TUCoPS :: Internet :: ici_ult.txt

Internet Cafe Insecurity - Ultimate Version

               I N T E R N E T  ( C A F E )  I N  /  S E C
              VERS.: ultimate - DATE: 15.04.09 - AUTHOR: ad

                    "If Nukes Would Have Brains --
                     They Would Fly Away From Earth."

                 "When [W]ario & Dr Robotnic Control The
                  Earth -- Torture Will Be Their Love."


   0)  paper updates
   1)  forword
   2)  introduction
   3)  the attackers
     3.1)  the operator
     3.2)  the user
     3.3)  the hacker
   4)  kind of attacks
     4.1)  inside attacks
         4.1.1)  trashing
     4.2)  outside attacks
         4.2.1)  social engineering
         4.2.2)  profiling
         4.2.3)  DOS attacks
   5)  tools
     5.1)  short declaration
         5.1.1)  sniffer
         5.1.2)  keylogger
         5.1.3)  spyware
         5.1.4)  wiper
         5.1.5)  network monitor
         5.1.6)  firewall
     5.2)  windows
         5.2.1)  sniffer
         5.2.2)  keylogger
         5.2.3)  spyware
         5.2.4)  wiper
         5.2.5)  network monitor
         5.2.6)  firewall
     5.3)  linux
         5.3.1)  sniffer
         5.3.2)  keylogger
         5.3.3)  spyware
         5.3.4)  wiper
       wip.sh source
         5.3.5)  network monitor
         5.3.6)  firewall
     5.4)  unix
         5.4.1)  sniffer
         5.4.2)  keylogger
         5.4.3)  spyware
         5.4.4)  wiper
         5.4.5)  network monitor
         5.4.6)  firewall
     5.5)  hardware
         5.5.1)  antitempest
         5.5.2)  GSM & GPS tracking
         5.5.3)  dmesg
         5.5.4)  webcam
         5.5.5)  microphone
         5.5.6)  wlan, bluetooth, IR
         5.5.7)  router
         5.5.8)  wiretapping
         5.5.9)  lock picking
         5.5.a)  alarm system
         5.5.b)  telcos & agencies
         5.5.c)  RFID protection
         5.5.d)  ad spying
         5.5.e)  data mining
     5.6)  search engines
         5.6.1)  aisi
         5.6.2)  disinfo
         5.6.3)  searchengine hacking
   6)  how to use the tools
     6.1)  configuration
     6.2)  control
     6.3)  security
   7)  attacker detection
     7.1)  intrusion detection
     7.2)  autorisation
     7.3)  antivirus
         7.3.1)  worms
         7.3.2)  botnets
     7.4)  logging
   8)  how to avoid attacks
     8.1)  encryption
         8.1.1)  harddrive encryption
     8.2)  updates
     8.3)  backups
         8.3.1)  data recovery
         8.3.2)  important tools
     8.4)  basic tips
     8.5)  live CD
     8.6)  secure email
         8.6.1)  remailer
         8.6.2)  how to deal with spam
     8.7)  insecure BIOS
     8.8)  bank account
     8.9)  kernel
     8.a)  anonymity
   9)  after a broke in
   a)  rest of risc
   b)  last words
   c)  source codes
   d)  mirros

 !i ALL RIGHTS RESERVED BY ad . 2005 - 2009 . !i

  0) paper updates

  15.04.09 : - v. ultimate

         INFO: Now here comes the ultimate version, which means that this
         ----  is definitive the final and last version of ICI.TXT - if it
               includes some errors then sorry but i will not correct
               anything in the future of it though. Even if some source
               codes will change i will not include the new ones in this
               paper - they can only be reached with the links included.

               In the future probably there will come more new services,
               techniques, and technologies which will be a threat to your
               privacy. Which means this paper will not include them but
               other peoples articles, sites and papers will. ( thanks )

             + corrected some info about google and added an interesting
               website with some very interesting information about google
               - section 5.6
             + added dev/zero to wip.sh - zero makes a 2. wipe of the file
               every time after urandom made the wipe - so if you make 50
               wipes of the file it will be wiped 50 times with urandom
               and 50 times with zero, ( urandom, zero; urandom, zero; ..)
             + section 5.5.c - RFID protection
             + section 5.5.d - ad spying
             + section 5.5.e - data mining
             + the paper is now closed

  29.01.09 : - v. 1.5.2
             + new version of pan.c is included in the uuencoded rarb file
               pan can now generate a random keypad ( 94 signs ) to enter
               your password in a more secure way - pan.c generates the
               whole table every time new when you call the keypad
               function included in pan.c - keypad avoids a keylogger
               attack and the spying on the values of the mouse
               ( X Y positions )
               pan.c comes also with a pseudo urandom function, it can
               create a random file with a given length of bytes - it uses
               all ASCII and ANSI signs ( 0 - 255 )

  20.01.09 : - v. 1.5.1
             + section 5.6.2 - disinfo
             + section 5.6.3 - searchengine hacking
             + section 7.3.1 - worms
             + section 7.3.2 - botnets
             + section 8.1.1 - harddrive encryption
             + section 4.2.2 - profiling
             + section 4.2.1 - social engineering
             + section 4.2.3 - DOS attacks
             + section c - source codes
             + section 8.a - anonymity
             + section 5.5.7 - router
             + section 5.5.8 - wiretapping
             + section 5.5.9 - lock picking
             + section 5.5.a - alarm system
             + section 5.5.b - telcos & agencies
             + added hint for the tool "diff"
             + added more rest of risc
             + added hint on handy cams
             + added new proxy site
             + added "mcrypt" hint for linux
             + added fuzzy fingerprint hint

