‘Illegal’ downloading made safer
Posted by: secureitfoundation on: August 26, 2010
The problem with discussing ‘illegal’ downloading of music, videos or games is that it takes a similar tone to discussing drugs or under age sex in a public forum. Both assume there is complicity or at least some form of condoning of the behaviour. As a result, people cling to misinformation which is at best wrong and at worst can have terminal consequences. We take practical view that if people are going to do dangerous activities then they should be able to make an informed choice and know how to minimise the risks. We are not advocating the world now goes out and only downloads music or videos for free, why would anyone make new content if there is no money in it? However we understand that people do download, so they should be better informed of the risks.
Most people given the choice of paying for an overpriced DVD, CD or game would much prefer to get it for free if possible. Before the Internet this was friends lending records or movies to each other to record on tapes. Small scale illegal activity with limited effect on the content producers revenues. Home made recordings were worse quality so there was a real reason to buy the item in question. Digital media and advances in computer technology has made making a perfect copying possible. Combined with the Internet and suddenly illegal copies can have an impact on the content producers revenues as the numbers are much bigger than ever before.
From our shop in Rotterdam, we see a lot of viruses on people’s computers. The majority of these viruses have been downloaded via a program like Limewire or eMule, using a system called Peer to Peer(P2P). P2P avoids having files stored in a single place, as if all the ‘illegal’ music, video, games or adult material was stored on one computer it would have been shut down a long time ago. As these files are split into thousands of pieces and stored by thousands of people on thousands of computers authorities around the world have struggled to stop this activity. The reason why illegal is in quote marks is that actually downloading content in many countries is not a criminal offence. Some countries rate it as only a civil offence, others have no laws on the matter. This is why P2P networks continue as it is difficult to stop it due to national borders.
To add to the confusion with P2P there are different methods of finding content. Some have a builtin search function other types of P2P need you to visit a website to find a link to a file that just says where the bits of the files can be found, also known as torrent file, from the Bittorrent network. You may have heard about websites like The Pirate Bay which often make the news due to them storing the torrent files. They do not have any illegal content but help people find the illegal content.
So if you are going to take the risk and download files then how should you do it as safely as possible? First thing to do is NOT use Limewire, eMule or similar types of P2P! A large proportion of files on these networks are just fake files, only containing viruses or malware, else they may be the real file but modified to download a virus in the background. If you have used these programs then do run a full virus scan after un-installing these programs. Secondly never use a work network for P2P software as it can have a major impact on your company’s costs and often leads to dismissal. Thirdly do make sure your computer’s security is at least to level 3, else use a Linux computer to download and view the files. If none of this is possible then use a Linux Live CD to perform the download and save to an external drive.
In the middle of the illegal downloads and bad programs, is a P2P download system that actually has a legal purpose! Bittorrent itself is a very efficient system for distributing files and as such has been adopted by the Linux community to download Linux Operating System CDs and DVDs . Because the files are stored by the users of the Bittorrent it saves the open source community a lot of money compared to hosting all the files themselves. There are several programs that can access the Bittorrent network but we recommend the simplest called utorrent even though it is not open source software. You will need to make a firewall adjustment to your networks router to make it work efficiently, however do turn off the firewall application rule when not in use as it does potentially compromise your home network security.
Once you have the program then you will need to find some content to download. For this example we are going to find the latest version of Ubuntu, the most popular version of Linux Operating Systems. We go to a website like BTJunkie.org and search for Ubuntu. It lists many versions, but we are looking for 10.04 in particular as it is the latest. We find the copy with the most positive comments, 129, in the example below and read the comments by clicking on the file name. Once we are happy it is the right file and a good version, then we click on the file name and download the torrent file.
utorrent opens and gives you the option to choose which files to download. Only check the file you want to download, and let utorrent do its work. Once the file has downloaded it is marked as ‘seeding’. This is the point you suddenly have a complete file and are now beginning to share the whole to file to the Internet. Right click on the file in utorrent and remove and delete the torrent. For known files like Ubuntu there is a check you can do to see if the file has been altered. There is a mathematical process to check the contents called a checksum. You run a program to check the download and compare the output to a published list of checksums. For example for Ubuntu the checksums are published here and you can learn how to use MD5Sum with the documentation here.
Once again, don’t forget to virus scan anything you download, do make backups of your computer several times a year and do expect the worst as you will find a virus if you download ‘illegally’…
SecurityBrad
More computer filth…
Posted by: secureitfoundation on: July 30, 2010
Due to popular demand, we have added a couple more horrors as seen in our shop in Rotterdam…
Here is a power supply that stopped working. Can you tell why?
Here is a CPU fan and cooler that also needed a little attention!
A closer look at the fan after it has been removed
Hope you are not eating your lunch.
SecurityBrad
How clean is yours? – Laptops
Posted by: secureitfoundation on: July 30, 2010
You may have read the article on cleaning PCs and thought you were safe as a laptop user… Well if you have problems with your laptop rebooting at random, getting hotter than the sun in unwanted places, or just behaving strangely then perhaps you need to have your laptop cleaned! Your computer professional should replace the thermal paste as well as dust from the fan.
