Archive for the ‘Linux’ Category

Final Post

October 2, 2009

No – I’m not dead yet!!

This is a final post at Tigerstail.wordpress.com because I am tired of seeking knowledge and bitching about that which is. It is time to use my skills to develope the solutions to all of the problems I have discovered.

Join Me at jimmicap.wordpress.com

Advertisements

Live Linux CD -Dead Computer

February 19, 2008

It appears that linuxcrayon has the gift of prophecy or maybe just hard earned knowledge. I was using a Live CD to track the code on some disgustingly evil sites. Even though it was a Live CD on a minimal machine (no hard drive), I’m still in the habit of monitoring netstat to see who’s monitoring me. Now I was a little surprised to find that I had probes from carnivore and a couple of corporate spies watching me surf crap.

I wasn’t too worried as every time I turned the machine on it came back as a brand new machine with no tracks. On a regular machine with permanent programming, the Spyware is there the moment you turn the machine on so it’s pretty hard to find out where you caught the crap once you’ve got it. With a Live Linux CD, every day is a new machine with no history so you can start surfing while watching netstat and see where you get your invaders. If you miss it today you can try again after . Trust me, if you pick up military strength malware on a regular machine, you can never shake the crap so it’s tough to track it to the source.

Well pride about my cleverness came right before my fall and the knowledge of Linuxcrayon was predictive. I was using a Knoppix operating system and a Firefox browser and it started getting unstable. I switched to a DSL (Damn Small Linux) operating system and their proprietary version of Firefox. The stability lasted a few days and I thought that it was a malware injected into memory much like the Firefox Browser update which occurs every time you start-up a Live Linux CD and open the browser. But then everything went to hell.

I could no longer enter the Bios on start-up, Flashing and resetting the BIOS didn’t help and the system would not operate off line. So what ever damage was being done was permanent and not due to imbedded software. Then the machine just stopped working. Post card says my CPU is fried.

Well this noble machine had been through a lot. It started life as a windows machine which was slammed during the trial as I investigated various evidence sites which were still online. I gave the hard drive the lots wife tratment and replaced the CD drive and tried to rebuild it as either a windows machine or a LInux box to no avail. It was unstable. As a medium for running a live CD, the machine hung on for another 3-4 months doing reconisance on a lot of shit sites. and publishing the results. It was on this machine that I discovered Google Dorking 4 Kiddie Porn and exposed sites which should be Hacked to death.

Just for laughs, I have purchased a couple of motherboards and hope to return this box to active duty.

Why use a Virtual Machine?

February 9, 2008

Well their is good news and bad news about simple Virtual Machines. At it’s simplest, a virtual machine is just a live Linux CD on an old computer without even a hard drive. The one I’m currently using has a motherboard with a fried BIOs and an embedded Trojan but Linux does not rely on the BIOS and Trojans rarely are cross platform.

With a live Linux CD, you don’t need a storage area and with a gig of RAM, you can quickly surf without worrying about porn loaders or malware of any sort. The nice thing is there is no permanent record in hidden index.dat files or in log files written in geek. Shut the machine down and everything you did is gone including all cache files of images, cookies and history. Since possession of weird shit is the major crime and the easiest to prove with the un-erasable hidden files on your hard drive, you avoid that trap. Unbelievably, your hard drive holds a near permanent record of your surfing history and a copy of every image you have ever seen whether on purpose or not.

