Archive for the ‘Firefox’ Category

Final Post

October 2, 2009

No – I’m not dead yet!!

This is a final post at Tigerstail.wordpress.com because I am tired of seeking knowledge and bitching about that which is. It is time to use my skills to develope the solutions to all of the problems I have discovered.

Join Me at jimmicap.wordpress.com

Advertisements

IE8 Privacy is an Oxymoron

September 20, 2008

I could have said that the IE8 privacy function is a lie or a joke but I happen to like the word oxymoron. In my preliminary tests I was acting as if my life and future depended on my online privacy and didn’t bother doing a comparison. I found my surfing history in cache memory, that Ccleaner didn’t wipe the cache memory information and that there was a hidden system file called PrivacIE (pronounce that “Priv A C”) which contained a hashed index.dat file which was untouchable. Not a bad find for a quick survey. I did a preliminary test against Firefox 3 automatically wiping all privacy data on closing and found a few lingering cookies which Ccleaner seemed to wipe out but no cache memory of the sites I visited.

I sort of find a hashed index.dat file (in a folder called PrivacIE) and a record of my surfing history in cache memory an insulting and direct compromise of the promise of real internet privacy.

If anyone cares about the method, I’ll do a post on it.

Live Linux CD -Dead Computer

February 19, 2008

It appears that linuxcrayon has the gift of prophecy or maybe just hard earned knowledge. I was using a Live CD to track the code on some disgustingly evil sites. Even though it was a Live CD on a minimal machine (no hard drive), I’m still in the habit of monitoring netstat to see who’s monitoring me. Now I was a little surprised to find that I had probes from carnivore and a couple of corporate spies watching me surf crap.

I wasn’t too worried as every time I turned the machine on it came back as a brand new machine with no tracks. On a regular machine with permanent programming, the Spyware is there the moment you turn the machine on so it’s pretty hard to find out where you caught the crap once you’ve got it. With a Live Linux CD, every day is a new machine with no history so you can start surfing while watching netstat and see where you get your invaders. If you miss it today you can try again after . Trust me, if you pick up military strength malware on a regular machine, you can never shake the crap so it’s tough to track it to the source.

Well pride about my cleverness came right before my fall and the knowledge of Linuxcrayon was predictive. I was using a Knoppix operating system and a Firefox browser and it started getting unstable. I switched to a DSL (Damn Small Linux) operating system and their proprietary version of Firefox. The stability lasted a few days and I thought that it was a malware injected into memory much like the Firefox Browser update which occurs every time you start-up a Live Linux CD and open the browser. But then everything went to hell.

I could no longer enter the Bios on start-up, Flashing and resetting the BIOS didn’t help and the system would not operate off line. So what ever damage was being done was permanent and not due to imbedded software. Then the machine just stopped working. Post card says my CPU is fried.

Well this noble machine had been through a lot. It started life as a windows machine which was slammed during the trial as I investigated various evidence sites which were still online. I gave the hard drive the lots wife tratment and replaced the CD drive and tried to rebuild it as either a windows machine or a LInux box to no avail. It was unstable. As a medium for running a live CD, the machine hung on for another 3-4 months doing reconisance on a lot of shit sites. and publishing the results. It was on this machine that I discovered Google Dorking 4 Kiddie Porn and exposed sites which should be Hacked to death.

Just for laughs, I have purchased a couple of motherboards and hope to return this box to active duty.

GSI 4 Firefox – Cool Tool!

February 14, 2008

Sometimes you trip on Browser add ons that are a fantastic idea. I mean you hit a site you want to explore and you can click the page links, get lost and never explore both the depth and breadth of the site. You may leave without finding what you want. What the Google Site Index does is draw a site map based on Googlebots knowledge of the public area of the Web site. Now certain cites like youngerbabes.com and young-models.org (which can’t be searched with the site command) cannot be indexed. Others which have thousands of pages like thehun.net yield a very organized site index which is less than a page.

Installation is simple, and once installed it’s easy to use. Just click on tools and open up GSI (or right click on the screen) and up pops the interface. Confirm the Domain, click start and the site is indexed. You should probably stay away from the recursive search as after trying twice with two different sites, it locked both times. Then Google accused me of having a virus and locked me out until I entered some twisted letters.

