Category Archives: Home User Network Security

Topics relating to home user network security issues.

IPVanish VPN Service and DNS Leak Testing

As you know privacy is a big thing for everyone and anyone who is a person. I think privacy is an unalienable right that should not be taken lightly. What is important to private citizens is the right to be …private citizens. We are not in the public service or want to be in the limelight. Ask anyone in Hollywood what they’d give to be invisible for a month (depending on popularity) I bet more than a few would pay a million for it. On the internet we look up, research, post, communicate, and advocate as we like. It’s our free will and right. So with that IPVanish is here to help.

IPVanish is a VPN service that …well keeps the lid on things to keep eyes off of you. To sum it up….here’s their landing page of their site.

Your simple solution for Internet privacy.
Lightning-fast speeds. Maximum security. Zero logs.

Have you ever wondered where your browser goes when you type something in and hit search? Who sees it? Who responds? Where are you going? Where is this browser taking me! Well break out wireshark and IPvanish and lets go for a little test drive shall we ? OK well you just buckle up or sit down and grab some popcorn and I will show you.

Let’s see how safe and secure our DNS requests are while not on the VPN provided by IPvanish and see what the results are.
Going to the following site you can perform a DNS Leak test here at DNS Leak Test.com (best one I’ve seen)
Here we are going to click the Extended Test cause we want to really get an exhaustive test.

leaktest_novpn1

So it tries to determine location from your ISP’s nearest hub and give you two options standard or extended tests (Click Extended)

The test runs taking and making queries out to the web and then displays what DNS servers helped resolve those queries to you.

The results of this test show the following servers answered the queries.
leaktest_novpn2b

Where was it going for the tests ? Look below. It hits your internal DNS server or gateway and then goes outbound.
dnsleaktest_novpnws3

No lets use IPVanish and see if they deliver.
ipvanish

We logon and we run the same test at the same site.
dns_leaktest_onvpn1

Click on extended and watch the wireshark capture tunnel it all. The DNS address in the capture (viewable) is in the same IP subnet range as the VPN (Which I scrubbed).
dnsleaktest_onvpn2
The results show just the one IP address which is IPVanish DNS server getting you the DNS results and not your ISP or other search engine giant.

dnsleaktest_onvpn3
So we conclude that your privacy is insured with this IP VPN service provided by IPVanish. Make sure you do your research before investing in a VPN solution. IPVanish supports EFF (Electronic Frontier Foundation) who is all about privacy and your rights.

OpenDNS – Use It!

OpenDNS – Use It

I cannot say it enough. Wherever I go and when I can, I always advocate using OpenDNS. They screen the web urls before you do. So you will never hit a bad site. Defense in depth is addressed here as well. You need to watch your perimeter as well as the deep inside where your users reside. In fact most cases in hacking events today involve end users. What do they do all day ? Work and when they get a chance to blow off steam or check on personal email you open yourself up for risk. This means that all the end users open your company up for attack via data leakage, IP losses, and corporate espionage. What’s funny, when companies buy other companies they inherit the risk associated with their systems. Has anyone really ever thought about the risk inherited by hiring you, the employee? Maybe the board will start to re-think M&A and apply it to the microcosm in the work place.

Recently SANS news Bites released an article about OpenDNS and detecting domain shadowing.

THE REST OF THE WEEK’S NEWS
–Detecting Suspicious Domains
(March 5, 2015)
Technology being developed by OpenDNS aims to hasten detection of
malicious websites and domains. The technology, called Natural Language
Processing Rank (NLPRank), checks for suspicious site names. To reduce
the incidence of false positives, it also checks to see if the domain
is running on the same network that the organization it claims to be
from actually uses.
http://arstechnica.com/security/2015/03/system-catches-malware-sites-by-understanding-sneaky-domain-names/
http://www.computerworld.com/article/2893599/opendns-trials-system-that-quickly-detects-computer-crime.html
[Editor’s Note (Northcutt): OpenDNS is a really cool operation and if
you are not using it for your home network you should really consider
it; this goes double if you are a parent. And NLPRANK is an idea whose
time has come. The idea of registering domain names that are similar to
valid and trustworthy names e.g. Micr0s0ft.com is not new. What is
fairly new is the ability of attackers to prepare an attack, register
these slightly-off domains, embed them in tiny urls, phishing links in
emails, etc., and mop up the opportunities the people that succumb to
the attack present them in a very short period of time. In manufacturing
and quality control, people are very sensitive to cycle time. We need
to apply that type of mindset in defensive cybersecurity:
https://www.opendns.com/home-internet-security/parental-controls/opendns-home/
http://www.isixsigma.com/dictionary/cycle-time/ ]

