Sometimes your need to use the Internet, but you have a connection you can't exactly trust (coffee shop and hotel wifi come to mind). In other situations you may feel a need to hide your real IP address, possibly for security reasons.
There are more than a few tools which you can use to do these sort of things. This post will focus on some of the more popular tools. I am assuming that you are both running Unix of some kind or other, and know how to use it. There probably are equivalent tools for Windows, but I am not familiar with them.
I am not going to tell you exactly how to install each and every one of these tools, because it varies from system to system, but I will provide basic information about how to use them. I also suggest verifying that things are actually working before moving any sensitive information.
Additionally, these tools only work for TCP connections. UDP will not work.
SSH Tunnels
If you have a Unix system, you probably have SSH installed. People usually use it to connect to other machines (pretty much as as an encrypted replacement for telnet) or to copy files from one machine to another.
SSH has a feature that even extremely skilled people are not always familiar with. You can open a tunnel across the SSH session to another host. When you start up the tunnel, it opens a port on your local machine. If you connect to this port, the connection runs across the ssh connection and out the machine you connected to, to a host and port combination you specified when you created the tunnel.
Picture this scenario: you're out of town, and you want to take a look at your bank's web site. Your only internet connection is an open wifi network, and having played with a sniffer or two in your day, you not want to send your banking information across such a network. Back at home the router connected to your cable modem is configured to forward SSH to one of your computers (and a dynamic dns entry to go along with it), and a computer running a SOCKS proxy on 192.168.1.7.
You fire up a terminal window and type:
ssh myhomecomputer.dyndns.org -L1081:192.168.1.7:1080 , and then log in as normal. After that, you configure your web browser to connect to a SOCKS proxy running on port 1081 on your local machine, then browse away.
Everything your browser does now runs across your strongly encrypted SSH connection.
It is important to note that you can use tunnels for a lot of things other than SOCKS proxies. If you want to lock down access to a web based application, you can make a white list consisting of a single host and then open tunnels through that machine.
Proxychains
You now know how to run your applications which allow you to specify a proxy across a tunnel, but not all applications allow you to do that. This is where a handy tool called proxychains comes into play.
Proxychains is a pretty powerful tool, it actually allows you to run your connection through a series of different proxy servers. However, this complexity is outside the scope of this post. If you simply specify a single proxy server (in this case localhost and the port you've opened) in the [ProxyList] section of the config file. This is enough for basic functionality.
Once this is done, simply type: proxychains [command]. Your application will now seamlessly run across the proxy.
TOR
TOR, or The Onion Router is an anonymity tool originally developed by the US Navy, later the EFF, and currently by the TOR project. While the technical details of how TOR works should be read about by the user, all that will be mentioned in this post is that TOR encrypts traffic and conceals its source. When TOR is up and running on a system, it starts a SOCKS proxy that listens on port 9050. If you point a SOCKS aware application at that port, it should go across the TOR network.
There is a tool similar to Proxychains called torsocks. It is also used in a very similar manner (torsocks command).
Conclusion
You now have a basic idea of how to securely tunnel through part of the Internet to another part. Please be aware that a good number of these tools are under constant development, so they may not behave exactly as specified. The important things to grasp are the concepts of tunnels and proxies. If those are understood, you should be able to correct for any minor differences encountered.
Thursday, December 15, 2011
Wednesday, December 14, 2011
Why root access matters
I have long held the belief that a person should have complete and total control of his digital devices. While this is largely because I think if a person shells out for a high tech toy, she should be able to run whatever software she likes, tweak any and all settings, and so on. Some insufficiently suspicious folks called me paranoid when I would mention that without full control of the device, you can't be sure that all the software running on it is benign.
About two weeks ago, it was learned that several cell phone carriers have been shipping Android phones with a hidden application called CarrierIQ installed. This application can do things like monitor the phone's location via GPS, and check signal quality as well. In addition to this, it can monitor text messages for specific strings and what URLs have been visited.
Yesterday, the FBI declined a Freedom of Information Act request about the software on the grounds that the information was related to "a pending or prospective law enforcement proceeding". Today, the EFF reported that they believe keystroke data is being inadvertently transmitted to third parties.
It is important to note that at least some (if not all) of the information CarrierIQ gathers does serve legitimate diagnostic purposes. In my line of work we occasionally need to perform packet inspection to resolve various network issues. There is a very large and very real potential for privacy abuse here, but it doesn't happen. While it is true that there are a variety of policies and procedures to make sure that our customers' privacy is respected, we simply don't have the time to dig through other people's packets.
