Category Archives: tools

Is your ISP inserting ads in your browser?

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

Is your ISP inserting ads in your browser?  Possibly.  Some of them do.

What’s going on: some Internet Service Providers passively monitor the HTML flowing through their network to your PC.  In a scheme to collect advertising revenue, they intercept the HTML and substitute their ad content.  They do this via a transparent proxy server that watches for opportunities to strip out advertising content flowing from a web server and inserting advertising content that the local ISP has sold.

This means that the advertiser who originally paid for your impressions has had their advertising replaced by another.

Here is an analogy, in case you’re having difficulty following this (and I wouldn’t blame you).

A national billboard company erects a billboard along a busy street and sells the space to a national company, and proceeds to put up an ad for that national company.  The national company pays the billboard company a fee for this service.

Then a local advertising company solicits advertising business, and illicitly replaces the ad on that billboard with one of its own.  The national company that paid for the advertising, nor the national billboard company, are aware of this. 

And why is this a security issue?  Because the three principles of security are Confidentiality, Availability, and Integrity.  This gimmickry of replacing ad content violates the integrity of the content that the user requested from the website.

Is your ISP doing this to you?  Go to this website and find out.  It is run by the University of Washington and the International Computer Science Institute, as a public service and an experiment to see how many ISPs are doing this.  They are going to make their results public at the end of their experiment.  If your ISP is inserting ads, please PDF your results and send them to me, so that I can show others what such a result looks like.

http://vancouver.cs.washington.edu/

Advertisements

Q&A on FBI’s CIPAV

Bookmark This (opens in new window)

Great Computerworld article on CIPAV. And there’s more to come: Computerworld filed a FOIA (USDOJ site here) request to get more information.

Questions answered include:

  • What is CIPAV?
  • What does CIPAV do?
  • What happens to the data the CIPAV collects?
  • Does the CIPAV capture keystrokes?
  • Can the CIPAV spread on its own to other computers, either purposefully or by accident?
  • Does CIPAV erase itself after its job is done?
  • Does the FBI have just one stock CIPAV model?
  • How did the CIPAV get onto the targeted computer?
  • Is CIPAV related to “Magic Lantern”?

Full article here:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028298

Disclaimer/disclosure: I’m an InfraGard member. In my writing about CIPAV, I’m providing only information that has already been published.

Tools to hunt down and eliminate rootkits

Bookmark This (opens in new window)

Rootkits are a special flavor of malware that is designed to hide itself from not only antivirus programs, but from the OS itself. They can be tricky to detect and harder to get rid of.

Two free tools are available that will help you detect rootkits on your Windows system:

Panda Anti-Rootkit

  • AVG Anti-Rootkit (www.grisoft.com) (no longer being updated – functionality rolled into their commercial 8.0 anti-virus product)

AVG Anti-Rootkit

Sophos Anti-Rootkit

McAfee Rootkit Detective

Panda, AVG, McAfee, and Sophos are established and well respected anti-malware companies that have been in business for many years.

Both of these tools operate much like traditional virus scanning tools, in that you manually invoke the tool and select which hard drives you wish to scan.

Use ReadNotify to confirm addressee receipt of e-mail

Bookmark This (opens in new window)

If nothing other than simple efficiency, most of the major e-mail services (Yahoo, MSN, Gmail, Hotmail, AOL, etc.) do not support e-mail return receipts. Even when a sender uses a tool that does assert return receipts, such as Outlook or Thunderbird, many of these services simply ignore return receipt requests and do not create them and send them to senders.

ReadNotifyThere is an opportunity to change all that. The tool ReadNotify restores the ability for a sender to know whether a recipient has read an e-mail message. The beauty of this is, it works even for the email services that do not support traditional return receipts.

ReadNotify has a 30-day free trial. After that, choose from either the Basic (US$24/yr) or the Premium (US$36/yr) subscription plan.

If you really need to know whether certain e-mails are actually read by their recipients, ReadNotify may be for you.

Certified Return Receipt

A really nice feature available in ReadNotify is digitally signed return receipts. This option will digitally sign your email and insert a timestamp certificate. This certificate irrevocably links the body and headers of an email to the date and time they were dispatched – and may be offered as court admissible evidence if required.

Other Features

ReadNotify supports several other features, including Ensured (stored on ReadNotify servers until the recipient reads it), Retractable (body of message can be retracted), Self Destruct (message can be destroyed prior to user reading it), Block Print (prevents user from printing – well it slows them down anyway), Invisible (recipient will not be aware of your tracking), and more.

Caution: ReadNotify was apparently used to track e-mails in the HP e-mail scandal. Seek legal advice if you are unsure whether your use of ReadNotify is legal.

Identify Vulnerabilities with Application Scanning Tools

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

Now that systems administrators have learned to protect operating systems from attacks, hackers have turned to applications as a new and softer target

Hackers have shifted their strategy in recent years from attacking operating systems to attacking applications. After 10 years of attacking open ports and unprotected services, system administrators are doing a pretty decent job of “locking down” servers and firewalls so that only essential services are visible. Increasingly, those visible services are also patched so as to be invulnerable to attacks. Operating systems are no longer the “soft targets” that they used to be. Unable to penetrate servers through holes in exposed services, hackers have turned to attacking the applications running on those servers.

This article discusses common vulnerabilities present in Web applications, and two leading scanning tools, AppScan from Watchfire and WebInspect from SPI Dynamics, that can effectively identify these vulnerabilities.

Link to entire article here:

http://softwaremag.com/L.cfm?Doc=1058-5/2007

Use TrueCrypt to encrypt stored data on your laptop computer

Bookmark This (opens in new window)

Laptops are stolen. Data is compromised. Tens of thousands of individuals are notified of a breach of their private information.

We see this in the news every week.

There is a good product that you can use to safely and effectively encrypt your data; it’s called TrueCrypt.

I have used TrueCrypt for several months and have found it to be solid and reliable. Previously, I used PGP Desktop version 8.1, which is costly and was not reliable for me.

TruCryptWith TrueCrypt you can:

  • Create and mount NTFS volumes as drive letters
  • Encrypt an entire hard disk partition or portable (e.g. USB) drive
  • Create hidden volumes that are impossible to prove that the volume even exists
  • Encryption algorithms supported: AES-256, Serpent, and Twofish

TruCryptTrueCrypt supports Microsoft Vista UAC (User Account Control) (requires version 4.3 released in March 2007).

TrueCrypt is very popular – to date it has been downloaded well over two million times.

TruCrypt(Disclaimer: I have no affiliation with TrueCrypt other than being a satisfied customer)

More information here: http://www.truecrypt.org/

Wanted: bootable ISO CD image with *nix and a WiFi sniffer for IBM R51

Bookmark This (opens in new window)

Subject line says it all. I’m looking for a bootable ISO CD image with *NIX (Linux, whatever) and a passive WiFi sniffer that will work with an internal Intel Pro/Wireless 2200BG radio. Or, I’ll buy an external WiFi card (tell me which ones work on the R51 and your *nix distro).

Thank you!