Category Archives: Seguridad

Watch your privacy! Upgrade your Firefox security with HTTPS Everywhere and HTTPS Finder!

As we already discussed many times in this blog, we know that web security is something very difficult to reach but we can always try to improve our security when surfing into the web.

First of all, use Firefox! Do it! In my opinion it’s slower than Chrome but very “transparent” and so you have less risks to unintentionally share information you want to keep private. In my experience, Firefox could be safer than Chrome if you use the right adds-on.

Then, install a particular add-on named HTTPS Everywhere.

This add-on (for Firefox and Chrome) will automatically connect your browser to the https version of many websites contained in its “Rule list”. The number of https connections in the HTTPS Everywhere’s list is sufficiently wide and you can always decide to manually add new https addresses (more info) as in the following example:

<ruleset name=”Google”>
<target host=”www.google.com” />
<target host=”google.com” />

<rule from=”^http://(www\.)?google\.com/” to=”https://google.com/”/>
</ruleset>

If you prefer to save time and you don’t want to write some lines for every website you prefer to connect through https, you will install another add-on: HTTPS Finder. HTTPS Finder is perfectly interconnected with HTTPS Everywhere and it will try to reach every website you type into the address bar, using a https connection. If it finds a valid https website, it will ask you if you want to add a specific rule into HTTPS Everywhere rule list. At this point you have only to agree and the new rule will be stored in the list.

Simple, easy, useful!

Video – Mozilla Collusion privacy tracking add-on for Firefox

Leave a reply

Few Tricks to protect your web searches from Search Engines logging

1 Reply

During the past weeks, we read many posts and articles about the new privacy rules that Google introduced for its web services. The goal of this specific post is not about discussing privacy agreements and the many interesting points of view about this kind of topics but we would like to focus your attention on a couple of “tricks” which can help you to increase the privacy level.

First of all, you can decide to use an alternative search engine which doesn’t log your activity and it is not possible to define your profile about your web activities.

Privatelee

Privatelee has been developed to offer better privacy to people who prefer not to have their web searches automatically analyzed by google.com.

This search engine can work on https mode and its search results are the mix between external search such as Google and Bing. You can also decide to use just one web engine or both. Comparing the results obtained we can affirm that Privatelee is really very effective and offers the same main features of Google and Bing.

Startpage

Startpage is based on Google and has many flexible features that can be selected using the “settings” page. This particular search engine deletes all the logs after 48 hours and you can anonymously visualize images and videos or define how to manage cookies. Moreover, Startpage allows you to save your settings without using cookies.

As for Privatelee, please be sure to type https and not a “simple” http when you insert Startpage address in the bar.

Secondly, if you use Firefox, you can use a specific add-on TrackMeNot. TrackMeNot is a simple but useful add-on you can install on Firefox to obfuscate user search data profiler on Google, Bing, Yahoo, Baidu and others. TrackMeNot automatically issues random queries on the main search engines using a list a generic list of words. In this way, search engines are not able to create a real profile about you as web user. Your real searches will be just few between the hundreds fictionally created by TrackMeNot. TrackMeNot is completely configurable: you can choose the query frequency or define the klog of your automatic queries. By default, TrackMeNot uses the words contained in the RSS of four primary websites: The New York Times, CNN, MSNBC and The Register.

Last but not least, if you are using your PC in any area with poor Internet connection, you can disable TrackMe Not with just a click. Easy and fast!

Video – AnonimoX Firefox cuida tu privacidad en internet Ubuntu, Windows etc. by Pedrote2222

Leave a reply

How to permanently remove files in Ubuntu/linux and make them unrecoverable by NickMcDTV

5 Replies

How to shred (permanently delete) files from your Hard Disks on Ubuntu Linux

Leave a reply

In our last post we examined the possibility to recover deleted data from USB keys and disks. Today we want to focus your attention on the proper way to destroy sensitive data from your disks.

On Ubuntu you have the possibility to move any file to the Trash but, as we demonstrate in our last post, anyone has the possibility to recover them using a simple, basic GUI, program called PhotoRec.

If you want to be reasonably sure that none will be able to recover a file you decided to permanently delete you have to use the Shred command. Shred is native in Ubuntu Kernel and literally delete your files overwriting them repeatedly with arbitrary data. After you delete a file with Shred you can be sufficiently sure that recovering procedures will not succeed.

As usual we must warn you that technology is rapidly evolving and what could be considered sure today, tomorrow will be out of date! So, if you think you need to preserve your privacy in the best way, don’t forget to change the hard disks regularly and mechanically destroy your old ones. Sincerely we hope our readers haven’t this kind of need.

