Posts Tagged ‘privacy’

Trusteer Rapport for Mac

Wednesday, September 1st, 2010

Trusteer Rapport is a piece of security software to help protect your Mac’s internet browser against key logging and phishing attacks. It is being pushed by a number of large banks including NatWest, ING and First Direct. I’ve previously written about using Trusteer Rapport on a PC , and today I’m putting up some screen shots of what it looks like on a Mac.

When installed (you can download it from here you’ll get an extra icon next to your address bar. It will be green if the website is being protected, and grey if it is not. You can choose to protect a website that you log into by right clicking on the grey Trusteer arrow and clicking on ‘Protect this website’.

trusteer rapport for mac 1

If you click on the arrow you’ll get an information box like this which will allow you to access the console.

trusteer rapport for mac 2

The first page of the console should look a bit like this giving you the option to disable the Trusteer Rapport icon.

Trusteer Rapport for Mac has a lot less options than the PC version. On the security policy page all the options are set to the highest level of protection apart from the ‘Warn when login information is used in unknown websites’.

trusteer rapport for mac 4

If you want you can set this option to ‘On my partner & my sensitive websites’, which will give you a warning if one websites’s password is entered into another website.

trusteer rapport for mac 5

I have read one account of someone having problems with Trusteer Rapport on a Mac, but I’ve not experienced any problems with it on my MacBook Pro. If you do find yourself wanting to uninstall it you can get full instructions from Trusteer’s uninstall page.

Internet doomsday scenarios

Tuesday, May 25th, 2010

For something we have become so reliant on the internet is worryingly open to attack. From attacks on the physical infrastructure, to the computers connected to it, to the data which is stored in it, I’m going to go through some potential internet doomsday scenarios.

Mass deliberate cutting of internet cables

The number of computers on the internet is large. The number of cables which connect the continents is small. This image of the internet’s undersea cables is a few years old but it is still relevant. It shows how fragile the internet’s infrastructure really is.

lan cables

There have already been numerous incidents where areas such as India and the Middle East, West Africa and Dubai have had their internet access severely disrupted. The cause can be ship’s anchors cutting the cables, earthquakes, or component failure.

Even these small incidents can have big knock on impacts, as the failure of one major cable puts extra pressure on other cables to take the extra data – making them more likely to fail as a knock on consequence. Some countries are almost totally reliant on a single cable.

Accidental cable damage has already caused major internet failures. Imagine if a deliberate attack was carried out on numerous cables at the same time, either by a standard terrorist, or some Bond-esque villain intent on removing our ability to watch videos of skateboarding dogs.

If a large enough number of cables were cut the internet could grind to a complete halt.

Yes the damage is fixable, but when you are dealing with cables that are far under the sea it takes time to repair them.

Much of the world could be left without usable internet for days or even weeks. The problem would be compounded by people’s panic reactions. Whenever a major terrorist attack is carried out, people flock to the internet to try to find out more. This creates additional load on the network which compounds the problem.

Search engine data theft

Chances are you use regularly use a search engine. Think back of all the search terms you typed in. I bet you’ve typed searched for things that you wouldn’t want anyone else to know about.

lan cables connecting to router

It could be the things you have searched for would cause major embarrassment to you if your friends or family found out. Maybe if this data were ever made public maybe you would lose your job. Possibly you would be severely shamed. In the worst case if you searched for illegal content you could be prosecuted and imprisoned if found out.

All search engines store your search queries for various purposes, the most obvious being to target relevant adverts at you. They store the raw data for a certain time, and then carry out some form of anonymisation on the data.

A major search engine for example has reduced the time until they anonymise IP addresses from 18 months to 9 months, but is the anonymisation really sufficient?

It seems not, they only change ‘some’ bits of the IP address after 9 months, and you have to wait 18 months to have the last 8 bits and the cookie information changed. This is hardly anonymisation as the associations between can potentially be reconstructed with using the other information in the logs such as the search terms.

If you have ever done searches where you look for you own name, post or zip code, or other personally identifiable information then you are leaving markers in the logs that would allow the information to be reconstructed and attributed to you, even after their anonymisation process is carried out.

Look at what happened when AOL deliberately released search data that they had ‘anonymised’. Researchers and journalists were soon able to track down some of the people who had been typing in those search terms.

So what is the doomsday scenario?

All that data is sitting there in the search engine’s huge data centres all around the world. All it takes is one person to hack in, or one disgruntled employee to send some of the data out.

The search data that AOL released only took up 439mb compressed. Imagine the damage a disgruntled search engine employee with a 1TB hard drive could cause.