So on one hand you get some element of protection but on the other hand there is still information being conveyed to anybody that wants to spy on you. First, at the local level we have the FBI’s ability to spy on every private citizen in America. The powers of Carnivore and Echelon to track all of your surfing activity whether wired or wireless are incredible. I wouldn’t bet that a keystroke logger won’t work on a virtual machine. After all, my virtual machine uses an older version of Firefox which accepts an update and installs it in RAM. Not much different than accepting a keystroke logger with “ET call home” capabilities which would report on all of your surfing habits, emails, and instant messages. Since wireless intercepts are up close and personal and Carnovor is nestled at your ISP level, I’m not even sure that a proxy will help to hide your surfing activity because the spying is already done by the time you request reaches a proxy. (a keystroke logger even defeats encrypted URL’s)

This is one of those classic Mexican stand-offs. You will be observed and unless you are actually making kiddie porn or building bombs, I doubt that anybody would really want to explore spy technology at a trial because the Government’s technical capabilities of information gathering is probably being illegally used. It’s far easier to trash your machine, get you to a repair shop, and let you self incriminate as the courts have ruled that you have no expectation of privacy when you take a machine in to get it repaired so any evidence on the machine can be used to set you up. This is the biggest advantage to virtual machines- they dont go to repair shops.

While there is no evidence on your machine that you are engaging in dangerous activity, never assume there is no evidence at all.

I got a little bolder on my virtual machine and found out just how much information can be gathered from a virtual machine which allows cookies. (If you don’t allow cookies, you can’t explore many sites and as soon as you allow them there is information being transfered.)

Please check the comment section for an intelligent bit of information from linuxcrayon.

Vista; Resistance is Futile, Knowledge is Soporific!

November 24, 2007

Well my friends over at Vistasucks wanted to know what I think about Vista and what am I doing about an operating system.The answer should be obvious: Nothing at all.

I finally got Vista installed and even used Defender antivirus. This operating system is slow and I finally figured out one of the reasons was the daily backup which quadrupled disk usage in about a week. I’ll discuss the Vista shortcomings in the next few blogs and they go from banal to unacceptable and sometimes you can’t tell the difference. I mean is it banal or unbelievably unacceptable that the solitaire game cannot keep accurate score. This has to be indicative of a lack of market testing, and poor software control. If they do something stupid like that with trivial solitaire programming – what’s wrong with the rest of the system.

I’m not above self criticism, so about a month ago, I went back to my computer assembler and tried to purchase a brand new Vista Machine just in case the mistakes were caused by me during installation. He told me they no longer built them for inventory because everybody wanted XP but they would build them to order. So I had one built. I’ve forced my home to be a Vista enclave by giving away a perfectly good and almost new XP machine that I dreaded doing the upgrade on after my first experience. The second custom built machine has not even come out of the box as I have been too busy but since the house must be in order before the Christmas guests arrives, I have a deadline. The biggest change is I’m sleeping in later and no longer working from home because I don’t need early morning aggravation. As a result, my hobby blogs have been unattended for about a month. Vista is too much like work, it reminds me of the old Sinclair Timex machine with the memory always falling out and crashing the machine. It was cute but it still sucked.

For now it’s XP & Suse Linux at work and Vista ( mostly never used) at home. At work there are no issues of security or privacy. We are in a controlled industry and damn near every government agency in the world can get a court order to see what’s in our files or on our machines so we let them look without too much bother. Since I don’t understand the security of my Vista operating system at home, there is not much other than family pablum on it.

I was born free, I would prefer to die with my right of privacy intact and I feel that no operating system exists which will work to protect me. They all seem to be designed to a greater or less degree with some obscenity called “the National Interest” in mind. I’ve done the boring blog about Vista invading your privacy and the only reason XP is better is that there are more programs out there that work to protect you. Vista was probably released in the “National Interest” to provide usable trapdoors for the Feds because the XP vulnerabilities were all being closed by independent software developers.

As stated previously, Linux is still a toy and the open source movement is a disaster. (Open Office is dreadfully slow and there are now 33,000 images associated with the program.) I suspect thats whats wrong with totally open source is that every kiddie hacker in the world wants to add an image or their 2 lines of code and soon, the programs will grow to Bill Gates size with all the associated backdoors. There are probably a half dozen programers working at Homeland Security submitting clever code to add to the various Linux distribution which will make the system weaker.

