Hey I Like My Kids Music

September 8, 2012 Just Interesting
No comments

Well that can’t be right, but it’s true – my eldest loves Green Day and for once in his life I think he’s right. Yeah I know you’ve all been listening to this for years – but it’s new to me !

Not sure what genre it’s called now but to me it’s intelligent Punk rock.
Awesome video and reminded me why I enjoyed being young but don’t want to go there again.

Jesus of Suburbia is wonderful, great punk rock plus a story and (fuck me) a real message……..

Makes me feel young again….except I keep worrying about who will have to clean those walls again!

BitTorrent Monitors – You Are Being Spied On

September 5, 2012 Just Interesting / ninja
No comments

It’s no great surprise to me, but at least when it gets covered on the BBC News then more people will believe it’s true. We are not anonymous online and in fact there are people actively tracking and spying on us for a variety of reasons. The BitTorrent story is related to a study completed by Birmingham University, who concluded that anyone using the file sharing service BitTorrent was being monitored.  The study is published here – The Unbearable Lightness of Monitoring: Direct Monitoring in BitTorrent

The study points out that there are at least 10 large monitoring firms logging details of illegal downloads using these sites.  If you start downloading a pirate copy of a popular film or album, your IP address will be recorded within 4 hours by these firms.  So if you don’t fancy being on a list of individuals guilty of copyright theft sitting on the desk of some sneaky litigation lawyer – then you’d better be careful using torrent sites like this and Pirate Bay.

So why are these firms doing this?  What are they actually planning to use these huge lists of illegal downloaders for?   Well there’s probably a certain amount of ‘just in case’ – the data could potentially be lucrative so they are grabbing it now.    The biggest clue comes in the various court cases that have appeared over the years – one of the most famous being the slimy bunch from – ACS Law.

This UK Law Firm obtained thousands of these names and IP addresses from the ISPs of individuals who’s computers had been used for downloading illegal copies of films (mainly pornographic).  Instead of taking them all to court for copyright theft, they decided to send each and every person on the list a demand for a sum of money usually around £500 in order to stop any further action.

These threats were often a complete surprise to the receivers,  they included the list of the films that were downloaded illegally.  Often they would know nothing about these films because of course the person who received the letter was merely the person who paid the ISP invoice.  So grandparents were receiving letters about downloading illegal porn films that others had downloaded using their connection.  Fortunately this horrible practice was eventually stopped but not before thousands had paid up to these threats.

Take a look at these logs which were what the solicitors had obtained from the ISPs.

It’s a new business model for the porno industry.   Instead of making a cheap, low budget porno flick and sell it online for a few bucks – you monitor ISP logs and then blackmail anyone who had downloaded a pirate copy.   I mean even the innocent are going to have some nerve to stand up and defend themselves from the charge of downloading a pirated copy of “Freddie’s British Granny F*ck Volume 1″ !!  No of course I didn’t download it dear, don’t you believe me !!!!

So don’t use Torrents if you’re going to download pirated stuff, there’s a whole army of commercial lawyer leech types waiting to track you down if you do.  It’s very easy for them to pay a firm to monitor the downloads of files from P2P sites – they can see your IP address in  the Peer list of the tracker or even just join the download when they’ll directly connect to your computer.  Your IP address (and hence your name and address – check this) is then directly linked to the illegal download and you’ll be on a list like the one above.

Use proxies and security software like Identity Cloaker to protect your self and hide your identity.  There are also a few Private Usenet feeds you can subscribe to with SSL to encrypt your connection – like Astraweb and Bintube.

 

Finding an Australian Proxy

July 15, 2012 TV
No comments

If you’ve ever had a need to find an Australian proxy then you’ve probably discovered that it’s not easy. Actually finding a decent free one is pretty much impossible – believe me I’ve tried. The reason I’ve tried is that I have a few friends from Sydney who are working in the UK for a little while and they really miss their TV shows and news from ABC (the Australian one). Now normally I wouldn’t be arsed about this – from what I’ve heard Aussie TV is pretty awful. However this bunch are great and I guess you get homesick so I wanted to try and help them out.

