Otaku Systems LLC

OtakuSystems_blog
  • OtakuSystems LLC Information
  • Presentations
  • Book of Interest
    • General Knowledge
    • Science Fiction, General Fiction

Recent Posts

  • Qubes os update, new for windows
  • Status of Tor, I2P and FreeNet install and usage
  • Last apple product
  • Month of using Qubes
  • Qubes OS – My few weeks so far with using it.

Recent Comments

    Categories

    • Backup
    • Cloud
    • E-mail
    • Encryption
    • Linux
    • Security
    • Security Tips
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Month of using Qubes

    Current update using Qubes OS.

    Going on a month now of using Qubes OS on a Dell laptop. I can say its quite usable, again as long as you have the hardware for it.

    My set up is currently as follows,

    Debian 9 templet

    Debian 9 kali templet

    Fedora 26 templet

    Fedora 28 Templet

    Whonix 13 gw – org install

    Whonix 13 ws – org install

    Whonux 14 gw – upgraded from 13

    Whonux 14 ws – upgraded from 13

    Ubuntu 1604 Server – standalone hvm

    Kali 2018.3 – standalone hvm

    Parriot 4.x – standalone hvm

    Windows 7 – standalone hvm

    Windows 10 – standalone hvm

    AppVM include, some default and some I created.

    Kali using the Debian 9 kali templet – my creation

    Securemachine using the Debian 9 secure machine templet – my creation

    The default Personal using Fedora 28 templet – default

    The default work also using Fedora 28 templet – default

    It also includes disposable VM’s for whonux and general use, most of these were installed with base install of system. It also included personal, work, vault as well. I added kali test and secure machine for testing of special apps base on business work.

    Windows 7 and Windows 10 were not too difficult to install, it did take a few times to get the disk space correct. You need to expand the disk using the command line in Dom0, just a note if wondering. I am not able to run windows apps seamlessly like in ver 3 of qubes, maybe at later version or I am still missing something. Other than that, the standalone VM works fine. Even works on external monitor. I am having an issue getting USB devices to connect, but it seems like it’s just windows VM’s that are having the issue. I have installed the qubes-tools but no luck. Using apps like word and excel with no problems.

    I first tested installing kali in a standalone VM, it works fine, even wireless works, most of the time. It can still give errors that can’t find the driver for my ALFA USB wifi device. Most everything else works fine, I can do pen testing of machines, and it’s quite quick as well in its functions. Then I created a templet using Debian 9 and by following different instructions got a displayVM version working, that allows me to have my seamless apps running, yay. Also, my ALFA wifi works perfectly, no issues or problems. Parrot OS 4.x is still standalone VM, not been able to find instructions that work for me, oh well. So, my pen testing setup is workable.

    I created what I called a ‘securemachine’, this I use to test Apples like i2p, tor stand alone, freenet and other security related applications. The application i2p works great, tor stand alone installs but not able to set up a runtime browser instance on the appvm, freenet not even able to install, all kinds of link errors for that so something to look into, I guess.

    With the Ubunti1604Server VM, I was able to get it installed with little issues, the main issue was the networking setup. It did not like the way Qubes OS defiend its IP and mask, I had to define it using what they called CNI settings. A mix of dot notification and slash numbers. With a bit of googling I was able to get it to work. I was able to even get tor and a tor hidden service working. Connections qubes VM to each other is on my list to work with so keep tuned for that.

    Qubes OS has a built-in backup and restore program, that works nicely so no complaints as of yet.

    Templet/OS system updates run fine, I have to do them manually but that is ok, I would prefer to do that anyway. I currently have an issue with the whonix-gw templet not updating. It will start but will not let me run a terminal. So far not an issue because its only for the whonix VM’s. I may reinstall the whonix updates and templets to see if runs any better. I hope to have the 4.1 version out in a few months with all the updates so no need to worry about it.

    Still no way yet to easily burn DVD’s, I have read of option but not able to get them to work with my system, again looking into it. My printer and local wifi works, did not have to do any modifying, it just worked.

    Still slow to boot and shutdown on the laptop but did expect that, it’s more designed for a powerful desktop but its usable for me. Most of the time I will start the laptop and keep in running for a few hours before shutting down, so it’s not that big of an issue for me anyways.

    otaku
    2 November, 2018
    Encryption, Linux, Security
    Comments Off on Month of using Qubes

    General Security when Traveling

    Many of you will need to travel for work or for a vacation. Some travel within your own country, others will be outside your country. With the changes to borders by various countries, you now need to be more vigilant on what you keep with you that may get searched or used against you.

    Short of leaving all your electronic devices home or having a security detail watch you everywhere you go, there are steps you can do to protect your privacy from snooping and some actions to keep your persons safe as well. This is not an end all fix all, a change in legislation and ideology is the only way to fix that.

