P2P File Sharing 102 (ii) – Q&A
p2pnet news view Freedom | P2P:- p2pnet’s surfer yesterday launched the second part of his P2P File sharing series and in it, among other things, he gets down to what to use and what to avoid like the plague.
p2pnet reader Robert peppered surfer with questions and as surfer pointed out, “I write articles here, and each [answer] could be an article itself.”
With that in mind, and so readers who may not have followed the exchange don’t miss out, below are clips as a kind of Q&A, and surfer promises to go into in greater detail in other parts of his series.
For now »»»
Robert: How do you best employ encryption? across entire HDD? Specific files? Harddrive Sector? HDD block (usually 512B)? Usability is important, so is performance hindered via the use of encryption?
1) How do you use PGP on something like Yahoo Mail or GMail? What if you are using the web client and NOT the client that comes with your OS (Evolution or Windows Mail or Mail from Apple)? /* Why would you not use a host email client? Easy, if you’re used to formatting your Windows partition every 6-9 months for 7 years, you would lose your emails unless you kept them backed up on the web server hosted by GMail or Yahoo Mail or whatever */
2) What if you do not engage in file sharing, use an OS-based firewall (monitoring software ports), and have the firewall in your router enabled(even if it is owned by your ISP)?
3) Just how smart are these USAF hackers? Do they really have the ability to hack into any computer, any OS, at any security level, through any firewall (ie: Sandstorm)?
4) Would DPI be actually able to decipher your AES128/256 or SHA-512 or Elliptic Curves 512 encryption scheme and what impact would the encryption/decryption process on your host system or file transfer performance?
surfer: Imagine how you would feel when the ‘thought police’ kicks in your door and you don’t have time to get your computing habits in order. As for encryption, the more the better.
1) Who keeps emails for 7 years ?!?!. Dude, archive shit. PGP will encrypt the entire message and can be de-crypted with your public key. Just control your public key, or generate a new one.
2) If you don’t own your equipment, you don’t own any privacy, period. It would scare you what ISPs currently monitor, much less what they are going to do.
3) LMAO. USAF Hackers, heheheh, snort. Its the guys that got busted for hacking that currently work for the DHS that I would worry about.
4) DPI couldn’t tell jack shit about an encrypted stream. Shows as garbage, they can only monitor how much of it. (filesize).
NO1UNO: K, So i’m not Linux litterate here. Windblows is what i’m stuck with, and i do what i can. I own my modem, and ive got a router i’m not using right ATM, so im wondering if sticking that in-line with the modem will get me a bit more security??? I will take any advice (good or bad) that you guys can offer!!
surfer: sticking it in-line will get you more security. readup on no-brainer items to block shit like :43 telnet. comcast still has some switches with port 43 open, and we hijack class c IPs all day long. talk about spoofing.
Robert: Not to be a downer but with all you guys have described can you actually use your desktop or laptop? What can you actually do? Are you able to play games? Research for your wedding? Are you able to job search, as some sites are government sites? What about figuring out what procedures you require for filing your income tax online or finding out the nearest MTO (Ministry of Transportation Ontario) or…
The easiest and truly safest way is to… disconnect yourself from the web! Nothing can hack you now! Turn off all blue-tooth, wireless, and infrared hardware.
Your computer is now 100% secure.
On a more serious note, what are you trying to protect that you need to lock your system down like it were Fort Knox? If the government wanted to know more about you, they’d get to you one way or another; your bank, unless you’re paid in cash and you keep it under the mattress, your friends, your family, your shopping habits, your eating habits, what you borrow from the library, what videos you rent (if you do) or movies you see (if you do), etc…
And believe me, if the government wanted to find out about you and they knew you were a computer nut who would definitely lock your system down as if you were NASA, they’d find another way to watch you.
surfer: you are making assumptions that are not from educated reasoning Robert. I am pretty from-the-hip and I tend to tell it like it is. But, honestly, I think your overview of encryption is blased, and indifferent. You are typical statistics that we call ’sheeple’. One of the masses. You don’t encrypt to ’save your ass’ you encrypt as an accepted step of the process. (Research show that you do a, b and c. et al) Am I not explaining myself correctly? u wanna stomp around in dirtboots, go right ahead. be my guest, you are then, by default, hanging fruit.
Its not overkill to control your own private information, you should always exercise your right to control your information. You should control its use.
‘Just cause I read it somewhere’ doesn’t wash on P2Pnet, we are informed here.
Robert: I don’t think you know me well enough to call me one of the masses.
You do not have control of your information is my point. You never will.
