A
Wojtek Bogusz
[email protected] [email protected] [email protected] [email protected]
-www.frontlinedefenders.org/soc/200810.pdf
: Assi Kootstra www.konkret.pl
1
A A A ‘ A hackers passwords A malware ’
Encrypting A A (A A A ) A Backup A privacy Web
2
http://security.ngoinabox.org http://security.ngoinabox.org/draft
3
A
A A
‘ A
A A U
’A
.... A A A A
AU .... .... .... ....
CD/Website ”
“A
“ A A
”
“
A A
A
A Handbook ”
4
A
A
‘
A
A
’
A
A
A A A A
A
5
malware A A “Tools & Guides” Anti spyware software “Tools & Guides” A
hackers
Software (CD/Website Avast Install )
(CD/Website SpyBot Install )
Anti virus, anti spyware, Windows update Internet Explorer, Outlook or Outlook Express, Microsoft Office Free and Open Source Software A (fsf.org or gnu.org) Firefox, Thunderbird, OpenOffice (“Tools & Guides” Install ) A attachments A (U A A backup A www.virusbtn.com, news.yahoo.com/fc/tech/computerviruses)
6
malware Firewall A A A A A
hackers
A
A /
( A A ( ) A A A
)
CD/Website
“Tools & Guides”
Comodo Firewall Firewall A Linux
Install Install
A – www.IPCop.org (
A ) www.Ubuntu.com
7
malware Windows
hackers
Updates Temporary files Login ( A
A password A
Install
password ) screen
screensaver
Firewall, antivirus, antispam software A A A
8
Password
Password (
−
passPhrase) ) ( ) passPhrase
--
A
−
−
KeePass
− −
passPhrase A ( )
passPhrase
A passPhrase
Password A CD/Website KeePass password
A
“Tools & Guides” passwords database
9
KeePass
Install
master
Password
Password A A !MarSter” U Punctuation A =+{}[]\|;:'"<>?/.,), /
− − −
U
“My naME is Not MR. ”
“Let Them Eat (U ( ) !@#$&*()/A U
A A
A
"1haD,waMwB=" <> “I had a dream, where all men were born equal” "2Bon2B?TitQ" <> "To be or not to be? That is the question" "Mf,yrU:-)2d?" <> "My friend, why are you happy today?"
10
/Disk
− −
encryption data
A
A A disk / TrueCrypt A Install disk / password
− −
“Tools & Guides” A
−
anti-virus, anti-spyware, firewall, updates
−
TrueCrypt
A
USB-memory ( ) install disk
−
TrueCrypt
11
A
A
A A backup A Backup A Backup A Backup A U
Backup media hard disk, DVD/ CD-RW, DVD/CD-R, DAT tape, ZIP, secure server, email, floppy disk: − - data
− − − −
- data - data A A A ( <> A ) - Truecrypt A backup A
Backup Backup
Computers, servers, mobile phones
CD/Website AlwaysSync
“Tools & Guides” Install
Cobian Backup or
12
A
A
A
A
A
A
A
A
--
browsing history, internet cache, user names, passwords, filled web form entries, cookies, recently-used files/folders, recycle bin, temporary files and documents intermediary versions, document properties, unused space on disk, swap file, slack of clusters
( A A
delete disk A A ( )A A A “Tools & Guides” CCleaner, Eraser ) DBAN (dban.sourceforge.net ). meta-data ) A
– A Install (
A A disks, diskettes, cd/dvd's, ...