    Some of these suggestions may help, some may not. Governmental polices and feelings are to in flux so there is no hard and fast solution. With that being said, I am not responsible if the options do not work for you. These are guideline and general options:

    • Yourself and ones close to you

      • Try to fit in to the environment you find yourself in, be like the locals, dress like the locals. Some countries have expected dress codes for different genders, some do not. Spend some time getting to know it and what the history of the location is.

      • Set up meeting places if you get separated from your group. People are going want to explore if they have never been to the location before. That is good, it helps you grow. Some of that exploring may get you separated from others or if there is a major event and chaos becomes the norm, you will need places to find others that may have gotten swept up in the event. Have multiple places, not a lot maybe two or three. Depending on the event some location may be better than others. Some location may be the center of the event other may just be passed by like they do not exist. The do not exist places are the safest, again it will depend on the event, so having a few, and everyone knowing about them will be helpful. They can be most anything, statues, gas stations, hotels, churches, a locally known person’s house. But remember they can also be the worst places to be, so just note the event and chose carefully.

      • Make note of the location you are staying at. If it is a hotel note the escape areas, stairs and elevators. Note the area around the hotel and the buildings near it, can you jump to the next building if needed or can you climb out the window using bed sheets? Are you able to get to a location or can you defend in place if needed? Noted from one of my executive protections professors, set up zones of protection around yourself. Things you can drop if needed and things you need to keep close. Note things you may be able to barter with, like jewelry or even shoes. If you worried about losing mom’s priceless ring heirloom then leave it at home, you don’t need to show it off that badly. In fact leave most of your jewelry at home, maybe take knock off stuff but keep the good stuff at home. Keeping things like medicine, passports, money, things you need to have at all time, place them in something that you can grab quickly and go.

      • Learn the history of the place, when I talk of history I do not mean ancient history, I mean recent history. Has the location had any large scale events, such as earthquakes, upheavals in governments, civil unrest, things on that type. Have some knowledge of the location where you will be staying, its main roads, airports, travel places.

      • Have a quick escape plan, if you need to leave how will you do it and where will you go? Make sure everyone knows it and knows what to do.

    • Electronic devices

      • Next to yourself and family many people will feel that their electronic devices are like a second child to them. I am talking about their cell phone, tablet or laptop. These devices hold more data about you than most of the paperwork you may have in your lock-boxes. Personal contacts, social media, account numbers, search histories, all this information can create a profile about yourself that is very accurate and can be used to cause harm or simple embarrassment if not kept secure. It’s called “Metadata” It alone can create a very accurate profile on you, your likes, habit’s and how you live. It can show links to people that you may not care about but may flag you because of someone else may be a person of interest to others, so you now become a person of interest. Guilt by association. In the past this was not really an issue, but in this day and age its more and more relevant. With the new policies in the US and its boarders, searching of your laptop and phone’s contents has become more widespread. Even to the point of forcing you to login any social media so it can be copied for later viewing. Removing you phone from your sight and copying all its contents is another now normal at boarders. Sure you can resist, but you will be tired, hungry, and you are stuck in an environment that others control. Its easier to just give in and let them win. If you do some preparing beforehand you can minimize some of the loss of privacy, not all but you will be more in control of the data they will have access to.

      • For your cell phone if you can use a burner phone, then buy and use it. Its safer for you because if its stolen or border control want to look at it, there is not much of your private data that can be tracked, then your just out that phone and the hours you put on it, not your main phone. If you have to take your personal smart phone then make sure it is encrypted. Many new phones have options to encrypt it when it is turned off. It is still possible the border people will want you to turn it on but its something. Another step is to remove all your social media apps from the phone. Twitter, Facebook, snapchat, dropbox, etc. Log out and clear your cache from the phone. Look into apps that will have encrypted sections you can store data in if you need to have the data. I know smartphones have wonderful cameras so you will have photos of your trip, if you can keep them in secure storage all the better. Have a few G rated images on the phone to make it look like you do use it so less change of sticking out in a search.

      • For your laptop, that is a tough one. My recommendation is not to take it at all. But if you really feel you need one with you, then use one like a chrome laptop. Having no OS for them to search and using the web only so your information is reasonably secure. Have two accounts, one main, and one you use to auto boot it up to have them look at if forced. If you feel you need to have it then have hard-drive boot encryption and encrypted folders. This will keep your mind at ease if it gets it stolen or lost but not as much of told to boot it up so they can make a copy of the hard-drive. Another option is to have it shipped to the place you are going, not one I recommend easily for small person business but larger corporation may have that option. Some smart phones have encrypted micro SD cards, you can store needed data on them and insert it when at your location. When using your laptop have it run a VPN that you setup before you leave on the travel. If that is not possible then use TOR or some other type of anonymous web serving solution. One never knows who may be sniffing the traffic at the location or in-between you and your location. I should not need to remind you not to do banking or accessing sites of a private personal nature when traveling, if you do then you get what’s coming to you.

