Friday, July 19, 2013

Online Privacy Advice

A lot of people browse the web. A good portion of people browsing the web don't realize how often they are being tracked. Even the people that know they are being tracked still do very minimal covering of their privacy. I'm going to explain a bit about how I personally try to secure a little more privacy.

For starters, I use Firefox. The reason for this is there are a lot of good addons and Firefox just has more control, in my opinion. There were times when I was trying to spoof some request to a site using only Javascript in the browser and Chrome shot it down for being "insecure." I feel Firefox recognizes that the user should be in control of their browsing, not the server. Chrome won't even let you force new windows into tabs, which gets annoying having multiple windows because of popups.

Now with a clean install of Firefox, there are some options you may want to set. I personally tell Firefox not to remember history, searches or download history and clear cookies when I close out. I also recommend checking off "Tell websites I do not want to be tracked." These options are all under Edit > Preferences in the Privacy tab. Telling websites you do not want to be tracked sends the server a DNT header, which means Do Not Track. While not all websites support it and it is up to the website to decide whether to support it or not, I think it's best to at the very least ask.

So with that, we now look to addons to help further secure our privacy. So here are the ones I use:

Ad Block Plus

Ads often have stuff for tracking tacked on with them. Not to mention if the same ad appears on multiple sites, they can see all those sites you are visiting with the ads. While a lot of websites are maintained by ad revenue, some are just obnoxious. Luckily ABP lets you filter ads through if you want or just allow all ads for any site you want... like say this site?

NoScript

NoScript has a lot of security, but can be a pain in the butt at times to always keep it active. It lets you selectively allow or disallow Javascript to be executed. You have a whitelist you can add different source domains to, but I've heard people complain it lags if you have too big of a whitelist. I personally keep a button up that allows me to temporarily allow all on a page just to make things easier. On top of this, it adds protection for things like XSS and clickjacking (essentially it relays information about where you clicked or keys you pressed). It also checks the URL for things like SQLi and other types of attacks.

RefControl

Despite a couple bad reviews on the addon page, it works as expected for me. What you want to do after installing this is change the default for all to block, then add an exception for any sites you want, like say this site? This basically will control it so any requests going out to other sources get no referer, so they won't know where the request came from. This also gets around certain leeching prevention measures certain sites use. You could also change it to say it's from the root of the site or use your own custom referer. Could always use a custom one that contains SQLi and XSS, then just wait and see what poorly designed site falls victim, but that would be mean.

BetterPrivacy

This is an obvious addon to use. It does a lot of things and I keep it around because why not. It takes control over certain stuff, prevents various things from happening and in general is to help keep away tracking stuff.

There are lots of other addons out there that aid in privacy, but these are the three I use. While these are great, I highly recommend adding exceptions for trusted sites and sites that you want to support who rely on ad revenue to keep going. I also think it's important to understand that some tracking is necessary to make the Internet and search engines more usable. So be sure to remember to make exceptions when it is actually a good idea, keep the good parts of the web growing.

Wednesday, July 17, 2013

Multiple Operating Systems on One Flashdrive from Linux

Recently I decided to take some old flash drives I have not been using and turn them into tools for things like security and data recovery. The problem became I had so many tools I wanted to cram on them, but only a handful of flashdrives. Furthermore, a good portion of what I wanted was small and putting them on their own dedicated drive was a bad use of space.

So now the hunt was on to turn one of the larger flash drives into a multi-boot. Normally I use UNetBootin to create bootable flash drives. I did this for Kali and PartedMagic because I started with making those tools first. Now after much trying to use UNetBootin to create multiple operating systems on one drive, tried multiple partitions, I went to Google. Google gave some possible ways to do it, but they were inefficient. So finally I found something late at night.

Multisystem is a quick and easy way to set this up. Despite it being in French (according to Google), but I only speak English and can work it with no problem, so it's all good. You can load operating systems onto it by dragging and dropping. You can view more options by clicking the button on the left hand side with the eyeball. To see what any of the buttons do, just hover over them. Everything else should be pretty straight-forward.

Now after doing all of this, I found one slight problem. Installing tinycore is done slightly incorrect and makes it so that you can't setup programs for loading on the boot as a result. So if you want to set up tinycore, here's what you should do after it is all set up. First, you want to browse the files. Change the folder "cde" to "tce". Next, open up boot/grub/grub.cfg. Look for something along the line of this in the file:

#MULTISYSTEM_MENU_DEBUT|12-07-2013-00:13:33-278461639|cde|multisystem-tinycore|12Mio|
menuentry "Tiny Core Linux" {
linux /cde/boot/vmlinuz quiet cde showapps desktop=flwm_topside
initrd /cde/boot/core.gz
}
#MULTISYSTEM_MENU_FIN|12-07-2013-00:13:33-278461639|cde|multisystem-tinycore|12Mio|

Now you want to change it so that all the places it says "cde" say "tce". So the end result of the example posted looks like this.