If I have a complaint, the results pop up as a html page that you can only click on one link before it disappears. The workaround is to save the page as html on your desktop and work from there. If you have basic HTML skills, you might want to open the page in notepad and cut the script at the bottom before you start exploring the site. While GSI indexing is totally anonymous, your site visits are not unless you do the standard Google trick of saving the URL’s in notepad and using the Google cache while stripping all images or by using a proxy.

So far, I haven’t used GSI for anything serious if you don’t count looking at the good, the bad, and the ugly architecture of my own Web sites.

Dissecting a Kiddie Porn Cookie

February 11, 2008

Cookies can be used to transfer information about you to a website. Now when I started to use a Live CD, I got a little bolder in tracking source code on nasty sites and not shutting down between site visits. After all no permanent images would be stored and there wasn’t all that much information which could be transferred from a machine with no permanent memory of where it had been and what it had seen.

Well I found out there is an awful lot of information in temporary storage. like a cookie from any personal site you have visited, ie gmail, hotmail, hi5, myspace, facebook etc. Since I really hadn’t thought about it and therefore wasn’t avoiding it, I was able to get a peak at what kiddie porn sites wanted to learn about me.

From over at Fatsavage.wordpress.com, the original analysis of the cookie from americanthumbs.com was:

‘ucjc=xucjcxnoref
xucjcxnoref
xucjcx1
xucjcx0
xucjcx0
xucjcx
xucjcx; path=/;’

Now after a session of Google hacking for kiddie porn, I ended up with the following cookie from billpics.com or amglover.com which both use the ucj cookie.

‘ucjc=xucjxnocookie
xucjxnocookie
xucjx1
xucjx2
xucjxnone
xucjx|teens-girls.net|mymasha.com
xucjx; path=/;’

It would seem that a couple of sites I had not suspected of kiddie porn were of interest to the people from UCJ as both of their names show up as a variables in the cookie and the variable that was a 0 has now moved up to a 2. I guess they are counting the nasty places I had been. Apparently, I was cautious in this surfing secession as the “noref” variable had shifted to “nocookie”.

When I got sloppy, the changes in the cookie got really interesting.

‘ucjc=xucjxgoogle.co.vi
xucjxhttp://http://www.google.co.vi/search?hl=en&client=firefox
&rls=org.mozilla%3Aen-US%3Aunofficial&q=hq-teens.com&btnG=Search
xucjx1
xucjx0
xucjx0
xucjx
xucjx;

Well, I sort of figured this would happen so I had turned the machine on and went nowhere else except the Google search bar. Now in addition to my IP, they have my Google cookie, the country version of Google, that I search in English, that I’m using Firefox and that I pressed the search button while looking for information on hq-teens.com.

If I had checked my Hotmail or Gmail prior to the search, they would probably have my user name and everything else.

Tag I’m it, wandering in a forest of honeypots with Federal bees swarming to sting.

Why use a Virtual Machine?

February 9, 2008

Well their is good news and bad news about simple Virtual Machines. At it’s simplest, a virtual machine is just a live Linux CD on an old computer without even a hard drive. The one I’m currently using has a motherboard with a fried BIOs and an embedded Trojan but Linux does not rely on the BIOS and Trojans rarely are cross platform.

With a live Linux CD, you don’t need a storage area and with a gig of RAM, you can quickly surf without worrying about porn loaders or malware of any sort. The nice thing is there is no permanent record in hidden index.dat files or in log files written in geek. Shut the machine down and everything you did is gone including all cache files of images, cookies and history. Since possession of weird shit is the major crime and the easiest to prove with the un-erasable hidden files on your hard drive, you avoid that trap. Unbelievably, your hard drive holds a near permanent record of your surfing history and a copy of every image you have ever seen whether on purpose or not.

So on one hand you get some element of protection but on the other hand there is still information being conveyed to anybody that wants to spy on you. First, at the local level we have the FBI’s ability to spy on every private citizen in America. The powers of Carnivore and Echelon to track all of your surfing activity whether wired or wireless are incredible. I wouldn’t bet that a keystroke logger won’t work on a virtual machine. After all, my virtual machine uses an older version of Firefox which accepts an update and installs it in RAM. Not much different than accepting a keystroke logger with “ET call home” capabilities which would report on all of your surfing habits, emails, and instant messages. Since wireless intercepts are up close and personal and Carnovor is nestled at your ISP level, I’m not even sure that a proxy will help to hide your surfing activity because the spying is already done by the time you request reaches a proxy. (a keystroke logger even defeats encrypted URL’s)

This is one of those classic Mexican stand-offs. You will be observed and unless you are actually making kiddie porn or building bombs, I doubt that anybody would really want to explore spy technology at a trial because the Government’s technical capabilities of information gathering is probably being illegally used. It’s far easier to trash your machine, get you to a repair shop, and let you self incriminate as the courts have ruled that you have no expectation of privacy when you take a machine in to get it repaired so any evidence on the machine can be used to set you up. This is the biggest advantage to virtual machines- they dont go to repair shops.

