single, usable system. Programs are isolated in their own separate qubes, but all windows are displayed in a single, unified desktop environment with unforgeable colored window borders so that you can easily identify windows from different security levels. Common attack vectors like network cards and USB controllers are isolated in their own hardware qubes while their functionality is preserved through secure networking, firewalls, and USB device management. Integrated file and clipboard copy and paste operations make it easy to work across various qubes without compromising security. The innovative Template system separates software installation from software use, allowing qubes to share a root file-system without sacrificing security (and saving disk space, to boot). Qubes even allows you to sanitize PDFs and images in a few clicks. Users concerned about privacy will appreciate the integration of Whonix with Qubes, which makes it easy to use Tor securely, while those concerned about physical hardware attacks will benefit from Anti Evil Maid.
There are some key things I was looking to do for my testing, some so far have been mostly able to do some have not been able to do.
• Ease of installation and upgrades by me.
• Use of security-oriented web browsing.
• Install and usage of apps, from chat clients, word processing, email, openvpn, some general others special and etc.
• Usage of other OS’s like Ubuntu, Bsd, Windows, etc.
• Use of security and penetration testing apps, namely Kali and Parroit.
• Use of USB devices with different systems qubes. Things like external drives, mice, DVD, wifi systems.
• Ease of setting up qubes and new domains.
• Ease of usage day to day.
So to begin, here is what I have run across so far from using it for a few weeks.
Ease of installation and upgrades by me.
It took about 30 minutes to do the standard install of the OS on the laptop. The questions asked were straight forward and easy to understand. Much of the time to install was just waiting for the system to copy over the programs and creating of the default qubes. I did have a few questions that I needed to look up and make sure I understood what they wanted. For example the usage of multiple qubes for each USB devices. I selected to have one qube handle all the USB devices, so far seems to be working ok for me.
Qubes 4.0 has Fedora 26 not Fedora 28 and whonix 13 not whonix 14 as the default, so they needed updating after I installed the system. The upgrade from Fedora 26 to 28 was quick and relatively simple. The web site has a well explained steps on doing the upgrade, it was easy to understand and following the steps worked without any noticeable problem. Whonix upgrade on the other hand was a bit more problematic as of this entry. If you do not know about whonix, it is two separate sections. One is a Workstation and the other is a Gateway. The workstation qube seemed to upgrade mostly without any issues, I needed to attach a networking VM to get it to fully upgrade. After the upgrade the first time, I have been able to use the VM defined upgrade procedure with no discernible issue so far. The Gateway is still causing me issues in upgrading, many sites its asking for are not available to have app upgrades downloadable. Even with a network VM being connected it still does not fully upgrade all the apps. For now I am using the original Gateway VM, everything seems to be working ok for my tor services. I am hoping that when 4.1 ships it will have all the upgraded systems as default.
Debian 9 only needed the app upgrade and update from the Qubes Manager system, no issues or problems so far with that.
Upgrading the Dom0 went without a hitch, as stated before the command and steps required were well defined in the documentation. No problems so far in any of the upgrades.
Use of USB devices with different systems qubes. Things like external drives, mice, DVD, wifi systems.
So far most everything connected to any of the Qube VM’s with no problems. My USB HDD’s was using exfat, as its format, so I needed to add the extfuse utilities installed on to Fedora 28 Qube. It was easy to do with the yum install system, debian did not need any fuse installs for the HDD. My built in web cam even worked with skype. An issue I have been running into is my WiFi AlfA external usb device. It will not connect to any Debian VM qube, it connects fine to any Fedora MV qube. Still have no idea why yet so that is something to note. I am using am external USB mouse so that works fine so far as well. I am having issues with burning DVD/CD’s currently, to that effect I am not able to burn any using my system. There have been tips to add brasero to the Dom0 and burn that way but I have not given that a try yet. The need to add an external repository to Dom0 seems like a security issue so am going to hold off for now.
Usage of other OS’s like Ubuntu, Bsd, Windows, etc.