#MULTISYSTEM_MENU_DEBUT|12-07-2013-00:13:33-278461639|tce|multisystem-tinycore|12Mio|
menuentry "Tiny Core Linux" {
linux /tce/boot/vmlinuz quiet tce showapps desktop=flwm_topside
initrd /tce/boot/core.gz
}
#MULTISYSTEM_MENU_FIN|12-07-2013-00:13:33-278461639|tce|multisystem-tinycore|12Mio|

I have not come across any other problems yet, but I haven't really messed around with everything on it yet.

Wednesday, July 3, 2013

Damn Vulnerable Linux Full Install on Hard Drive

Damn Vulnerable Linux (DVL) is a Linux distribution that was made purposefully insecure and configured poorly for a learning experience to teach things like exploitation. I managed to find an ISO of it off of some torrent a while back and never really did anything with it. Recently, I got an old laptop that was too broken to do what was wanted with it, so I figured I may as well use it for something. So I installed DVL on to it so I have a machine I can experiment with and get back to learning hacking and other such things. Now most of what I found online was installing into a virtual machine, and the directions were also wrong on quite a few steps. So using my limited knowledge, I played around until I got it right. So here's a quick step-by-step to install DVL on a USB flash drive. I'll try to set up a download link at some point as well.

Put the image on a flash drive, I used Unetbootin.

When booting up the computer with the flash drive, remember to check the boot order in the BIOS so that the flash drive is booted first.

When the system loads, log in. Username is root, password is toor.

Now you should be in the prompt. These instructions are for a clean install. First thing we want to do here is identify what device is where, as far as the hard drive and the USB drive. For me, the hard drive was /dev/hda and the USB drive was /dev/sda. This may change if you have multiple hard drives. We need to tweak some stuff on the hard drive, so we want to unmount it first. Check what is mounted in /mnt, then unmount every folder related to the hard drive. For me, it was just this.

umount /mnt/hda

Next we want to repartition  everything because why not. Run this command, change the hda part if you're setting up on a different system.

fdisk /dev/hda

Now in fdisk, you want to delete any partitions. Press p then enter to see all partitions. Delete all of them. The letter d then enter should do the trick, if there's more than one, just repeat starting at 1 and moving up until it says there are no more. Now we want to write a partition. Press n then enter sticking with the default values (just press enter for the prompts) because that makes life easy. Now to save it, press w then enter and it should take a moment to write the partitions. After this, you should be back at the original prompt.

Okay, now we have a partition, but we have not formatted it to a file system type. So if you've been working on hda, just follow along, if not, remember to change hda to your device. Run this command.

mkfs.ext3 /dev/hda1

Let that run and BAM, ext3 partition. The tutorial I found didn't put the number, which lead to everything completely screwing up, so it's important. If not, it gives a warning message I should have listened to.

So now we want to mount back our newly partitioned and formatted space.

mkdir /mnt/dvl
mount /dev/hda1 /mnt/dvl

Okay, now we should be ready and raring to go to the GUI!

startx

Okay, now in the GUI, we do some fun stuff. In the bottom right hand corner is a German flag with a "de" written on it (short for deustch, for those that didn't know and are curious). Right click on that to bring up the language settings and change that to your locale. Trying to use an American keyboard on a German layout does not work at all.

Okay, now that that is out of the way, in the bottom left corner is the thing for the KDE start menu. Click on that, go to the "Be ReSlaxed" > System > BackTrack Installer.

Leave the first box blank, set the second box to /mnt/dvl if it isn't already. Change the radio buttons from Live to Real. Click the install button and let it do its thing. Once it's finished, hold and because we're not done yet. You can click the close button then go to the logout option under the start menu. Now we should be back at the prompt.

At this prompt, you want to put in this command.

lilo -v -b /dev/hda

If you have a different hard drive setup, this command may need to be different. If that is the case, take a moment to look more into the lilo man pages because I don't know much about it.

If all went well, type this command.

poweroff

After it shuts down, remove the USB drive, start it back up and make sure everything works. It took myself 3 times because I kept goofing up, first time I accidentally wiped the USB drive. Second time I forgot to put lilo on. Third time was the charm.

Tag Cloud

.NET (1) A+ (2) addon (6) Android (4) anonymous functions (5) application (10) arduino (1) artificial intelligence (2) bash (4) c (7) camera (1) certifications (4) cobol (1) comptia (4) computing (2) css (2) customize (16) encryption (2) error (19) exploit (17) ftp (3) funny (2) gadget (3) games (2) Gtk (1) GUI (5) hardware (7) haskell (15) help (8) HTML (6) irc (2) java (5) javascript (21) Linux (20) Mac (5) malware (2) math (8) network (9) objects (2) OCaml (1) perl (4) php (9) plugin (7) programming (42) python (24) radio (1) regex (3) security (25) sound (1) speakers (1) ssh (3) story (1) Techs from the Crypt (2) telnet (2) tools (15) troubleshooting (5) Ubuntu (4) Unix (4) virtualization (1) web design (14) Windows (8) wx (2)