Data theft isn’t some far out scenario. It happens all the time. Look at the OSF data loss database if you want to see how often it is happening.

Other data theft

As you can imagine the damage a major search engine data leak or theft could occur, I’m sure you can imagine the damage that could be caused if a major collector of personal data such as Facebook or Hotmail had their data stolen.

router control panel

What would you do if all your email from the last one, two, five, or ten years was made public, for all to see?

Data destruction

More and more of our data is moving from being stored on local computers to centralised data centres which might be in another country (media companies like to refer to the network of data centres as ‘the cloud’). In theory the companies that store our data should be backing it up so if something goes wrong, no data is lost.

Problems occur because when something goes wrong with the original data, the companies often find that their backups don’t work as expected. How often do you test your backups? People just assume that backups will work, and by the time they realise that something is wrong with the backup it is too late.

One example is the social bookmarking site Ma.gnolia who lost all their user data in 2009. The quantity of data lost was only half a terabyte. An amount that you can fit in a pocket hard drive.

If things can go wrong when you have a mere half a terabyte of data, imagine what can go wrong when companies have petabyes, or even exabytes of data.

A better known data destruction close call was the 2009 Sidekick data loss when 800,000 user’s data was lost from Microsoft data centres. Most of the data was subsequently recovered, it is not clear if anyone permanently lost data, but it was certainly a close call for many.

Many of these data destruction events have been down to software errors, but it can only be a matter of time before a well know company suffers a big data centre fire, or until a data centre is deliberately targeted by terrorists.

DNS hacking

The current IPV4 internet was never designed to be secure. Much of it relies on trust. This worked alright when it was just used by scientists, and academics. But now that the internet is open to all, this trust is leading to problems.

One of the cornerstones of the web is the DNS system. We trust it everyday to tell our computer where to find the web address that we type in, or click on.

A URL such as bbc.co.uk is not an address that allows a computer to directly access the website. There is an additional step where a trusted server, known as a DNS server, has to translate the URL into something the computer can find such as 212.58.224.138. This block of four numbers is an IP address. It is the address of a computer on the internet.

We trust the DNS server to give our computer the correct IP address. Problems happen when it doesn’t.

Imagine that we type in the URL for our bank. And instead of giving us the IP address for our bank it gives us the IP address for the computer of a criminal gang (this is known as a DNS hack). Instead of going to our bank’s website we will go to the criminal’s website.

It is not difficult for them to make their website look just like our bank’s website. The address you see in the browser would even be identical so you might never know that you were at the wrong website. They can even produce a fake certificate so you get the padlock icon in your browser that makes you think the website is safe.

Once they have convinced you that their website is the real bank’s website it is trivial for them to get your bank login details off you. In some cases they can forward requests from their fake bank website to the genuine bank website to get your real account information so that they can present you with the correct account balance, and online statement values.

If this attack is done on a high profile bank or other high profile organisation it will get found out. But how long would it take. Maybe a few hours? Maybe half an hour? Maybe it would even be found out sooner.

Even if the DNS hack was quickly closed down the criminals could still steal a large amount of user account details in a very short time. In this time they could initiate purchases, money transfers, or other data thefts.

They could make off with a serious amount of money before anyone realises what has happened.

This kind of DNS hack can be done. China’s largest search engine Baidu recently had their DNS details changed to point somewhere else.

I’ve mainly spoken about using a DNS back to steal bank account details, but it could be used for other purposes. The fake website could install viruses or spyware, promote some political cause, corrupt your data, or steal other data that you would normally type into the trusted website.

Global webcam or microphone hack

Most new laptops and netbooks have cameras and microphones built in these days. Unless you cover up the camera (with bluetak for example) you will be sitting in front of the computer with a camera watching everything you do, and a microphone listening to what you say.

camera phone lens

What if someone managed to hack into your camera, or the cameras of thousands, hundreds of thousands, or even millions of computers? Webcam hacking is something that has already been done on a small scale. There are even websites out there that claim to identify webcams that can easily be hacked into.

The malicious hacker could take covert photos or video of you. And they could use a virus to access your microphone. Many people leave their laptop on in their living room. If a virus was able to access your laptop microphone it would just be like having a spy’s listening bug in your living room.

The malicious virus spreader could record your most personal conversations in full, and could potentially record photos and video as well.

Most laptops do have a basic safety device to prevent the webcam being used without your knowledge. They have a light which will turn on when the camera is activated. If you noticed the light (and I bet a lot of people wouldn’t) then you might spot something isn’t right.