Did my professor (Founder of Certicom) lie when he said that 90% of the security effort of a corporation is to block people from coming in, but 90% of the theft occurs from within the system and without the use of technology. If I wanted your financial/health/employment information I don’t need to hack your system to get it. I know you realize that.
And no, to me you are not explaining yourself very well. I find your answers quite difficult to understand, it is as if you’re speaking with encryption or intentionally being elusive. I am not referring to PGP or any technical terms either.
I’ve spoken with a few experts in the field who’s job is to protect the corporate network (no, not BestBuy, CWCEC for example) and they explained statistically, even just a firewall, regular updates to security patches, router firewalls, etc.. would keep most hackers away. What I found most interesting was that it was not worth the investigative effort to try to hack your system, for whatever reason, as they could easily acquire the information through the sources (banks, health records, library, etc…).
NOTE: By referring to the experts I am NOT assuming I am one of them or they know more than you or any other interpretation to promote a sarcastic comment.
Surfer, when you are answering questions, it seems like you’re making a lot of assumptions about what people do/don’t do rather than ask them first and then you treat them as such, which is often belittling and condescending. Perhaps that is your nature and that’s OK, I’ll keep that in mind in the future. But unfortunately, I don’t know if I want to ask you any more questions.
I also don’t follow ” ‘Just cause I read it somewhere’ doesn’t wash on P2Pnet, we are informed here.” Where did I imply that? I am simply asking for clarifications and when I ask “will this not lock your system down to the point where you can’t use it” does NOT mean I am criticizing your efforts! It seems you took it that way. Those are legitimate questions, not loaded questions or “please, I’m cocky, chew me up and spit me out” questions.
The comment about disconnecting from the web was an attempt to express humour. The rest about the government using other ways to find out about you… do you believe this is false in theory and not executed in practice? I am asking legitimately, no sarcasm.
Basically, Surfer, there are ways of illustrating to someone they are misinformed that is helpful and non-confrontational, and I am struggling to find that in your responses.
surfer: well, then I apologize Robert. I am condescending that way, I jump to the conclusion that most of the people on the internet have no clue and we call them sheeple, no offense meant.
If I am being cryptic in my responses, it is mainly because I write articles here, and answering your questions, each one could be an article itself. So instead of posting an article sized response, in the future, I will address each of your questions and write an article about it. Remember, when I post, it is for everyone to read, not just as a response to your questions, so I make general comments to the masses, nothing personal.
hth
And: ‘0) How do you best employ encryption? across entire HDD? Specific files? Harddrive Sector? HDD block (usually 512B)? Usability is important, so is performance hindered via the use of encryption?’
I will try and do one at a time, you asked alot of questions.
I use macs, so what I describe should be translated into whatever platform you use. I encrypt entire drives, especially the ones that I use for the server. Macs have a built-in utility that encrypts the entire drive, and demands a password to mount the device on startup. There is no impediment to performance using this feature. I encrypt them @ AES 256, solely for that this level of encryption is sufficient for my needs and cannot be readily hacked or bypassed in any known fashion. This eliminates the need to selectively encrypt this or that, while omitting files/folders for whatever reason. This policy covers everything. Simply unplugging the machine or hdd will reset the device and then demand password to re-mount it. For sensitive e-mails that I don’t want intercepted, or read by 3rd parties, I use PGP.
I also use several free web based email accounts to bounce/forward from one to the other to obscure the source IP it was sent from. An email contains what is known as a ‘header’, this has information on the protocol used to send the message, the IP it was sent from, and the mail server IP that received it. Typically, this information contains the ‘last’ bounce, and does not contain a trail from whence it came. So using two emails, one as an intermediary to forward incoming and outgoing emails is sufficient to remove any footprints left behind, and with the body of the message encrypted using PGP, it makes it just that much harder to eavesdrop. The DHS is using terrorism as an excuse to basically spy on anyone they want, in the name of national security. I do not like this, therefore I go out of my way to take steps to foil these asshats.
Robert: WOW! That really does explain a lot. I too use a Mac (2.16 GHz MBP). It was the first step towards a home audio studio (I will use external eSATA II Oxford 912 chipset FireWire 800 interface with Hitachi SATA II HDD’s). I was reading up on the FileVault and the only problem someone had was that if a sector of your HDD becomes corrupt, you lose everything, as opposed to just the file associated with that sector. So I guess the solution to that would be to decrypt and back it up semi-frequently. Unfortunately, I don’t file share with this machine; I don’t file share at all anymore. When I am ready to do that it will be with my own music. At which point the double encryption on an older laptop method will be used. I have other intentions but I can’t publicly post them, we know the **AA reads these.