To get started from the documentation they say that Windows 7 is the only supported tools version that will allow individual screens for different apps. Windows 10 and other versions are not supported, per the documentation. I have not been able to get Windows 7 or Windows 10 running in a VM qube as of this entry. They seems to crash during the install or mostly install and not find any apps to load. So far I can get most of what I want to use by not using windows, but for people that need windows it may be something to note if you want to use Qubes. Maybe some time a patron will give millions so the people can hire a full crew and have it work.
I was able to get both Ubuntu 16.04 and 18.04 server installed and working. Ubuntu 18.04 uses a different netmask set up and needed to do a bit of googling for the fix. That is less of a Qubes issues and more of an Ubuntu issue, some time change is hard, like this was. 16.04 installed correctly the first time. Note, need to remember that DHCP does not work the same as you would think with Ubuntu. When you set up a VM it will give you the IP, Mask and Gateway and you need to manually add it to the installing system. Kali and Parriot accepted the DHCP entry with no manual entry.
Tried windows xp for a hacking machine test, no luck in full install, still going to try but not currently.
Use of security and penetration testing apps, namely Kali and Parroit.
Good news mostly on this front, bot both Kali 2018-2 rolling and Parroit 4.4 installed and seems to be working except Wifi not working because not able to get my ALFA USB Wifi device mounted to Parroit or Kali MV qube. Like all technology some things need work. Was able to use Fedora for my Wifi testing so maybe in time. Have not done a full test of all the pen testing apps, so far it looks good. Install went simple except the IP creation, but was able to manually add the IP address quickly and easy.
Ease of setting up qubes and new domains.
Creating VM’s, they are different than what I am use to. Programs like VirtualBox, VMware and Parallels are what I am use to doing, so it has taken a bit of a learning curve. It is getting easier to understand now that I have set up a few. It seems to be quicker to set up VM’s with they way they do it. For Qubes creating a usable qube you use what they call a template. Check out the glossary on their page for a deeper description. I set up a VM that I called debian-security that I am using for testing of other security browsing apps. What people may call the dark web apps called i2p and freenet. I made a clone of the default Debian-9 templet then made AppVM running the applications. Installing all the application that I want to run on the cloned templet so it is available in the AppVM. The application i2p install perfect and seems quite fast, freenet still has a few issues I am working on currently, connection to other users will work then crash, so may have to reinstall a few tines to work on the reason why. I also set up testing templets for first installing application then if working install to the main templet application. So far not many issues, all seem quite stable.
Install and usage of apps, from chat clients, word processing, email, openvpn, some general others special and etc.
Using and install of day to day apps like word-processing, chatting, video, mail, browsing, file-system usage. All so far I am happy with ease of installing. Most apps I use are in the repos for Fedora or Debian. When I have needed to load an external app by downloading the app and installing it that way there have not been any issues, so not much to say on this so far. Games are an issue, mostly not able to do. But not an issue for me anyway. Working on setting up a openvpn for my home, will keep you posted as I work with it. I am using Libreoffice for my documents, I will be trying softoffice as well soon. All the office apps seem to work fine and installing was simple, I downloaded the program and did the yum install. Currently I am use Fedora templet as my program templets. Will try Debian as well soon. I use Thunderbird and it works with no issues I have found. It defaults to firefox browser, for now I am happy with it, will be trying chrome and a few others. Working with both skype and Google hangouts, no issues found, I am able to use video and file exchange. A times hangouts has issues with exchanging desktops videos. But I have had that issue before. Using apps like blackboard also has a few issues with exchanging of desktops between people. Added softmaker freeoffice, but it does not work, also can’t seems to remove it. (still no luck on remove)
Ease of usage day to day.
Having separate AppVM’s for different usages and knowing they are functionally separate and seems secure is nice. And being a bit geeky, its cool to use. Booting up and shutting down take time. Booting up the laptop is slow because it needs to load into the background some VM’s like networking, gateways and USB devices. I have a mechanical HDD, a SSD would be faster. Shutting down is slow as well depending on how many VM’s are running.