But there is no way to tell if your microphone is being used.

Before you know it the photos, videos, and private conversations of thousands or even millions of people could have been made available for public viewing on the internet.

As shown with the AOL search data scandal, any other unwanted publication of data on the internet is very difficult, or often impossible to get removed.

Think you are safe from prying ears and eyes when away from your computer? Think again, modern mobile phones have cameras, a microphone and an internet connection. There have not been very many instances of mobile phones viruses – yet, but this is an areas that criminals are likely to target more in the future.

Internet censorship

Censorship on the internet is increasing. As well as countries that openly practice internet censorship, you might be surprised to hear of internet censorship being introduced in countries such as Australia and New Zealand.

One of the internet’s big strengths has been to allow information to move freely from country to country. For how much longer will this be the case?

Reporters without Borders have a good PDF of internet enemies on their site, and Wikipedia have a comprehensive starting page on internet censorship.

Made to pay for illegal music and film downloading

Have you ever illegally downloaded a song or a film? Or have you shared a song or film with other via websites such as BitTorrent?

If you have, then music and film industry bodies such as the RIAA or MPAA may one day be getting in contact with you.

They are very keen to stamp down on all pirating activities and have launched many prosecutions against individual users. There has even been a case of someone being jailed for sharing a video.

You may wonder how they would ever find out. Unfortunately for you there are companies such as BayTSP who are employed by the copyright holders to track illegal downloads on their behalf. They can build up huge databases of what IP addresses are downloading what. All the copyright holder then has to do is to make the relevant ISP hand over the details of who was using that IP address at that time and they can soon make a prosecution.

Many people have already received demands that require them to pay compensation or face prosecution.

Don’t go round thinking the internet is anonymous. Everywhere you go information about what you do is being recorded. It only takes one company with sufficient motivation (such as an expected monetary payoff) to be able to piece the bits together and identify you.

Windows Update hacked

Windows Update is Microsoft’s solution for pushing updates and patches to millions of Windows PCs all around the world.

adsl microfilter

Most people have their PCs configured to automatically download and install all critical updates that Microsoft issue.

What if the ‘bad guy hackers’ managed to hack into the Windows Update mechanism and insert their virus into the Windows Update system so that all Windows PCs around the world automatically downloaded and installed it before Microsoft notice?

Once installed the virus could create havoc on a scale not seen by any other virus. A denial of service attack launched from the entire world’s Windows PCs could bring the internet to a complete standstill for a significant time. The damage would take a lot of effort to fix.

Ultimate doomesday

What if using the Windows Update hack the bad guys were really evil. What if instead of just installing spyware, or using the PCs as a botnet the bad guys decided to nuke them. The Chernobyl virus wrote over the computer’s BIOS, and over vital parts of the hard drive.

If it managed to infect the computer and corrupt the BIOS and hard drive in this way then the computer would need to be taken in for repair, and there might be a significant loss of data even after the repair.

Millions or hundreds of millions people could be left without access to their computers. This kind of virus would be more likely to affect home or small business users, as medium or large businesses don’t usually have automatic updates turned on. They’ll roll out the patches only after they have tested them.

This kind of virus could have enormous global impact, but it could still be worse.

If the bad guys managed to find a significant zero day exploit on several different versions of Windows, and managed to find a way to covertly spread it, then they could go for a total global infection. If the bad guys were patient and waited for the infection to reach a critical mass before activating it then they could simultaneously nuke the majority of internet connected Windows PCs at the same time.

What then? It is hard to imagine what would happen to the world if most of their desktop computers were wiped out in this way.

Of course some lucky people would have UNIX/Linux/Mac machines, and they’d be alright – unless the hackers were really good and used a simultaneous exploit on those as well! Users of non-Windows machines shouldn’t be too smug about the security of their computers. There are many examples that have shown that non-Windows machines are riddled with security holes. They only stay virus free because the hackers attention is focussed on the Windows boxes.

Links for the paranoid

The best way to avoid viruses and spyware is to apply common sense. Nowadays most malware is getting on computers through social engineering, or people being careless. I did write a post about anti-malware software but it is now a bit out of date. These days I use Avast, Windows Security Essentials, Spyware Blaster and Trusteer Rapport.

Scroggle will allow you to search Google without them being able to link your search queries to you. Google have an SSL encrypted version of the search tool, which will prevent your searches being intercepted by your ISP, or by people sniffing your unencrypted WiFi connection if you aren’t using an encrypted connection.

For more comprehensive anonymous browsing Anonymizer.com will help.