Very soon there will be a standard on HDD encryption from the FW on the drive. I wasn’t fully in the loop on that at my previous employer (they design systems on a chip and the one I worked on was for SCSI RAID Controller with encryption) but there’s an article on it here:
One interesting component of the article I like is the claim that your property will be less valuable, even hardware, because it wont’ be usable. The HDD simply will not work, even when removed in an attempt
Typically emails don’t contain a trail of IP’s? So much like IP Packets then? I haven’t read up on email protocols, just TCP/UDP/ICMP. I’ll have to find another email client, as a mediary. With PGP though I’ll need to send out my Public Key for family who are anything but tech savvy to be able to read my emails. (They STILL ask how to dub VCR to VCR or how to use the universal remote to watch a DVD). Hopefully that won’t be an issue. And you’re write, “Who keeps emails for 7yrs” I guess I don’t need to. I’ve backed some up before and… not once have I really needed to view them.
Again, WOW and thank you for the info. I will keep the questions to a minimum. You answered quite a few with that paragraph.
surfer: ‘2) What if you do not engage in file sharing, use an OS-based firewall (monitoring software ports), and have the firewall in your router enabled(even if it is owned by your ISP)?’
This is not bad. I would put heavy emphasis on owning your own router. This will work as a port forwarding, firewall and DHCP client all in one. Be sure and block UDP. If you are ONLY using the hardware provided by your ISP, then this leaves you open to all kinds of monitoring. I have heard reports of ISPs ‘pinging’ your ‘modem’ some 200x/sec. Your ISP uses UDP to typically assign you a dynamic IP, or ‘chat’ with the hardware, this is one required function, and one invasive function. Because it is their equipment, they can legally do anything with it and not tell you, so who knows what they are looking for when they ping your device some 200x/sec, block UDP and this stops.
because you are on a mac, you already have superior defenses against the pc tools of the world, but I would still suggest using the built-in firewall for incoming filtration, a router against ping floods and ddos attempts (remember all the bots and worms out there think your machine is a pc), and get yourself LittleSnitch to foil outgoing connections from software that ‘phones home’.
And: h, and FileVault is HIGHLY recommended by all factions of the underground. top notch tool, 5 stars.
Thanks, surfer. Much appreciated.
Jon Newton – p2pnet
February , 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
February 25th, 2009 at 1:21 pm
Yes, VERY well explained. Surfer and The Scene guy are VERY intelligent.
I’m going to try to figure out the multi-account setup with forwarding and such to see how I can do that. I want to learn for myself so I remember, if stuck, I’ll post a question.
Thanks Jon for sharing. Maybe others now feel free to ask some questions too or maybe now they know a little more how to protect their systems.
February 25th, 2009 at 2:19 pm
Thanks, Surfer. I have bookmarked the “101″ threads for future study. I do have a router, but haven’t figured out how to use it yet, and securing my computer is part of my next step in my “learning Linux” adventures.
February 25th, 2009 at 2:43 pm
@ Dorothy:
How’s the garden? Meanwhile, if you’re around later, email me. Setting up a router is one of the few things I am able to do.
Cheers!
February 25th, 2009 at 2:58 pm
@ Dorothy,
Congrats on learning Linux! I’ve been trying for some time to get my family into it, but breaking their Windows addiction is pretty tough.
Any advice on how to convert my Windows family to Linux? Any pitfalls you find so I can understand them and help my family re-use older machines and be safer when using their computers?
February 25th, 2009 at 4:07 pm
If you really are worried about email privacy.
setup anon hosting + anon email with SMTP (use an open wifi hotspot not your own with any form of secure non proxy) +
Setup a mailing list on your anon host, use your anon email to send emails from your mailing list which you then forward to an anon remailer encrypt the hole msg with PGP and then have the remailer send to your preferred destination.
Done 100% anon. As long as the open wifi you used didn’t somehow catch you on camera (e.g. Starbucks) then this is pretty damn difficult to track down. have I missed something?
http://en.wikipedia.org/wiki/Anonymous_remailer
http://sourceforge.net/search/?type_of_search=soft&words=remailer
http://sourceforge.net/search/?words=remailer&type_of_search=soft&pmode=0&words=mailing+list&Search=Search
February 25th, 2009 at 4:12 pm
perfect example scenario lando.
February 25th, 2009 at 4:23 pm
Hi Jon and Robert:
Jon, my garden is frozen solid! It’s winter here, you know.
Will contact you later by e-mail and thanks for offering.