Do not try to replace the paste yourself if you are not sure what you are doing. Here is an example of a badly done laptop processor that was causing terrible problems for the owner.
It should only be thickness of a sheet of paper and only cover the CPU!
Above is an example of dust causing an overheating problem as the vent is blocked. Combine the two problems and your laptop will work for 30 minutes then stop without warning. Only when cold will it behave again but by then permanent damage may already have been to the laptop.
SecurityBrad
Mild panic over Windows Shortcut vulnerability
Posted by: secureitfoundation on: July 27, 2010
If you have been reading tech news stories about the ‘Zero Day’ Windows shortcut vulnerability becoming a serious mainstream risk, unusually they are correct. There is an unpatched vulnerability in all recent versions of Windows (XP, Vista and 7) which uses Windows to misread a shortcut ‘.lnk’ file to take over your computer. Now there is also an email based virus that uses this vulnerability to infect your computer. So is there reason to panic?
Normally Level 4 secured computers would be unaffected by most vulnerabilities as they are discovered due to configuration or mitigation security strategies. In this case the only current active protection is based on Anti Virus software, and it may not be enough to prevent an attack on its own. An English Anti Virus company has released a stand alone program that offers additional protection for Level 4 users and we are recommending its use until an official patch is released by Microsoft.
You can find out more about the tool made by Sophos here or download it directly here
Security Brad
Online banking security for free!
Posted by: secureitfoundation on: July 1, 2010
While there is no magic solution to protect your financial information when banking online, there is a service offered for free called Trusteer Rapport. Mainly provided for US and UK banks to supply to their own customers as an added service, its protection works on other bank sites as well.
Windows users can download it here and Mac users can download it here or you can visit the official page at http://www.trusteer.com/webform/download-rapport
Once installed, you get a new button next to your browsers address bar which you click when using your own bank site and it helps give another layer of security to your session.
It starts out with a list of 50-60 ‘partner’ banking sites and is limited to 100 sites in total, but that means that most of your own favourite sites can also added.
Do remember that you need to combine software this with many other security steps in our security guides to be even remotely confident in your computer’s security and secure use.
SecurityBrad
How clean is yours?
Posted by: secureitfoundation on: June 25, 2010
How do your cleaning habits affect your computer security? Dirty computers = unreliable and often unusable computers. Why would a dirty computer cause problems? Simple really, most computers get very hot in use and use fans to cool them down just like you. These fans suck in colder air one side and blow out hot air on the other. Just like a vacuum cleaner, these fill with dust, dirt, smoke, hair etc and reduce how much you computer can cool itself down. How good is air conditioning when you are wearing a woolly jumper on a hot day.
You may not think your house is that dirty to affect your computer, but have a look at these pictures and guess how old these computers were…
1.
2.
3.
4.
5.
- Computer case opened
- PC fan for cooling CPU / processor
- Graphics card fan for cooling CPU / processor
- PC fan for cooling CPU / processor
- Cooling block and fan for CPU / processor full of dust
How old do you think this computer was? Five years, eight years, no. These are all from a computer less than two years old. If your computer is over three years old and full of dust you are sitting a little fire bomb waiting one day to catch light.
Proper filth I am sure you would agree. So what can you do to stop it? Nothing sadly unless you live in a clean room or laboratory. You can minimise it by not having the computer on the floor or getting rid of your pets, else once a year give it a spring clean. Take it to a professional or if you feel ambitious get out the tool kit, take the side panels off and clean with an air duster with pipe cleaners for tricky fans. Do not use a vacuum cleaner, unless you want to see part of your computer disappear up it! Laptops are usually replaced before they need a clean but they can be dismantled and cleaned with an air duster. As usual, this is guidance only as you can ruin your computer quicker than a virus doing this badly. Static filled dusters are definitely out. If you are unsure just ask your local computer shop to do it properly for you.
SecurityBrad
Surfing adult sites securely
Posted by: secureitfoundation on: May 27, 2010
One of the most popular questions we get asked, is how do I surf porn without my kids seeing what I have done? Goes along with, Which browser should I use from Firefox, Internet Explorer, Safari, Chrome or Opera? How do I cover my tracks from the family, friends, work colleagues, Police? What do I do if I think I saw child porn accidentally?
Although controversial with some theologies and moral compasses, here in the Netherlands it is considered a healthy sexual outlet to view adult material. A short walk around the Red Light district gives tourists an insight into this country’s views. Low teenage pregnancy rates, from educating children about sexual and personal health while still young enough for it to help, seems to be the benefit compared to the UK. Children are exposed to adult material from TV, the Internet and the sex industry at an earlier age, so through desensitisation, sex is taken as just another part of human life and no big deal is made about it. The Secure IT Foundation does not take a moral standpoint on adult material, we are interested from the security point of view. Just like sex, if you are going to do it, then do it safely!
The best advice we give is treat your adult surfing and day to day web surfing as separate activities, especially if you have children in the home or you share a computer. You may not want your children to know you like viewing material featuring teenagers not much older than them, or fantasise about being the opposite sex. Our secure approach to adult material is given below:
First the Don’ts!