I’m starting to think about alternate surfing technology and alternate operating systems which is why I’ve started blogging again. I can’t believe that there is not a way to once again surf the net with the privacy of a library. But in my heart I know:

Resistance is Futile, Knowledge is Soporific!

Google Proof Sites!

June 27, 2007

Logic dictates that there are sites so secret that they want to be anonymous. Obviously, the first level of protection from intrusion would be to not have anybody know you are there. On the private sector security level’ you would have to have a compelling need for domestic and foreign search engines to suppress all positive and negative comments about you to the point that proving your existence is difficult unless you type in the exact URL for the site.

I always try to checkout a website before I go to it figuring that there must be a lot of public information on most sites. I mean I Google it to see what people have to say, I look at aboutus.org for information and also alexa.com. I also run a few traceroutes to see were I think it was located and the probability of honeypots along the route. I also do a whois search. By the time I get to the site my main purpose is to rip the code as I know pretty much everything about the site.

Occasionally, I get served a whopper as the site automatically redirects me to a kiddie porn delivery machine which could send me to jail. ShockMeShocker.com was one of those mystery sites with a hidden foreign whois file but the traceroutes kept on tracking back to new York. About us said it had no code on the home page and Alexa said it had no traffic rank. When I ran an MSN search there was no information and when I Googled it, they said there were 118 references until I went to page 2 then it said there was only 20. The cache home page was not available. Searches from Europe and AOL were equally illusive.

My point is that not that this is just another government kiddie porn site that can send you to jail, but now we have American porn sites that are averse to publicity.

Go Figure!

Wrong On So Many Levels!

June 26, 2007

I just purchased five used hard drives for $50 to continue tracking domestic kiddie porn. I mean some one should expose (haha) these criminals. While the Feds are diligently pursuing old men and children who possess just one of these pictures, they are ignoring kiddie porn sites hosted in America and delivering their stuff to Americans.

These sites are well protected and you can get the list here. Now when playing the game, you’ll find dozens of ways to get attacked by spawned kiddie porn and it will come so fast, you will never be quite sure what is on your machine, how it got there or where it comes from, so that makes removal difficult.

As I said before, I’m really never sure if all the crap is gone and as pointed out by “on request” these virus are a lot more powerful and talented than most people give them credit for so more stuff could be hidden anywhere. The only solution I have to insure there is not one picture on a drive is the “Lot’s wife turned to salt” approach. This means I need a never ending supply of hard drives and anything above 4 gig is enough to surf the web and do research particularly when you have zero faith in the integrity of electronic storage.

Speaking of the lack of integrity of electronic storage, four of the drives that I purchased have been wiped, but one came from a police department computer and had never been wiped.

Fucking unbelievable.

This drive had a plethora of training documents, the names of four captains, Sergeants and coworkers, cookies that identify the officer’s bank, phone and electric company, the email account and more. Now cops are fairly stable so the five year old drive with all the info and the training manual plus a public newspaper to update department information and there’s enough background for Kevin Mitnick’s friends (The Art of Deception) to start dribbling down their chin. I mean it might not work in Washington but a move to the hither lands would probably get you a cop’s job or allow you to impersonate one for whatever nefarious reasons you dreamed of.

An even funnier use would be to load it up with kiddie porn from the era on an old machine with a rolled back BIOS clock, Then erase all index.dat files while leaving the cache file of kiddie porn pictures, remove the index.dat removal tool and wipe the tracks of removed files. Send this lovely package to the FBI and no defense will be possible. Leave Window washer, AdAware and Norton because none work very well to hide your surfing history. They will have another victim for a high profile persecution proving that no one is above the law.

So why fuck this poor cop who probably did nothing more that trust his IT Department?

Because it’s so fucking easy.

I mean why did the Feds fuck Charles Stefano at trial by having Shannon Perkins continuously perjure herself with obvious and indefensible lies?

Because it’s so fucking easy, they did, and they won.

This is all so wrong on so many levels.