  04.07.08 : - v. 1.5.0
             + sec. 8.5) debian live hint
             + sec. 8.5) SD card hint

  16.06.08 : - v. 1.5.0
             + section 5.5.4 - webcam
             + section 5.5.5 - microphone
             + section 5.5.6 - wlan, bluetooth, IR
             + section 7.4 - logging ( important )
             + more info on tempest and antitempest
             + more info about the windows vista firewall
             + ( FREE ) microsoft network monitor tool hint

  1) forword

  This paper is written to show you some security riscs in internet cafes.
  It is written for information and help but not for any illegal activity
  and i am NOT responsible for your doings with this information here. 
  This paper here is NO invitation for hacking crime time. It is up to you
  what you do with informations. The text is written to secure systems and
  can also be used to secure home computers or other networks. A lot in
  this paper here is out of topic but good knowledge.

  Do not wonder if something has changed or does not exist any longer in
  this paper in the future. If sites / links are down in this paper and
  which contain some special programs then just go to a searchengine and
  type in for what you search. Often many other sites or mirrors have that
  for what you search for. This paper is far away from being complete but
  you will find the rest which is missing somewhere else on the internet.
  Many stuff in the paper could have its own section but is mentioned in
  other sections. If you do not understand something in here then please
  use a searchengine and make a research, ask a mailinglist, write down
  your questions in a forum, visit an official chat or ask a human life
  form -- one of these things should help you out.

     ( There is a good paper on the net from ESR by the way that
       can help you to ask your questions in a smart way that many
       people can understand your question and can help you. You
       can read it here directly: 
       "www.catb.org/~esr/faqs/smart-questions.html" )

  Have a nice reading & be blessed. -- ad

  2) introduction

  Many people are using these cafes to send emails, play games, chat with
  friends or to surf in the word wide web (www) while they usually like to
  drink or eat something. They maybe don't always know much about the 
  security riscs there or security riscs in general and many maybe don't
  care about them.

     ( f.e. I talked to a system administrator in an internet
       cafe about this security paper here and he said in a
       comical way that he rather don't want to know nothing
       about the security holes here. )

  Keep on reading if you care about them ( the security holes ) and if you
  maybe want to learn something about security or / and insecurity.

  3) the attackers

  I think in the internet you will find lots of attackers and kinds of
  attacks but in this case we will only turn to three groups ( and two
  kinds of attacks ) wich we will find in- and outside of internet cafes:

   - the operator
   - the user &
   - the hacker

  3.1) the operator

  In many of the internet cafes the operator usually has the control over
  any computer and over any connection from the server to the computer
  which are connected to the network. This means that the operator 
  normally can control everything on the whole network.

  In normal cases he can lock and control all connections of the network,
  look how long you are online and how much you have to pay for your food,
  drinks and surfing time.

  But he could also watch to other things like on which pages you surf and
  how long, in what chatrooms you talk about what and to whom, wich
  textfiles you read, wich keys you hit on the keyboard. The operator
  could sniff some of your private data. This could be one of your
  passwords or what ever you can imagine. With other simple words: your
  input through the keyboard could be ( or is ) a security hole.

  Never trust operators while you don't know them personally good enough.
  But we shouldn't forget that an operator also can be a victim - when an
  user hacks a computer on which he sits and from that he could hack the
  whole network up to the server.

      ( When i say "don't trust them" *doesn't* this mean that
        all administrators or operators are evil - for sure
        they are *not*! This is just a *mental* basic assumption
        for security - and the same applies also to all users. )

  3.2) the user

  The user often plays games like egoshooter, chats over irc, icq, yahoo
  and so on, surfs on some sites on which he is interested, downloads only
  legal files or reads and writes the emails from his account.

  But an user could do illegal things too. He could install some
  downloaded or self programmed security or hacking programs on the
  computer he sits. These programs could be keylogger, sniffer, trojaner,
  rootkits and other spyware.

  With these programs he could spy out some private or sensitive data
  ( like passwords ) from other users or from the operator behind the main
  server. The programs could run for some days, weeks, months or how long 
  ever, maybe till somebody somehow detects them.

  The next time he's physically ( what would be unusual ) or from an other
  computer on the hacked computer in the internet cafe he could send his
  logfiles to him or to another hacked account. These things could do his
  installed programs automaticly, what would be usual.

  People often have weak passwords and use them on different accounts.
  Weak passwords f.e. are the real name, nick name, birthdate, favourite
  color, hobbys and so on cause they are easy to remember. Weak passwords 
  are one of the biggest security holes. But they are easy to remember
  that is why many people choose them too. A strong password could look
  like this: Pohwpautoda -- we just take always the first char from every
  word from: "People often have weak passwords.. ." and so on. And we have
  a strong password. Strong passwords are not to find in any dictionary or
  any other book -- just in your mind. To make it real strong our password
  would look like this: "P0hwp4u70d4" . ( 0 = o, 4 = a, 7 = t )

  Many people don't change their passwords from time to time so others
  could have an easy access to their accounts and to their privacy too.
  You should change your password every month on every account you have or
  every few months. A very good paper about the insecure password issue
  can be found here:

  If you wanna generate a password with a password generator you could use
  my password generator "pan" which is included in my "rarb" ( rar brute
  force for unix / linux - rar password recovery ) package. "Pan" compiles
  under unix, linux and windows. You can download it here:

  "http://packetstormsecurity.org/Crackers/rarb_v_1_0.tar.gz" OR directly
  here: "http://packetstormsecurity.org/UNIX/audit/pan_v_1_0.tar.bz2"
  ( and at all other packetstormsecurity mirrors )

  3.3) the hacker

  The hacker must not have physically access like the user or the
  operator. He could have found the internet cafe network from a scan. So
  he is a bit harder to detect because with no physically access you are
  invisible physically but maybe visible on the network or the computer.
  The hacker probably would hack from another hacked box into the internet
  cafe network but this could also be done by the admin or the user after
  their physically attack. The hacker could do all the things the user and
  the admin could do after their attack. But the hacker would not leave a
  physically trace if the cafe is watched by a (hidden) security cam. So
  some people or the personal of the cafe could not see him too. And he
  wouldn't leave fingerprints and nobody could remember him ( his clothes
  and his face ).

  4) kind of attacks

  This is a paper about security in internet cafes but we won't forget
  that the cafe can be attacked from two sides in two different ways:

   - from inside, physically
   - from outside

  Some attacks could be done through: man in the middle (MIM), brute force
  backdoors, sniffing, spoofing, hijacking, keylogging, code injection,
  stealing, manipulating, DOSs, LKMs (linux kernel modules) and so on.

  4.1) inside attacks

  If the attacker sits inside of the cafe behind a computer - he has a
  directly physically access. He's in deep trouble soon when the server
  monitors all doings and maybe an intrusion detection software on the
  server rings the alarm bells from the operator. Operators in internet
  cafes often have to do jobs like to serve food and drinks for the users
  so he can't control the server not always constantly i think.

  4.1.1) trashing

  Trashing is a well known kind of attack and in that case an inside
  attack. Many people leave sometimes some sensitive data in the trash
  without destroying it before. Mostly some papers with sensitive data on
  it. This could be some bank account information, telephone numbers,
  addresses, names from private contacts, credit card numbers and of
  course more.

  To avoid trashing simply do not let sensitive data in the trash in the
  internet cafe or *destroy* it before in little paper pieces.

  This is all to say here.

  4.2) outside attacks

  An internet cafe could also be hacked from outside from a user or an
  administrator. You don't have to sit inside the cafe to hack it. A good
  configured firewall on a monitoring server could protect you in this
  case. But don't think that you are secure just with a firewall. A
  firewall is no guarantee for a secure network - a firewall is just a
  concept. For a good security on the network could help an intrusion
  detection system.

  I think it's more difficult to detect an attacker from outside of the

  4.2.1) social engineering

  Social engineering you could also call BIO hacking because in this case
  you attack the human brain to enter the system. In our case an attacker
  could call the internet cafe and telling them that he/she is the admin
  of their website or a technical person from their telco. The person can
  try to bring the people who work in the internet cafe to give out some
  sensitive data like their password(s) for whatever reason. ( f.e.:
  "There is a technical problem here and we need access to solve it." )

  But a social engineering attack can also happen over an email. The so
  called "phishing" uses social engineering to bring or force people to
  give out sensitive data like passwords. So how can we avoid SE? Yeah,
  ask the person who calls in for their personal data ( full name, ID,
  company, their boss and so on .. ) and then first make a research or a
  recall to their company ( if it exists ) and if the person is real than
  you can help out. Never give out sensitive information to people who you
  dont know over phone or internet. Also read security sites if a new
  phishing email attack is happening.

  4.2.2) profiling

  An attacker could try to find out as much as he/she can about the
  internet cafe before the person attacks it. The more the person can find
  out about the cafe the more the person knows how to attack it probably,
  that depends on what the person can find out. For example: if there is a
  hole in the website of the cafe to gain access to sensitive data, he
  could also use this information to get access to the computer system
  inside of the cafe or he could just break into the router. (sec. 5.5.7)
  Update your software as often as needed. Make strong passwords and dont
  place sensitive information on the internet.

  But it can also be used to search for physically access to the cafe in
  the night - a break in right. So if the attacker finds out a way to gain
  access to the cafe then he can use it. This could be an open window or
  an insecure door for example. ( sec. 5.5.9 - lock picking ) You can
  protect yourself against this with security cams at night and with
  encryption. (sec. 8.1.1) But also with alarm systems - physical building
  security. ( sec. 5.5.a )

  4.2.3) DOS attacks

  DOS stands for denial of service which means to send many (too many)
  packets to a server until he breaks down. This attack can be used for
  example from a person from another internet cafe because of business or
  competition reasons or just "for fun". Such an attack can happen to
  every computer system and you can protect yourself against it with a
  good configured firewall which drops these packets simply. Botnets can
  do such attacks very well and good because they can have millions of
  system to do such an attack.

  5) tools

  In this section i will point to some security tools and explain how you
  can use them useful. These tools are sniffer, keylogger, scanner and
  trojaner to call just a few of them all. You can also find the download
  link from these tools in the appendant sections.

  You can find lots of more tools on the internet but we can't numerate
  them all - this would blast this paper. ( For more information use a
  searchengine like "http://altavista.com/" or search on some security
  sites. )

  Please use all of these tools only to test, check, configure, control or
  secure *your own* system or network - to find holes in them.