    • General

      • Be helpful but not overly so. If not asked, don’t give information. You need to keep remembering they do not work for your protection, they work for the government’s protections.

      • Use a VPN at all times if you are browsing and non-home network connection. If not able to install a VPN, then use TOR to keep some of your searching anonymous. When you order a VPN make note of their log policy, find one that does not log anything, and look for ones that have multiple countries you can connect to. Watch out for VPN fakes, they will sell you a fake do nothing VPN’s, so do research on ratings.

      • If they take your devices out of your sight, then I would treat them as a bio-hazard and never use or turn them on again. If they leave your sight, then you never truly know if any spyware apps have been installed on the device. Safe now or sorry later, up to you.

    • Don’t stay quiet if any of this happens to you or someone you know, write a letter to your congressmen, complain to the company, use other services, Ask why you are being singled out for the exposure, make a scene so other see the stupidity of what is going on. Don’t just sit back and let it happen. Seek legal action and let them know about it. Contact organizations like the EFF and Civil liabilities groups.

    otaku
    19 April, 2017
    Cloud, E-mail, Encryption, Security, Security Tips
    Comments Off on General Security when Traveling

    Welcome to 2017 new and the old

    Now the new year is rolling around there are some things you should revisit or even do if you have new toys.

    Let’s start with the old stuff that you should revisit.

    First you should go through your accounts, yes all of them, and see what can be removed. Like many of us we at the time think we need an account but find out that we never or hardly use it so remove it. Of course before you remove it note what places use it or send stuff to it. Would be bad to remove an account thinking it was UN-needed account and find your key tax or stock information gets sent to it, not good. If not sure then note the account and watch it from time to time as things are sent to it then go to the sending account and change it. If it’s an email account and not sure, then make it in-box-zero. That means clear it out so no mail is there, it has some advantages. First it will make you feel good that you now have a place that is clutter free. It will also make it harder for companies to make a portfolio/file on your likes and connections and make it easier to see what you get that is needed and what you get that is junk. I also want to say that there are E-mail and IM services that encrypt send and receiving of messages, thats the time and look at them.

    Next in the list of revisit is to change the account password or your important sites and systems if not done in the last few months. There are many ways to define passwords from letter number combination to first letter of a saying you like. The key point is to not reuse it on other accounts that you have. Use a password manager there are many around from Lastpass, Mypass, even use an encrypted document with the password (with this one do not put it on a cloud service) to store so you can use different ones. This works with e-mail, banking, etc. Also the security questions that many are asking you when first created you do not need to tell the truth, in fact lie and make up an answer for them, just remember to document it so you will be able to retrieve it when asked.

    Since we are going into the list, now is a good time to look in the scraps of papers that have account and password and put them in the file as well so you will have quick access to them. Put them in a few different places and different formats like paper in the safe as well as electronic HDD and thumb-drives. Do make sure if in electronic format it is encrypted in some way and another person knows the password if something happens to you. All forbid you die and your accounts are locked away in your dead brain never again accessible by your loved or hated ones.

    Now let’s hit on the new toys and stuff you got.

    If you’re lucky or perhaps unlucky you got some gadgets for the holidays that need to be set up and connected to other electron things that you have. Crack out the electronic document, paper and pencil or pad and pencil to start a document folder on them. Yes you may say why do I need to document the new cheap gadget I just got? Trust me, it will make your life easier in nine months or so when it needed to be reset and you no longer remember what you did to set it up the first time, yes a pain, but worth it.

    Many new gadgets like web-cams, routers, TV, refrigerator, IoT (Internet of Things) devices have a default passwords and account on them, CHANGE IT, CHANGE IT. If you can’t change the account or password then “DO NOT USE IT” send it back and get your money back. Sure, the devices may be cheap but the manufactures still need to think about security. The best way for them to see it is with your pocketbook, don’t use them, or get a better model that allows it to be changed. Devices called IoT or Internet of things are quickly becoming the attack vector of choice for bad-people. From DDOS (Distributive Denial of Service) to use of it to spy on you and your kids. The devices are a treasure trove for them. Don’t make it any easier for them and don’t become a part of the IoT bot-nets that are used to create large traffic bottlenecks to places and slow down the Internet for us all. Taking the time now will benefit all of us later. When creating a password use the longest it will allow, most likely you will only change it once, so make it a very long and complex one. If it allows you to change the account name then make it something not recognized as a device. Before you open it up to the network explore the document and the device itself, know how it is supposed to work so you will be able to recognize when it is not or has been attacked. With the IoT devices some things to look for: If there is a remote management access via outside of your network then “Turn it off” if possible. Think if it this way, why do you need to tweak with the device from an Internet Cafe after its been set up? Setting up the device local first to what you want. If from time to time you find an issue then connect and adjust when you are at home. A pain maybe, but security is the bottom line for all IoT devices. Never just plug it in and think it’s done, because then someone else will control it, not you.