As we travel for the holidays ..ways to keep data safe
Greetings all
It’s that time of year for travel to meet loved ones, or maybe just because you feel like traveling to a different location. Most of you will travel with one or more of your electronic devices. If you do there is a risk of things being lost or stolen. To make it less of a worrisome issue there are some things you can do.
First ask yourself if you really need to take it with you? You are going on vacation, so don’t you want to get away from the distractions? If you still want to take them with you then here are some tips.
Back up the data
- If they are stolen or broken you still have the data for them in a safe place. Also make sure you have things like serial numbers for the devices and support numbers as well. They will help calm you knowing you have them handy should there be issues. Make sure the backup is correct, its no good to have what you think is a backup and when trying to restore the device find the backup is no good.
Change the password
- If you have not changed them in a few years its time to do so. I am not one to say change them every month but you should do a password change at least once a year, and use a long complex type. There are many sites that will give ideas on how to come up with random ones that you can remember. And not the type that you just a one number for each month because your forced to change them every month at some places.
- Change the password before you leave, then change it again when you return home.
Remove personal data
- Of all the devices, your phone could be the most personal. It keeps track of more information than most any device we have ever came up with in our history. If you feel you need to take it then is there information you can remove from it. Also, if you need to take other electronic devices, then check those as well, and remove as much personal information from them as possible.
- Take less personal devices
- Again, ask yourself, “do you need to take this device?” You are going on vacation, so think about taking a book or some other object to occupy your time. You are on vacation so it means getting away from things. If you still feel the need then again remove files or data you really do not need.
Things to note when traveling
- Watch your device, keep a close eye on it wherever you are. Keep it out of sight unless needed.
- Do not auto connect to any, repeat ANY WiFi location. If you have your own cell service use that, not the locations WiFi.
- Don’t install any apps no matter how cute they are unless you are doing it from your home or a location you know for sure is secure.
- If you have a cell hot-spot then use that for your other electronic connected devices.
- Do not charge your device from a public charging location. Use your own charging accessories for all your devices, just remember to take them of course.
- Books do not require batteries and few people have interest in stealing them.
Have a happy and safe holiday to all and may all your data be safe..
General Security when Traveling
Many of you will need to travel for work or for a vacation. Some travel within your own country, others will be outside your country. With the changes to borders by various countries, you now need to be more vigilant on what you keep with you that may get searched or used against you.
Short of leaving all your electronic devices home or having a security detail watch you everywhere you go, there are steps you can do to protect your privacy from snooping and some actions to keep your persons safe as well. This is not an end all fix all, a change in legislation and ideology is the only way to fix that.
Some of these suggestions may help, some may not. Governmental polices and feelings are to in flux so there is no hard and fast solution. With that being said, I am not responsible if the options do not work for you. These are guideline and general options:
-
Yourself and ones close to you
-
Try to fit in to the environment you find yourself in, be like the locals, dress like the locals. Some countries have expected dress codes for different genders, some do not. Spend some time getting to know it and what the history of the location is.
-
Set up meeting places if you get separated from your group. People are going want to explore if they have never been to the location before. That is good, it helps you grow. Some of that exploring may get you separated from others or if there is a major event and chaos becomes the norm, you will need places to find others that may have gotten swept up in the event. Have multiple places, not a lot maybe two or three. Depending on the event some location may be better than others. Some location may be the center of the event other may just be passed by like they do not exist. The do not exist places are the safest, again it will depend on the event, so having a few, and everyone knowing about them will be helpful. They can be most anything, statues, gas stations, hotels, churches, a locally known person’s house. But remember they can also be the worst places to be, so just note the event and chose carefully.
-
Make note of the location you are staying at. If it is a hotel note the escape areas, stairs and elevators. Note the area around the hotel and the buildings near it, can you jump to the next building if needed or can you climb out the window using bed sheets? Are you able to get to a location or can you defend in place if needed? Noted from one of my executive protections professors, set up zones of protection around yourself. Things you can drop if needed and things you need to keep close. Note things you may be able to barter with, like jewelry or even shoes. If you worried about losing mom’s priceless ring heirloom then leave it at home, you don’t need to show it off that badly. In fact leave most of your jewelry at home, maybe take knock off stuff but keep the good stuff at home. Keeping things like medicine, passports, money, things you need to have at all time, place them in something that you can grab quickly and go.