  A good site for security tools is: "http://www.sectools.org" -- a very
  good security site from the same person who made the scanner NMAP:
  fyodor. It is a TOP 100 site with the best security tools, check it out.

  5.1) short declaration

  From section 5.1.1 to section 5.1.4 i will explain some tools ( sniffer,
  keylogger and some spyware tools ) shortly to get a quick but ample
  overview from this tools. We can't go to deep into all possible usings
  of them - it's too much for a paper like this one.

  Read the "man" ( manual ) pages from some or these tools or use
  a $searchengine for more details and information.

  To read the manual from "man" under unix / linux type:

    [root@ ~]# man man

  With this syntax you can read any manual from many programs. You will
  learn a lot from manuals. They are a *must read* for learning something.

  5.1.1) sniffer

  With a sniffer you can filter or manipulate datastreams. You can sniff
  some sensitive data like some IPs, IP packets with source and
  destination IPs, socket addresses, ports, accesspoints, mac addresses,
  hostnames, user IDs, the version of the operating system or from other
  programs, services and also data streams in plaintext ( emails,
  unencrypted passwords ). You could also sniff some data streams from
  outside of the network f.e. with wirelesslan sniffers or sniffers on
  wiretapped phonelines.

  A little data output with the network sniffer "tcpdump" could look like
  this - i sent just a HTTP request to my router over port 80 - my host
  has the IP and the routers IP is - i just show
  you a few packets of all 85:

  [root@ ~]# tcpdump -vv -i eth0
  tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 

  15:55:41.308310 IP (tos 0x0, ttl  64, id 29370, offset 0, flags [DF],
  proto: TCP (6), length: 60) > S,
  cksum 0x48da (correct), 1711505850:1711505850(0) win 5840
  <mss 1460,sackOK,timestamp 389888 0,nop,wscale 5>

  15:55:41.309032 IP (tos 0x0, ttl  64, id 62208, offset 0, flags [DF],
  proto: UDP (17), length: 70) >
  [udp sum ok]  19786+ PTR? (42)

  15:55:41.309255 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF],
  proto: TCP (6), length: 60) > S,
  cksum 0x3a4a (correct), 397488040:397488040(0) ack 1711505851 win 579
  <mss 1460,sackOK,timestamp 23971302 389888,nop,wscale 7>

  15:55:41.309283 IP (tos 0x0, ttl  64, id 29371, offset 0, flags [DF],
  proto: TCP (6), length: 52) > .,
  cksum 0x7eff (correct), 1:1(0) ack 1 win 183
  <nop,nop,timestamp 389888 23971302>
  15:55:41.309349 IP (tos 0x0, ttl  64, id 29372, offset 0, flags [DF],
  proto: TCP (6), length: 487) > P 1:436(435) ack 1 win 183
  <nop,nop,timestamp 389888 23971302>
  15:55:41.311015 IP (tos 0x0, ttl  64, id 59982, offset 0, flags [DF],
  proto: TCP (6), length: 52) > .,
  cksum 0x7dcb (correct), 1:1(0) ack 436 win 54
  <nop,nop,timestamp 23971304 389888>

  15:55:41.353110 IP (tos 0x0, ttl  60, id 32970, offset 0, flags [DF],
  proto: UDP (17), length: 70) >
  [udp sum ok]  19786 NXDomain q: PTR?
  0/0/0 (42)

  15:55:41.353369 IP (tos 0x0, ttl  64, id 62219, offset 0, flags [DF],
  proto: UDP (17), length: 71) >
  [udp sum ok]  43306+ PTR? (43)

  15:55:41.361603 IP (tos 0x0, ttl  64, id 59983, offset 0, flags [DF],
  proto: TCP (6), length: 1500) > .
  1:1449(1448) ack 436 win 54 <nop,nop,timestamp 23971354 389888>


  96 bytes
  85 packets captured
  85 packets received by filter
   0 packets dropped by kernel

  This is a very detailed output and shows the handshake between the
  router ( ) and my machine ( ) .

  5.1.2) keylogger

  With a keylogger, the name says it, you can log every input which comes
  from the keys of the keyboard. Keyloggers often create well formated
  logfiles to give you an excellent output and overview of all typed keys
  ( texts ) and used programs. A keylogger could also log mouseclicks -
  to expand some of all possibilities.

  With the created logfile you could find out passwords, the content of
  emails and much more. It's easy to understand what is possible with
  keyloggers i think. ( To prevent that keyloggers find out your password
  you could use "char selecting" tools but don't forget: *nothing* is 100%
  secure physically so far! )

  A keylogger is often installed as a software but the keylogger can also
  be implemented on your hardware - directly on the keyboard for example
  - a hardware keylogger. ( see section 5.5 )

  5.1.3) spyware

  Spyware could be a trojaner ( also called backdoor ) which listens on a
  port or is completely invisible on the victims system. Backdoors are
  often implemented in replaced and manipulated software packets
  ( installed programs ) by the attacker. Backdoors which just listen on
  an "31337" port are mostly easy to detect with a simple portscan with a

       ( A "modified" version of a program { f.e. email } which
         runs constantly on a well known and *open* port is harder
         to detect - maybe with a SHA1 checksum on the program
         file, with a special packet filter configuration on your
         firewall or with a monitoring tool. )

  With a portscanner you can scan for open ports ( which maybe better
  should be closed ), the version of the running program behind the port
  ( wich could have a bug ) and the version of the operating system or the
  kernel ( wich could have a bug too or twice ) .