    Make sure you are all patched up on your devices, from phone to computer to doorbell. Many devices allow for updates and patches to fix problems. If you don’t know how to update it and do not want to know maybe the device is not for you, better yet learn how to update it. Get help if you need it, much of what you need to know is freely available if you just take a little time and look for it. Yes at times things will change, programmers love tweaking to make it “better”, but in the long run it will fix security issues for the benefit of all.

    Some final thoughts for the new year : First off, security is hard, it is what it is, it takes time and effort to get it right, this is not to say the effort is not worth it, it is. You will be rewarded if you take the time and walk through the steps to make it very difficult for others, I am speaking of people that want to steal your information to get the data. If a group or people with enough resources let’s say a state or nation want to get your data or attack your system they will and you will lose, sorry but they have more funds then you. You by taking the time, can make it harder for them to do so. Next keep in mind if something is free then it is you that are the product that they are selling, yes Google, Facebook, Yahoo, and the others may give you “free stuff” but there is a reason the owners and value of the business is worth what it is, you are the product being sold. Also note you do not have to give them correct information or at times information at all, lying works quite well. Some services will not work and if you like them then by all means use them, but remember there is a cost. With that thinking also ask yourself, do I really need to use the service? The answer may surprise you and contradict what you hear by the business pressing the service on you. Don’t always take what is being given as truth, question it, question the reason for it, look to other options. You can say no to it. This works with your security and life in general. Have a Happy New Year!

    otaku
    1 January, 2017
    E-mail, Encryption, Security, Security Tips
    Comments Off on Welcome to 2017 new and the old

    What future do we want..

    This posting will be a bit different this time. I am just going to discuss general security thoughts and feelings about what is going on in the world.

    The most pressing is the expansion of spying this government is doing on you and me.

    Many have read about the NSA capturing much of the data that is being exchanged on the internet. A lot has been discussed about the legal and moral rights to do so. You will have heard the expression “if you have nothing to hide then is should not matter”, I put foreword that “why are you spying on me if I have nothing to hide?” I also question the reason the number of acts that were prevented are classified. I believe the reason they are classified is because it does not work and if brought to the light of day we would demand the wastefulness of it stopped

    How much of this spying effects the society as a whole? If you know you are being watched it has been show that you will change your behavior, and sadly not for the better. Many of us will not express ourselves as openly as we should for a free society to work.

    As part of human nature is we give up freedoms when we are afraid, think of 911 and what was taken from you. Its not weakness on your part but it is just the way we are, not good not bad it just is.

    Many say well its been allowed by law, but is it really? There are unjust laws, created by people wanting to keep the status the way it is for them and you. In our long history there have been laws created to control you by others, never forget that. Must we always follow a law because it is a law? I say no, we must follow the Constitution and its fundamental principles, and one of the principles is liberty. Having what you say and to who, stored and sorted for reasons that are hidden from you is not the actions of a free society but the actions of a broken society. Would the creators of this country have agreed or would they as well be labeled malcontent’s and disruptive by this very same government? I bet they would be. So give a voice to your questions and ask them, not by email but by true letter or phone call to your congressional representative. Let them know that what they are doing is not what a free and open society does if it wants to stay that way. Lets take back our government so it is again a free and open country by and for the people. Don’t know who your representative is? Find it here: http://www.house.gov/representatives/find/

    What can you do?

    You may say that security is hard to do, yes it is, but with some effort most everyone can exchange information privately. There is a framework called the internet that can help, search and ask and you will be rewarded many time over for the better. There are E-mail tools, IM tools, Chat tools, and web tools that can help keep what you say private. Many of the tools work on most of the devices you use, from phone to computer and are quite easy to install and setup. Stay informed on what is being done with and to your data. If there is a question then look for the answer and if the given answer seems incorrect then look deeper.

    Just need to remember, its like anything we as humans create, it can be used for good or evil, its up to us to decide how we use it.

    otaku
    29 July, 2013
    E-mail, Encryption, Security, Security Tips
    Comments Off on What future do we want..

    Secure chat with cryptocat

    With some of the events in the news lately of your privacy being spied upon not only by criminals but by your own government, keeping your conversations private even if you have nothing to hide is your right no matter what you are told. In this entry I will discuss a program that will allow you to chat with others at the same time be secured and encrypted. The nice part of this program is that it is done via your web browser or if you have a mac then there is a program that can be installed and run.

