Yesterday, I wrote an article on a project being funded in the UK to snoop on private netizens “just to make sure” they’re behaving themselves. I also touched briefly on some ways to protect yourself and keep your communications private. Well today, I’m going to go a little more into details on setting up a crypto system on your laptop or PC to make sure all your messages are only read by the people you want to read them.

OK - so you’re sat in front of your laptop eager to start. The package we’ll be installing today is called GPG (Gnu Privacy Guard) which is a play on the original standard, which was initially introduced by a program called PGP (Pretty Good Privacy). So first a quick outline of what PGP is, and how it works:

Read the rest of this article…

£1 Billion has already been ploughed into a monitoring system in the UK that could make every user of technology in the country a target for Big Brother.

The system, based in a building in Benhall, and reported by TechSnake in July, is being funded to intercept all email, SMS and internet traffic to the tune of £12 Billion, once running. Reported in a post on the This Is Gloucestershire website, the move has caused councillors and MPs to question the Government’s morality.

I, personally, can’t believe what is happening. In a modern society too. It is the civil right of every person to have private communications with each other without the government spying over their shoulders. This typical attitude by government agencies is of course wrapped up in the “threat of terrorism” cliché, that is starting to wear just a little too thin. Preventing terrorism is important, but not to the detriment of every other law-abiding citizen. The fishing net mentality is ridiculous - the process is already in place whereby a government agency can get a court order to track individual’s messages for potential terrorism involvement - the government doesn’t need to employ this level of privacy invasion. So what can we do about this - in the UK and globally?

Read the rest of this article…

A post graduate master’s degree is available to students of the Abertay University, in Dundee, Scotland. The Master’s is being offered as a gateway into the security sector, with coursework enabling students to test security vulnerabilities, whilst at the same time learning about common techniques people use to gain unlawful access to computer systems.

I can see the real benefit in using this tactic to educate people - after all, all the big companies have been hiring people who hack their systems for years, to better understand how to improve things behind the scenes. However, the whole language behind the course (it’s even called an “MSc Ethical Hacking and Computer Security” course) makes me cringe a little bit. But then a course called “Ethical Computer Security” isn’t going to get as much press!

The Hacker from Blighty, Garry McKinnon, has recently lost his most recent battle to prevent his expedition to the US on counts of hacking.

Gary, who is being charged in excess of $700,000 in damages, is taking his case to the European court, which is expected to take at least a couple of years before it’s looked upon again. Originally charged with hacking into the NASA computer systems, the damages really amount to the cost of upgrading their systems (and user’s education you would imagine) to counter future attacks. Surely NASA should be shaking his hand, giving him a paycheck and patting his back for showing them how to improve their systems, after accounts were hacked using the most obvious methods possible: Administrator accounts without passwords, or default passwords, all available over the net via a terminal services connection. That’s like making a guy who punched you in the face to not only pay for the surgery to your teeth, but also pay for a couple of bodyguards, and karate lessons for you, to ensure you were more prepared in case somebody else tried their luck. I’m sure we would all want it, but is it really justified??

Terry Childs, who I recently reported had been accused of locking the “FiberWAN” system for San Francisco’s local goverment, has given up the password to allow people back in. I guess the pressure just got to him in the end - I have visions of government workers with towels and jugs of water working him over to spill the beans!

What started out as a bit of a “misunderstanding” quoting his lawyer, has been resolved. We will wait and see what the court decides as punishment - which hopefully won’t be on the same level as the ridiculous $5 million bail.

The UK’s government are currently “undecided” as to whether they should have a database that records and tracks every email, website or telephone conversations the UK public make.

What is given another “to stop terrorist activities” reasoning is again interfering with normal innocent daily lives. It’s the general public that are going to be spied on, not the terrorists. How many terrorist’s do they think they would catch, baring in mind that potentially 65 million people would be victimised? All your private communications that are your right as a citizen to be conducted in any way you see fit, stored on a system to be read or listened to without your permission? It seems a little backward and completely open to abuse.

And of all the terrorists using email, visiting websites, or talking to each other - the vast majority will already know about the law and put a very simple layer of encryption in place to protect themselves. And as most of you know, this is not difficult, even with a very basic knowledge and Google at your fingertips, you can be completely anonymous within minutes. It’s just shows the lack of understanding and information the government has when it comes to technology. I don’t know whether to blame their advisers or their own stupidity, but either way this sort of Big Brother attitude can’t be allowed to continue.

Being a sysadmin, I know the power our profession wields. I also know that there are a lot of unscrupulous people. The combination of the two are very rare, in my experience, but with this story it’s strange how badly this guy’s employers got it.

City worker, Terry Childs, was employed five years ago. He had spent time in jail, and also had counts of aggravated burglary and aggravated assault. He was put into a position of power with the City of San Francisco’s new FiberWAN network - a system which holds 60% of the city’s data. After a falling our with the head of security, Terry Childs allegedly decided to lock the system down with a master password - which only he knew. When confronted with the problem, he gave up a password which didn’t work. He was then arrested. As if this wasn’t disconcerting enough for the City, it also appears he has been paid his wage whilst sat in jail!

