Security News Feeds

Sharing some of my security RSS feeds.

SecNews RSS feeds

http://packetstormsecurity.org/news/

http://news.hitb.org/tags/security

http://slashdot.org/stories/security

http://nakedsecurity.sophos.com/

http://isc.sans.edu/rssfeed_full.xml

Misc Security

http://carnal0wnage.attackresearch.com/

http://www.darknet.org.uk

Exploits and Vulns

http://www.exploit-db.com/feed/

http://www.exploit-db.com/rss.xml

http://osvdb.org/feed/vulnerabilities/latest.rss

Will add more soon

Advertisements

Privacy Tools

The recent post about Microsoft-Skype snooping accusations has prompted some paranoia and raised questions.  Myself included.  In this blog post Microsoft refuses to comment about the ability to listen to VoIP calls in Skype.  New wiretapping laws are forcing some software vendors to install “backdoors” in their software and you can be sure Skype will be the first to do it.  Think of this as a preventative measure instead of paranoia. If you aren’t aware, Skype and other IM services record everything you type to everyone and it’s saved for up to 6 months to a year depending on their data retention policy. Not that you have anything to hide, but law enforcement can subpoena this information from the vendor and use it against you.  This post started off as listing an alternative to Skype, but I added a few privacy tools also.

IM Privacy

First off there’s Jitsi.  Jitsi (previously SIP Communicator) is an audio/video and chat communicator that supports protocols such as SIP, XMPP/Jabber, AIM/ICQ, Windows Live, Yahoo! and many other useful features.

Jitsi also has Skype like features such as Video/VoIP calling. This has been a great up and coming tool and a replacement for Skype.

Another suggestion is Pidgin.  Pidgin is a universal messenger for almost every IM client. More importantly, it supports a Plug-in called OTR or Off-The-Record. When OTR is enabled on both ends, the messages are encrypted, and anyone watching (ISP, Hackers) can’t read the messages. You can get it here.

SILC – Secure Internet Live Conferencing, or SILC in short, is a modern conferencing protocol which provides rich conferencing features with high security. One of the main design principles of the protocol was security. Many of the SILC features are found in traditional chat protocols such as IRC but many of the SILC features can also be found in Instant Message (IM) style protocols.

Email 

riseup.net They don’t keep logs, retain identifying information, or record IP addresses. A very secure option unlike gmail, hotmail, etc.

OS

TOR  Go here for a full explanation as I can’t be bothered. This can be installed on Linux/Windows/Mac and is for anonymizing traffic

Tails. The tl;dr version : A bootable Linux distro that routes all traffic through the tor network.

Tails is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.

It is a complete operating-system designed to be used from a DVD or a USB stick independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc

Tails relies on the Tor anonymity network to protect your privacy online: all software are configured to connect through Tor, and direct (non-anonymous) connections are blocked.

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Using Tails on a computer doesn’t alter or depend on the operating system installed on it. So you can use it in the same way on yours, the computer of a friend or one at your local library. After removing your Tails DVD or USB stick the computer can start again on its usual operating system.

VPN

A VPN (Virtual Private Network) Anonymous VPN’s don’t keep logs of people using it or activity and the servers are usually located abroad. No logs means no data to subpoena, and no data means no problems.  Torrentfreak did a good review on which Anonymous VPN’s are really anonymous and which ones actually keep logs and cooperate with law enforcement and can be found here. A vpn would be the best way to keep your internet activity private, but the downside is it costs money. Usually 5-10$ USD a month.  If you are worried about a paper trail, most accept BitCoins or you could use a pre-paid credit card.

Random MAC Address on bootup

In Backtrack5, there’s an easy way to have a new MAC address upon every bootup for your network devices.

System > Startup Applications > Add

Name – anything

Command – macchanger -r eth0

Comment – anything

That’s it. Add another for your wlan0 device. The application ‘macchanger’ is installed by default, and the -r option is for random MAC address.  Tested and working on BackTrack 5 R2.

Another method is creating a startup script.

Create a script ‘automac.sh’

sudo ifconfig eth0 down

macchanger -r eth0

sudo ifconfig eth0 up

sudo ifconfig wlan0 down

macchanger -r wlan0

sudo ifconfig wlan0 up

Copy the script into /etc/init.d

Run the following commands

sudo update-rc.d automac.sh defaults

sudo chmod +x /etc/init.d/automac.sh

Now it will run on startup, and randomize the MAC address for your eth0 and wlan0. This was tested on Blackbuntu.