    First off like every program there may be bugs so keep up to date, nothing is truly secure forever. What may be secure today with changes in technology tomorrow it may not be. Sorry to burst your bubble but that is the way of technology. So now for the program.

    The program is called cryptocat. There are two options one is a plugin for most main stream browsers, Chrome, Firefox and Safari. There is also a program you can run on your modern mac. The site to get the plugin or program is https://crypto.cat/ at least for now that is, it may change so do a web search to find it if the link does not work. You can also set up a cryptocat server so you have even more control on your chat exchanges. It has a feel of a IRC chat client because you define your user name and room name in real time so it can change as needed. There are some predefined rooms if you wish, quite interesting ones as well. There is a lot of documentation on the site so I will leave you to look it over as you should for any security software to see if it will work for you.

    Installing is quite easy and fast. Open your Firefox, Chrome or Safari browser and go to the cryptocat web site. It will be a https link so if is not then look again for the link. It should have selected the proper plugin for your browser if not then you may want to see if any java settings are causing issues. After you have downloaded and installed the plugin and restarted your browser you should be ready to start.

    Click on the icon that looks like an 8bit Cat. A dialog box will open that will give you field for conversation name and nickname. Enter a conversation name and a nick name you want to be for this chat session and press connect and your ready to go in a few moments. Secure and encrypted between you and others.

    That’s it and that simple..

    Also please donate to them so they can keep up the work and keep it secure.

    otaku
    19 June, 2013
    Encryption, Security, Security Tips
    Comments Off on Secure chat with cryptocat

    3-2-1 start.. data today and tomorrow..

    In this short entry I will talk about ways to backup your file and why it is easier than many people think to create a routine for it. Most of us have had that sinking feeling as we try to find something in the massive clutter of our system and are not able to find it for a while. Think of how you would feel if everyone of your files were gone or scrambled on your systems. Not good I bet.

    It is not truly hard to create a system to keep the data safe, yes it will cost a little in some cases but it more than out weighs the frustration of losing your tax records or school papers.

    One of the most basic ways is what is called the “3-2-1 system”. That is, three copies of the data, two different media’s and one of them off-site. With the size of the hard drives now have a few one or more terabyte external drives are not that expensive. You could also take one of the disk drives and put it in a bank box for safety, even store it at your parents or friends house. The two, that is two different medias part are simple as DVD disks. Most new machines have DVD writers and programs that allow you to use the DVD as a standard type drive. If you want to go old school then use of “tape drives” are also a good option.

    There are even “cloud” based services that will back up your data to their storage for you. Depending on the amount of data and bandwidth you have it could take weeks to fully backup the data. It would cover the one off site location requirement of the “3-2-1 system”. After the initial upload of the data then keeping your files up-to-date would only require small uploads.

    There are some options I would recommend, that will add an extra level of security. The first, if possible, have the data encrypted in some way. That way if by chance it was stolen the thieves could not read the data, or even if your “friend/family” got a bit nosy they are not able to read the information. Second, test the data from time to time to make sure it is being backed-up correctly. I have see cases that it looks like it is being backed up but the data is damaged so the backup is worthless. Not a fun time to find not only is your main but also the backup data is damaged as well. Lastly, set up a schedule of some sort to keep it up to date. There are programs that will automatically back up changes, Mac OSX has Time Machine, Linux has a few as does windows. If having question then talk to your local “geek” they will have ideas to help.

    Now start that back up and you can sleep easier at night..”3-2-1 start”

    Bye for now ()-()

    otaku
    7 March, 2013
    Backup, Cloud, Encryption
    Comments Off on 3-2-1 start.. data today and tomorrow..

    Setup and sending encrypted e-mail.

    With the changes in many of the laws that kept the government out of your information, they have more access now than anytime in the country’s past. If you don’t mind the intrusion access then that’s fine, but if you do read on.

    This entry will cover setting up and sending your encrypted mail to another using Thunderbird, EnigMail plugin and PGP /GnuPG programs. I am using Thunderbird because it is available for most every operating system around and its free, but I would ask you give a donation to help keep it around.

    If your already using Thunderbird mail client then you are half way finished, if not you will need to install the client for your OS to use first and get in working correctly. Go to www.mozilla.org/thunderbird/ and download the version for your system, then setup your account. You will need to install enigma mail plugin and GnuPG. To get EnigMail plugin go to http://enigmail.mozdev.org/home/index.php.html and select the version for the OS you are using. If you are using a newer version of Thunderbird you can go to the “Add-ons” sections and search for then install from there, simple and easy or you just download the version and select Install from the “Tools -> Add-ons” menu, Select the .XPI file and install. Go to www.gnupg.org to get a copy of the program and install using the instruction for your OS system.

