Presentation is loading. Please wait.

Presentation is loading. Please wait.

A disturbing comment on my blog…. Who is

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "A disturbing comment on my blog…. Who is"— Presentation transcript:

1 A disturbing comment on my blog…

2 Who is sux@boston.com?

3 sux@boston.com posted from this IP! IP: 128.100.171.22

4 So what’s an IP? An address. Every computer connected to the Internet has one, or shares one. Four numbers - each 0-255, separated by periods: 128.100.171.22 Try typing “66.233.167.99” into a web browser. You get…

5 66.233.167.99 is the IP address of one of the thousands of computers that run Google’s website. Easier to remember “google.com”, huh?

6 Every computer on the Internet has an IP address or shares one. Everything transmitted on the Internet - an email, a webpage, a picture, a sound file - is made up of one or more “packets” of data. These packets have a header, a payload and, sometimes, a footer. The header includes the IP address of the computer sending a packet, and the IP address of the computer receiving it.

7 When you type 66.233.167.99 into your browser, you send a set of packets to a Google computer, asking it to send some packets back to your IP address. Your browser assembles those packets into the Google homepage.

8 So what’s my IP address?

9 151.203.155.73. Or was that 192.168.0.103?

10 Network Address Translation lets 254 computers share one IP address!

11 Who is 128.100.171.22? No - whois 128.100.171.22!

12 One of 65,536 IP addresses at U Toronto…

13 “Dear Russ, which of your users thinks Boston sucks?”

14 nslookup at kloth.net

15 haxor.citizenlab.com!

16 whois contacts the authority responsible for assigning IP addresses and asks who has been assigned the IP address you’re curious about. nslookup uses the domain name system - the system that associates the names of computers connected to the Internet to IP addresses - to tell you what domain names are associated with an IP address.

17 Aha! Nart works for Citizen Lab!

18 Allowing me to craft an appropriate response…

19 Other possible outcomes: - IP address was from a shared or publicly accessible computer. Result: no way to know who made the post without a record of users. - IP address was from an ISP via dialup, DSL or cable modem. Result: ISP may have records of which user had the IP, but won’t release except under subpoena. - IP address was a proxy or anonymizer, designed to hide the poster’s identity. Result: Proxy operator may - or may not - have records of the real IP.

20 IP address is a lousy identifier. What happens if Google says “Hello, Ethan - here’s your new gmail” when it sees a request from 151.203.155.73? Anyone in my house can read my mail. And when my ISP gives me a new IP, someone else is very confused to be greeted as Ethan. Unfortunately, IPs get treated like unique identifiers often… because we don’t have other options.

21 I can’t get information from an ISP about who has a particular IP… But governments can. Security online is about protecting and obscuring your IP address. If you don’t protect your identity, prepare to have your computers seized…

22 Deleting & Wiping files When files are deleted the name is removed from the disk and the space is marked as available for new data As long as no data is written to that space the original file can be recovered

23 A little experiment –A file called secretfiles.doc was created in “My Documents” –It was “deleted” and sent to the Recycle bin –The Recycle bin was emptied

24 Undelete

25

26 Wiping Wiping utilities overwrite data with garbage The greater the number of overwrite passes it makes the more difficult it is to recover the data

27

28

29

30 Dpeft boe djqifst: voefstuboejoh fodszqujpo

31 Dpeft boe djqifst: voefstuboejoh fodszqujpo Codes and ciphers: understanding encryption

32 Dpeft boe djqifst: Codes and ciphers: Add to each letter: 1 “Add to each letter” - algorithm “1” - secret key A very weak form of encryption…

33 A better cipher + -+-+-+ -+-+-+ 1 234512 345123 B zhpydt zmkicu Realworld ciphers use complex, multipart algorithms and LONG keys. Algorithms are public - keys are secret.

34 An encrypted file…

35 Encrypted Storage A lot of utilities, a nice one for Windows is BestCrypt (http://www.jetico.com/) It creates an additional drive letter that you need to enter a password to access

36 Encrypted Storage

37

38 Any files you place in the BestCrypt drive are encrypted When you unmount the drive, the drive letter disappears

39 Remote Backup Store files on a remote server Allows you to recover your files if something happens You can remove sensitive files from you computer, and retrieve them at a later time

40

41 Martus.org Martus is a software tool that allows users to create “bulletins”, uploading them at the earliest opportunity, and storing them on redundant servers located around the world

42

43

44

45

46

47 Martus.org Records are encrypted, stored securely at a remote site, backed up to multiple locations and protected by a unique password. After a bulletin has been designated as final by the user, it cannot be altered, ensuring that even an unauthorized user who may have obtained access cannot delete the group's records.