-
Learn the history of the place, when I talk of history I do not mean ancient history, I mean recent history. Has the location had any large scale events, such as earthquakes, upheavals in governments, civil unrest, things on that type. Have some knowledge of the location where you will be staying, its main roads, airports, travel places.
-
Have a quick escape plan, if you need to leave how will you do it and where will you go? Make sure everyone knows it and knows what to do.
-
-
Electronic devices
-
Next to yourself and family many people will feel that their electronic devices are like a second child to them. I am talking about their cell phone, tablet or laptop. These devices hold more data about you than most of the paperwork you may have in your lock-boxes. Personal contacts, social media, account numbers, search histories, all this information can create a profile about yourself that is very accurate and can be used to cause harm or simple embarrassment if not kept secure. It’s called “Metadata” It alone can create a very accurate profile on you, your likes, habit’s and how you live. It can show links to people that you may not care about but may flag you because of someone else may be a person of interest to others, so you now become a person of interest. Guilt by association. In the past this was not really an issue, but in this day and age its more and more relevant. With the new policies in the US and its boarders, searching of your laptop and phone’s contents has become more widespread. Even to the point of forcing you to login any social media so it can be copied for later viewing. Removing you phone from your sight and copying all its contents is another now normal at boarders. Sure you can resist, but you will be tired, hungry, and you are stuck in an environment that others control. Its easier to just give in and let them win. If you do some preparing beforehand you can minimize some of the loss of privacy, not all but you will be more in control of the data they will have access to.
-
For your cell phone if you can use a burner phone, then buy and use it. Its safer for you because if its stolen or border control want to look at it, there is not much of your private data that can be tracked, then your just out that phone and the hours you put on it, not your main phone. If you have to take your personal smart phone then make sure it is encrypted. Many new phones have options to encrypt it when it is turned off. It is still possible the border people will want you to turn it on but its something. Another step is to remove all your social media apps from the phone. Twitter, Facebook, snapchat, dropbox, etc. Log out and clear your cache from the phone. Look into apps that will have encrypted sections you can store data in if you need to have the data. I know smartphones have wonderful cameras so you will have photos of your trip, if you can keep them in secure storage all the better. Have a few G rated images on the phone to make it look like you do use it so less change of sticking out in a search.
-
For your laptop, that is a tough one. My recommendation is not to take it at all. But if you really feel you need one with you, then use one like a chrome laptop. Having no OS for them to search and using the web only so your information is reasonably secure. Have two accounts, one main, and one you use to auto boot it up to have them look at if forced. If you feel you need to have it then have hard-drive boot encryption and encrypted folders. This will keep your mind at ease if it gets it stolen or lost but not as much of told to boot it up so they can make a copy of the hard-drive. Another option is to have it shipped to the place you are going, not one I recommend easily for small person business but larger corporation may have that option. Some smart phones have encrypted micro SD cards, you can store needed data on them and insert it when at your location. When using your laptop have it run a VPN that you setup before you leave on the travel. If that is not possible then use TOR or some other type of anonymous web serving solution. One never knows who may be sniffing the traffic at the location or in-between you and your location. I should not need to remind you not to do banking or accessing sites of a private personal nature when traveling, if you do then you get what’s coming to you.
-
-
General
-
Be helpful but not overly so. If not asked, don’t give information. You need to keep remembering they do not work for your protection, they work for the government’s protections.
-
Use a VPN at all times if you are browsing and non-home network connection. If not able to install a VPN, then use TOR to keep some of your searching anonymous. When you order a VPN make note of their log policy, find one that does not log anything, and look for ones that have multiple countries you can connect to. Watch out for VPN fakes, they will sell you a fake do nothing VPN’s, so do research on ratings.