  With tracerprograms you can often trace the destination of some other
  people but this won't take much of an effect while the other person uses
  some proxy server or a proxy services.

  In fact, a portscanner and a tracertool is no real spyware but often
  very helpfully to check your system with all your connections.

  5.1.4) wiper

  Wiping tools are very important today for real security. A wiping tool
  makes a secure overwriting of a file, a secure deletion. Normally when
  you delete a file the deletion program only deletes the inode of the
  file and the file is "deleted". But with some recovery tools you can
  easy recover the files which are deleted in this way. So if you wrote
  some important or personal texts an attacker could find your files
  when they are not wiped.

  The standard secure deletion is "Gutmann" wiping - 35 passes /
  overwritings. Many wiping tools have some more features than only
  deleting a file. You can wipe the RAM with them, the SWAP space and also
  unused discspace. Delete your personal files only with wiping / secure
  deletion tools otherwise you can be hit by an attack. Attackers can do a
  lot with personal information.
  You need a 35 times overwriting when you wanna avoid data recovery with
  high tech equipment which costs a lot of money. So yes, you could
  recover data from swapspace, unused discspace and RAM too.

  Look at this very simple example now. We copy the complete RAM into a
  file and then look for our password with which we logged ourself in on
  the system. "/dev/mem" is an interface ( unix / linux ) to the pysical
  memory of the computer. ( "man mem" - for more information )

    [root@ ~]# cat /dev/mem | grep Pohwpautoda
    Binary file (standard input) matches

     ( The password is not only inside the RAM because we entered
       the password to log in, we entered it two times - the second
       time is behind "grep" . )
  So we can see our password ( changed for this example but real tested )
  was in our memory. This means a RAM wiper is a good tool against a
  memory attack. "smem" from THC - a very good [TH]Choice here.

  To get some more info about your memory under linux you can type into
  your shell:

    [root@ ~]# cat /proc/meminfo
    MemTotal:       773872 kB
    MemFree:        581684 kB
    Buffers:         11380 kB
    Cached:         100048 kB
    SwapCached:          0 kB
    Active:         117504 kB
    Inactive:        55096 kB
    HighTotal:           0 kB
    HighFree:            0 kB
    LowTotal:       773872 kB
    LowFree:        581684 kB
    SwapTotal:           0 kB
    SwapFree:            0 kB
    Dirty:               0 kB
    Writeback:           0 kB
    AnonPages:       61180 kB
    Mapped:          42088 kB
    Slab:            10552 kB
    SReclaimable:     4924 kB
    SUnreclaim:       5628 kB
    PageTables:       1084 kB
    NFS_Unstable:        0 kB
    Bounce:              0 kB
    CommitLimit:    386936 kB
    Committed_AS:   167428 kB
    VmallocTotal:   245752 kB
    VmallocUsed:      7104 kB
    VmallocChunk:   238448 kB
    HugePages_Total:     0
    HugePages_Free:      0
    HugePages_Rsvd:      0
    Hugepagesize:     4096 kB

  There is many more stuff to explore in "/proc/" about your hardware.

  5.1.5) network monitor

  A network monitor, the name says it, is there to have an eye on your
  actual network and/or internet connections. This tool is like a sniffer
  but not hidden and not for manipulating data streams. There are network
  monitors for X-servers so with GUI and there are also ones just for your
  terminal. They are often easy to use and to configure, mostly they have
  a logging option too and many options for a personal monitoring, so you
  can monitor what you want to monitor. These tools are a *must* i would
  say for a good security concept and a good defense.

  5.1.6) firewall
  With a firewall you can manage and control your traffic. You can block
  unwanted IPs or websites, DOSs, ping requests, scans and of course any
  packet you want if you want and if your firewall has the ability to do
  this. You can configure it to control inbound and outbound traffic. It
  is there to protect you from evil packets or evil IP sources. You can
  set your firewall up to protect your email service against spam and so
  on. You have a firewall to avoid an attack.

  5.2) windows

  You can find this operating system ( OS ) up to >50% in each internet
  cafe i think because many people are using it and it's easy to learn and
  to operate with - specially for beginners. Many of the games they play
  run under windows. Just a click here and a click there and everything is
  running fine and fast.

  Old windows systems are not so secure because if an attacker has access
  to a windows machine he can do everything he want. You don't have real
  security with  windows in my lowly and honest opinion. Windows is
  *closed* source and you don't find any sourcecodes from it on the
  internet for free. Closed source means obscurity for security - no
  secure solution but this doesn't mean that windows is completely evil.

  A securer solution for windows could be the use of windows NT, or not?
  Cause here you have admin and user accounts and you can configure more
  than the old windows systems and it has more security features than the
  old versions. Some people use old windows systems today. Windows runs
  not so stable like unix or linux.

  Nevertheless it is a *nice*, fast and great multimedia and gaming
  system - when it runs stable. My experience with VISTA is: that it runs
  very stable and fast after i deleted Norton Internet Security - i had
  the same problems with Norton Internet Security in Windows XP by the
  way. This software was automatic installed with Windows VISTA.