13
A
A
private
A
/A A
A
IP: 217.67.142.198
14
A
http vs. https
HTTP
vs
HTTPS
Secure Sockets Layer (SSL)
15
A
http vs. https
16
A
A
17
A
A A
A client (browser)
A server
“Tools & Guides” RiseUp
www.riseup.net (CD/Website ) www.bluebottle.com www.fastmail.fm www.safe-mail.net
server A
www.vaultletsoft.com (“Tools & Guides” ) www.hushmail.com
A
A A
VaultletSuite
18
A
A - https A A
Password circumvention ( A A ) login name Spoofing A U BCC A A
19
Spam A
A A
A
A
PGP or GPG
A U A A
-- Asymmetric / Public Key Cryptography
A A A
A
+ password
20
A
A -- PGP/GPG
–A
A
– A
A
A
–A – A
21
A
A -- PGP/GPG
-----BEGIN PGP MESSAGE----Version: GnuPG v1.4.2 (MingW32) - GPGshell v3.47 hQIOA6+KqOfe9P7fEAgAqMu89itDeq92O6cxuyjXBXowW beaAHmB0m0OHHDzwE6MjX1abEddU4/0oNAQ0NUoGNq Y3BO5o6FJBvdeBOfBo+2t3QsT8F8pva3bi10qOYXo7KF7y sX7xJ+py9AMP95A62Skgy5iBgUx0zMhf2v2lZHdOLaWW3 KOZogbsdd82agNxs3bI/ik5ATRjUhItKm8IhptliDTMdYxP9P/ IjIgGkuAleyWBVxGLFHFoIqi8Ro -----END PGP MESSAGE-----
22
A
PGP or GPG:
RiseUp A ) TrueCrypt
-- Asymmetric / Public Key Cryptography
account -(100 MB)
(KeePass
password
(KeePass
password
) Portable Thunderbird A install Portable Thunderbird A GPG Thunderbird install Thunderbird Thunderbird RiseUp email account Enigmail add-on disk save Thunderbird install GPG4Win Firefox ) A A A A A A / A A A
23
-GPA + GPG A
install RiseUp account (KeePass password
A
A
A Chat Pidgin + Off-the-record chat: Pidgin – multi-protocol instant-messaging client (QQ, AIM, ICQ, MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, and Zephyr) Off-the-record – Pidgin A chat A -A A CD/Website “Tools & Guides” Pidgin OTR Install plugin
24
A
Internet chat:
Skype A open source A A A
Skype A spyware, adware, remote-controlled programs, worms, computer viruses malware . Skype Username/Password A Skype username
(
)
A A
A A
)A A A A A –A
A
A
A
Passwords ( username Skype A
–
A
A
code
25
A A
A
A
- www.rsf.org
A A U
-A --
A A AA
A
A
OpenNet Initiative Global Internet Filtering Map - map.opennet.net A A A A A A
26
A
A
A
A
A
... DNS
... IP A
27
A
A
A Proxy Servers
http
https
28
A
A TOR
A
Your IP is ??? http://www.hostip.info/
- (“Tools & Guides” ) Firefox browser - (“Tools & Guides” ) Tor Browser
Tor
Install
29
A
A
A
212.115.146.248
[email protected]
...
user name: john.smith
...
12:25 Wednesday, June 7th - “Other Guides” ( ) www.rsf.org/rubrique.php3?id_rubrique=542 RSF Handbook for Bloggers & Cyberdissidents - “Other Guides” ( ) http://advocacy.globalvoicesonline.org/tools/guide/ Anonymous Blogging with Wordpress and Tor
30
A
( ) server https server ( ) -www.electricembers.net (USA), www.xs4all.nl (Netherlands), www.dedibox.fr (France), www.ikshosting.com (USA), www.koumbit.org (Canada) Server A A A password ( ) A open source hack A Backup website Server
31
software A
A (firewall
A
= firewall)
A
A certificate A )
(https, A
A
A A A A A
A
A
A
A U A U U A U A
A /
A
A
A
A
A A A A
A ( )
A
A Linux OS Firefox, Open Office A open source software A update
U
A
Windows OS (
)
32
A
update (
A
A
A
anti-virus, anti-spyware, firewall E account A )
A (www.ccleaner.com/download/builds/downloading-portable or clean manually) USB A A A download A A Tor browser USB A A A scan account account A A ) A USB A A
account A Riseup ( ) VaultletSoft account -A A A A A
TrueCrypt ( TrueCrypt A
download A
33
links CD: 'How-to' Booklet, Tool Guides, Other Guides: “Digital Security & Privacy for HRDs” and “Protection Manual for HRDs” http://security.NGOinaBox.org/ http://security.NGOinaBox.org/draft www.frontlinedefenders.org/digital-security www.privacyinternational.org - watchdog on surveillance and privacy invasions by governments and corporations www.rsf.org - Reporters Without Borders www.epic.org - Electronic Privacy Information Center www.thefreecountry.com/security www.riseup.net - provider of email and web www.opennetinitiative.org - research on surveillance and filtering
A
-www.frontlinedefenders.org/soc/200810.pdf
34