- Never use your home computer to view adult material directly
- Never store adult material on your home computer
- Never bookmark / add to favourites / save web links to adult material on your home computer
- Never give out your real personal information, family information, credit card details or other financial information
- Never use Internet Explorer, even with InPrivate mode, as you will still be vulnerable from installing malware
- Never use Firefox’s private mode as bookmarks may still be visible to other users
- Never surf adult material in work, unless you are being paid to do it!
Now the Do’s
- Use a Linux live CD – you boot your computer from the Linux live CD e.g. Ubuntu or Knoppix, not your hard drive. It uses your computer’s memory to run and unless you enable it, will not save any information to your hard drive. Once you shutdown your computer, your browsing session is cleared as the computer memory is lost when you shut down.
- Use Firefox as your browser, mostly standard on Linux these days.
- Use an online bookmark service e.g. www.bookmarksonline.org to save your adult favourite websites for Firefox – register for it, using a new web based email account created purely for this service.
- Store files using an online file storage service like DropBox and use an encrypted TrueCrypt volume to keep it private.
- Take care, if you like specialist material as the Internet is widely monitored. If you think you have visited an illegal site or seen illegal material then you should report it to the IWF in the UK, Meldpunt Kinderporno op de Internet in the Netherlands, or see the InHope site for your country. You should do this before you shutdown your current session, as even if you shutdown your IP address will lead back to your home, and you could have law enforcement seizing your computer. They will not find any illegal material directly by looking at your computer, provided that you used a Linux live CD, but your family, friends or work will know you have been arrested. Remember that a one off accidental visit to illegal material that gets reported will be treated very differently to a person who repeats the visit, emails the link, stores the images or videos or pays for a specialist service using their own credit card.
Be safe, have fun but keep it legal and away from children…
SB
Why do hard drives fail?
Posted by: secureitfoundation on: May 11, 2010
From experience we can safely say the biggest cause of hard drive failure is… YOU, the computer user!
Do you shut your computer off completely before you move it? Do you turn it off by using your operating system shutdown option? If you answered no to either question and your hard drive fails then you now know why! Just held in the power button as you were fed up waiting for it to shutdown? Well a hard drive is a mechanical device and can be compared to an old fashioned record player. A needle moves over disks of metal reather than vinyl and is air cushioned these days but the principle is similar. Unless you shutdown the computer using the shutdown option then you are scratching the needle over your record by moving it. Same goes for holding in the power button to turn it off, this is like having a fancy automated record player which auto returns if you let it. Instead of waiting for the device to do its job, you are grabbing the needle and forcing it back into its housing violently.
The future for computers is to use Solid State Devices called SSDs which have no moving parts. Too expensive for most they are slowly becoming available. All laptops should have SSD storage over mechanical devices in our opinion. Both types suffer electronic failure but the user has to do some bad things to damage a SSD compared to hard drive!
SecurityBrad
Defence in depth for the home
Posted by: secureitfoundation on: March 25, 2010
‘Defence in depth’. That is what the commercial security world calls having multiple layers of security to protect you in case one fails.
Simply put, your home computer needs to have multiple layers of defences including an up to date browser like Firefox, have Anti Virus software that works, run Windows Update every month and update all your applications at least weekly, as a minimum. Sounds like hard work, no one interested in your computer? Don’t be a muppet!
If your computer is hacked then you could be storing child porn, terrorist training material, or your computer could be used to send spam. Assuming that you never entered any personal or financial information, else that would have been stolen as well, the worst case scenario is that your home gets raided as part of the war on terror and computers seized…
No one can guarantee perfect Internet computer security unless you unplug the Internet.
A recent hacking contest showed that ALL major browsers on the Internet can have security issues including Safari on Macs, iPhones, Windows 7, and both Internet Explorer 8 and Firefox on any computer. So next time you click on a link sent to you, visit dubious websites, or download a file from the Internet, be sure of your defences and make sure they are deep!
SecurityBrad
Update, update, update…
Posted by: secureitfoundation on: February 25, 2010
For those of you who do not use Secunia’s Personal Security Inspector software already (it is free for personal use!), make sure you have done your updates.
Adobe has become the new Microsoft for releasing insecure software and their Flash, Shockwave and Reader products all need urgent updating. Sun’s Java is not far behind in the insecurity stakes, and also needs to be checked that you are using the latest version. Both Adobe and Sun share one ability though, their old software is not fully removed when you update your products, so do check your browser plugins and installed software for old versions, or you can just use PSI and let it do the work for you!
You can blame the software providers for not fully security testing and releasing poorly secured software. The usual analogy is that it is like getting a car missing parts or a car with known defects, and this would never happen. Recent history has shown that car manufacturers also use the same security testing practices…
SecurityBrad
Search
- ‘Illegal’ downloading made safer « Secure IT Foundation: [...] Level 5 – Secure Users [...]
- ‘Illegal’ downloads made safer « Secure IT Foundation: [...] Level 5 – Secure Users [...]
- Brilliant stuff!: Your article is really good, Im glad you took the time to share it.Thanks for sharing your opinion.