-
If they take your devices out of your sight, then I would treat them as a bio-hazard and never use or turn them on again. If they leave your sight, then you never truly know if any spyware apps have been installed on the device. Safe now or sorry later, up to you.
-
-
Don’t stay quiet if any of this happens to you or someone you know, write a letter to your congressmen, complain to the company, use other services, Ask why you are being singled out for the exposure, make a scene so other see the stupidity of what is going on. Don’t just sit back and let it happen. Seek legal action and let them know about it. Contact organizations like the EFF and Civil liabilities groups.
Software vulnerability secrets kept hidden, are you really safer?
The reason for keeping hidden of known software vulnerabilities and work of CIA, NSA and FBI of breaking encryption is bad, not good for security of all of us.
Recently there have been reports about the government big three and breaches that have been leaked to WikiLeaks and other media news origination’s. This in itself can be problematic when wanting to keep the country safe as so many will say. This entry will not go into if it is bad or not but into what is leaked and a view into tools and technology that the agencies say keep you safe but really make you less safe.
As of this date, WikiLeaks has published a batch of leaked documents from the CIA that show some of the ways that they use to gather data on people and groups. They say that if they have these tools and attack ways to get in to “the bad guys” systems we are all safer. This is wrong thinking, but considering the philosophy of the agencies it is not all that surprising. At the core it is based on them knowing something you as an outsider do not. Their belief is that they are the only ones that know about this security vulnerability and so by having it they can use it to as they believe “to protect” the home land and in so doing will be one step ahead of the evil people. This is very short sighted as any security expert will tell you.
There are many people in other companies, agencies or countries that are just as smart or maybe smarter than the people that work at the government agencies. The mind set of thinking they are the only smart people that can find this issue is the key problem. They may have it now but tomorrow or the next day another smart attacker or researcher may find the information and either sell or use it for their own money making prospects.
Even if the agencies are the only ones that have the attack knowledge as is, there is no way to know for sure if they can keep it safe and secure within their walls. Many time you will get a response from the agencies that if they need the software hole to catch the bad guy, this is a lie on one part and even pointing to laziness of the work on the other. The agencies have many other ways, yes they may take a bit longer, but still will work and do not put a large number of people at risk from other groups knowing the possible attacks. They just need to do the general police work that was done for years before the smart-phones, or laptop were used by the general public.
What needs to be done to make us all safer is to let the software developers know the moment they find the vulnerability and work with the companies to fix it quickly so it does not become a hazard for all. This can be done and will not cause security issues between the government and the businesses that the problems will effect. The following are two solutions that can be used, there are more but for space considerations, I chose these:
Option one – have each agency contact the software or hardware maker directly and let them know about the vulnerability and if they have a solution to patch is give them that as well. There will need to be given a time line so that the problem does not just get stuck on the sideline like many software bugs have been done because the software and hardware staff think it cost too much to fix it. There are some issues with this option, things like how will the agency know the patch is getting fixed or is it just put on the back burner because the device or software is not the hottest item so there is no incentive to put out the money to keep it updated. Another issues is the view by the public that government is meddling in the software creative process. Also, will the agency even know who to contact and say “hey we found a problem and here it is” so they can give it to the correct person in a timely manner.
Option two – Have a department created that entire purpose is to be the “middle man” so to speak between the governmental agencies and the businesses that are effected by the security holes. This way the one department is the only face the business sees and as well the only face the government agencies see. This will keep a separation so there should not be an issue of possible over stepping or back-door dealing between government and business that would scare many people. The department would be audited at a regular basis by outside non-government controlled groups to check for wrong doings. They would also be a type of overseer to make sure the issues do get patched in a timely basis. This department would be made up of security and business people that know the working of the issues being found.
If we do nothing and keep the vulnerabilities known only to only a select few, we are destined to never be truly safe or secure. The next attack on the grid, or your smart-phones could have been prevented. The sad thing about this leak of information is that it does seem few really care or are in an uproar about it. Maybe we have been beaten down so much and have come to expect to be spied on.