   INFO: Since windows XP microsoft by the way has a good connection
         to the NSA and other "anonymous" agencies ( microsoft will not
         mention them for whatever reason ) . NSA and the "other ones"
         helped microsoft with the security of their OS ( operating
         system ). NSA also helped building the security of windows
         vista. In a software driver in windows NT4, called
         "advapi.dll", there was founded two keys for access. One key
         is called "NSAKEY". And no, this is NO conspiracy, i read
         this on a site from a very well known security expert: Bruce
         Schneier. Here is the link:

  For history knowledge: Bill Gates toke, in the beginning days of
  microsoft, the code for "windows" from apple. And apple before toke it
  from xerox, so the code for the graphic operating system. [...] So you
  can see that money is ONE thing what makes this world go around.

  A free windows is React OS and can be downloaded at:
  "http://www.reactos.org" . But it do not run on every system at moment.

  5.2.1) sniffer

  a wireless lan sniffer

   - "http://www.ethereal.com/"

  5.2.2) keylogger

  a simple but good keylogger written in python

   - "http://pykeylogger.sf.net/"

  5.2.3) spyware

  a WEP cracking tool for wirelesslan

   - "http://airsnort.shmoo.com/"

  5.2.4) wiper

  windows wiping tool

   - "http://www.heidi.ie/eraser/"

  5.2.5) network monitor

  probably one of the best network monitors for windows

   - "http://www.wireshark.org/"

   ( But microsoft has also its own network monitor tool, called MS 
     network monitor - it is like wireshark i would say, many functions,
     all details you need and it is completely FREE - it is very good
     software. Nice. )

  5.2.6) firewall

  windows NT (XP, Vista etc.) has a build in firewall, you can configure
  this piece of software but i do not know how good and secure this
  firewall is - if you want another (desktop) firewall for windows then
  make a research and search for yourself:

   - "$searchengine"

  UPDATE: After i made a little research i found out that this firewall
  is not that bad. For example: you can block ALL incoming packets and
  connections with which you didn't made a connection from the inside of
  your system; you can completely disable IPv6; logging and much more.

  Desktopfirewalls by the way are not so secure, also because they are
  an extra piece of software which can be buggy.

  OR buy a LINUX or UNIX router and configure this piece of hardware
  as your windows firewall. You can also build a router and then you
  should put OpenBSD on it because it is very secure. You could use an
  old computer as a selfmade firewall.

  When you have a DSL internet connection then your router could have
  enabled the option that he his online all time after you started your
  internet connection. Turn this option OFF. Enable automatic disconnect
  when no packets are traveling through the router in the internet.
  If you can set this timeout to 1 ( ONE ) second. The more you are
  connected to the internet the more you have the risc to be hacked - so
  why not disconnect when you do not need the connection?

  A very good firewall for windows is WIPFW, ported from *BSD/UNIX to
  windows. ( www.wipfw.sf.net ) This firewall is no desktop firewall, it
  is working together with the kernel. Nice work.

  5.3) linux

  LINUX is an opensource operating system. Many of the linux and unix
  systems are completely for free. If you have never worked with a linux
  system then it could be a bit difficult to use but easy to learn if you
  really want to learn it.

  You can get some *free* operating systems like gentoo, freebsd and so
  on at: "http://www.distrowatch.com/" . I also can recommend the debian
  distribution knoppix from K. Knopper which is based on linux. You can
  find it here: "http://www.knopper.net/" . Knoppix is good for experts
  and also for beginners.

  If you want to control everthing on a linux or unix system you must have
  super user rights - also called "root". You can't do everything without
  "root" , f.e. if you want to create a new userprofile on your computer.

  If you wanna use your unix/linux tools under windows you can install
  "http://cygwin.com/" - a Gnu/Linux environment - it is very nice.

  Some good docs and handbooks for debian can be found here:

  A very good resource for linux howtos and manuals is:
  "http://www.tldp.org/ .

  5.3.1) sniffer

  a network sniffer

   - "http://www.tcpdump.org/"

  5.3.2) keylogger

  a kernel keylogger by rd

   - vlogger <FROM> "THC" (The Hackers Choice)

    { This program is now offline at thc.org because a
      new german law is now out which forbids security
      tools ( also known as security by obscurity or
      better: security by forbidding knowledge .. ) - 
      if you want it then search the net and you will
      find it. } ( UPDATE: THC has now 2 servers, it is
      online again there .. )

  5.3.3) spyware

  an invisible backdoor client by fx

   - "cd00r.c" <at> "http://www.phenoelit-us.org/"

  a *very good* portscanner by fyodor:

   - "http://www.insecure.org/nmap/"

  5.3.4) wiper

  probably the best linux wiper by vh

   - "secure deletion" <at> "http://thc.org/" wip source code

  "Wip" is a small unix / linux shell wiper which i wrote. Here is the
  source code for using, learning or modifying:

# wip 1.3 - unix / linux small shell wipe tool
# by ad - 05.02.09
# The program overwrites a file for x times with
# random signs from /dev/urandom, then sets it to
# zero with /dev/null, renames and finally removes
# it.
# Tested on a DSL system ( i686 2.4.26 )
# Usage: ./wip.sh [file] <number>
#    or: ./wip.sh [file] - 35 rounds standard (secure)
# Update:
# 05.02.09 - /dev/zero makes a 2. wipe every row
# 17.03.08 - corrected file changing before deletion
# help screen if not enough input
if [ $# -lt 1 ]; then
      echo "wip 1.3 - small unix shell wiper"
      echo "by ad - 2009"
      echo -e "\t""use: $0 [file] [number]"
      echo -e "\t""or: $0 [file] (35 rounds)"
      exit 1
# the file we wanna wipe
# check the file
if [ ! -f "$file" -o ! -r "$file" ]; then
      echo " can't find "$file""
      exit 1
# we enter our own number
if [ $# -gt 1 ]; then
      # we use our input
# we user standard 35 rounds
if [ $# -lt 2 ]; then
# size of the file
length=`wc $1 | awk '{print $3}'`
# file size / 512 blocksize for counts
x=`expr $length / 512`
# if the file is smaller than 512 bytes
if [ $x -lt 1 ]; then
      # one count
# count + 1 count more
x=`expr $x + 1`
# we begnin with 0
# some info
echo "wiping $file"
# the wiping
while [ $a -lt $b ]; do
      # write from urandom to our file x times
      `dd if=/dev/urandom of=$file count=$x 2>/dev/null`
      # write from zero to our file x times
      `dd if=/dev/zero of=$file count=$x 2>/dev/null`
      # doing a sync
      # the round counter
      a=`expr $a + 1`
      # some output
      echo -en $a times wiped '\r'
# some info
echo "set $file to zero length"
# we set the file to zero with /dev/null
`dd if=/dev/null of=$file count=$x 2>/dev/null`
# some info
echo "renaming and removing $file"
# renaming the file
mv -f $file 0a1b0c1d0e; mv -f 0a1b0c1d0e 1e0d1c0b1a
# removing the file
rm -f 1e0d1c0b1a 
# last info
echo "done"
# exit
exit 0

  5.3.5) network monitor

  try this syntax in your terminal and get a *good* terminal network
  monitor, called trafshow:

    [root@ ~]# apt-get install trafshow

  5.3.6) firewall
  a good linux firewall

   - "http://freshmeat.net/projects/guarddog/" OR the better one is
     "iptables" which is a standard linux firewall and which is very
     complex to configure with detailed options. Project site is
     "http://www.iptables.org/" . It is a very good firewall.

  Here is a little a example, we just have one source IP which can
  access our machine from one port and one destination IP. The source
  IP is the IP from our machine ( ) and the destination
  IP is a proxy on port 80 to have in- and outside HTTP conntections for
  surfing in the internet. So over this one IP we can enter all other
  IPs / websites and we just have to allow ONE IP access to our system.
  ALL other packets which wanna leave or enter your machine are rejected.

  Here is the shellscript "fw.sh" :

# your local IP
# allowed IPs

# clean everything
iptables -X
iptables -F

echo "enabling firewall.."
echo "using proxy: $IP"

# our rules
iptables -A INPUT -s $IP -d $LIP -p tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -d $IP -s $LIP -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s $IP -d $LIP -m state --state \
iptables -A OUTPUT -d $IP -s $LIP -m state --state \

# we block all other stuff
iptables -A OUTPUT -p all -j LOG
iptables -A INPUT -p all -j LOG
iptables -A OUTPUT -p all -j REJECT
iptables -A INPUT -p all -j REJECT
iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j LOG
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j LOG
iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j REJECT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j REJECT


  Find a good HTTP proxy IP, put it behind "IP", change the local IP
  "LIP" to your own one, set the file where the lines are to "chmod 777",
  copy it to "/bin/" and run it. Enter your proxy IP into your web
  browser and surf. This is all. You must have root to do that. If you
  wanna DISABLE to firewall use: "iptables -F" in your shell with root.

  This here is just an EXAMPLE how a firewall could look like. This is a
  very pesonal issue. This example like said is just for surfing over a
  proxy - all other IPs from outside and inside are rejected. This
  ruleset ist just functioning with a proxy IP _NOT_ a proxy HOST because
  we blocked UDP.

  Also a very good paper for securing your linux/debian is:
  "http://debian.org/doc/manuals/securing-debian-howto/" - GREAT!

  5.4) unix

  UNIX is nearly like linux. But unix was created at first from both. I
  would say it is more stable and faster than linux but this oppinion is
  only from my own experiences with unix. There are three main operating
  systems of unix: FreeBSD, OpenBSD and NetBSD. All three are very secure
  and stable. These BSDs you can get from "http://www.freebsd.org/" &&
  "http://www.netbsd.org/" && "http://www.openbsd.org/" .

  Unix by the way was build by hackers and also the internet was build
  by hackers because they invented the sockets. ( "man socket" ) The
  first net was build by the government / military called ARPAnet.
  ( "http://www.darpa.mil" ) It was a pure military project. Then it was
  splitted into milnet ( military network) and the internet.