To access the shows and stuff on ABC they have a system a bit like BBC Iplayer but their version is called IView. It only allows you to stream shows not download them and unfortunately like the majority of these sites – most of the content is Geo-Blocked. Basically it means that if you connect from outside Australia then you’ll get blocked from viewing.

Blocked to copyright reasons, digital rights – blah, blah, blah, which is what you’ll get for any non-Australian IP address. So you need to view using an Australian VPN or proxy to watch most of the content on the ABC site. If you want to try and find a free proxy to use then this site is probably the best chance – Proxies filtered by country. I looked for a few days and never found one fast enough to stream video unfortunately but you might be luckier.

The other free option I looked at was to use TOR and Foxy Proxy. Basically this has the same problem with finding an Australian exit node which works well _ I’d give this a miss unless you have about 10 hours a day spare (every day!).

After making some calls I discovered that one of the main reasons that Australian proxies are so hard to find is that bandwidth costs are extremely expensive in Australia and so running an open proxy will get extremely expensive very quickly. These costs unfortunately are reflected in the private companies who offer these services as well – they’re either very expensive or completely overloaded. The vast majority don’t even bother with Australian servers due to the high cost.

So I’ve highlighted two companies which offer the best deals – both offer very reasonable subscriptions and short term/trial options which don’t lock you into automatic subscriptions (which many do!). They both also include Australian servers as well as servers in loads of other countries – e.g US for American sites like Hulu, NBC and Pandora and UK for the BBC Iplayer. Lots of other countries included for free as well.

Don’t sign up for a long subscription with anyone initially. There can be routing and speed problems to Australian proxies from some ISPs – you should check with a trial or short account first. Although check out the Aussie sites you need first, ABC for instance seems to change – some of the content is accessible to anyone a lot of the time. Check first that you are actually being blocked – you might save yourself some cash :)

Australian Proxy/VPN Recommendations.

Anyway I checked a load and these two are way better than everything else I looked at.

Overplay – Nice interface, reasonable price, special Australian configurations and loads of other countries included. If you want the most countries included – no one else is close to these guys.

Identity Cloaker – Have now added some Australian proxies to their subscription, they have more servers but in less countries (focus on UK and USA servers). Worked very quickly with the latest version of Identity Cloaker software. Use the 10 Day trial to test, very good support.

Higgs Boson Update Video

July 6, 2012 Uncategorized
No comments

Well I posted about the Higgs Boson on Wednesday and it happened.

Fantastic news – if you have kids tell them about it!!  It’s inspiring stuff, wonderful, incredible science….

 

Higgs Bosons Wednesday

July 3, 2012 Just Interesting / technology
No comments

I am here sipping my cheap grade Whiskey (run out of the good stuff), just about to go to bed and suddenly remembered – HIGGS BOSON !!!

Rumours are they’ve found it, or perhaps found some evidence it may exist….. but what ever they’ve found to prove or disprove the ‘God Particle’ will be pretty incredible.

1960s God Particle

This is a picture of Peter Higgs,  who predicted the existence of this particle in the 1960s.  His predictions and perhaps dreams may about to become true….

Watch the news tomorrow – there might be the most incredible news !!!!!

I’ll probably have a lie in though……..

An Introduction to SSL

July 3, 2012 security / Uncategorized
No comments

Now I’m sure we’ve all bought something online or done a bit of internet banking.  If you have you’ve probably noticed that little lock picture in the corner of your browser somewhere.But I wonder how many people know what it means and what that little lock signifies.  Well if you’ve ever wondered, then let me explain some of the basics behind SSL and exactly how it works.

To begin with – SSL actually stands for Secure Socket Layer.  It was developed in the Mid-90s by a company called Netscape.  They owned a popular browser of the time called Navigator which was actually the first browser to allow secure and safe ecommerce functionality.  Up to then it was rather a large drawback that your communications should be spied on with the minimum of fuss.  Often it wouldn’t matter but if you were transmitting a credit or debit card number or some other confidential information – then you were risking a lot.

Netscape were well aware of this and what they designed was a new protocol.   That is a way for two different computers to talk to each other, however this protocol was different – the communication was encrypted in transit so they couldn’t be read by anyone.  Making the communication secure and ensuring that whatever information that was transmitted was safe. This was especially important due to the distributed design of the internet – your data could pass through hundreds of hops before it reached it’s destination. Without encryption anyone could just sit on a European, US or UK proxy server and analyse your data.