Index.dat the XP-ress Ticket to Jail

June 23, 2007

In my review of Window Washer, my prime complaint was that it promised to bleach or shred all my sensitive data and wipe away my residual activity records including temp files, cookies, history and cache files. Promises from their website include:

“Window Washer cleans all aspects of your browser activity, including Internet history, address bar, cache, cookies, and more. Mozilla and Firefox users now enjoy the same online privacy protection that users of Internet Explorer, AOL and Netscape already enjoy.”

Yet when I ran an index.dat Analyzer search for all index.dat files, I found several that were not erased and left a pretty complete record of all my activity.

Now remember, the index.dat file is the ones used at trial to convict a person of having very bad taste. It keeps track of search terms, and sites visited, and also thumbnails of all images. This is a permanent record that takes almost a herculean effort to remove, and because it is so misunderstood, I’m not sure what the next generation of record keeping files looks like and whether that can be found or erased. Minimally, anything that index.dat Analyzer can find for free, the legal programs can do as well or better and the secret stuff used by the FBI, CIA and NSA is probably even better.

So needless to say, when I purchase a program that promises to protect me and it fails to do even the most basic job at the task, I get a little miffed. Quite simply, Window Washer failed to remove any of my images, surfing history or cookies from the index.dat files so the record of my surfing was near perfect for anybody that wants to find it. In essence, a near perfect waste of money.

Next we do an analysis of Tenebril GhostSurf

Drive Wiping Basics

May 24, 2007

When it comes to life you can either wipe or clean with a bidet. When it comes to a hard drive you can only wipe and on some days everybody knows that can be a messy operation and is sometimes not quite complete.

I use Iolo Drive Scrubber which is OK but it has limits and most of the limits have very little to do with how many times you wipe. They have to do with what you wipe.

Once again, lets start with forgetting all you think you know. A big magnet is not a Gaussian chamber and setting a big magnet on your harddrive is a waste of time.

The next question is how many times you wipe and my answer is why bother with more than one on any drive you know that is there. For instance when I mount Iolo Drive scrubber in my CD rom on my new computer, it locates an A and C drive and on my old computer it locates A, B and C drives. Funny thing is, my new computer doesn’t have an A drive and after awhile I got curious. This so called A Drive is inaccessible by Fdisk using Windows 98 and I can’t access it by any method I’m aware of. So one day I decided to wipe all drives and guess what, it exists and takes up space on the hard drive.

On a new drive you may not miss 1 gig out of 100 but when it reports your 10 gig drive is a 9, you have to wonder what is stored in the lost area. When you wipe an empty drive (i.e. The B Floppy drive) it tells you there is no media to wipe yet when you scrub the identified A:/ drive it wipes it.

So how many wipes do I use. Where I can search the drive myself myself and if it’s clean, I use 1 wipe with a zero overlay and confirmation. If I can search it myself and I suspect it’s got nasties on it, I use 7 wipes and a zero overlay. And in the area I can’t access, that mysterious A Drive, I use a 35 pass Gutmann wipe which doesn’t take that much time on the much smaller space. Even if it’s only a light 1 pass sweep on the c:/ drive, I do 35 passes on the so called A:\ drive because I don’t know what’s there and I didn’t put it there.

So do I consider my drive clean – not if my life depends on it.

Seems theirs another nasty piece of work called “Dynamic Drive Overlay” or DDO which creates an “unwipeable” area on your hard drive. This survives operating systems changes from Linux to Windows and back, F Disk, Formatting and Drive wiping.

More about this when I learn to hack that crap and properly wipe myself.

PS When The drive content scare me – I drop it in a bucket and cover it with muriatic acid. Do that outside because this creates a real stinkpot.

Click a Link – I Dare You!