Carrier IQ probably is not slinging your text messages and browsing history off to the CIA (that'd be much easier to do on the carrier's network anyway). None the less, if people had full control of their phones in the first place, this application would not have been hidden, and not gone unnoticed for an undetermined period of time.
Anyone who hides things from you on devices you own or tries to keep you in a walled garden is not your friend.
About two weeks ago, it was learned that several cell phone carriers have been shipping Android phones with a hidden application called CarrierIQ installed. This application can do things like monitor the phone's location via GPS, and check signal quality as well. In addition to this, it can monitor text messages for specific strings and what URLs have been visited.
Yesterday, the FBI declined a Freedom of Information Act request about the software on the grounds that the information was related to "a pending or prospective law enforcement proceeding". Today, the EFF reported that they believe keystroke data is being inadvertently transmitted to third parties.
It is important to note that at least some (if not all) of the information CarrierIQ gathers does serve legitimate diagnostic purposes. In my line of work we occasionally need to perform packet inspection to resolve various network issues. There is a very large and very real potential for privacy abuse here, but it doesn't happen. While it is true that there are a variety of policies and procedures to make sure that our customers' privacy is respected, we simply don't have the time to dig through other people's packets.
Carrier IQ probably is not slinging your text messages and browsing history off to the CIA (that'd be much easier to do on the carrier's network anyway). None the less, if people had full control of their phones in the first place, this application would not have been hidden, and not gone unnoticed for an undetermined period of time.
Anyone who hides things from you on devices you own or tries to keep you in a walled garden is not your friend.
Wednesday, November 23, 2011
SOPA and the Casio keyboard of mystery
You may have heard of a new law called SOPA that our esteemed rulers leaders currently have in development.
SOPA stands for Stop Online Piracy Act, which it will not do. What it will do is require ISPs to block access to content which allegedly infringes upon copyrights when requested to do so by the holder of said copyright. It will also require Visa, MasterCard, PayPal, et al to block fund transfers to individuals or groups trading in content which they allegedly do not own.
The real non-technical problem here is that these blockages won't require a court order or a warrant. The copyright holder simply has to make a claim of infringement.
Also, if this wasn't bad enough, it'd make streaming copyrighted material a felony.
There are a lot of technical problems with this too. The ISP will probably just poison their DNS servers to prevent the site in question from resolving. There isn't a lot to keep someone from just using a DNS server located outside the United States, or just turning up their own resolver for the matter. If actual routes were blocked, proxy servers aren't exactly hard to find.
As far as blocking financial access, this is yet another reason why I like Bitcoin.
There is no third party intermediary, you just send money and be done with it.
In conclusion, SOPA is a bad law that will make it hard for ISPs to do business. Lamar Smith (the bill's sponsor) should go fuck himself with a garden rake, and I do not mean with the handle.
On a more pleasant note, despite my better judgment I decided to dig around on the CB band (27 mhz) tonight. Someone is playing a little Casio keyboard tune on CB channel 17.
SOPA stands for Stop Online Piracy Act, which it will not do. What it will do is require ISPs to block access to content which allegedly infringes upon copyrights when requested to do so by the holder of said copyright. It will also require Visa, MasterCard, PayPal, et al to block fund transfers to individuals or groups trading in content which they allegedly do not own.
The real non-technical problem here is that these blockages won't require a court order or a warrant. The copyright holder simply has to make a claim of infringement.
Also, if this wasn't bad enough, it'd make streaming copyrighted material a felony.
There are a lot of technical problems with this too. The ISP will probably just poison their DNS servers to prevent the site in question from resolving. There isn't a lot to keep someone from just using a DNS server located outside the United States, or just turning up their own resolver for the matter. If actual routes were blocked, proxy servers aren't exactly hard to find.
As far as blocking financial access, this is yet another reason why I like Bitcoin.
There is no third party intermediary, you just send money and be done with it.
In conclusion, SOPA is a bad law that will make it hard for ISPs to do business. Lamar Smith (the bill's sponsor) should go fuck himself with a garden rake, and I do not mean with the handle.
On a more pleasant note, despite my better judgment I decided to dig around on the CB band (27 mhz) tonight. Someone is playing a little Casio keyboard tune on CB channel 17.