This works by the owner of the web server, obtaining something called a digital certificate from a company known as a Certification Authority or CA for short. Every certificate is unique and is linked to the company who issued it, this link eventually leads to the Root CA.

So each browser has access to a list of these CAs which are considered safe and secure.   So when you make a secure connection to a web site that owns a digital certificate, your own browser will look up the chain of command and check the validity of each certificate.  If the browser goes all the way back to the Root CA and still doesn’t find the certificate listed then you’ll get a warning that the certificate is not a trusted one.

Public Key Exchange

When a certificate is not trusted then you won’t know for sure if the information listed e.g. company name, address etc is valid.   Trusted Certificate Authorities (CAs) verify all the business and contact information for you. However even if the certificate is not trusted and the contact information unverified, at least the traffic from your browser to the web server is secured.

The next stage after the browser has established the certificate’s trust or you confirm you’re willing to trust it anyway is for the two computers involved to exchange keys.
A ‘Key’ is just a very large number which is related mathematically to another number in a defined way.  The form in which these two numbers are chosen is quite complicated, in fact an explanation of the process involved is likely to start something like this -

Agree on a finite cyclic group G with a generating element g in G.”

Unless you’re very interested in the cryptography behind these calculations, it’s probably just to consider it ‘magic’!

Each of the computers will create it’s own set of two keys.  Because of the special relationship of these two keys, any data encrypted with one key can only be decrypted by the other key.  One key is kept as a secret whilst the second is sent to the other machine.   After these keys are exchanged, each of the machines uses it’s own secret key and the key sent by the other machine to encrypt all data communicated between them.The same process is repeated at the second machine, which will decrypt using the two keys it has.

Remember the keys will only work to decrypt data which has been encrypted with the matching keys.  Each machine knows that the message came from the known source and was only intended for this machine.This effectively secures the data and ensures it cannot be intercepted.

Hope that clarifies a little – if it didn’t well I tried !

 

 

Internet Monitoring – UK Snooping Plans

June 14, 2012 security / technology
No comments

The UK Government have decided to take some lessons from the likes of China, Iran and Syria and started implementing increased internet surveillance. It often seems to happen when Governments are having a tough time they roll out the ‘tough on terrorism’ plans and start telling us how it will catch criminals and keep us safe.   After all it sounds good and is easy to implement – even though for the most part it’s completely pointless.

Under these plans, Police, the Government and intelligence agencies will be able to access data on all phone calls, emails, internet useage. They will be able to read through your web mail, Facebook messages, Linkedin posts, forums and gaming boards – just about anything you do electronically will be accessible to these people.

The Metropolitan Police Commissioner says -

Put simply, the police need access to this information to keep up with the criminals who bring so much harm to victims and our society.

Sigh……

What they will have is data and information on people who are doing nothing wrong. The criminals will be using SSH encryption, VPNs, secure proxies or they will simply just use other peoples Wifi connections. The only criminals you’ll catch by this incredibly intrusive internet snooping is thick ones who you should have caught anyway.


For instance I’m quite a careful driver however I live in an area where the Police force seems to have one single aim in life to catch people who exceed speed limits by three miles an hour. As such I have quite a few penalty points on my license which I’m not altogether happy with.

However I know several speed obsessed, thrill seekers who drive like they are on the Le Mons racetrack who have absolutely no points at all. Do you know why – it’s because they all have Warning systems and Radar detectors things in their cars. As such the only speeders that get caught are dozy ones like me who occasionally drift over the limit by a tiny amount.

This is the reality – and in this case too there are lots of easy ways to avoid this surveillance.

All this rubbish about a ‘Total War on Crime’ is just an excuse to further erode our privacy and civil liberties.  For example if I use Identity Cloaker then nobody will be able to see anything I do online, my data is encrypted and all the logs will just contain my fake IP address from the Identity Cloaker proxy server that I use. The logs on those are deleted almost instantly so that makes me just about invisible online.

So what’s to stop a terrorist using any one of these security systems ?