While there is no evidence on your machine that you are engaging in dangerous activity, never assume there is no evidence at all.

I got a little bolder on my virtual machine and found out just how much information can be gathered from a virtual machine which allows cookies. (If you don’t allow cookies, you can’t explore many sites and as soon as you allow them there is information being transfered.)

Please check the comment section for an intelligent bit of information from linuxcrayon.

Screwing up XP!

January 6, 2008

I’ve sort of been suggesting that part of the reason that Vista has not been universally accepted is because Windows XP is a mature, sable and secure operating system which has no need for a replacement except perhaps in the gaming community. There are many independent companies that understand the system and are writing independent security software to defend you against Virus, malware and to secure your privacy against unwanted preservation of sensitive data or images.

The truth is you can do a pretty good job of defending your machine by using Firefox as your browser with settings that insure your privacy and erase all surfing history. Naturally, you can back this up with Ccleaner and an independent antiviurus and your in pretty good shape. You may want to use your traditional XP search function to check for cookies that may have been missed and to check the images in all hidden and back-up files. After everything unwanted has been eliminated, defragment your system and overwrite your unused space with a seven pass disk wipe.

From what I know of forensics, that is probably enough to prevent the repairman at your computer repair shop from reporting you to Homeland Security and may be enough to prevent recovery of images and files after you reformat your hard drive. (However, if it were my freedom at stake, I would give the drive the Lot’s wife treatment and buy a new drive.) Overall, I am fairly well convinced that XP is a defendable operating systems for mere mortals that follow a set routine and pay attention to security.

Since this belief is probably true, it leaves, Microsoft and the government out in the cold when you choose to observe their nefarious connections. No, you cannot stop unwanted predators from connecting to your machine and probing you but you can keep your machine clean enough that there is little there to find. Now with Vista, this is clearly not the case. There are back-ups of everything as the default and many are complaining that that use of Vista will be a one way ticket to jail or unemployment as your total computer use is an open book.

So what is the answer for Microsoft and the Government to threats from a protectable XP operating system? Simple, introduce an unavoidable SP3 service pack. I mean I avoided the upgrade for IE7 forever or at least until there were so many vulnerabilities that were left unplugged until I down loaded it even though I use Firefox. I suspect avoiding SP3 will eventually leave me so exposed that I will have to do it and ultimately upgrade myself to a system as unknown and undefendable as Vista. Once this happens I may as well switch to Vista.

Oh well, shit happens.

Resistance is Futile, Knowledge is Soporific!

Vista Security-Oxymoron

December 11, 2007

Let’s start with basics, Vista Security is an oxymoron – It simply doesn’t exist.

I finally hacked an installation on a brand new machine and worked at putting an anti-virus on the machine. At the time, everything I tried was incompatable or my downloads were blocked. I tried Zone Alarm, PCcillin and Kaspersky. So I ended up with One Care which the whole world is condemning for being a weak system. I also attempted to install my Malware protection but every time I ran Spybot Search and Destroy, my computer locked up and AdAware wouldn’t update without locking up my machine.

I have now reached the end of my one month trial period for One Care so decided to check my machine and see how outside suppliers rate it. One Care says I’m at risk because I won’t let that cancerous back up program operate and I haven’t paid them. I tried running PCcillin House Call and was told that they couldn’t really check some operating systems. I tried Kaspersky on Line service and it told me I looked OK but there were 150 blocked files that they were incapable of inspecting.

I would have felt better if I was told that they inspected everything and I was clean.

I tried reinstalling Spybot Search and Destroy but it locked up when I tried to update it and I couldn’t get it to run. I tried to run it a few more times. It identified a couple of problems and shut down saying I aborted the process. AdAware refuses to update and stalls. When you force it a few more tries a screen pops up saying the update is complete without telling you what was updated. When I ran it, it took 18 minutes to get half way and finished in one more minute. I removed the cookies I found but don’t really trust the results.