Believing we are better off, if so we deserve what we get or do not get with it.
Welcome to 2017 new and the old
Now the new year is rolling around there are some things you should revisit or even do if you have new toys.
Let’s start with the old stuff that you should revisit.
First you should go through your accounts, yes all of them, and see what can be removed. Like many of us we at the time think we need an account but find out that we never or hardly use it so remove it. Of course before you remove it note what places use it or send stuff to it. Would be bad to remove an account thinking it was UN-needed account and find your key tax or stock information gets sent to it, not good. If not sure then note the account and watch it from time to time as things are sent to it then go to the sending account and change it. If it’s an email account and not sure, then make it in-box-zero. That means clear it out so no mail is there, it has some advantages. First it will make you feel good that you now have a place that is clutter free. It will also make it harder for companies to make a portfolio/file on your likes and connections and make it easier to see what you get that is needed and what you get that is junk. I also want to say that there are E-mail and IM services that encrypt send and receiving of messages, thats the time and look at them.
Next in the list of revisit is to change the account password or your important sites and systems if not done in the last few months. There are many ways to define passwords from letter number combination to first letter of a saying you like. The key point is to not reuse it on other accounts that you have. Use a password manager there are many around from Lastpass, Mypass, even use an encrypted document with the password (with this one do not put it on a cloud service) to store so you can use different ones. This works with e-mail, banking, etc. Also the security questions that many are asking you when first created you do not need to tell the truth, in fact lie and make up an answer for them, just remember to document it so you will be able to retrieve it when asked.
Since we are going into the list, now is a good time to look in the scraps of papers that have account and password and put them in the file as well so you will have quick access to them. Put them in a few different places and different formats like paper in the safe as well as electronic HDD and thumb-drives. Do make sure if in electronic format it is encrypted in some way and another person knows the password if something happens to you. All forbid you die and your accounts are locked away in your dead brain never again accessible by your loved or hated ones.
Now let’s hit on the new toys and stuff you got.
If you’re lucky or perhaps unlucky you got some gadgets for the holidays that need to be set up and connected to other electron things that you have. Crack out the electronic document, paper and pencil or pad and pencil to start a document folder on them. Yes you may say why do I need to document the new cheap gadget I just got? Trust me, it will make your life easier in nine months or so when it needed to be reset and you no longer remember what you did to set it up the first time, yes a pain, but worth it.
Many new gadgets like web-cams, routers, TV, refrigerator, IoT (Internet of Things) devices have a default passwords and account on them, CHANGE IT, CHANGE IT. If you can’t change the account or password then “DO NOT USE IT” send it back and get your money back. Sure, the devices may be cheap but the manufactures still need to think about security. The best way for them to see it is with your pocketbook, don’t use them, or get a better model that allows it to be changed. Devices called IoT or Internet of things are quickly becoming the attack vector of choice for bad-people. From DDOS (Distributive Denial of Service) to use of it to spy on you and your kids. The devices are a treasure trove for them. Don’t make it any easier for them and don’t become a part of the IoT bot-nets that are used to create large traffic bottlenecks to places and slow down the Internet for us all. Taking the time now will benefit all of us later. When creating a password use the longest it will allow, most likely you will only change it once, so make it a very long and complex one. If it allows you to change the account name then make it something not recognized as a device. Before you open it up to the network explore the document and the device itself, know how it is supposed to work so you will be able to recognize when it is not or has been attacked. With the IoT devices some things to look for: If there is a remote management access via outside of your network then “Turn it off” if possible. Think if it this way, why do you need to tweak with the device from an Internet Cafe after its been set up? Setting up the device local first to what you want. If from time to time you find an issue then connect and adjust when you are at home. A pain maybe, but security is the bottom line for all IoT devices. Never just plug it in and think it’s done, because then someone else will control it, not you.