Nothing which is why the British Government will be left spying on ordinary people. That’s going to win the war on crime isn’t it?  Of course if you snoop on enough people for long enough I’m sure you’ll catch some people doing something illegal. But is it worth the cost, are we really expected to believe that this data won’t be routinely accessed to build profiles of individuals.

At the moment, the police can access this information anyway, however they need a warrant from a judge. Of course a judge isn’t going to issue these on the basis of ad hoc requests and idle snooping – which is exactly the way it should be.

We all know these powers will be abused, even if the police and intelligence services only exercise these rights in extreme cases (yeah right) – you can be certain that databases will be hacked, logs left on trains or USB sticks dropped in taxis.  All the time the criminals will be not remotely be worried as they will be the only ones not being monitored.

The New Identity Cloaker has Been Released

June 7, 2012 Uncategorized
1 comment

Well it’s finally happened – they are over a year late, but the new version of Identity Cloaker has been released. I was going to post a review but I’m afraid I got sidetracked listening to Rock tunes on YouTube.

Ok and I had a couple of beers too – the review is coming, it’s an incredible program. But in the mean time – it’s ACDC …..

But check in here soon – I’ll have a serious breakdown of the new version of Identity Cloaker.

What is a Web Proxy Server?

June 1, 2012 technology
No comments

A long time ago, at least in the context of the Internet – we used to call proxy servers –  gateways. In  fact the first WWW gateway was created at CERN by the World Wide Web team led by Tim Berners-Lee.  Yep that BernersLee – the man who invented the World Wide Web !

So how can we define these gateways, what do they actually do?  Well the most common description is that they are devices which forward packets between different networks.  Of course sometimes these networks are fairly different so the gateways need to translate protocols before they forward them on.  The difficulty here was that two distinct types of devices were being grouped together under the title – gateways – which needed defining.

The first type were Internet gateways which acted both as a firewall and a gateway to the internet.  These would sit in front of secure private networks and allow access both inbound and outbound – these were defined as proxy servers.  The other type were information gateways which usually acted on behalf of a server rather than the client.  These were defined as ‘gateways’ although some call them reverse proxies just to keep it slightly confusing.

So there are even quite a few different type of proxy servers, ranging from the one page web proxies you’ll find on loads of web sites, to big corporate proxy servers which you use to access the internet from work or college.

There are however some common properties that all proxies should share -

First of all they should be transparent.  That is to say they should not affect the end result, the client should receive exactly the same result from the web site whether you use a proxy or not.

Second, the decision to use a proxy should be instigated and controlled from the client.  Although in most corporate networks this is true – the use of a proxy is normally hard coded in to the configuration.  Most Windows clients will enforce the browser to surf through the corporate network.  Next time at work or school if you look in your browser under connections you’ll probably see a proxy server address set here which you cannot alter. (Under IE you’ll find it under Internet Options/connections/LAN settings).

Finally the last main property is that the destination server or web site should be completely unaffected by the use of a proxy server.

These three definitions are however slightly under threat particularly because of the increasing use of geolocation.  This technology targets and controls content based on the geographical location of the client. However if you surf through a proxy server, then it is the location of  the proxy that determines what you can access or see.  This is why proxies are becoming so popular – if you have access to the right proxies you can access any content you like.  For instance if you want to access BBC Iplayer and you live outside the UK you’ll have your access blocked.  However if  you connect through a UK proxy server, then you’ll be considered a UK surfer and be allowed to use it.

Proxy Avoidance – An Introduction

May 17, 2012 content filtering / technology
No comments

So what does this mean to you? Proxy avoidance? Aren’t proxies used to help you keep your privacy – why would you want to avoid them.   Unfortunately there are some proxies you really should be looking to avoid.  Just using a proxy means absolutely nothing, it’s a bit like saying you are environmentally aware because your car happens to be colored green.  Proxies can enhance security but equally they can also be used to steal all your details and finance a Russian cyber crime gang’s Christmas party.

Bloody Spoilsports !!

 

So should you use or bypass a proxy server – well it really depends on a couple of factors – who’s running it and how it’s set up.

For instance I recommend a couple of proxies/vpns on this site – both of them don’t keep logs, they don’t monitor traffic and delete pretty much everything.   However this is not the case for the vast majority of proxies – some are actually designed to monitor you and control what you can or can’t do online.