If the Vista machine were used for anything more than surfing and writing an occasional post, I wouldn’t know what to do. I have no idea what kind of bug is on the machine nor do I trust any tools that are supposed to help me find and eliminate it.

Vista Security, Truly an Oxymoron.

Updating Windows XP

December 8, 2007

How often should I update Windows?

Every hour until you get it right!

One of the reason I like PcCillin is because of its independent search for windows vulnerabilities. Where this tool comes in handy is when my machine starts slowing down for no reason. I mean I did an online virus check and found no virus at all. The caveat of course was that it failed to check about 20 blocked files. I tied running AdAware but found that updates were blocked. So I know I wont trust that result no matter what.

When I did the PcCillin test, I found one vulnerability ms05-04. Since I really didn’t have a clue on trapping my pet bug, I decided to close the vulnerability knowing in the long run it was a fools game.

Keep in mind that this is a fully protected and updated computer just one month ago but yeah I do write some stuff that probably cause me to be spied on by Military Strength Malware.

The first step is to run a Windows update and it told me I needed the latest update module for it to be effective. Naturally, I clicked update and everything was successfully installed so I must be done since this is a very old bug.

Wrong!

Another PcCillin check is run and of course, ms05-04 is still there. So I run update again and get prompted for IE 7 and one other update. I download the one and reject the installation of IE7 so I should be done with this very old bug.

Wrong!

So the next time, I download and accept everything since my default browser is Firefox and I don’t really care which Explorer is not being run. Now I think I ‘m done so I check with PcCillin.

Wrong!

The original bug is gone but a new one ms07-?? has appeared so I download a fix, but now I’m really paranoid so I run PcCillin again to make sure I’m safe.

Wrong!

The new check of PcCillin shows that I now have six vulnerabilities and I run update again. Finally, I run PcCillin and it shows perfect protection

Right??????????

Now this reminds me that at trial, the prosecution says the machine was updated so its protected. Obviously, everybody accepts that updating closes all vulnerabilities but nothing could be further from the truth. The other problem I have is what happened to the bug that opened this vulnerability in the first place. Is it dormant, is it dead will it reappear the next time I visit a government honeypot.

Remember, pictures, documents, logs, records and files are never really destroyed but can still be recovered by forensic tools so not only is everything I’ve done in the past being stored but everything I’m doing in the futer is also being stored waiting for the bugs return.

VMP’s or Vile Machine Probes!

October 10, 2007

Over the past several blogs, I’ve been reporting on netstat as a tool to find out who is connecting to my machine. I assumed up until yesterday that all of the Microsoft connections were beneficial updates and not data mining excursions. Now I know different. I was using both netstat and X-netstat 5.1 and in addition to (198.65.147.194) which I reported on in three different posts (1, 2, 3), I decided to check the rest of the connections from some sites.

First, I went to fatsavage.wordpress.com and found the ever present carnivore which you really can’t do much about. In addition there was the wordpress-Akamai services, the Snap tool, Google statistics and ltdomains.com which is also related to WordPress. In addition, there were connections from unknown.level3.net and Panther Express which is a direct competitor of Akamai and certainly wasn’t invited by ether them or I

When I went to this site (Tigerstail.wordpress.com), there were two connections from unknown.level 3 and Panther Express was gone. I went to a fairly non confrontational site and nobody bothered to monitor me except Google stats which is everywhere. I than went to fatsavage.com, home of the Fatsavage Shitlist of Law Enforcement Honeypots, and netstat lit up like a meteorite self destructing over Tunguska.

There were the normal connections by my blog host and Amazon and most of them used multiple connections to speed up the content feed but nothing like Carnivore from my local ISP. It tapped into my machine on 63 different ports at the same time. This is like the previously described hitbot on speed and I’m sure it was looking for hashed kiddie porn pictures which would identify the visitor as a pedophile instead of a libertarian protesting domestic spying.

This is not the first time I’ve witnessed VMP. I caught one site connecting on over 100 ports but was so stunned that I wasn’t quick enough to catch it on a hard copy.

VMP stands for Vile Machine Probes but is a direct tribute to Dr. Spock and the technical capabilities of the Vulcan Mind Probe. Of course the original VMP’s were dangerous because there was always a sharing of information and also a chance of physical damage to the weaker species. The same is true today.

By the way, I use a Firefox Browser on a Windows XP machine with updated PCcillin anti-virus and firewall. Once your using a Windows operating system, it’s splitting hairs to argue about who has the best antivirus.