The article comments on the ability of NLPRank which is natural language processing rating system where for example, a domain name registered recently, with bad spelling/purposely misspelled, and or bad email registrant information will give the domain a negative rank. This would be blocked from users that utilize OpenDNS or a warning showing its risky like WoT did with their color scheme for web site search results. The system is still in testing at the time of this writing but should be usable in the near future. Hats off to OpenDNS, continuing to shock and wow the world and giving people and businesses an edge in thwarting cyber criminals.

Why use a Cloud when you can Build Your OWNCLOUD and Btsync Backup Server

Anyone wishing to retain rights and privacy to their information without relying on cloud services like Google, iCloud, or even other services Western Digital My Cloud. Look no further. Netwerk Guardian LLC can install your OWNCLOUD and Btsync server just for you. Small businesses are enjoying backups now over encrypted TCP or UDP with Btsync. It has been around for almost 2 years. We have the technology here for you so you can backup your data and content your way and to whoever you want to see it.

  • OWNCLOUD is free we just install it for you and set you up.
  • Btsync is free
  • Bring your own hardware, or will provide for you (Best option, purpose built).
  • You are now free! Come join a million strong as we take back our privacy with your data. We install, educate, and if you want, we can manage it or teach you how.

    bittorrent_sync_logo

    owncloud_logo

    POODLE – What to do about it (CVE-2014-3566)

    POODLE CVE-2014-3566 is a vulnerability where negotiations between client and server result in a lower security protocol (from TLS 1.0 to SSLv3) being used in which oracle based side channel attack can leak predictable padding and give an attacker utilizing MITM the upper hand in obtaining ciphertext, session IDs, and decrypt them. There is a possibility for hijacking sessions when users go off corporate security infrastructure to other sites. Work around are suggesting to down grade to SSLv2 from SSLv3 but I would suggest the opposite. Use TLS 1.1 or 1.2. Have users work from within the corporate network, go to safe sites, DO NOT USE Hotspots and open WifFi connections for business related activities. A lot of applications like Java, ASP,NET, Ruby on Rails, C+, Pyhton, Perl, PHP, and ColdFusion are targets for this padding side channel attack. Maybe even forcing 24×7 VPN connections and forcing users to go through corporate security infra-X will help protect corporate assets. End users should not use corporate computers for personal use until this is resolved. There are settings in browsers and on Windows computers to force using various SSLv2 settings or TLS 1.0 or higher settings found here http://www.tomsguide.com/us/poodle-fix-how-to,news-19775.html

    Check your browsers here https://www.ssllabs.com/ssltest/viewMyClient.html

    Browser Fixes
    Mozilla Firefox

    Type about:config into the address bar and hit Enter or Return. Click “I’ll be careful, I promise!” in the resulting warning window. Scroll down the list of preferences and double-click “security.tls.version.min”. Change the integer from 0 to 1 and click OK.

    Google Chrome

    For Google Chrome, you’ll have to temporarily become a power user and use a command line. The instructions are a bit different for Windows, Mac and Linux.

    In Windows, first close any running version of Chrome. Find the desktop shortcut you normally click to launch Chrome and right-click it. Scroll down to and click Properties. Click the Shortcut tab. In the Target field, which should end with “/chrome.exe”, add a space, then add this: “–ssl-version-min=tls1” (without quotation marks). Click Apply and then OK.