If you are worried about your web cam being used to spy on you then covering the lens with blu tack or a piece of paper will work. Be careful if you use something sticky like blu tack. When you close the screen it might stick to the main surface of your laptop. And when you then open it again you could end up ripping the screen off!

Preventing the microphone from being used is harder – if there is a physical microphone plug on the laptop then plugging in a 3.5mm adaptor should physically disconnect it.

To solve your worries about losing data which is stored in the world’s data centres all you have to do is make sure it is backed up – which you should be doing anyway.

For people who are worried about being sued for pirating music and DVDs; I’d suggest a simple solution. Buy your music and DVDs instead of pirating them! They aren’t that expensive if you get them from somewhere like Amazon. And you’ll get a warm and fuzzy feeling that you are supporting the people employed in the music and film industries!

Have fun on your computers, and stay safe!

Setup Trusteer Rapport to protect other websites

Monday, February 22nd, 2010

Trusteer Rapport helps to stop key loggers from stealing your passwords, and stops viruses or spyware from seeing what you are doing in your web browser.

Many banks are now offering it for free download. You can for example download it from NatWest’s website here – even if you aren’t a NatWest customer.

It is preconfigured to protect a small number of partner websites, but you can configure it to protect other sites you use as well.

You can enable it for each website that you enter username / password / credit card details into. When on the website you want to protect click on the grey Rapport arrow, and then press the ‘Protect this Website’ button.

trusteer rapport unprotected website

Then:

trusteer rapport protect this website

When you are on a website it is protected if the arrow is green, and it is not protected if the arrow is grey.

As well as protecting each individual website I’d recommend you increase the level of protection Trusteer Rapport offers.

Increase the security from the default settings

Click on the ‘Rapport’ arrow in the address bar of the web browser and press ‘Open Console’.

trusteer rapport open console

Click on the green circle with the right facing arrow on the bottom right of the screen.

trusteer rapport green button

Click on ‘Edit Policy’.

trusteer rapport edit policy

On this screen go through all the pull down options and make sure the bottom option of each is selected.

trusteer rapport advanced configuration

Click ‘Save’. You will be told that it is a good idea to restart the computer. There’s no need to do this now. The setting will be applied when you next turn the computer on.

After saving you can close the Trusteer window by clicking on the green ‘x’ on the top right hand corner of the screen.

In my case I was able to turn all the settings up to the maximum level apart from the ‘Block Kernel Keylogging’. I found that this setting prevented my wireless keyboard from working. If you have a problem with a wireless keyboard after installing Trusteer Rapport then you should try turning this setting off too.

Using Trusteer Rapport

Trusteer is only configured by default to protect a few websites. You need to manually enable it for the sites that you enter username / password or other sensitive details into. You can enable it to work for up to 50 sites. Do this for each sensitive website when you visit it next.

When you visit a website that needs username password details, and which is not already protected (i.e. it has a grey Rapport arrow), click on the grey arrow and choose ‘Protect this website’ as detailed above.

When you submit your login details you will probably see this box. Select ‘Yes’.

trusteer rapport password monitoring

Trusteer Rapport will then warn you if this password is being sent to a new website – for example to a phishing website.

Finding the best WiFi channel with Vistumbler

Friday, February 19th, 2010

If you are having trouble with your WiFi connection you may have heard that it is a good idea to connect to your WiFi router on a quiet WiFi channel to avoid interference from other WiFi devices.

WiFi myths

It is in fact quite unlikely that other WiFi devices are causing your problem. The WiFi protocol is designed to cope with many other WiFi devices in the area at the same time. Cisco have an interesting list of 20 Myths of WiFi Interference including this one that you might want to read.

But despite knowing this you still want to find the quietest WiFi channel.

Before I show you how make sure that it is the WiFi connection that is dropping. With WiFi internet you have two main points of failure. First you have the WiFi connection between your computer and the router which can drop. Secondly you have the internet connection between your router and your ISP which can also drop.

If your loss of connectivity is caused by the router to ISP connection failing then this won’t help at all.

Stop wasting my time – just tell me how to find the quietest WiFi channel!

Ok – here’s what you do. You’ll need to download and install Vistumbler. It’ll work on Windows Vista and Windows 7.

Start the application. Make sure your WiFi adaptor is selected from the Interface menu. Press Scan APs.

vistumbler loaded

After Vistumbler has been scanning for a minute or so press stop. You should have a list of other WiFi access points nearby. If you don’t then there probably aren’t any other hotspots nearby.