Robert,
This is a big topic, maybe too big for a comment thread. The only distro I have experience with is Ubuntu (6.06 and 8.04).
Briefly (ha!): ubuntuforums.org is a big help. ATI video cards are apparently harder to set up than Nvidia (I have N.). Video cards appear to be a bit of a problem in general.
You can ask to have free Ubuntu CDs with current version of OS shipped to you, and your family members can try it out as a “LiveCD” without installing (don’t really recommend this, it is too frustratingly slow for my taste), or can be used as a dual boot if somebody can install it as such for them. I had never installed an OS before I used U, and U is very easy to install if you use the default values.
I know there have been problems in the past with wireless, but I don’t use wireless, and this may not be the case now. Ubuntu has made many leaps and bounds in the 2 years I have used it. I knew nothing about OS (Windows or Linux) when I switched to LInux, and it was very difficult at first, but I have had a lot of fun with all the different programs that are available (free!). Older computer hardware tend to be more compatible with Ubuntu than the newest hardware, in my experience.
Make sure your family can play MP3s, movies (VLC is good). Adobe Flash is a problem for me (AMD64 CPU) – both 9 and 10 don’t play certain websites properly, don’t know if this is a Flash problem or a website issue. Kilz’ Flash thread is a lifesaver (Ubuntu Forums). I can see YouTube videos. I have tried the open source flash a couple of years ago, but ran into trouble with other files that were needed to run it, not sure how useful the open source flash is at this point. Media codecs are very easy to download in current versions of U, even the closed source ones.
I use a HP LaserJet 1018 printer, can’t use U’s drivers, don’t know why – this applies to other HP and other brands as well – see http://foo2zjs.rkkda.com/. The script for my printer works well.
Firefox is fun to use (extensions!), and Thunderbird has an appointment calendar extension (Lightning, I think) which I like. Tabbed browsing in Firefox is much nicer than in IE – tell your family this!
Use the KDE desktop environment if your family likes the way the Windows desktop looks.
Security: I use ClamAV without GUI, but not sure if this is the “best”. I use it to scan downloaded documents. I have also used Firestarter as GUI to configure IPtables (firewall), but know very little about how to do this.
Best advice: if your family is willing to try Linux but is not very knowledgeable about computers in general, make sure that their access is restricted to only what they need to use, so no inadvertent changes are made. Also, somebody (you?) may need to spend a fair bit of time reading the distro forums, assuming that your knowledge is as low as mine
. There are numerous videos on YouTube and elsewhere for learning Ubuntu as well.
Good luck!
February 25th, 2009 at 4:41 pm
Thanks Dorothy.
I am quite comfortable with Linux myself. My family is anything but tech savvy, so thank you for your input. It’s not easy when they just want it to work and have is simple, but don’t want to learn. You are way more advanced than they are and clearly willing to even teach yourself.
I forgot about the youtube videos for them. Ubuntu is what I gave them but you are right, the LiveCD just won’t win them over. I use Ubuntu 8.04 myself through VMWare. About all I do is development on it, oh and play intelligent games. I found games that test and build logic/math/memory skills. And a version of “asteroids” for old times sake (Atari 2600 – oh man the memories). Not that I really need it with Ubuntu but I too have a firewall (Firestarter), as editing IPTables is not something I care to think about, even though I understand them when I view them. I’d rather code or test my memory.
I’ve had similar issues with ATI and wireless USB adapters. It wasn’t so bad though as I found the info online (basically add your vendor ID and subsystem ID to the driver’s list, recompile and you’re somewhat golden — USB adapters are less than fun as they ‘drop-out’ on you).
They enjoy it when I am there but when I am gone, it’s back to XP or Vista (depending on the family member).
Thank you for your struggles, I’ll use your suggestions as an example to my family members to encourage them. Can I exaggerate? Maybe say you’re in your 60’s and never owned a computer but wanted to learn, and once you saw the information and videos and how you feel after learning, you were so excited now you’re a hacker? Just kidding.
February 25th, 2009 at 5:11 pm
@ Robert:
It will be a while yet before I am 60, I’ll have you know! *thwap* (j/k)
I went into Ubuntu cold turkey, didn’t know anything about Linux other than what I had read prior. I also didn’t know anything about Windows other than you had to be very careful security-wise (antivirus, firewall, spyware, etc). If I can learn to use Ubuntu, anybody else can too. I have spent a lot more time reading howto’s than I expected to, but I like computers and it beats working around the house.
February 25th, 2009 at 6:28 pm
@ Dorothy:
So what’s wrong with 60 !? (:deeply insulted:) (j/k)
Cheers!