    Microsoft Internet Explorer

    Click the Tools icon in the top right corner (the icon looks like a gear). Scroll down and click Internet Options. In the resulting pop-up window, select the Advanced tab, then scroll through the list of settings until you reach the Security category. Uncheck Use SSL 3.0, click Apply, and then click OK.

    Diving Deeper

    Leaking of information as written per wiki is the norm when padding to match the underlying cryptography. This is the case for ECB and CBC decryption used in block ciphers. Attackers could decrypt as well as encrypt messages using server keys and not knowing the keys themselves. The issue is the predicate-able padding and initialization vectors being implicit instead of explicit. While solutions for servers are to upgrade OpenSSL I would move to something stronger and force clients to do the same. If we do not push for better security now, then when? Yes there will be some pains in the transition but I believe if we fend off the attackers at the perimeter and on the users inside, we will all be better off. Web servers using TLS 1.2 is only around 18% according to Qualys. Qualys further stated moving up to TLS 1.1 or 1.2 doesn’t mean BEAST attack is thwarted but that there could be another attack vector not known yet.

    XKeyscore: NSA tool collects ‘nearly everything a user does on the internet’

    Amazing in and of itself but I guess it’s fair game for thwarting terrorism. If used to target anyone with that intent of hostile acts. I would agree with the program if and only if it was used to collect data on people of interest and not just random or everyone. That being said there must be some control used in the system to do that effectively. However, it is alo just as easy to spoof email addresses and come up with rogue or false chat systems just to make the data useless. Remember a system is only as good as the data in it. So in theory, the NSA could not omit regular general public because the bad people could also be using spoofed email addresses and IRC chats etc and fake systems just to introduce false information or hide under the guise of some other legitamate system. So it is easier for them to collect data from anyone. If anyone gave enough time and effort to build a system to make this system useless, than that would be a good attack platform.

    Anyways…a good read into the intrigue.

    XKeyscore- NSA Tool that Collects….Everything??

    Going Black – Making it Tough for Big Brother (Series)

    Good day, I hope today finds you in perfect peace. Today we are going to talk about a new service and a new approach to keeping your data private. Recent events showing that the NSA as well as the big companies out there are profiling you. They want to store your identity and habits for future use. Netwerk Guardian is going to show you how to thwart their efforts. What good is it to the NSA or Google or any place that collects and harvests your personal profile through behavior monitoring, its information on how you think and live. They can use that information against you if they would like to have a contest of who can put more shame on whom. More likely, they will use it to see your political bias and connections. After the Snowden release, they really cannot be any more shameful than now. Therefore, we are going to show you how to give them useless data. Useless data really renders a system useless and reduces the taxpayer’s dollar (your money) to really a waste of money and time. I hope that enough people do this, maybe then they will get the picture and just stop. This will be at the end of the series. However, the evil in man and the lust for power and control will likely just make this tick them off and come up with some other regulatory way to make you commit information to them about you.

    First step in going off the grid and going black is to change everything you use to something else. Change you email address, your online profiles, if you have Facebook, MySpace or other limelight platforms…ditch them. YouTube is going to be tough to leave but granted, if another site is made that offers the same service then that too will be a success. Until then use TOR network and a VMware appliance. The best way to change your email address is buy a domain. It can cost you but what is your privacy worth?!

    Second, is buy or use free encryption software to encrypt your emails. Granted, it is going to be a bit painful in the beginning but you will sleep better knowing that it is you and the close ones around you that know who you are. There are a few places on the web you can go to get this service. However, I would rather encrypt locally. One place is while I have not used it, it seems to do the job. There is a group researching the use of a java based encryption and decryption tool that works on anything found here . I think this will carry for into the future for use on mobile devices with various platforms running. More to come on this as more software comes to mind.

    Third thing that can be done is to start using TOR network for browsing as well as proxy servers for ditching your fingerprints on the web.

    Fourth, is that you could start using another forma of currency that the Federal Reserve will not approve, BitCoin. Untraceable but holds it worth. There is movement to make this outlawed since it cannot be regulated by one particular body (Global Banks) so it obviously works.

    In the meant time if you have time, you can use some automation and start sending up erroneous web traffic data under your old Gmail account and start using Google search page.