    Now that you have a general idea on what, why and how of encryption, lets get started using it to send mail to another person. Install the Thunderbird plugin and install GNUpg program as well on your system. The first thing you will need to do in set up a public/private key. The Private or (secret key) is for you, the public key is for everyone else. There are two ways to generate the keys. One way is to use the command line, the other is to use the GUI in the Thunderbird OpenPGP option, for now will show the OpenPGP option.

    Start Thunderbird then select OpenPGP, from the drop down menu select “Key Management”. Select “Generate” then “New key pair”. Select the Account / User ID you want to use then give it a paraphrase, you may also want to give it a comment, that is up to you. You can leave the Key expires option alone for this time, you can play around with others after setup. Select the Advance tab, depending on the speed of your machine you can leave the settings for Key size and Key type alone. Increasing the size will increase the time it takes to generate the keys, if you want to make it very difficult for people to hack your keys use the 4096 and DSA & EL Gamal option, it will take a while to create the keys so be aware of that. The 2048 key size is quite large and difficult to crack so you can leave the Key size and key type alone. After you are happy with the settings select Generate Key, sit back and wait for a bit while it generates the keys for you. When the keys have been generated they will show up in the Key management box.

    Now lets get to using the generated keys. First you need to send them to another person, to do that select Key Management again, you have three options. One option is to send the public key by email, another options is to send the Public Key as a file and the last is to upload the Public Key to a key sever. For now just use Send Public Key by Email option, select the email of the person or persons and send. In the attachment sections you will see the public key, it will be numbers and letter with an .ase extension. When the person gets the email they will save the attachment into there PGP key folder and from then on they can send messages to you encrypted.

    Sending encrypted E-mail is quite easy from then on. Select Write then enter the email address, from the OpenPGP menu select Encrypt Message, enter your Subject and message then click Send, you may be asked to verify the recipient public key then it will send the message. When the message is received open the OpenPGP pull down and select Decrypt/Verify, it will ask for the password to your private key and then will decrypt the message. And the good part is it is only decrypted when you want to see it, all the others times is encrypted.

    Its sad you have to do this to protect your self from unreasonable intrusion by the government and business but..$fdRuyde^%7gde43%ynb(4sCX234gmq093467v%$dffg4^&=asw

    otaku
    29 December, 2012
    E-mail, Encryption, Security, Security Tips
    Comments Off on Setup and sending encrypted e-mail.

    Secure between you and others – Encryption

    Picture a world where complete strangers know the personal information you send to your family, everything you send to someone else, is copied and viewed to make sure you are not a threat to the society. This sadly is what seems to be happening more and more lately, but if you are diligent there are things you can do to keep your information private.

    With his group of entries I will explain how to use encryption of email between you and another person to keep the information out of prying eyes. The idea is simple, being able to send and receive mail between you and another knowing that even if the traffic is sniffed and the data is captured it will be secure for a while, I say this because as technology evolves it will at some point be able to DE-crypt the message, but most likely far in the distant future long after you and most of the human race is gone. The idea is to keep the length of time long enough so it does not matter if they do DE-crypt it because the information will no longer be useful. I will discuss using Thunderbird, GnUPG (PGP) and enigma mail plugin as my E-mail and encryption programs. There are others that will be added as time goes on. This set of entry’s will cover securing your E-mails from others, they being your ISP’s, data miners and even your own Government. We could talk all day about the idea that if your not doing anything you have nothing to hide, but will just leave it as the only ones that need to read it is you and the person you are sending it to, no one else.

    What is Public key Encryption –

    Why think about encryption? If you have nothing to hide then you don’t need to use it, do you? Just some of the questions that people put forth when you say you want to encrypt stuff between you and the other person only. Security is a right not a privilege, what is exchanged between you and the person should only be known between you and the person. There are many ways to encrypt messages, the one I will describe is called public key encryption.

    The idea is that Bob and Alice want to exchange messages and do not want John to be able to see them. The problem is that the only method is a media that can be sniffed that is the traffic can be viewed. Think of the postal carrier: you put the mail in the mail box and the letter going into a public system that can be looked at if one wishes. To prevent that public, key cryptology was created. The way to think about it is that each of you have two types of mathematically defined keys. Both of the keys are created at the same time. One key you keep and one your give away, that may sound strange but here is why. You use the public key to encrypt and only encrypt the message, by knowing the public key you can not decrypt the message. When you get the encrypted message you use your private key and only your private key to decrypt it. The private key can be used to know it is you and only you that will read the message. Each private and public key are a matched set and if they are tampered with they will no longer work together. (the deep workings are at this time a bit beyond the scope of this but maybe I will do a special posting explaining it deeper)

