Crake
Member
Given my professional experience, I thought I could contribute to the forums by explaining some advanced computer security concepts. I've seen some other mention of computer security, but I wanted to make a definitive thread for reference so there would be no misconceptions floating around. Hopefully those who consider themselves pretty technically savvy may still learn something from this thread. I can't profess to know everything, so please feel free to get involved in the discussion. I'll maintain this thread and make sure the valuable stuff bubbles to the top.
Let's get started!
Let me close by saying that ultimately the thing that will get you in trouble more than anything else is your mouth. Keep your mouth closed, even to those you consider your absolute best friends. They do not need to know about these things! Aside from that, be smart. This guide can help you to minimize the evidence against you in a court of law, but ultimately it's your smarts that will keep you out of trouble. Be safe and be smart enough to have nothing to fear!
Let's get started!
- Download Tor. Don't forget that you're putting your security into the hands of people that run the sites you visit. The Patriot Act is a terrifying thing, more so for US citizens. You must assume a visit from your IP is retrievable from any website you access. Scenario: site A says "we don't store your info, promise!", which they don't and you trust them. Owner of site A gets his property confiscated and LEOs decide they'd rather start storing information about site visitors without informing them about it.
- HTTP Referrer. Every time you click a link on any webpage that leads to a webpage hosted on a different server, something called the HTTP Referrer is sent to the destination webpage. What this means is that when you click a link to youtube in someone's signature on your favorite beast porn forums, youtube knows where you came from and your IP address. Some proxies and browsers remove this information automatically. To manually prevent this from happening, simply copy and paste the URL to your browser so that no referrer is included. To read more about this, go here.
- Cookies. Let me explain a tactic employed by web marketing agencies to display personalized ads. When you log into paraphernalia site B and you gain a cookie for that site, nothing is preventing site C from seeing that cookie (or embedded advertisement D). Keep your browsing discrete or delete your cookies before and after visiting questionable sites! I really like Incognito Mode in the Google Chrome browser for this.
- Your IP address. You are surfing the internet leaving your home address every where you go. The banner advertisement B on your supposedly anonymous website P was probably hosted by a site other than P. This advertisement host now knows your IP. Flash advertisement F on your "we-promise-we're-really-secure-but-we're-still-flash-ad-supported" website T just executed some flash code to grab your IP and ship it to marketing company J who owns the company whose Facebook application you just installed that knows all of your personal information. (This same principle goes for cookies and session variables.) You don't know it, but in the immense filing cabinet of data out there, your IP address (or temporary cookie or session ID) has a folder full of what you must assume is everything you have ever done. Worst of all, it is all within reach of the prying fingers of the judicial and executive branch of the government. And to be honest, out of everyone you can trust, I'd say you can trust Google the least. Don't believe me? Read this: "Google CEO Says Privacy Worries are for Wrongdoers" and then every article tagged here: http://slashdot.org/tags/google and you will start to form a different opinion on Google. Google is as evil as any corporate empire. Use with caution. An alternative is to use a privacy friendly search engine like Yauba and do yourself a favor and block google and google-analytics in your hosts file as demonstrated here. I also recommend downloading Privoxy immediatey to aid in this battle.
- Email accounts. Get an anonymous and private email account (such as one from hushmail) when engaging in any potentially incriminating correspondence.
- Flash cookies and objects. This is a profound vulnerability and veritable font of evidence. Flash stores all kinds of stuff on your computer. All the flash advertisements on growing site G for seed retailers are cached locally. Get rid of these flash objects by doing this: delete flash shared objects. And use this all too obscure web settings panel to prevent flash from doing things you don't want it to, like storing your browsing history: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
- File meta information. When you upload certain types of images and files, information about the origin of these files may be included in writable segments of this file. Often times you're able to remove this information by right clicking the file, going to Properties and looking at the Details tab. Make sure any personal information gets removed from these files before you make them public.
- ipconfig /displaydns. Go to start > run and type "cmd" and press enter. Now type "ipconfig /displaydns" and press enter. There you will see a list of every host (website) you've visited (and probably many you don't realize you did visit). Type "ipconfig /flushdns" to clear out this list.
- Sandboxes. Your browser may or may not use a method of securing other tabs and windows from accessing each other. This is called sandboxing, which is essentially keeping embedded applications and their componenets such as flash, javascript, session variables, etc from accessing other windows or tabs to perform reconnaisance. To make a long story short, if you are doing something that may incriminate you online, do so with only one web browser open and one tab open in that browser.