48 Some bad passwords: “fluffy” - Pet’s name (guessable) “010473” - Dates (guessable) “solitaire” - common words (vulnerable) Dictionary attacks - take every word in a dictionary. Encrypt them. See if any one matches the password. If so, you’re in! Better password: fluffy010473 Even better: fluFFY0104&#

49 VGY&BHU* Not very easy to remember…

50 VGY&BHU* Very easy to remember… possibly too easy

51 99bob@TW “Ninety nine bottles of beer on the wall”

52 The longer the better Mix of letters, numbers, symbols UPPER and lowercase MiXeD BUT A good password is memorable without writing it down. A written password is a broken password.

53 If you can only remember one password, use PasswordSafe or PasswordGorilla…

54 Surveillance & Locations Low-tech (security camera placed at a cyber-cafe) Local (software on a specific PC, e.g. keystroke logger) Network/ISP Internet backbone / Int’l gateway

55 PC: Key Stroke Logger Hardware or Software that logs all key strokes Intercepts passwords Log files can be transmitted to remote location

56 Packet Sniffing Intercept network traffic Protocol Analysis (HTTP vs. SMTP) Optionally, search for specific strings (keywords, names, email addresses)

57 What Filtering Looks Like

58 Filtering: Where and How DNS filtering IP filtering URL filtering

59 Filtering Detecting Filtering –Sometimes an error is just an error –How can we tell? Responding to Filtering –Knowing how a site is filtered is extremely important

60 Block Pages Confirms a block May contain category information May indicate tech used View-Source: –

61 HTTP Headers May identify filtering tech –Iran: NEDA GET http://www.emrooz.ws/ HTTP/1.1 HTTP/1.x 403 Forbidden X-Squid-Error: ERR_SCC_SMARTFILTER_DENIED 404 or 403 –Distinguish between errors 302: Check Redirects –UzSciNet GET http:// forum.ferghana.ru / HTTP/1.1 HTTP/1.x 301 Moved Permanently Location: http://ferghana.ru/ 200: Blockpage? –Server header is good indicator

62 Network Interrogation Tools: –Traceroute –TCP Traceroute –Packet Sniffer

63 Key Questions Is the site filtered for sure? Is there an indication why it is filtered? When is it time to sound the alarm? When is it time to activate your circumvention strategy?

64 Circumvention Strategies Push strategies: content delivered to users. Pull strategies: enables users to access content.

65 Get to know your users Context and location of users Spectrum from casual to committed Servicing Users –Sign-up profiles –Email list Identify users that want continued information –Interactivity –Updates

66 Info Management There will be windows of opportunity: it takes time for a site to be filtered Information you make public can be discovered by those who filter Develop responses to filtering that relate to your users

67 Responses Communication Strategy Mirroring Strategy Syndication Strategy Circumvention Strategy

68 Communications Sustain communication with users –Email –IM, Chat, SMS Advertise new locations –E.g. Google Ads

69 Mirroring Register multiple domain names Obtain accounts on several ISPs Have a technical mirroring solution ready

70 Our clever db trick…

71 Syndication CC/GPL for syndication options RSS –Third-party aggregators –RSS emailer –RSS mirrors P2P

72 Responses

73 Circumvention

74 Simple Circumvention Sometimes it’s a simple as removing “www” from the domain name Or accessing the IP directly or through an alternate domain name Or using the Google cache

75 Two Types of Users Providers: non-filtered locations Users: censored locations Successful circumvention relies on meeting the needs of both users.