Make sure you are all patched up on your devices, from phone to computer to doorbell. Many devices allow for updates and patches to fix problems. If you don’t know how to update it and do not want to know maybe the device is not for you, better yet learn how to update it. Get help if you need it, much of what you need to know is freely available if you just take a little time and look for it. Yes at times things will change, programmers love tweaking to make it “better”, but in the long run it will fix security issues for the benefit of all.
Some final thoughts for the new year : First off, security is hard, it is what it is, it takes time and effort to get it right, this is not to say the effort is not worth it, it is. You will be rewarded if you take the time and walk through the steps to make it very difficult for others, I am speaking of people that want to steal your information to get the data. If a group or people with enough resources let’s say a state or nation want to get your data or attack your system they will and you will lose, sorry but they have more funds then you. You by taking the time, can make it harder for them to do so. Next keep in mind if something is free then it is you that are the product that they are selling, yes Google, Facebook, Yahoo, and the others may give you “free stuff” but there is a reason the owners and value of the business is worth what it is, you are the product being sold. Also note you do not have to give them correct information or at times information at all, lying works quite well. Some services will not work and if you like them then by all means use them, but remember there is a cost. With that thinking also ask yourself, do I really need to use the service? The answer may surprise you and contradict what you hear by the business pressing the service on you. Don’t always take what is being given as truth, question it, question the reason for it, look to other options. You can say no to it. This works with your security and life in general. Have a Happy New Year!
IoT
IoT Future Fail
IoT (Internet of Things) – is the Internet working of physical devices, vehicles (also referred to as “connected devices” and “smart devices”), buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data.
In simple terms IoT can be a thermostat, or web-cam or even baby monitor you have that can be connected to the INTERNET and accessed remotely. Many people have started to install them at their homes, some of it is to help them feel more secure when they are away, others want to be able to control parts of the home from other parts of the home and still others are just getting caught up on the hype of having them installed in their home. For whatever reason, good or bad, they have become more and more integrated into our lives. Sadly, security for them is not very high on the minds of the people creating them.
IoT devices are becoming a major target for attacks and gathering information by attackers including governments, about you and your family. Connecting to your web-cam and spying on you or play around with your thermostat is just a small sample of what can be done. The biggest problem is what is called bot-nets and the attacks that can be implemented with them. The codes to create them are freely available to anyone. The most dangerous attack is called a DDoS or a Distributed Denial of Service attack. This is where they connect to hundreds or even thousands of IoT devices and redirect the feed to a single device or location. There is so much junk traffic going to one location that it will effectively overwhelm the site and make it unreachable, thereby kicking it off the Internet. Not good for you if it’s your site or not good for others knowing that your IoT device is open to be attacked.
Some ways it is not unexpected for a device that may only cost twenty or thirty dollars, but even devices that cost over two hundred dollars are open to such attacks. There is too little thought about security issues. The idea is that if it is only a consumer device, there is no reason to spend the money on it. Cost consideration plays deeply into the bottom lines of many of the company that make the devices. Some of the biggest issues are well known user id’s and passwords that are never changed when installed. It can be hard to change the password on the devices and some have no option to change them at all. This is not to say you should not use the devices if they will be useful for you, by all means use them. However, if installed make sure you at least do a little security on them and change the passwords, if they cannot be changed then do not buy them. If the company is aware that the lack of security is the reason people are not buying or gets bad publicity over the lack of security, that will get the company’s attention. It is true that you will need to do some research into the device you are planning on purchasing, but with a little effort, you can help everyone be more secure, including yourself. Think of it this way, would you want someone you do not know, to connect to your web-cams and watch your family without your knowledge? Thieves would also know when no one is home or on vacation.
Take the extra time and effort to look for IoT devices that can be secured and have the possibility to be secured if a flaw is found in them. Make sure you change the passwords on the devices and if possible change the login names as well to make it more difficult for people to guess the access. Again do your research and ask questions about what you are looking to get. If the questions don’t seem helpful ask again or look for other devices. Yes it is work, but in the long run everyone will benefit from it. Lets try and end the IoUT (Internet of Unpatchable things) for all time
Thanks
Recent Comments