Have a look at the WiFi channels list on the left. You should go through them and see how many access points are listed on each.

vistumbler channels

You can see that channel 6 has lots of access points on it.

vistumbler busy channels

Channels 2, 4 and 8 are quiet only having one access point each. Don’t forget the channels which aren’t listed – they have no access points on them.

vistumbler quiet channels

Using this information you’ll see which channels are quiet, or empty. You can have a go changing the channel to a quiet one.

You might find your connection reliability improves. If it does then this is probably due to you picking a channel with less interference from baby monitors, video senders, and microwaves, rather than the other WiFi devices.

So was this all a waste of time? Maybe. But it is still interesting to know the distribution of routers across the channels nevertheless.

Trusteer Rapport password leakage problem

Wednesday, February 17th, 2010

If you bank online then there is a good chance you will have been prompted to install a software product called Trusteer Rapport. It is recommended by NatWest, HSBC, First Direct and a whole list of others.

Trusteer Rapport helps increase the security of your Windows operating system by attempting to block keystroke logging attempts, screen capturing, validating the IP address of sites you visit (to protect against phishing/pharming), and more.

On the whole it looks like a good piece of software to have on your computer when combined with an up to date virus scanner, firewall, spyware blocker, and Windows automatic updates turned on. I use it on my computer and intend to continue to use it for now.

However there are a number of worries about the software. RLR UK Secure IT Services has written about some of the worries here and here.

I have a new worry to add to the list.

Password leakage

One of Trusteer Rapports security measures is to warn you if you enter a known password onto a new site. This is a security measure to protect against the password for one site being stolen by another sites phishing attempt.

This is all good stuff. However they have created a new potential problem in the way they have implemented the warning message. If you use the same password on multiple sites (as most people do), and someone discovers your password, then they can use Trusteer Rapport to get a list of other sites that you have asked Rapport which use the same password.

The malicious user will need access to your computer to do this, but if they have this access then all they need to do is enter the password on a new website and they will trigger this Trusteer Rapport warning dialog.

Trusteer Rapport password information leak

You will see that in this example dialog Trusteer Rapport has now leaked that this particular password is also the same password used on 6 other websites.

This means that instead of gaining access to one account, the malicious user could gain access to many of your password protected accounts.

Now you can argue that users should use a different password for each site, but in reality that is never going to happen. People have two choices (unless they have some kind of super brain), they either use a small number of passwords they can remember on all their sites, or they write the passwords down somewhere. Most people will reuse the passwords.

I think Trusteer would be better off changing this message so that it doesn’t print out the names of the websites. Perhaps Rapport could just print out a message saying that this password is in use on other websites, and that this is a new website that has not been given this password before.

Overall

Despite this I’d still recommend using Trusteer Rapport at the moment as it does many things which will increase the security on your computer. You must make sure you use it in combination with up to date anti-virus and anti-spyware.

Nokia phones automatically tagging photos with cell ID

Tuesday, January 15th, 2008

I wonder how many people know that their Nokia phone may be automatically tagging all their photos with enough information to track where they go? – even if they don’t have GPS.

This is certainly the case if you have a Nokia N80 with Lifeblog installed. When the photos are synced to your PC so is the location information. It is easily viewable in the Lifeblog database.

To view this information in your Lifeblog database get the SQLite Database Browser from SourceForge. Fire it up and select the Lifeblog database which should be at \NokiaLifeblogData\DataBase_2\NokiaLifeblogDataBase.db3. I’d advise you to back up the database before you try this.

Locate the LbObjectXT table. This links the object id (i.e. the photo) to the place.

LbObjectXT table in the Nokia Lifeblog database

In the LbObjectFileReference table you’ll be able to turn the LbObjectID into something meaningful.

The LBPlace table then contains the information about the place. It has the MCC (country code), MNC (network code), LAC (local area code) and CellID.

LBPlace table in the Nokia Lifeblog database

This is enough information to pinpoint your photo to an area of less than half a mile square in built up areas. In less populated areas the accuracy may only be in the order of several miles.

Depending on how you feel about things this is either a really cool feature of your Nokia phone / Lifeblog or something you might worry about. If you take a lot of photos then it would be possible to work out roughly where you were each time you took a photo – if it were possible to convert the cell ids to co-ordinates.

There are several databases around which show you where the cell ids are located, however most are very incomplete. The best database is likely to be owned by Google – they currently have a database linking cell Ids to location which is populated by users of its Google Maps application. If they were ever to publicly release this database then it would be relatively easy to work out where all you photos were taken.

Open questions I have are:

  • Is this information only recorded if you have Lifeblog installed?
  • What other phones are recording your cell ids as you take photos?