76 Determining Needs and Capacity Bandwidth User location Level of technical expertise Trusted contacts Potential penalty Full disclosure

77 Public vs. Private Public –Zero Trust –Could be blocked Private –Trusted contact –Low circulation

78

79

80

81 Not Anonymous If plaintext, the content of the session can be easily intercepted and analyzed by an intermediary such as an Internet Service Provider (ISP)

82 Public Systems Web-based Proxies http://www.anonymizer.com/ http://www.unipeak.com/ http://www.anonymouse.ws/ http://www.proxyweb.net/ http://www.guardster.com/ http://www.webwarper.net/ http://www.proxify.com/ http://www.the-cloak.com/ “Open” Proxy Servers http://www.samair.ru/proxy/ http://www.antiproxy.com/ http://tools.rosinstrument.com/proxy/ http://www.multiproxy.org/ http://www.publicproxyservers.com /http://www.publicproxyservers.com /

83 Modify Browser Setting

84 “Open” Proxy Servers Not secure, traffic is in plain text Not anonymous, proxy owner can intercept all traffic Often just misconfigured servers that are not intended for public use

85 Private Key encryption: - Fast - Secure - Strength proportional to key length Works great for protecting my files. But what if I want to send a secret message to you? The problem: Key distribution.

86 Conventional encryption is symmetric: “cipher”“djqifs”“cipher” key Public encryption is not symmetric: “cipher”“cgaone”“cipher” Key A Key B You can encode a message with Key A, but Key A is useless for decoding it. Weird! Key A = public key. Key B = private key.

87 Sender Recipient In conventional encryption, I send a message to the recipient in a locked box. Both of us have the key, and both of us can open the box.

88 Recipient In public key encryption, the recipient first sends me an unlocked box to which only she has the key. I lock my message inside and send the box to her…

89 Once I’ve locked the message in the box, I can’t read it, as I don’t have the key! It’s safe for the recipient to send me a lock, as the lock doesn’t allow me to unlock a locked box. (Weird.) Why is it safe to send a credit card number over the internet?

90 When you request an https:// site, that site sends your browser a public key - an unlocked box. Your browser encrypts your information so only that site can read it.

91 Signed Certificates A Certification Authority (CA) digitally signs each certificate issued Each browser contains a list of CAs to be trusted When the SSL handshake occurs, the browser verifies that the server certificate was issued by a trusted CA If the CA is not trusted, a warning will appear

92

93

94 Man-In-The-Middle Attack

95

96

97 Private Circumventors Leverages personal relations of trust Web-based circumventor on SSL-enabled webserver Circumvention & security is the focus, not anonymity or privacy

98 Civisec & Psiphon Psiphon is an encrypted webserver + web- based proxy It is designed for personal use, based on the circle of trust model It is private and decentralized

99 Psipon Users in non-censored countries download the software The location is shared with users your personally know and trust in censored countries The user in the censored country does not have to download any software

100 Redundancy The circle of trust is based on social networks This model can be optionally extended for redundancy

101

102

103 Extending Trust Pro –Redundancy –Larger user base Con –Increases chance of infiltration –Increases chance of blocking

104 Anonymous Communications Systems Anonymity is protected from: –ISP –Circumvention system –Content server Examples –Java Anonymous Proxy –TOR

105 Explaining Tor

106 Downsides of Tor - slow dangerous if you’re the only one using it Hard to use?

107 We tend to treat email like it was private. It’s not. In the US, if your employer provides your email, he is permitted to read it. Many do. The administrator of your mail system can read your unencrypted email. How well do you trust your sysadmin? The sysadmin on the receiving end? If anyone is sniffing packets on your network, they can read all unencrypted traffic - including email.

108 Ask your sysadmin if they support IMAPS or POPS. Most do, and most will thank you for using it.

109 When using web-based mail, use services that use https. Try this - https://gmail.google.com

110 Using Thunderbird with OpenGPG Even with https, the email is still vulnerable on the server and your hard drive. Enter PGP…

111 Enigmail requires Thunderbird, GPG (a PGP implementation) and the Enigmail package.

112 Using pgp.mit.edu to find a public key. Is the key legit?

113 PGP users “sign” each other’s keys - this verifies that the person using the key is actually the person associated with it.

114 When a PGP-encrypted email arrives, Thunderbird asks you to enter your passphrase to decrypt. Also alerts you to signed mail.

115 Hushmail - PGP made easy (okay, easier.)

116 + + Near-anonymous blogging

117 Tor installed, ready to go…

118 Torpark - torpark.nfshost.com - Tor on a USB key!

119 If you’re concerned that your blog will get you into trouble, blog from an unmonitore d cybercafe, and use Torpark on a USB key.

120 Make sure Tor is working before relying on it. http://serifos.eecs.harvard.edu/cgi-bin/ipaddr.pl?tor=1

121 When using the web through Tor, your IP address is hidden - you appear to be coming from a different IP.

122 Set up a hushmail account with a name that is not easily linked to you.

123 Why we don’t recommend Hotmail…

124 Or Yahoo! Mail… As long as you sign up via Tor, you’d be okay…

125 But gmail…

126 …and hushmail don’t report your IP in their headers.