To start using Shred on Ubuntu you have to open a Terminal and type:

sudo shred –help

In this way you will visualize the grammar and all the possible options offered by this program.

The correct grammar to use Shred is:

shred [OPTIONS] FILE

or, if you want to shred a entire partition:

shred [OPTIONS] /dev/[HDA9]

The possible options are:

-f, –force    change permissions to allow writing if necessary
-n, –iterations=N overwrite N times instead of the default (3)
–random-source=FILE get random bytes from FILE
-s, –size=N   shred this many bytes (suffixes like K, M, G accepted)
-u, –remove   truncate and remove file after overwriting
-v, –verbose show progress
-x, –exact    do not round file sizes up to the next full block;
this is the default for non-regular files
-z, –zero     add a final overwrite with zeros to hide shredding
–help     display this help and exit
–version output version information and exit

In our experience, to operate in the fastest way, we decided to add Shred on the Nautilus Menu and have the command ready with a simple right click on the mouse.

For this reason you have to open a Terminal and type:

sudo apt-get install nautilus-actions

Then you launch the program following this path: System->Preference->Nautilus Actions Configuration.

Last, you have to configure Shred filling e.g. the following parameters:

Label: Shred
Tooltip: Shred utility to securely erase files
Icon: gtk-dialog-warning
Path: shred
Parameters: -f -u -v -z %M
Filenames: *
Mimetypes: */*
Appears if selection contains: Both
Be sure to check the box “Appears if selection has multiple files or folders“

To finish your configuration, do not forget to open again a Terminal and type:

nautilus -q

nautilus

Time to clean-up! Ubuntu – Linux suggestions.

1 Reply

Christmas time is ending and today we really don’t know how many relatives used out computer for “just few minutes” or “to quickly (sic) check the emails”. In few words, our Linux PC could have been overstuffed with unwanted temporary files and we haven’t had time to update it. So, it’s time to clean-up!!

First of all I suggest to use BleachBit because, for my experience, it’s the most powerful software to clean temporary files, log files and unwanted traces on your computer. BleachBit is easy to use and, as we described in previous post, very effective.

Then we have to check if our system is really updated so we can use the usual ways as Synaptics Package Manager or quickly run a some simple commands through Terminal to update, upgrade and remove old packages or Kernel.

For this purpose I collected three simple commands and chained them in a single line:

sudo apt-get update && sudo apt-get upgrade
&& sudo apt-get autoremove

In this way you will be sure that you can start again to work on your Ubuntu as before the Christmas time!

Video – TeamViewer remote Desktop Connection by xComptoturialx

1 Reply

TeamViewer: Control remoto para Linux y Android

Leave a reply

Ante de nada, quiero disculparme con todos los seguidores de Galigio por la falta de Post en Castellano, espero poder volver a contribuir con mi granito de arena y compartir mis ideas. Bueno volviendo a lo nuestro, os quiero hablar del programa TeamViewer.

Hace tiempo estuve mirando para poder efectuar el aceso remoto entre mi PC y el PC de un amigo, ambos con Linux; desafortunadamente hay que reconocer que es posible pero no de una forma muy rápida y sencilla, el programa LogmeIn que era una de los disponible funcionaba solo con Windows y MAC también. Afortunadamente hace unos meses estuve investigando otra vez y pude averiguar que TeamViewer está disponible para Linux, Mac, Windows y también para Smartphones. La versión para Linux está disponible en diferentes paquetes: deb 32/64 bit, rpm 32/64 bits y también tar.gz; para Smartphone está disponible para Android, iPhone e iPad. Yo que uso Kubuntu he instalado la versión deb y también la he instalado en mi Smartphone Android.

Tengo que reconocer que funciona muy muy bien, desde mi teléfono puedo entrar en el escritorio de mi PC sin ningún problema y funciona muy rápido sin quedarse colgado. También he hecho una prueba entrando en el portátil de mi hermana mientra ella estaba en su casa y yo en la mía, todo muy bien, he podido efectuar una asistencia remota en su portátil e ayudarla con algún problemita que tenia. En fin, puede que no os cuente nada nuevo pero os aconsejo de probar esta aplicación porque seguro que siempre pude venir bien para diferentes usos. os dejo el enlace a su pagina Web.

The dawn of Morpheus’ era. Google’s supremacy and your privacy: short considerations about Google+

Leave a reply

In the last days, I tested Google+ and it really works! It’s fast, well-organized with a really intuitive graphical interface and, for the “first time”, I was able to start conversations with different groups without worrying to say something inappropriate to the wrong person. The problem is that it wasn’t the very “first time” I had the possibility to share a conversation because, for some months, I was one of the testers of Diaspora, an open-source project, which was financed through kickstarter.com

Diaspora is a start-up project in its alpha release and the most interesting supported features are the https streaming and the possibility to create separate conversations with preselected groups. During the past months Diaspora has not grown fast but this kind of timeline is not unusual considering the number of developers involved, the financial capital used and all the different problems that a start-up has to solve during the first year of existence. The Diaspora’s real added value was the idea of a more secure social media through https and dedicated conversation shared between homogeneous groups of people.

