Category Archives: Seguridad

Link

Hacking Team Malware Hides in UEFI BIOS to Survive PC Reinstalls – Softpedia

Link

The Ultimate Guide to Making Firefox Faster

A small collection of Firefox add-ons you can install to improve (a little bit) your privacy – Part 2

1 Reply

I already described the privacy concerns related to Flash files in the my last post about Firefox add-ons and privacy. Today I want to talk about some interesting Firefox add-ons that could be helpful to reduce privacy risks during Internet navigation.

The first add-on is Flash Control  that “controls as and when to display the Flash player and the HTML5 player”. Another similar add-on is Flashblock  that does not allow Flash player to send information about your computer until you will decide to allow it. Personally I prefer Flash Control that is very intuitive and you decide when and what to watch just clicking on the Flash icon in the middle of the player. 

But, if you are a purist and you want to be able to control not only Flash player but also Javascript, SilverLight, images and proxies, QuickJava is what you are looking for. QuickJava is intuitive, easy to control and really effective.

In fact, you must not  underestimate Javascripts that are dangerous too if you think that they are equally able to remotely discover many information about your Ip, User-Agent, Architecture, OS Language, System Time, Screen Resolution. Statistically, when you have all these details, you have semi-unique fingerprints of the computer… and so someone could be also able to  know who are you. For this reason an add-on as Disable WebRTC is recommended because it blocks JavaScripts to access your local IP(s), without any user prompt.

References:

https://discourse.mozilla-community.org/t/support-flash-control/2479

http://flashblock.mozdev.org/ 

http://quickjavaplugin.blogspot.com/ 

https://addons.mozilla.org/it/firefox/addon/happy-bonobo-disable-webrtc/?src=api 

Related articles
Link

Advertisers are increasingly using technology that targets users across multiple devices, and it’s working.

Link

Post-Quantum Encryption No Longer A Laughing Matter

Once again about cookies, supercookies and Flash cookies… How to better protect Firefox, your Linux OS and.. you!

Leave a reply

In a previous post I already suggested to use HTTPS Everywhere and HTTPS Finder to better protect your privacy on the web. Today I would like to focus your attention on the privacy risks caused by cookies.

Some of them can track your internet activity also when you have logged off from the websites that created them. In few words, some cookies can actively support the creation of a quite punctual profile of your interests and share these information with third parties without you know if your data will be anonymised and correctly stored.

Internet tracking is actual and silent and antivirus software are not the best solution to manage them because every day new types of apparently harmless cookies and supercookies are created and spread into our computers. Cookies usually don’t directly affect your internet browsing but they are a real risk if you want to protect your privacy. A good VPN service (e.g. one that does not link your payment to your “new” assigned VPN IP) could be the best solution but flash cookies, evercookies (a particular type of zombie cookies which are able to geometrically clone themselves outside the original folder where they were stored) could reveal your IP and your habits, just after you disconnect your OS from the VPN shield.

To improve your privacy you can start to combine your VPN with some particular Firefox add-on as Self-Destructing Cookies (for the regular cookies) and BetterPrivacy which has been developed to “search and destroy” Flash cookies.

To improve your privacy, never forget that  you can tune your Firefox Privacy settings also using  Secure Sanitizer which wipe the browser cache in a stronger way than Firefox itself.

Last but not least, don’t forget to “waste” some minutes of your time and use BleachBit after every internet session or every time you shutdown your computer. Better to be slow than sorry! 

Spring Time! Now you are ready to protect your Ubuntu – Debian system from Rootkits and Viruses

Leave a reply

It’s Spring Time and after a long Winter surfing the web and testing new programs, it’s time to give a short rest to your computer, delete old files and scan the OS looking for possible rootkits or viruses. I usually use Ubuntu and the possibility of viruses is not high but… why I shouldn’t double-check to avoid viruses or rootkits?

– First step: Rootkits

Open your favourite Software Manager (I am na old school boy so Synaptics it’s my choice) and install rkhunter and chkrootkit. I know, they are two different programs that have the same goals so you can decide to install and use just one of them…

After the installation you can start using them just typing into a Terminal:

sudo rkhunter --update
sudo rkhunter --check

and/or:

sudo chkrootkit

Examine all the results and don’t be disoriented by possible “”false positives”. Try to understand if some “risks” you find in the results logs could be regular software you are using (e.g. encrypted disks, etc..)

– Second Step: Viruses

Install ClamAV to scan your disks and be sure you have not infected by common viruses.

Open a Terminal and type:

sudo aptitude install clamav clamav-daemon clamav-freshclam clamtk

Then to update the ClamAV engine and the virus lists just type:

sudo apt-get upgrade clamav clamav-daemon clamav-freshclam clamtk

At this point you find ClamTk into the Accessories Menu and you are able to scan your PC just clicking on some intuitive buttons in the graphical interface.

Good Luck!  AddThis

Link

How to Login into Ubuntu 12.10 Using USB Flash Drive  http://bit.ly/WtgNHI

How to configure Firestarter to use VPN services on Linux

2 Replies

VPN LinuxIn my experience Firestarter is a effective firewall and, on Linux, it starts automatically every time we boot up Ubuntu. But, when I decided to use a VPN tunnel through openvpn, I had some connection problems. In fact I was able to initialize my VPN services but, after a while, all the internet connections were mysteriously shut down.

The “problem” was Firestarter which cut off the connection as forbidden considering my inbound/outbound Policy.

To solve this matter you have to open a tunnel on Firestarter to allow VPN working:

1- open the configuration file my VPN provider gives to its users (generally its a text file containing all the configuration info used, in my case, by openvpn) and I searched for the IP address of the default starting connection used to authenticate the VPN services (e.g. 177.458.563.25). Save somewhere or memorize this VPN IP address.

2- open a Terminal and type:

sudo nautilus

3- using nautilus go to File System (it’s before home folder) and open etc–>firestarter and open the file user-pre using Gedit (or your preferred text editor)

4- the user-pre file is usually empty so don’t panic and write these lines into it:

iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p esp
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p udp -m multiport -sports isakmp,10000
iptables -A INPUT -j ACCEPT -i tun+
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p esp
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p udp -m multiport -dports isakmp,10000
iptables -A OUTPUT -j ACCEPT -o tun+

Now you have to substitute the xxx.xxx.xxx.xxx with the VPN IP address you have found at step 1 (in my example was 177.458.563.25).

5- Save the user-pre file and close Gedit and Nautilus

6- open a new Terminal and restart Firestarter typing:

sudo /etc/init.d/firestarter restart

That’all! Now your VPN works on your Linux computer and Firestarter has accepted a new Routed IP Tunnel into its allowed policies configuration.  AddThis

Join the first Spy Week by Lifehacker!

Leave a reply

The first Spy Week starts today @Lifehacker with a bunch of interesting stories about topics related to the spy world. During the next days we will have the opportunity to improve our knowledge on different fields as e.g. sharing sensitive information over the internet or taking photographs without being noticed by other people. Moreover Lifehacker will publish some interviews with experts who share some tips and answer to every related question from the readers. For example, now, Steven Santarpia from ICORP Investigation is online and interacting with lifehackers. This week, be sure not to miss any topics about spying (+ hacking + social engineering) and visit the dedicated section into the Lifehacker website! AddThis