Prevent YouTube from Keeping a Record of The Videos You Watch

Youtube keeps a history of videos you’ve watched and search history. If you want to disable this, sign into Youtube, then go http://www.youtube.com/my_search_history.

  • You can clear your search history, and click “Pause search history”. This will prevent it from saving search results in the future.
  • On the same page, click the History tab on the left. You can clear your viewing history, and pause it by clicking the “Pause Viewing History” button.

You can also clear your “Likes” and “Favorites” from this page.

Disable Geo-Location in Certain Applications

I stole this from another site. But it’s good info regardless.

“Geolocation is a rather secret feature of some browsers and toolbars. It allows the creator of that program to get a fix on the location of your computer to within a few meters of where you actually live. For the potential dangers read the article from BBC News entitled ‘Web attack knows where you live’ here.

The question is therefore how to effectively disable this feature. At this moment this site offers solutions for Apple Safari, Firefox, Flock, Google Chrome, Google Toolbar, Opera and Twitter.

[01] Apple Safari:
• Goto the ‘Display a menu of Genenal Safari settings’(the little cogwheel on the right of the toolbar)
• Goto ‘Preferences’
• Goto ‘Security’
• Uncheck ‘Allow websites to ask for location information’

[02] Comodo Dragon:
• Goto the ‘Customize and control Comodo Dragon’ icon (the little grey wrench on the top right)
• Goto ‘Options’
• Goto ‘Under the Bonnet’
• Choose ‘Content Settings’
• Choose ‘Location’
• Check ‘Do not allow any site to track my physical location’

[03] Facebook (initially just for the iPhone client):
• Goto Privacy Settings
• Click ‘Custom’
• Click ‘Custom Settings’
• Disable ‘Places I check in’
• Disable ‘People here now’
• Disable ‘Friends can check me in to places’

[04] Flock:
[a] Flock from version 3.0 is based on Google Chrome and therefore needs the same steps to disable geolocation
• Goto the ‘Customize and control Flock icon (the little gray menu-like icon on the top right)
• Follow the steps as described by Google Chrome
[b] Flock up to version 2.6 is based on Mozilla Firefox and therefore needs the same steps to disable geolocation.

[05] Google Chrome:
• Goto the ‘Customize and control Google Chrome’ icon (the little blue wrench on the top right)
• Goto ‘Options’
• Goto ‘Under the Bonnet’
• Choose ‘Content Settings’
• Choose ‘Location’
• Check ‘Do not allow any site to track my physical location’

[06] Google GMail:
GMail has rudimentary geolocation that is in effect a safety feature. It warns you if another user has logged into your account and from where.
• Scroll down on your GMail page until your reach ‘Last account activity: 0 minutes ago on this IP (xx). Details.
• Hit ‘Details’
• Scroll down
• Check ‘Never show an alert for unusual activity’

[07] Google Toolbar:
• Goto the ‘Adjust Toolbar options’ icon (the little blue wrench on the right of the toolbar)
• Goto Tools
• Uncheck ‘My Location’
• Hit ‘Save’

[xx] Internet Explorer:
Internet Explorer does not have a geolocation feature (yet).

[08] Mozilla Firefox:
• Type ‘about:config’ in the address bar (without the ‘’)
• Discard the warning by hitting ‘yes’
[1] Scroll down until you reach ‘geo.enabled’ or you can simply search for ‘geo.enabled’
• Doubleclick the item and it will change from its default value ‘True’ to ‘False’
[2] Scroll down until you reach ‘geo.wifi.uri’or you can simply search for ‘geo.wifi.uri’
• Rightclick the Value of ‘geo.wifi.uri’ and click ‘Modify’
• Type in ‘localhost’ and hit ‘OK’

[09] Mozilla Thunderbird:
• Goto ‘Tools’
• Goto ‘Options’
• Goto ‘Advanced’
• Hit ‘Config Editor’
• Discard the warning by hitting ‘yes’
• Scroll down until you reach ‘geo.enabled’ or you can simply search for ‘geo.enabled’
• Doubleclick the item and it will change from its default value ‘true’ to ‘false’

[10] Opera:
• Type ‘about:config’ in the address bar (without the ‘’)
• Scroll down until you reach ‘geolocation’
• Uncheck ‘Enable geolocation’
• Hit ‘Save’

[11] Pale Moon:
Pale Moon is based on Mozilla Firefox and therefore needs the same steps to disable geolocation.

[12] Twitter:
Twitter has its Geolocation feature unchecked by design. As it should be.
• Goto Settings
• Check if ‘Tweet Location’ [ ] ’Add a location to your tweets’ is unchecked”

Article courtesy of http://no-geolocation.blogspot.com/