    More to come as we investigate and get back in control of who gets access to what. Stay tuned because this service is being launched by Netwerk Guardian to accept requests to anonymize one’s identity and provide safe ways of browsing and using the internet.

    Just think…I privatized your God given right to be yourself. This peace of mind comes with a little costs but we now will have done two things, privatized anonymity and stimulated the economy in the technology and security sector.

    Keeping Your Internet and Computing Private

    Recent stories about Edward Snowden gets you thinking just how secure and private your “Personal Computer” really is. The big data companies are always promoting Google Voice, Google Chat, Gmail and all that. You have to ask yourself why is that free? What are they really trying to push? Each year you are at the edge of your seat when you hear they are allowing another free year of Google Voice. Well that is because you the public are offering free intelligence to them and willingly. We all psychologically want to be a part of something. We all like gadgets and technology as it makes our days fin and easier. Well to combat that surveillance of Big Brother or Big Sis, you use the following apps from Android Market Place.

    Orbot Proxy with TOR – Surf Anonymously with TOR project. They will never know you are coming to visit.
    TextSecure – Secure Text messaging on device and in transit
    Gibberbot – Secure chat with popular chat programs, providing the other user has Gibberbot or Pidgin and uses services like Google Chat.

    All these applications are a step forward to guarding your mobile privacy. Start falling off the grid with these applications. Next, start using TOR network at home. Start using VMware for surfing and use your chassis computer for the local network best you can.

    There will be more tips coming in the days ahead of how to be safe and private on the web.

    Cyber Attack on Banks Imminent – 3 Different Stories +

    Looks like we are about to see the rumors made true of an attack made on the banking institutions as solicited by global bankers.

    Pete Santilli show reports the following here. They say a bank holiday could happen. This has been tested with MF Global incident with no one complaining. Jon Corzine isn’t doing time for his crime. It is reported that 30-40% being robbed form people’s accounts. Then the US is to give you US treasuries in exchange. Basically getting useless dollars in return to your legitimate hard earned money.

    Another story reported by my colleague Pierluigi with PiceBOT hitting Latin American Banks. Now we have to evaluate the credibility of the attacks occurring. We can see that it is happening in Latin America.

    Bill O’Reilly also states that the financial institutions and American dollar is about to collapse. Listen to it here. Government Accountability office release a report not reported by other news outlets.

    “Federal Gov’t faces an unsustainable fiscal path.”

    Look for the GAO report. More to come as this story develops.

    ************************ Story + **************

    Another article reports hack an American Bank executive accounts. After hitting other government websites in response to Aaron Swartz death, Anonymous is full steam ahead.

    Maybe it’s time you pulled your money out of the bank?

    Oracle Java Zero Day EXPLOIT – PATCHED by Oracle

    Oracle released an update to the exploit found here. Oracle released this update ahead of schedule but with many security professionals and companies pressing, they came through. This vulnerability was found months ago by a Polish secuirty team in August 2012. Security Elporations powered by a Poznan University of Technology graduate, Adam Gowdiak (Govjiak – phonetic) leading the charge. I’m proud that Security Explorations was one of the first to discover this. You have accolades from Netwerk Guardian LLC.

    ******************************* 11-Jan-2013 Story **************************
    Warning to all my readers out there Alien Vault has provided proof that a uknown zero day vulnerability for Java is being exploited by malicious criminal minds. Please turn off Java in all your browsers no matter what operating system you have. When a fix has been put in this article will be updated.

    Here is the story of how Alien Vault exploited it here

    How to turn off Java from various browsers
    Firefox
    Turn off Java in Firefox

    Turn Off Java in Chrome

    Turn off Java in Internet Explorer

    ZoneAlarms Recent Release of Firewall+AV – Home User- MUST

    Recently Zone Alarms has issued a new firewall software suite that does more than just HIPS. It now offers anti-virus as well. The advantage of this software suite is not only does it scan but it also runs the downloaded software your end users retrieve in a sandbox. The sandbox is used for testing what happens if this is executed.

    … more to come.