The New Echelon: NSA Spying Program

Back in the 20th century, NSA had this program "echelon" that aimed basically at "tapping" all communications going in/out or inside the US. They had some legal issues but it was ignored as usual and the spying went on. The spying relied mainly on intercepting satellite traffic because back then there was no fiber optics. Since the introduction of the fiber optics network overseas, eavesdropping did not work very well. Tapping wires especially optical fibers weren't that easy. It needed physical access. NSA had a research team working on it. They even sent a submarine to try to find a way to eavesdrop traffic from under sea cables without cutting the cable but they failed. All the previous facts are documented. You may refer to RSA conference 2009 speech of James Bamford, author of "The shadow factory". But doesn't this ring a bell ?? cutting cables ? a series of unclear events happened earlier at the cables joining the middle and far east that was very vague. Cables were cut with no clear logical reason. People were saying all sorts of stories about this like "a ship drop its anchor on a cable" "fish ate it" "Al Qaeda intentionally severed the cables for their own nefarious purposes" "krakens maybe!" (the latter is mine). However, after Bamford speech i think this all makes sense. There are communication corporates/countries that agreed to cooperate and put a tap on its nodes. But when countries don't cooperate what happens ? dozens of cables get cut "accidentely" and fixed right after. That makes perfect sense! :D

Heterogeneity Promotes Security

Consider this scenario. There is only one operating system in the world that everybody uses. Now it’s going to be very easy for the attackers to write one exploit that runs on every single machine on earth!

On the contrary, if every single machine had its own operating system, then an attacker must write malware for every specific user.
The point from this argument is that heterogeneity of platforms makes it statistically harder on the attacker to write a malware that spreads well. The problem is that most of the personal computers on earth run Microsoft software. Recently, servers also are migrating to Microsoft. This fact makes the decision pretty easy for the attacker when he is choosing the platform under which his malware are going to work.

It’s very healthy for the whole internet to have some sort of balance between operating systems on both client and server sides to make the job harder for the black hats.

How to know someone's IP Address

In many cases, it's desired to know the IP address of someone in the reconnaissance phase. The first question to ask is what information do I have about this person. In most cases it's possible that you have the email or IM of the target. First let's discuss the methods:

Method #0x01

if you have a web server hosted someplace where you can see its logs then it's very easy to send someone a URL of an image or any webpage hosted on your web server (http://123.123.123.123/veryfunnyimage.jpg) whenever this page is visited the web server keeps a log of who visited that page (IP address, time, browser, OS ... and lots of more info) where you can check later to collect IP addresses. if

Method #0x02

sometimes people get freaked out from addresses that have ip addresses in the URL so having your webserver with a domain name would really help the person you sent the URL to press on the link (www.mywebsite.com/veryfunnyimage.jpg)

Method #0x03

Some paranoid people don't open links to unknown sites. so here comes the cool trick. you can embed the image in a post of yours in a known site that allows HTML tags with image sources like < img src = (your image URL). in this case the URL you are going to send to the person is a link to a known website but the website contains another link to your web server. And whenever someone views this page on the known website, the "img src" link is invoked and voila!, you have a log entry on your webserver.

Method #0x04

Some Ultra paranoid people don't open links at all!! for these people I use my old trick. I send an email to the target that looks important to him (depending on the target actually and what's important to him). This email is in HTML format and contains a tag that links to an image on my webserver (probably a white image not to attract attention). Now upon merely opening the email, my webserver is invoked and a log entry is saved about the persons current IP address.

Note that this method only works if the email client allows images to be displayed (gmail disable that by default)

Method #0x05

A more faster approach is IM. If you have the IM of the target, then it's possible that you try to send him a file (not malicious, a picture or smthng). upon sending the file, a direct connection is established between you and the target. with a simple connection monitoring application (e.g.netstat on windows), you can know the Ip address.

Method #0x06

Some paranoid people don't accept files! so another trick in case of MSN is background sharing. the default for MSN is to accept backgrounds shared by others. Actually background sharing performs file sending if the background is not one of the default backgrounds. So the trick is to set your background for the IM to a cool pic from your computer and share it. if the default setting was not altered on your target's IM, then he will automatically accept it right away and a connection is opened. here comes again the connection monitoring app where you can identify the new connection and extract the IP add of the target.


Well those are one's that I used .. do you have any other methods ?? sometimes I only have the username on a forum or website. Any clues?


UPDATE:

Method #0x07

In MSN messenger, if u don't have the display picture of the person you're talking to, the messenger will try to download it by default. this cause the the MSN to open a direct connection. Using a sniffing tool like wireshark will allow you to know the IP of the remote person.So basically if you don't have his display picture and you opened the chat window you'll get your log entry. You can either convince the target to change his/her display picture or you can remove the your local directory that caches the display pictures for all contacts (located in application data folder for the msn) to force the messenger to redownload the picture. [ NOTE: thanks to rvdh for the great tip :) and thanks to Borry for letting me taking him as a test subject :D ]

25 DEC = 31 OCT

I've been wandering around surfing the net as usual when I found out this very odd thing... we all know that 25Dec(ember) is the christmas and 31 oct(ober) is the halloween. The weird thing is at the same time 25 dec(imal) number is euqal to 31 oct(al) number !! what a conincidence.It's like 25 dec = 31 oct -> christmas = halloween!! I think this must have a meaning don't you think?