Monday, November 14, 2011
Optical theremin
Another subject I've always meant to learn more about is electronics. When I was a kid I remember some of my father's friends building various interesting contraptions in their garages and basements, hunched over circuit boards with a soldering iron in one hand and a stubby bottle of Lucky Lager in the other.
When I was old enough to learn what actually went on with electronic components (instead of just blindly connecting things to other things) I downloaded the floppy disk images for Slackware from a BBS and immediately lost interest.
Every now and then I have thought about trying to get back into the hobby. When the new issue of Make showed up at the house early last week there were plans for a light-controlled theremin. It looked easy enough, so I sat down and gave it a try.
It was indeed easy enough. I have now built my own electronic annoyance device.
I'm going to try and hunt down a case for it in the next few days. If I stick with this I will need to get the supplies needed to drill and etch circuit boards as well.
When I was old enough to learn what actually went on with electronic components (instead of just blindly connecting things to other things) I downloaded the floppy disk images for Slackware from a BBS and immediately lost interest.
Every now and then I have thought about trying to get back into the hobby. When the new issue of Make showed up at the house early last week there were plans for a light-controlled theremin. It looked easy enough, so I sat down and gave it a try.
It was indeed easy enough. I have now built my own electronic annoyance device.
I'm going to try and hunt down a case for it in the next few days. If I stick with this I will need to get the supplies needed to drill and etch circuit boards as well.
Tuesday, November 8, 2011
Home brewing
Another one of my hobbies is home brewing. I got into it because I am extremely fond of beer (I'd drink it even if it wasn't an alcoholic beverage, however, the fact that it does contain alcohol is a nice bonus). I also like making my own because beer, even craft beer, is usually a mass produced thing that people buy.
Also, making your own beer is a small act of control, not unlike rooting your cell phone, choosing to use open source software, growing a portion of your own food, or learning to fix your own car.
Making alcohol is not very hard. You simply get yeast and sugar together in a liquid environment and wait. You DO want to have a nice, clean environment so the only microbe that grows in your fermenter is the yeast. You also need to control the temperature of the stuff to a certain extent, but as long as you stick to making ale you have a fair amount of wiggle room. I'm not going to sit down and write a homebrewing tutorial, but if you're the slightest bit curious I assure you that it is not hard.
Also, making your own beer is a small act of control, not unlike rooting your cell phone, choosing to use open source software, growing a portion of your own food, or learning to fix your own car.
 |
| Five gallons of homemade porter. |
Saturday, November 5, 2011
Emergency Activation Message (EAM)
I am no longer as young as I once was (and I have homework) so I stayed in tonight. After while I decided to start messing around with the radio, and I came across an emergency activation message.
Emergency activation messages are coded messages of high importance sent by the military. I end up picking them up the loudest on 6740 KHz, upper sideband. I have picked them up on 8992, but the signal isn't as strong.
When I came across my first one I mistakenly believed it to be a numbers station. While it is not quite as exciting, this is an example of the weird shit that I look for on the radio.
Thursday, November 3, 2011
DIY(ish) tablet
Tablet computers are all the rage these days. The iPad is of course the media darling, there are a variety of Android tablets out there, and then there are of course oddities running Windows and Web OS.
When the iPad came out my response was "this is cool, but what the fuck will I do with it?". It seemed a bit big to me. Then 7 inch tablets started coming out.
Since those were the size of a book they suddenly seemed more interesting.
Not too long after that I learned that Cyanogen would run on the Nook Color. This provided the delightful combination of full control of the operating system (I am a nerd, my computers need to be mine), a bunch of apps, a convenient size, and a very low price.
There is the issue of no 3g/4g. I don't really feel that I need those particular features. Wifi is pretty ubiquitous these days, and frankly if I'm someplace without it I probably am not interested in being online anyway.
I picked up a refurbished Nook on eBay. I followed the directions on Cyanogen's site, and the install worked without a hitch.
I can see it being a wonderful device for reading, listening to music, and watching videos. However, it is NOT a good tool for doing much actual work, even writing a humble blog entry such as this one. Virtual keyboards are universally terrible. I can't imagine using one to write more than a few sentences, let alone some code.
When the iPad came out my response was "this is cool, but what the fuck will I do with it?". It seemed a bit big to me. Then 7 inch tablets started coming out.
Since those were the size of a book they suddenly seemed more interesting.
Not too long after that I learned that Cyanogen would run on the Nook Color. This provided the delightful combination of full control of the operating system (I am a nerd, my computers need to be mine), a bunch of apps, a convenient size, and a very low price.