On the contrary Google hasn’t had this kind of problems while developing a similar project, Google+. Anyway Google is so well structured and financially powerful that can reach the goals in a very short time if someone, at Mountain View, really believes on the future possibilities of a project. In few words, this is the natural dominance of a big player in an imperfect market where the start-up can be annihilated by a faster and richer competitor which is able to use more human resources and capitals.

I personally believe that Google, in such a way, has contaminated the natural software “diversity” growth and has too easily prevailed over the Diaspora’s guys. I am not talking about copyrights or trademarks which have often damaged the software development, I am talking about software evolution, the “natural” selection that allows small groups of people with better ideas to survive and prevail over the bigger companies. We cannot be sure that, after the completion of Diaspora, new valuable projects wouldn’t have springed from that team. Perhaps it’s time to critically ask ourselves if Google has become too big and too powerful over the web and if we need a new generation of laws or rules just to perimeter it (not to censure its works or split the company).

Back to Google+, I can strongly affirm that all the features I tested were well programmed and extremely intuitive to use. Moreover, Google+ integrates many other Google products (e.g. Picasa, YouTube, Voice, etc..) and you can share a lot of contents directly with the right people using the, now “famous”, Circles feature.

But at this point, we need another old -no software related- question mark. How many information about our lives are stored in Google servers? All the Google online software are successfully principally due to their high level of usability. None force you to use Google’s products, you are 100% free to decide but usually you have specific accounts to manage your photographs, favourite RSS, documents, phone directory, emails and now also your friends, family and more… All these information profile you and your personal attitudes better than ever. Using the right mathematical function, Google potentially has an accurate profile of you than no one else and sometime it is reasonable to believe that Google knows us better than we do.

In this prospective the “digital identification” card someone proposed some years ago to better regulate the web and check the people online activity, sounds prehistoric. The natural evolution of the net, connected to the lack of a real liberal regulation, has created a “nice” superpower company that potentially has the possibility to share our most intimate data with third parties influencing in a way or another our destinies. Can the privacy disclaimers we accept with each Google service protect our data in a bullet-proof way? Personally I have some little doubts!

On the other hand, during the last year we assisted to the dawn of more decentralized online services (www.yacy.net, www.faroo.com, www.majestic12.co.uk, etc..) and payment systems (www.bitcoin.org) which are able to guarantee a more efficient encrypted privacy. To extremely simplify the concept it is possible to say that these new technologies represent a possible future horizon that will be developed in few years. Consequently, it is reasonable to predict that two parallel Internet will exist in the near future.

The first is the logical evolution of the web we know today with a more “efficient” control developed by Governments and specialised “agencies”. The second will be something near to what we watched in the Matrix saga. A semi-secret Internet, developed by unknown “experts” where the privacy will be one of the most valuable elements and where we will use a new generation of dynamic encryption software. If we consider that nowadays it is technically possible to build low-cost telecommunication satellites, the only residual barrier for the creation of this new web is represented by the cost of the vectors to bring them into the space. Waiting for a cheap orbital launcher, new technologies have been experimented to build alternative webs. The transmission of encrypted computer data through the radio frequencies is one of the most interesting projects. But this is another story also because we should consider the risks related to a second new encrypted Internet if not used in a proper way…

To conclude, let me say that Google’s people are the best but now, it is time they start thinking a little bit less about online software or visionary technologies and much more about the potential social and freedom risks of their work. There are not precise rules about these topics because just few politicians have a real knowledge about the “digital frontier” and for this reason they have the terrific possibility to regulate themselves in the best way and be really transparent. History rules, when there is not effectiveness regulation, there is the risk that, sooner or later, lobbies persuade politicians to law in a wrong way. If we think about what happened in the last thirty years we can focus our attention on specific tragic events which allowed Parliaments to overreact and chain our civil rights and our privacy in a way that has not roots in our democratic societies.

On the contrary, with new democratic and “illuminated” rules or self-reforms, honestly created by real experts, there will less needs for a parallel Internet and perhaps the dawn of Morpheus’ era will be postponed for a while. At the moment we can only hope that Google people are not became too old to consider that they could change their point of view. The current Google technological path is just one of the many they can develop. Now this path seems to be efficient and, of course, profitable but perhaps the near future needs something different and less dangerous for our privacy and civil rights… (to be continued, sooner or later…).