A Certificate Dilemma

I've been trying to get a new certificate for my SSL enabled software from a very reputable certificate giving web site (cacert.org) and I was shocked with a notification that the certificate of this web site is not proper!! see the image below for yourself. How come that the certificate issuer web site has an untrusted certificate!!? :D

Screw symbian and their DRM

I've been struggling for a week now with that piece of metal of mine (mobile phone) trying to install a simple app and yet I couldn't !!. The problem is that symbian (God saves their brains!) decided that no application to be installed on your very own mobile except if it's signed by symbian (hmm maybe someone is paranoid over there or something!!! ) . Of course there's that "self signing" thing that you can do. But it only grants you access to limited set of APIs and you cannot access all system calls. Funny it is how this DRM stuff work. You have your mobile at your palm and you app on you pc and due to some DRM "issues" you can't install it!!. My last option is to hack the image of my symbian OS to make it bypass signing from the beginning. I was hoping not to come to this part because the place where i read this article it had this big warning

" !!!!!!! This hack is not for the faint hearted and is known to brick a few models that perform a CRC check. Anything that you do following the article below is at your own risk and responsibility.!!!!!!"
so i decided to wait and give it another try with searching.

Symbian was so generous to allow people to have their apps signed online (What if I don't want anybody to see my app?!!! , what a big nose !) and of course this online signing is also limited to the IMEI and must have the UID same as the email that you wrote in the app. itself. which means that you can't give your app to some friends to try it. shame on you! ... symbian people are the best guys can't you see it!

And last but not least of symbian's generousity is their developers' signing request program. If you are a developer and you want a certificate to test up some apps. you can send a request to symbian and they will give you one. However the trick here is that you have to sign up with your email which MUS NOT be a public known or unknown! free email service provider neither it can be any domain with lots of people signing up from. Whenever a domain (even it's your domain) has a certain limit of users singed up from, it gets banned!! .. so you can imagine how many free emails I've singed up in the last couple of days and tried with that stupid program.

ANYWAY, like a friend of mine always says "A brownie can always solve the problem" . I think I'll just eat some brownies and try to forget.... (hhh sighs)



UPDATE: I used a hack that was mentioned in the comments. Thanks Sheero for the hack , it WORKEDDD :D ..you saved my day (or month actually!) I shall rename the post "God saves old friends (& screw symbian & their DRM!)" LOL .. I think um gonna save the cookies for some other problems.

Social networks... How to surf safely

Social networks is actually a crawling disaster with all this information passing, threats that we never thought of has emerged leading to serious problems

I was reading this article on Outpost security lab and they suggested few practices to make surfing through social networks more secure.

Best Practices:

"
Use the latest browser software and install Windows Updates as soon as they become available.

Use a firewall to protect your system against unknown threats; use up-to-date antivirus to block known threats and intrusion prevention software to alert you to potentially dangerous activities on your computer.

Do not download, open or respond to content published or sent by unknown people. There has recently been a virus outbreak in the Russian portion of an SN that resulted from unwary users clicking on a reference to a fake image file that led to the activation of a virus that then wiped user data from the affected computers.

Remember that SN is still in its infancy: the engines are still immature and the platforms are vulnerable to determined attackers. Reports of faulty SN code appear regularly in the media, and you cannot rely on the integrity and non-disclosure of your personal details due to multiple weaknesses in SN systems. Cross-scripting errors (XSS) enabling attackers to view restricted sections of user data have affected almost every SN site, much like the way spyware targeted Windows systems that had not been patched with SP2 back in 2003.

The 3rd party applications (widgets) that Facebook and Myspace offer as additional downloads are even more problematic. These programs are not tested for compatibility or security defects, so be sure you understand exactly what you are installing when you choose to use one of these applications.

Don’t access your online profile from public computers – such actions are fraught with additional risk because of the potential for theft or malware compromise. Your log-in details might be stored in a local cache and later extracted and used to illegally access your profile, or the computer may be infected with keylogger that will silently capture any piece of information, including log-ins and dialog sessions, and relay this data to unauthorized third parties.

Do not disclose sensitive information ever! - A recent British survey revealed that more than half the SN users interviewed publish contact details and private details in their online profiles, making them the easy targets to ID thieves and other miscreants.

Due to the open nature of the Internet and the fact that your account can be hijacked, coupled with the vulnerabilities of SN platforms, you should NEVER publish any sensitive information about yourself, like your home address, Social Security or cell phone numbers. And don’t post anything that could backfire against you, like videos of your student parties, or anything else that you wouldn’t want a prospective employer to see.
Prevent anonymous users from viewing your profile

By making your profile private, you limit access to your online profile only to friends and people you know.
Authorize and add as friends only people you know

The smaller your inner circle of friends, the more private your online profile is.
Never trust online-only acquaintances

It’s important to keep in mind that people and their identities are not always what they claim to be, and you should not blindly trust people that you meet online. Don’t meet these people in real life except in very public, safe places, and you must strive to avoid any other physical contact with them.

You may have heard the dramatic story of a girl committing suicide after her online date supposedly let her down, whereas in fact the cheating partner was the mother of a teenager who didn’t want her son to date the girl. If she had been a little less trusting of what she read online, she would probably be alive today.
Favor sites that use encryption

Facebook, for example, encrypts your interactive sessions, whereas Myspace hasn’t yet followed suit. Encryption garbles data in transit so that no-one can read intercepted information, protecting your passwords and other information from outsiders.
Report abuse

Should you encounter cases of spam, harassment, stalking or other intrusions into your private life, you should report such incidents to the people responsible for proper conduct on the social networking site. Consult the FAQ or Contact Us section to find specific contact information.
Don’t access SNs from your workplace

Research indicates that half of the workforce access SNs during the workday, reducing productivity and distracting from work-related issues. Such activities may also be in violation of your employer’s “appropriate Internet use” policies.
"

After all, nothing is totally secure. And if the information is there then someone somtime will be able to get it somehow!. Maybe I'm paranoid but who knows what can happen :D