There is the issue of no 3g/4g. I don't really feel that I need those particular features. Wifi is pretty ubiquitous these days, and frankly if I'm someplace without it I probably am not interested in being online anyway.
I picked up a refurbished Nook on eBay. I followed the directions on Cyanogen's site, and the install worked without a hitch.
I can see it being a wonderful device for reading, listening to music, and watching videos. However, it is NOT a good tool for doing much actual work, even writing a humble blog entry such as this one. Virtual keyboards are universally terrible. I can't imagine using one to write more than a few sentences, let alone some code.
Monday, October 31, 2011
Thoughts on Bitcoin
I like the idea of Bitcoin quite a bit, mainly because I like the idea of being able to send money to someone else at a distance without having to involve a third party (ie a bank). Visa, Mastercard, and Paypal suspending donations to Wikileaks at the behest of the US (and probably other) government made me like this idea even more.
Bitcoin also seems to have a few problems right now. The biggest problem seems to be that a lot of bitcoins are owned by speculators who are simply sitting on them. The other is that not too many places are willing to accept bitcoins as a form of payment. If I had a need for alpaca socks or marijuana (and the balls to have it shipped to my house) I could possibly get what I needed. Aside from that, I'll be stuck using US Dollars.
I am not deeply invested in Bitcoin, and have no plans to be. If I see something I can use being sold for Bitcoins, I'll buy it. I will also accept them for anything I have for sale. I won't be doing anything else to try and spread their use.
Bitcoin also seems to have a few problems right now. The biggest problem seems to be that a lot of bitcoins are owned by speculators who are simply sitting on them. The other is that not too many places are willing to accept bitcoins as a form of payment. If I had a need for alpaca socks or marijuana (and the balls to have it shipped to my house) I could possibly get what I needed. Aside from that, I'll be stuck using US Dollars.
I am not deeply invested in Bitcoin, and have no plans to be. If I see something I can use being sold for Bitcoins, I'll buy it. I will also accept them for anything I have for sale. I won't be doing anything else to try and spread their use.
Sunday, October 30, 2011
Shortwave
One of my hobbies is listening to shortwave radio broadcasts. I've been listening for about a year.
Technically speaking, the frequencies between 1.8 and 30 MHz are considered short wave. Radio signals within this range can "bounce" off the ionosphere and can therefore be received at a much greater distance than other freqencies.
When I first started to listen, it seemed like I had discovered another Internet. There are many times of transmissions. I often hear music broadcasts from South America and Asian talk shows. There are also many government news broadcasts (BBC, Radio Australia, Radio China International, Radio Havana), the occasional pirate, numbers stations, and coded military transmissions.
I mainly look for pirates and things that seem mysterious. It's fun to hear the static give way to something done by a person, even if it turns out that it's just a radar.
It is possible to spend a lot of money on radio equipment, but I have not done that. Here is the radio I use the most:
This is a Kenwood R1000. It's about 30 years old, but it was built like a tank and works quite well. I have it connected to around 80 feet of wire which run out the gable vent of my house, across my back yard, and then down to the ground at my garage (the antenna and the radio both are grounded). I have the antenna connected to a home built antenna tuner (just an LC circuit). A radio with memories would be nice, but outside that I am pretty happy with it.
Technically speaking, the frequencies between 1.8 and 30 MHz are considered short wave. Radio signals within this range can "bounce" off the ionosphere and can therefore be received at a much greater distance than other freqencies.
When I first started to listen, it seemed like I had discovered another Internet. There are many times of transmissions. I often hear music broadcasts from South America and Asian talk shows. There are also many government news broadcasts (BBC, Radio Australia, Radio China International, Radio Havana), the occasional pirate, numbers stations, and coded military transmissions.
I mainly look for pirates and things that seem mysterious. It's fun to hear the static give way to something done by a person, even if it turns out that it's just a radar.
It is possible to spend a lot of money on radio equipment, but I have not done that. Here is the radio I use the most:
Introduction
I am not very interesting.
This is going to be, for the most part, a tech blog. I won't be limiting myself to only mentioning the digital gadgets we all enjoy so (although they will not be excluded), but analog stuff as well.
There may well be a variety of other things here as well.
This is going to be, for the most part, a tech blog. I won't be limiting myself to only mentioning the digital gadgets we all enjoy so (although they will not be excluded), but analog stuff as well.
There may well be a variety of other things here as well.
Subscribe to:
Posts (Atom)