    Now back to Bob and Alice’s message exchange problem, Bob wants to send Alice a message that only Alice will be able to read, One way this could be done is to have both of them use the same password to encrypt the message, the problem is how do you exchange the password if they never are able to see meet each other directly. This is were the public key comes in, this is a lock that can be publicly given out that can be used to encrypt a message by anyone. But only the recipient has the private key to decrypt the message. The first thing they do is create a combination of private and public key, this means that the public key can be used to lock the box but only the private or secret key can be used to unlock the box.. So after they both create there public/private keys they can do one of many ways to exchange the public keys. They can send them to a central key server that holds the keys so Bob can search for Alice’s public key, Alice can just send Bob the public key in E-mail, if they are really paranoid, Alice can send the key one letter at a time to Bob and he can convert it for use, long way but it does work. Lets say Bob get the key from Alice some way, Bob would then take the message and put it in the box and lock the box with Alice’s lock and send the box to Alice, this box is unbreakable when the lock is added. Alice upon getting the box would use her private key to unlock the box and view the message. Bob could put his private key into the box so Alice can verify the message was from Bob. Simple but you should now get the general idea, some questions could be how does Bob know the private key is from Alice and not John and vice versa.

    Deeper reading of you like

    www.gnupg.org

    https://en.wikipedia.org/wiki/Pretty_Good_Privacy

    http://www.openpgp.org/

    http://www.pgpi.org/

    http://www.pgpi.org/doc/pgpintro/

    http://pgp.mit.edu/

    http://philzimmermann.com/EN/findpgp/

    otaku
    24 November, 2012
    E-mail, Encryption, Security
    Comments Off on Secure between you and others – Encryption

    IM encryption with pidgin and OTR plugin

    In this entry I will discuss secure IM. For this discussion I will talk about pidgin and how to add some secure encryption. This will allow you to talk with another person and be reasonably sure that you are will not be snooped. As all security and encryption, there may be as yet unknown bugs or ways to access the data, some may be from a side channel. Depending on your operating system you will need pidgin, you will also need a plugin called OTR. The OTR plugin does most of the work in securing the encryption between you and the other IM client. I will also talk about a few other plugin that may be kind of nice to have enabled.

    First off you need download and install pidgin for your system. To do that go to http://www.pidgin.im/ and select the version for your system. There also is a sections along the top called Plugins, select that and you will get a list of plugin options. Find the “Security and Privacy” section and select “Off-the-Record Messaging”. Down load the plugin for your system, and install them both, pidgin first of course.

    What is OTR? Off-the-record, its a cryptographic protocol that provides encryption for instance messaging conversations. This allows deniability and confidential message exchange. It uses multi-key exchange hash functions, that is it uses a mix of mathematical keys to encrypt the messages between each of the recipients on the IM exchange.

    Now lets get started setting up the secure connections. First thing you need to do after you set up your IM account in pidgin is to set up the “Off-the-record” plugin private key. To do this go to the Plugins sections and select “Off-the-record Messaging” then select “Configure Plugin”. There is a new dialog box that will open, from here click on the “Generate” button to generate a private key fingerprint. It should after a bit of time generate a 40 letter/number key combination, it may take a bit of time depending on the speed of your machine. On this page also there are some other options you may want to set. I would recommend setting “Enable private messaging”, “Don’t log OTR conversations” and “Automatically initiate private messaging”. You can also set “Require private messaging” if you know the other person is using OTR as well, if you set this and they do not it will not connect (in future versions that will change to allow non default encrypted connection). There are other plugins you may want to play with so go for it.

    To start a conversations, select the person you want to IM, there is a button in the lower right sections that will default to “Not private”. Click on the button and select “Start Private Conversation”. It will change to one of four options, “Not Private”, “Private”, “Unverified” and ”Finished”. Not private is just that, all exchanges are in clear text. Private means you and the person you are connection have been authenticated and not an impostor. Your exchanges are now encrypted and visible only to the other person not a third party that may be sniffing the traffic. This is not to say it is a guarantee because the technology may be found to break the keys, but for now they should be safe. Unverified means you are getting an encrypted feed but the key can not be fully verified, there may be someone acting as the other person. The last is Finished, this means the other person has change the setting to “Not private”, this prevents the other person from accidentally sending a message they think is encrypted.

    Now you have a secure connection between you and the other person. The questions you still need to ask yourself is, “is the rest of the machine secure?” More on that later.

    otaku
    26 July, 2012
    Encryption, Security, Security Tips
    Comments Off on IM encryption with pidgin and OTR plugin

    Passwords and file encryption

    In this entry I will cover some quick and simple ideas that you can do right now to protect your online presence.