May 19, 2007

Did you ever wonder how much information you give away when you click a link? Now the following link is kind of explicit and maybe anybody who clicks it ought to be in jail for stupidity alone. After all, it comes from a porn site and is offering links to top ten porn sites, girls gone wild, bisexual women, hot single woman, nude strippers and:

Sexual Child Abuse

Now obviously, it’s from a honeypot and whether out of moral values or fear of the law, you should never click a link until you can read the code underneith. The above link was made live with the crap from kahaity.front.ru which is close enough to kiddie porn to get in trouble with the Law. The following code has had the identification altered just incase the identification number was tied to me and my machine. So here’s the code that carries the information to whoever operates the server.

href=”http://femalesex.com/Sexual_Child_Abuse.cfm&
pt=2&
vid=—7-51-055_-X04X969-31447&
rpt=2&
kt=5&
kp=2″
target=”_top”
onmouseover=”changeStatus(‘Sexual Child Abuse’);return true;”
onmouseout=”changeStatus(”);return true;”
title=”Sexual Child Abuse
id=”sk2″
name=”sk2″ >Sexual Child Abuse

The opening (a) and closing (/a) have been omitted inorder to read the code. Do what you want, but I would never click a link from a honeypot that changes my status to “Sexual Child Abuse” I may click a link to teens, young or otherwise to rip the code, but anthing that clearly says “Sexual Child Abuse” on a porn site cannot be interpreted in more than one way.

There are just some thing’s in life that I really don’t want to see or know.

Stalking the Carnivore.

May 13, 2007

Never believe that the FBI’s Carnivore is extinct. Like any other animal it actually leaves tracks while stalking you. This program is done in cooperation with your local ISP and for some reason contact is made through them. This is like a lion using a gazelle as a front to stalk a human.

It seems if you are using Norton Internet Security, your very first on line update is controlled through a contact with your local ISP. If you’re using Pccillin, you have incessant messages that your local ISP is attempting to make contact with your machine through a wireless connection – even when your using a LAN

The real proof comes when you check your Virtual Server Setup on your Internet router and all of a sudden the epiphany hits and you want to puke – not out of fear but disgust at what your government is doing to its citizens in the name of security.

A virtual server is a method of partitioning your hard drive such that every partition can operate as an independent machine. Each server will have it’s own full fledged operating system and each server can be independently rebooted. Remember when I complained about sneak a peak warrants and someone turning on my machines. Remember when I complained about by rapidly shrinking hard drive. Seems all those other independently operating servers take space and can be rebooted by their controller without being present. No shit this explains it all.

Right now my machines are set up by someone other than me to allow traffic from Virtual Servers through a private IP of 0.0.0.0 which you may recall is the IP on the router which bypasses the firewall. I have virtual servers to handle FTP (Ports 20/21), HTTP (port 80), HTTPS (port 443), DNS (port 53), SMTP (port 25), POP3 (port 110), and Telnet (port 23). Hey those are all pretty normal servers and the Russian mafia might want to use them.

How about i2eye (port 1720?) This is patent pending technology from D-link which happened to manufacture my router which is designed originally for enhanced streaming video technology to Televisions so I’m not sure why its on my machine as I have never knowingly downloaded a audio or video, and don’t have a TV card. Also, I reset the router to factory defaults three times in the past week so none of this crap should be on it.

Of course PPTP was enabled through port 1723 which allowed the virtual machine to operate on point to point contact basis through a secure channel using IPSec on port 500. No wonder I can’t figure out how to find out whats stored on my machines or how to remove it. The machines have their own operating systems, have encrypted content, unique encoded keys and are immune from programs which can snoop on them.

How do I know it’s Carnivore. Easy.

DCS 1000 is also on my machine operating through port 80. This is the new user friendly name for the FBI’s Carnivore which sounded too much like a predator.

With all this shit on my machine, it’s hard to tell what is real and what’s not. Have I been getting valid research and making actual posts or just looking at the results from virtual servers on my own machine?

And I thought The Truman Show was a fucked up movie.

Post script. So in order to get the post on line I wiped out all of that shit and reset the router while it was off line. It added NetMeeting at port 1720 and DSC-2000 to the virtual server list – Cool Technology??????