127 Still using Tor, and using your new hushmail account, sign up for a Wordpress blog.

128 The process isn’t perfect. Wordpress doesn’t expect you to be using Tor, and chokes occasionally. Ignore the errors and keep going…

129 Wordpress will send an email to your hushmail account. Respond - using Tor - to activate the new blog.

130 Your brand new, highly secure, hosted blog!

131 Using Tor, you can start posting. But one concern remains:

132 Sleepless in Sudan: Aid worker blogging from Darfur, highly critical of Sudanese government. Needs to remain completely anonymous.

133 We know the Khartoum government is watching Sleepless’s blog. We know they can watch all Internet traffic coming out of Sudanese ISPs. Every time something is posted to the blog, there’s a request from a specific IP to a Tor server… Sleepless must be posting through Tor - let’s arrest her!

134 Changing timestamps to prevent timing attacks. Consider putting the date 5-15 minutes ahead of time - the blog will autopublish once you’ve already logged out!

135 To stay anonymous: - Post, email and comment through Tor or another proxy. - Minimize information that could only have come from you. - Post from unmonitored public computers (danger of keystroke logging!) - Post from your machine (danger that you’re one of very few people using Tor/Proxy!) - Don’t be stupid.

136 Why you should not be anonymous: -Identify yourself and by default, you’re trusted. Conceal yourself and by default, you’re not. - Secrecy leads to speculation - is Salam Pax a CIA agent? An al-Qaeda member? - Need to build your reputation as an anonymous blogger over many posts. - If you can’t blog without being anonymous, be anonymous. If you can, seriously consider blogging in your own name.

137 Why is “Inside PCIJ” the top result for “gloria garci”?

138 How Google works… (sort of) When you search for a term, you get web pages that include that term. They’re ranked by “authority”. “Authority” = popularity = incoming links (adjusted for spam, freshness, link farms) PageRank - algorithm that determines authority of a page…

139 mypagerank.net Rank: 0-10, logarithmic. Yahoo = 9, Google = 10 PCIJ’s blog is a “6” - pretty good!

140 Manila Standard is a “4”. Not so good. PCIJ is 100x more authoritative.

141 How much do we trust Jeff Ooi?

142 Google says Jeff is a “6”!

143 Who links to Jeff? Technorati.com

144 1794 links from 822 sites, #1,125 in the world!

145 Who links to Jeff… and why?

146 Why we link: - Participate in conversations - Reinforce social ties (blogroll) - Ask for links back to our work If you want links to your blog, link to other blogs. Comment on other blogs. Answer your own comments. Start conversations.

147 Blogpulse.com

148 pubsub.com

149 Tags identify blog content

150 Jordanplanet.net - a national blog aggregator

151 Posts from blogs, blogroll…

152 Virtual communities are also real-world communities. We link to people we know…

153 The Kaybees - Kenya’s national blog awards…

154 Clay Shirky - Weblogs and Power laws

155 Popular blogs - 10,000+ incoming links

156

157 Making friends with the A-List: - Don’t beg. - Know what they write about. - Link before you ask. - At a certain point, bloggers are journalists - disclosure of conflicts, transparency about linking.

Download ppt "A disturbing comment on my blog…. Who is"

Similar presentations

The Internet.

The Internet.
Managing Incoming Email Chapter 3 Bit Literacy. Terminology Email client – program which retrieves emails from a mail server, lets you read the mails,

Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Email June 2013. Email Email is an easy way to communicate. It costs nothing to send an email, but it does require a connection to the Internet. You can.

June is an easy way to communicate. It costs nothing to send an , but it does require a connection to the Internet. You can.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.

Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Internet Basics.

Internet Basics.
The Internet & The World Wide Web Notes

The Internet & The World Wide Web Notes
Taking the Headache out of. Reach your sphere of influence on a daily basis – AT NO COST? Reconnect with friends and stay in touch with family – AT NO.

Taking the Headache out of. Reach your sphere of influence on a daily basis – AT NO COST? Reconnect with friends and stay in touch with family – AT NO.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Forensic and Investigative Accounting

Forensic and Investigative Accounting
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Similar presentations

Ads by Google