The one thing you should remember is – that if you use a proxy server, then all your data is being channeled through that server.  Which is why most businesses make sure their employees surf the internet through a proxy.   They control and configure the proxy so that they have full control of what you do online on their time.

So let’s just be clear, if you are being blocked from accessing your favorite site at work, school or through your ISP, it’s probably because you are being forced to surf through their proxy server.

In this case you will also be requiring one of these if you need to avoid this particular proxy -

Luck – or rather some incompetence. If your client, browser or proxy security is set up badly, it can be fairly easy to avoid a proxy server.

Technical Knowledge – always helps but if you want to bypass the sneaky IT department, the more you know the better.

Security Software – programs like Identity Cloaker have special functions to piggy back existing proxy servers or bypass firewalls. Nothing guarantees that you by can avoid a proxy specifically designed to control your internet access but it’s usually possible.You can always test theories out – for instance the free – trial version of Identity Cloaker allows access to a selection of websites including Facebook.    This site is often blocked by content filters or proxies (usually because people are liable to spend hours on it!) – so test out to see if it works in your environments – the free demo version can be downloaded here

Remember a proxy server set up in your work or college – is acting as an intermediary for each client on the network.    As such it knows and records every single site you visit – so if you’ve got something to keep private – don’t do it at work !! Unfortunately there are lots of different ways that proxy servers can be set up, transparent, caching or anonymising for example.  When proxies where first used they were primarily used for speed. They would be set to cache requested pages – so when another client on the network requested the page it could be delivered locally.  This would mean that you would only need to download a page once and then served when required.

They are now used for a whole lot more – a proxy is a vital tool for controlling and configuring access to the internet for any client.  You can use a proxy to block, filter or simply monitor any request passing through it.  Have a look at your broswer settings at work, if set up properly you should be blocked from manually changing the settings.   This is a simple first step in making sure that any employees cannot avoid using the proxy server – secure your proxy settings in the browser.  If you’re using Windows then this is normally used by using Windows Group Policy Objects which can tie down all security settings on your client.   Generally not only will this stop people fiddling with their settings, but it will be backed up by firewall rules.   The most common rule set would be that outgoing web traffic is only allowed via the IP address of the official proxy server.  Which is why most people get stuck when trying to be a proxy ninja on their school or company network.

In addition to the installation of a proxy server, most organisations now are rightly paranoid about ‘nasty stuff’ on the net, and so they utilise some sort of additional content filters.  The most common one I’ve come across is from Websense but there are quite a few different ones.   These will monitor online all the traffic and URLs, and block or log according to specific rules and algorithms.  These filters are generally installed on the ‘wire’ and will have access to all traffic on the network.   There’s only one real way to beat a decent filter and that’s to stop it analysing what you’re doing – that means you must use encryption.

It can be via SSL, a VPN or like Identity Cloaker which uses Rjindael-AES 256 bit Encryption over a SSH connection.  It’s difficult to summarise what situation you might find in any specific environment.  In any vaguely secure environment you’ll probably find most stuff I’ve mentioned being implemented.

Of course us Ninja surfers can get round all these issues.  Normally it’s not that hard to do usually becuase of the way a security measure has been implemented. For example you’ll commonly find Internet Explorer locked down very tightly stopping you doing anything.   But then the rest of the client will be neglected and a user can often install a different browser like Firefox which has no such restrictions!!

If an organisation hasn’t stopped you installing a new browser on your PC then it’s unlikely they’ve created any security templates either.   It’s not uncommon to see surprisingly – a super locked down version of IE alongside a completely unmonitored copy of Firefox.  Of course before you start messing around with the Internet at work or college, you should consider your position.   Check out your Internet Use Policy and see what you’re allowed to do – is there something that says you can’t use another browser for example !

It’s a big subject and I’ll cover some more specific scenarios in future posts.  I’ll mostly use Identity Cloaker as it normally has the functionality to bypass most corporate blocks and filters but there are others.   Don’t bother messing around with stupid online web proxies though – they won’t work unless your network admins are particularly stupid.

← Older Entries
Newer Entries →