- Saved form data. If enabled, saved form data (including passwords!) are saved in plain text and visible by all users. Don't believe me about the passwords? Dig around in your browser's options for a "view passwords". Don't save form data. If you must, get an addon that encrypts saved form data with a password.
- Your ISP. For all intents and purposes, your internet service provider hates you and will do everything in their power to bring you down if they get a knock on their door from LEOs. Your ISP is not your ally and you should do everything in your power to encrypt and proxy anything you do because they store history of this stuff.
- Further securing your computer. If you have unrelenting popups, your home page changes to something else every time you change it, or you don't feel confident about your privacy when you're on your computer, you're probably making a huge mistake by posting pictures of your 6000 watt grow on site Q. But, don't download an anti-spyware program or an anti-virus program. With a little bit of knowledge, we can do a better job than these (untrustworthy) programs can. Let's take a moment out of your time and secure your computer manually. Let me explain how. Firstly, when a "virus", malware or spyware is running on your computer, it isn't some sneaky thing that is beneath your ability to see.
- The first place you want to clean out and validate is your start up programs (and I recommend doing this frequently). Start > Run > "msconfig". The Startup tab has a list of every program that runs when you start your computer. I recommend disabling most things (simply to speed up your computer). I also recommend going through and verifying what each of these is. That can be done by doing a search for the name of the executable (the .exe file). Is this something that seems logical to have? When you're done, reboot your computer and make sure that none of the things you disabled are enabled again. If anything is renabled, you'll have to remove it from your registry. As this guide doesn't go into that amount of detail, you'll have to learn how from a web search on deleting from the registry.
- The next thing we're going to talk about is services. If you have a virus, or keylogger or malicious software that keeps rearing its head even after you've disabled all of your msconfig stuff, this is how it's occurring. This is likely a much bigger list. To secure yourself, you're going to have to learn about each of these. Much like msconfig, begin the task of looking up each of these service executable names (which are located in properties, if you right click the service). Look for anything that seems suspicious. Remember that many malicious services are named something that sounds legitimate. If you find something unusual and you've researched it and feel confident that it isn't a required windows component, you may remove this service by going to Start > Run > "cmd" and running the command "sc delete [service name]".
- The first place you want to clean out and validate is your start up programs (and I recommend doing this frequently). Start > Run > "msconfig". The Startup tab has a list of every program that runs when you start your computer. I recommend disabling most things (simply to speed up your computer). I also recommend going through and verifying what each of these is. That can be done by doing a search for the name of the executable (the .exe file). Is this something that seems logical to have? When you're done, reboot your computer and make sure that none of the things you disabled are enabled again. If anything is renabled, you'll have to remove it from your registry. As this guide doesn't go into that amount of detail, you'll have to learn how from a web search on deleting from the registry.
- Wireless networks. As golden and cannibi mentioned, wireless networks are a potential node of vulnerability. To feel truly secure, one should eliminate this potential by staying wired. If it's impossible to be wired, a home network should use a strong security method such as WPA with a very difficult-to-crack passkey that is changed regularly. Avoid WEP as it is quick and easy to crack.
- Encryption. Thanks to growcodile for bringing this up. Using encryption methods such as on-the-fly encryption offered by TrueCrypt or full disk encryption from any of the software listed here can keep data stored locally relatively secure. It's also worth mentioning that most IM clients send messages in plaintext and their ports of operation may not be included in some proxies. Using an encryption method such as PGP (pgp.com, open-source implementation: gnupg.org) can keep instant message conversations private without a doubt.
- Data Destruction. Thanks to ak-51 for this suggestion. In the event that all the evidence on your drive should need to be wiped, deleting files won't cut it. Data is often completely recoverable on your hard drive after being deleted because only the reference to that data is deleted, not the actual data. A boot disk like Darik's Boot And Nuke can be kept handy to not only delete data, but also write a bunch of garbage on top of it so it's completely unrecoverable.
Let me close by saying that ultimately the thing that will get you in trouble more than anything else is your mouth. Keep your mouth closed, even to those you consider your absolute best friends. They do not need to know about these things! Aside from that, be smart. This guide can help you to minimize the evidence against you in a court of law, but ultimately it's your smarts that will keep you out of trouble. Be safe and be smart enough to have nothing to fear!
Last edited: