Tag Archives: Cybersecurity

Linux Security Distros Compared: Tails vs. Kali vs. Qubes

Linux Security Distros Compared: Tails vs. Kali vs. Qubes by Thorin Klosowski via lifehacker-logo

Are you looking for the safest version of Linux? The best for your tasks?

Ask yourself why do you seek a Linux operating system with high performance in terms of security and test one of those Linux OS proposed in the link above.

I think they are the best Linux distributions today …. or does anyone have any better suggestion? If so, please write a comment below! Thank you.

If you use TAILS you should test a bit of HEADS alchemy

If you use TAILS you are certainly interested to better know HEADS because Heads isn’t simply another Linux distribution, it merges physical hardening of particular hardware platforms and flash protection attributes with a Linux boot loader in ROM as well as custom Coreboot firmware.

30450989320_f6504cb662

The key factor in Heads is represented by its steady monitoring of the boot process that allows detecting if the firmware has been changed by malware.

If this first check certifies that all is unchanged, heads uses the TPM as a hardware key to decrypt the hard disk.

The certified integrity checking of the root filesystem is really effective against exploits but it doesn’t secure the system against each possible attack but it is able to effectively divert many types of attacks against the boot process and physical equipment that have usually been ignored in conventional setups, hopefully increasing the issue beyond what most attackers are willing to spend.

c3tv-bootstraping-a-slightly-more-secure-laptop

Link

Faking Your Death Online Is a Lot Harder Than It Used to Be by Roisin Kiberd via vice_motherboard_logo

“…But pseudocides are rarer in recent times. “Vanishing” oneself is more difficult; the world is simply too small a place now, connected as it is by social media and the surveillance it entails….”

“…Let’s say you are hiding in Japan, and a tourist takes a photo where you’re in the background,” he told me. “The photo is uploaded to social media and a week later, a cop uploads your photo into a facial recognition site like TinEye [a reverse-image search engine]. Boom—you’re busted, because TinEye will find your photo online…”

3 steps to install DNScrypt to improve your privacy – Ubuntu version

Also if you use OpenDNS to improve your standard of privacy, you are not protected by “last mile” dangers but you can boost your security installing DNScrypt on your digital device. DNScrypt “works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks”.

DNScrypt “is a protocol that authenticates communications between a DNS client and a DNS resolver” and it “is not a replacement for a VPN, as it only authenticates DNS traffic, and doesn’t prevent “DNS leaks”, or third-party DNS resolvers from logging your activity”.

For this reason you have to be conscious that DNScrpt is just a -very good- improvement of your privacy but not the definitive solution to all your privacy concerns.

DNScrypt is so versatile that you can install it on every kind of device you prefer. In fact it is possible to download DNScrypt for servers, IOS, OSX, Android, Windows and Linux computers (DNScrypt-proxy version). Obviously the installation and setup will vary a little depending the OS you installed on your device.

Concept-Skyscraper-Feeds-on-Air-Pollution-Uses-It-to-Grow-433607-2

Image from softpedia.com

Here we are talking about DNScrypt installation on Ubuntu.

For this purpose I suggest to use the Terminal that allows you to install DNScrypt i just 3 steps:

sudo add-apt-repository ppa:anton+/dnscrypt
sudo apt-get update
sudo apt-get install dnscrypt-proxy

Last but not least, you need to interface the Internet traffic of your computer through the DNScrypt-proxy. For this reason you have to Edit your Network Configuration and add the address 127.0.0.2 to the “DNS Servers” line as for the below screenshot:

DNSCrypt

Now you can start DNScrypt just typing:

sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u okturtles

Where, in my specific case, okturtles is the name of the remote DNS resolver I decided to use. I chose that specific risolver from the list I found into into my computer after DNScrypt-proxy installation:

/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv

As usual in similar situations, you may want to spend another couple of minutes to configure your computer to start DNScrypt at the computer boot. Open the Session and Startup manager through the desktop Dash and Add this specific command to the Application Autostart menu:

sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u dnscrypt

Protect your Privacy: use a Self-destructing, single-use File Sharing Service

encryption-100410129-primary-idge

Image from infoworld.com

If you need to share a confidential file to one of your colleague and you have not enough time to manually encrypt the file before uploading it to a you may consider to use securesha.re.

This online service let you to share a file through its online service encrypting it before it is uploaded to the securesha.re servers.

DevStash.io uses a 128-bit client-side AES encryption through a SSL protocol. This website automatically offers a 40 charaters long, randomly generated password that can be changed by user if he/she prefers to use its own passphrase.

Moreover securesha.re keep the file reachable in a long, random URL to decrease that files could be discovered through a brute force search.

Last but not least, this website let you delete the uploaded file after a pre-defined amount of time or/and after a pre-defined number of views. The default configuration allows just one view and an automatic deleting after seven days but the views can be extended till 10 and the amount of days reduced to just 1 day.

Personally I normally prefer to encrypt files by myself before sharing them online but I will keep securesha.re in mind in the case I need to share a file and I have not my laptop with me.

Link
star-wars-logo

Image from opencastingcall2013.com

What Do Star Wars and Recent Data Breaches Teach Us About Cyber Ethics?

TrueCrypt – Try it again! Waiting for CipherShed…

truecryptlogo_256TrueCrypt is safer than we thought! A specific audit tested TrueCrypt 7.1 unmantained through a complex verification process and the results are surprising.

First of all we have to consider that TrueCrypt is not mantained since 2014 and that its “natural” fork, VeraCrypt, is directly developed by Microsoft. For this simply reason many former TrueCrypt users prefer not to use VeraCrypt.

Secondly, the bugs revealed by the testers in TrueCrypt are less worrying than that discovered using its competitors solutions.

For this reason I decide to install TrueCrypt (that I use previously it was unmantained) on my Fedora 22 laptop.

To begin, I searched for a good repository and, at the end, I opted for that mantained by GRC. So I downloaded the TrueCrypt 7.1 archive from GRC that is still storing all the others TrueCrypt versions.

I decided to use the 7.1 version because it has more features than the last 7.2 version (the last known release of TrueCrypt). In any case I am monitoring the Swiss website and I wish that the CypherShed project will be completely developed soon.

After I extracted the file and moved it to a specific folder.

Last but not least I opened Terminal and typed:

sudo ./truecrypt-7.1a-setup-x64

and the software was correctly installed into my Fedora 22 OS.

After some tests I can adfirm that TrueCrypt is still a good security solution not only for the above mentioned audit but also because it is really stable, flexible, full of useful features and simple to use.

To sum up: Try it… again!