According to the mayor of the city, the city is still able to function - although they have called in experts from Cisco to hopefully sort the problem out. Childs remains in jail on bail of $5 million.

Every now and again, two of my favourite subjects come together (No, not blackmail and hard discs) - Technology and Motorsports.

Formula 1 star of the McLaren-Mercedes team, Lewis Hamilton, has been the focus of a blackmail attempt by a man in Germany, named simply “Dieter.” Dieter somehow obtained a hard drive, that had supposedly been disposed of some months before, that contained documents and other personal information. For those who are unfamiliar with the McLaren-Mercedes scandal of last year, the team were found guilty of using secrets from another team to improve their own car - and this hard drive could possibly had more such evidence on it. Trying to sell the hard drive to the German motorsport magazine, “Bild”, Dieter was arrested by police after the magazine tipped off the authorities, as reported by the Daily Telegraph today.

So how do you properly and permanently remove sensitive information from your hard disc?

Remember - when you delete things in Windows the data is usually still there - just because you can’t access the information doesn’t mean somebody else won’t be able to. The very nature of deleting a file just means renaming the first character of the filename, to let the system know the space it takes up can be used for new files - and the data is still there until new files are written in the same place. And even if the space the file used to occupy is overwritten with different files, there are techniques that can be employed to find out what used to be on the surface of the disc. Once you know this, you need something a little better than the recycle bin in windows to remove your sensitive data, and there are three methods you can use to do it:

The first way is with a program that allows you to securely delete files - rather than by using the recycle bin in Windows, download Eraser. It has a drag and drop interface that allows you to do a multiple-pass wipe so that the bytes the file occupies get overwritten properly, making it practically impossible to retrieve the data that used to be your file. Amongst others, by default, it uses the “Gutmann” method of wiping that employees 35 separate passes of specially selected data to make sure nobody can retrieve the information, chemically, from the drive. This should be enough if you just need to remove the odd file that’s a bit sensitive. It is geared towards doing things in batches, so you could drag files you want to remove into the program and before you log out, process them all in one go. This takes care of single file deletes.

The second way is a little more abstract, and Eraser is up to the task of removing this type of data too. Remember when your files are removed, they aren’t actually erased, the space is allocated back to the system to write files into? Baring this in mind, all the files you’ve deleted previously, will have data scattered all over the drive, in places ready to be overwritten, but for whatever reason the system hasn’t got around to using yet. So the second method is to wipe your free space on the drive. Every byte that isn’t allocated to a file will be subjected to the same rigorous treatment, using the same methods.

When you’ve come to the point when you’re ready to throw the hard drive away and want to be sure there’s nothing left on it, the last method to remove data is to wipe the whole drive. And the best way to do this is to melt it down! Failing that, if you don’t have a kiln in your house, try DBAN (Darik’s Boot And Nuke). Download DBAN, burn it to a CD, boot from that CD and you will be able to wipe any drive in the system with multiple passes of random data. Eraser, above, also supports wiping whole drives and can create a “Nuke Disc” to boot from. DBAN, however is a personal favourite, and I’ve never had problems with using it. This should securely remove the data - although of course, nothing is as secure or cool as melting it - plus you get the added advantage of doing something cool to video and put on youtube!

Those of you who use the McAfee SiteAdvisor plugin for Firefox, will be aware of how McAfee are helping to protect users from malicious sites. The plugin notifies users with a simple colour coding that allows users to visually work out if a website has been reported for malware or spyware attacks. The plugin works with community support - reports being fed to McAfee from users with comments posted on the site’s page detailing the problems they faced.

Well now, McAfee have teamed up with Yahoo, to do a very similar thing on their search results. When you search for a term using Yahoo’s engine, there will be an indication next to the site that identifies it as malware/spyware, if it’s been reported that the website has been up to no good. This should hopefully prevent people from clicking on the link, or at least, make them find out why the site has gained such a reputation. If you already have McAfee’s SiteAdvisor plugin installed, all search engine results are automatically checked anyway, so you won’t gain much. And you have the added advantage of being notified of a malicious site when you’re browsing it. At least the Yahoo deal is a step in the right direction. Read the Yahoo! press release.

Thruvision, based in Oxfordshire, are to show off a new product, the T5000, that can see if people are illegally concealing items. The system can pick up on various materials that have a different “signature” to the human body. Items made from substances such as metals, plastics, gels or even explosives will be picked up by the T5000. You can have a look at some of the features of it’s predecessor, the T4000 [here].

Of course if you happen to be carrying personal things legitimately I guess it will pick up on those too. And the best thing about this new system? It’s non-invasive or “passive.” That’s secret agency speak for “you don’t know you’re being scanned.” The initial idea is a great one, but as with all of these things, it shouldn’t invade on citizen’s normal rights to walk around. We want to feel safe, but scanning everyone by invading their privacy in the hope of catching that one possible terrorist seems like stretching the imagination a little too far. [SHOW ME]