    First and perhaps the most important one is the passwords that you use for different places, yes I do mean using different passwords for different sites you log into. Don’t use the same password for everything. If you have been watching the news lately there have been a number of places that have “lost control” of their password file to hackers. I will admit it is a bit more work, but would you rather change only one password if the account has had the password stolen or multiple accounts?

    There are programs that will secure your lists of passwords with a password so you only need to remember one to decrypt them. You may say what is the difference between having one password for all accounts and one password for the password holder?. First off you are more likely to have it on a machine that is password protected in the first place, and they will need to know you have a password file there. Most “hackers” are more interested in selling the machine or doing a quick look on what is there then digging deeply into it. It may be true that they may dig deeper for corporate treasures and if that is true it is hoped that your IT has steps and options in place to secure that, more on that later.

    The next issue is the type and lengths of the password. There are many papers written about this and many different ideas. As a standard idea, the longer the better, but as long as you do not use dictionary words you can use a little as six letters for the password. As a general rule having special characters like ” @#$%*^$” will make the passwords harder to crack, sadly some systems will not allow these, so if you can, use them.

    On the subject of cracking passwords you may have wonders how they do that? If the password encrypting program is well written then most of the time it is easy to encrypt the password but hard to decrypt. There are large databases call “rainbow tables” that have passwords already created and the hackers will take the database and search for a match, so they do not need to decrypt it just match it to a pre-created list. Adding special characters will make the time needed to crack it cost more than the data is worth. That is the key, once it is not cost effective then they will just wipe the machine and sell the hardware.

    On the idea of passwords and encryption of passwords, I also want to touch on having your machine use a password to log into and not have it just auto-boot into your account. It may be a nice feature but if it is stolen then your data is open to all. With that being said and you still want to have it auto login to your account then you should at least encrypt the files you want no one to have access to. Setting up a space to save files in an encrypted form will depend on your operating system.

    I will start with OSX first because it is the easiest. If you use OSX, it has an option to create an encrypted disk image. Think of it like a folder that will store the files, you then mount the folder like a drive. To create the encrypted image select and launch “Disk Utility” its in the Utilities folder under Applications, Select New Image, Choose a name for your image, then choose the size of the image, I would keep it under 4Gig because any larger you would not be able to burn the image to a DVD. Look for the encryption setting and select 128 or 256 AES its up to you, the higher the number the slower it will be to encrypt the data depending on your machine. Many new machines are fast enough for the higher number. You can also select the locations to create the image, leave the rest of the settings as they are. Select Create and an Authenticate dialog box will appear, give it a password and then retype it for verification. Use a strong password for this, that is numbers letters and the mix. To mount the file just click on it and it will ask you for a password, after you enter the correct password it will mount just like a standard OSX drive.

    If you use Linux, Windows or OSX there is a third party application called “truecrypt” it is free, but I would ask you give a donation to them if you would please. I like the program because it open source, that means you can look at the source code for your own personal feel good that there are no backdoors in it. Also it has been look at by many others and there seems to be no security issues. It is on the same lines of having a single encrypted image that you store your files in. I am not going to go into all the features at this time. I will have a full posting at a later date with some cool security features. For this posting it will only go into creating a simple encrypted disk image. First down load the program for you systems from http://www.truecrypt.org/downloads. Select the OS you use and install onto your system. Start TrueCrypt, select Volumes, Create New Volume, keep the Create and encrypted file container selected, click next leaving the Standard TrueCrypt volume open marked. Click Next again and give the volume a name then select Next. For now you can leave the Encryption Algorithm set to AES and the Hash Algorithm set to RIPEMD-160 as well. Select Next and give it a size I would say 4GB max for this so you can burn it to a DVD if wished. you can experiment later with different sizes. Select Next and give it a password, it may give you an error if it thinks the password is to short or easy crack-able you can disregard it but try to create a strong one. Click Next again and give it a format type, the select FAT file system is fine for now, click Next again the Volume Format dialog box will be showing random numbers, move your mouse in the box for a while to create a random set of key numbers, then click Next to create the volume, it will say Volume Create at this point click Exit. It will bring you back to the start screen, to mount the created volume. Make sure one of the slots is highlighted. Click Select File and click on the file you created, select mount and it will ask you for the password then mount the file. Add the files to the mounted volume after done, just un-mount it and it will close.

    I Think that is plenty for now so enjoy

    otaku
    6 July, 2012
    Encryption, Linux, Security, Security Tips
    Comments Off on Passwords and file encryption
    « Previous Entries
    • OtakuSystems LLC Information
    • Presentations
    • Book of Interest
      • General Knowledge
      • Science Fiction, General Fiction
    designed by otakusystems

    Copyrights © 2011