February 25th, 2009 at 6:35 pm
Sorry, Jon!
February 25th, 2009 at 6:42 pm
@ Robert (again):
Upon re-reading my lengthy reply to your question, I don’t think I have really answered your question. Unfortunately, if your family is not really interested in learning more about Linux, I think any attempts to switch them over to Ubuntu permanently may not work. Better the devil you know than the one you don’t, etc.
My reasons for using Linux are low-cost, much better security than Windows, easy to install OS, and software updates (security & such) are less likely to bork my machine than Windows updates.
February 25th, 2009 at 6:50 pm
@Dorothy,
You provided some good info. I think I’ll just use some buzz words found in popular media to scare them into using it
They just need encouragement and to see for themselves that Linux is a very good alternative, if not replacement, to Windows.
February 25th, 2009 at 10:42 pm
bit of advice from personal experience when switching from Windows to Linux.
.
1) expensive but best path is to have an external hard-drive reformatted to be useable by Linux’s FAT32, and then transfer files from NTFS (or FAT32) Windows to the external hard-drive. Reformat or dual-boot, and then put your files from the external hard-drive into Linux. For some reason, if a hard-drive is formatted by Windows, it will only work on Windows machines, but if formatted by Linux will be usable by both Windows and Linux (possibly Macintosh as well). External Flash-Drives (aka thumb-drives) do not have this problem.
2) Some common software programs (and games) have full support for both Windows and Linux. Just check their websites for linux versions and linux patches. For those that don’t, use WINE http://www.winehq.com, but unfortunately, I have not had good experiences with wine
3) If you are like me, and rely on Engineering Programs, you are mostly shit out of luck with Linux. I have seen a few people successfully run Orcad, etc on a Linux machine, but it is no easy task unfortunately. If your family relies on Computer Programming Software, they will find Linux very much easier to use than Windows.
4) http://lifehacker.com/384545/superior-alternatives-to-crappy-windows-software
5) http://www.linux.com/feature/30874
February 25th, 2009 at 10:52 pm
surfer, in your last article (File Sharing 102) you mentioned ftp. I have accessed public ftp servers in the past, are these secure? Is there a way to make yourself secure while accessing them?
Thanks!
February 25th, 2009 at 11:02 pm
Soory, forgot to add this. Is there a method of encryption that just works in the background (i.e when someone else logs on to their account (not admin) will they have any trouble accessing files or folders ?
Thanks again!
February 25th, 2009 at 11:22 pm
some helpful websites for new linux users and for convincing windows users to switch to linux
http://lifehacker.com/384545/superior-alternatives-to-crappy-windows-software
below link is about the Microsoft kill switch, Bill Gates tested his kill switch on the Zune 30GB recently
http://www.schneier.com/blog/archives/2006/06/microsoft_windo_1.html
For the lazy, although it is more secure to get the files directly from their separate websites.
http://www.ubuntugeek.com/super-ubuntu-200811-ubuntu-based-linux-including-favourite-applications.html
One last thing, if you want to transfer any files from Windows to Linux. You need to have an external hard-drive formatted to Linux, and not Windows, to put the data into. A FAT32 hard-drive formatted to Linux is usable by both Windows and Linux, but if it is formatted to Windows (default) it is not usable by Linux. External Flash Drives (aka Thumb Drives) do not have this issue. All of them (yes even the ones Window owners use) are formatted to Linux by default.
February 26th, 2009 at 2:10 am
http://www.informationweek.com/news/hardware/reviews/showArticle.jhtml?articleID=206904763
Page 2:
“The App-ID capability, while quite impressive, wouldn’t be of much use without the PA-4050’s other neat trick: SSL decryption. Using a man-in-the-middle attack for the power of good, the PA-4050 proxies SSL connections and generates a new certificate on the fly that it sends to the client, impersonating a secure server. Because the firewall has the network traffic in plain text in between decryption and re-encryption with its self-generated certificate, it can apply the full range of security policies to the traffic. In order for this to be transparent to users, IT will need to distribute the firewall’s root certificate to all client computers, a process that could be automated.”
Every ISP, proxy, or whatever is a man-in-the-middle.
You sure you know what you’re saying?
There are many apps and hardware made just for capturing keys and re-issuing. Its used by law enforcement to play back your encrypted streams at their leisure. Or can even be used by the ISP itself.
“A lot of proxy servers from IronPort, Secure Computing, Blue Coat and others do the same thing”
This isn’t anything new either. Its kind of old.
February 26th, 2009 at 6:32 pm
sftp