  The FreeBSD handbook can be found here for example:

  5.4.1) sniffer

  a ssl sniffer

   - "http://crypto.stanford.edu/~eujin/sslsniffer/"

  5.4.2) keylogger

  unix terminal keylogger

   - "script" <at> FreeBSD [at] "/usr/src/usr.bin/script"

  5.4.3) spyware

  portscanner (hackers network swiss army knife) - by hobbit

   - "ftp://coast.cs.purdue.edu/pub/tools/unix/netutils/netcat/"

  5.4.4) wiper

  file and block device wiper

   - "http://wipe.sourceforge.net"

  5.4.5) network monitor

  a very good network monitor for a unix terminal is IPtraf:

   - "http://www.iptraf.seul.org/"

  5.4.6) firewall

  a very good firewall for FreeBSD is "IPFW" - this firewall comes with
  FreeBSD and here is the link to the manual page of it:

   - "http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html"

  5.5) hardware

  You can not only spy with software on a computer system. There are much
  more ways to watch. There could be a mini hardware keylogger installed
  into your keyboard or your computer or a small hardware network sniffer
  on your computer hardware. This kind of spying is not detectable about
  the normal way - so impossible to detect over normal software. A
  hardware keylogger f.e. is very small, this device could be plugged
  between your keyboard and your normal keyboard PS2 or USB ports. It
  could look like this:

                               |       1) keyboard
     |    2   .------.-----.---|       2) cable
   1 |=//=====|   3  |  4  | 5 | 6     3) keyboard USB/PS2 plug
     |        "------"-----"---|       4) hardware keylogger
                               |       5) USB/PS2 port
                                       6) computer

  One of the most high developed hardware spying systems is called
  "tempest". It can detect the radiation of your monitor lots of meters
  away - so the spy can see about this way what is on your screen, what
  you write and so on. There is software on the net which shows you how
  tempest is working. It simply generates visual black and white patterns
  on your screen and you can hear them by turning on your radio, yes that
  is right.

  An other high developed spying system is by the way "echelon". It grabs
  all data which goes over the internet, over phonelines and handys. They
  are searching the datastreams with a kind of patternscanning so special
  words. Otherwise it is hard to scan the *big* datastream which goes
  around every day. I think you can imagine what size of logfiles all this
  data can cause.

  Search the internet if you wanna know more or less about these projects,
  this kind of stuff is too much for a paper like this. Here is one link:

  5.5.1) antitempest

  Antitempest is simply said some hardware to protect your computer from
  tempest attacks. Tempest attacks can come from agencies like NSA(.gov)
  probably. The german government is using antitempest hardware for
  example in their SINA boxes, which are hardware boxes to build secure
  networks. Antitempest hardware is not so cheap and you need good
  technical knowledge too to use or build such hardware. For example you
  can buy a special kind of glass which protects your screen from
  tempest attacks.

  5.5.2) GSM & GPS tracking

  If you wanna write anonymous email for whatever reason while you use an
  internet cafe you should/can turn OFF your handy / mobile phone. While
  it is on you can track it very good with GSM because the base station
  which is inside your GSM network can always see where you are. GPS is
  much better with tracking. ( GPS = Global Positioning System ; GSM =
  Global System for Mobile communication ) You are moving inside of cells
  when you are moving inside of the GSM network. In every cell you have
  a position which can be seen. Many GSM information can be found on the
  site of the security group 9x: "http://www.9x.tc/" .

  GSM by the way is cracked by THC[.org] : "http://wiki.thc.org/gsm" - so
  it is no longer secure and it was not so secure because it was cracked
  in another way from a security guy before named Elad Barkan.

  Mobile phones by the way can cause CANCER. ( you should make a research
  on that topic - it's very serious ) You can get cancer in your brain or
  in your eye for example because of the strong radiation _!_

  5.5.3) dmesg

  To get many detailed hardware information about your computer, server or
  on your router if it runs linux or unix, you can do a "dmesg" in your
  favourite unix or linux shell [my favourite is bash. ( "man bash")] On a
  linux machine with "knoppix 2.6.19" a "dmesg" could look like this:

  [root@ ~]# dmesg
  Linux version 2.6.19 (root@Knoppix) (gcc version 4.1.2 20061028
  (prerelease) (Debian 4.1.1-19)) #7 SMP PREEMPT Sun Dec 17
  22:01:07 CET 2006
  BIOS-provided physical RAM map:
  BIOS-e820: 0000000000000000 - 000000000009dc00 (usable)
  BIOS-e820: 000000000009dc00 - 00000000000a0000 (reserved)
  BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
  BIOS-e820: 0000000000100000 - 000000002fee0000 (usable)
  BIOS-e820: 000000002fee0000 - 000000002fee6000 (ACPI data)
  BIOS-e820: 000000002fee6000 - 000000002ff00000 (ACPI NVS)
  BIOS-e820: 000000002ff00000 - 0000000040000000 (reserved)
  BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
  BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
  BIOS-e820: 00000000fff00000 - 0000000100000000 (reserved)
  0MB HIGHMEM available.
  766MB LOWMEM available.
  found SMP MP-table at 000f8d90
  Entering add_active_range(0, 0, 196320) 0 entries of 256 used
  Zone PFN ranges:
    DMA             0 ->     4096
    Normal       4096 ->   196320
    HighMem    196320 ->   196320
  early_node_map[1] active PFN ranges
    0:        0 ->   196320
  On node 0 totalpages: 196320
    DMA zone: 32 pages used for memmap
    DMA zone: 0 pages reserved
    DMA zone: 4064 pages, LIFO batch:0
    Normal zone: 1501 pages used for memmap
    Normal zone: 190723 pages, LIFO batch:31
    HighMem zone: 0 pages used for memmap


  Linux agpgart interface v0.101 (c) Dave Jones
  NET: Registered protocol family 10
  lo: Disabled Privacy Extensions
  Mobile IPv6
  [drm] Initialized drm 1.0.1 20051102
  eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
  eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
  eth0: no IPv6 routers present
  device eth0 entered promiscuous mode

  You see, lots of interesting info. The last line by the way shows us
  that my device eth0 is using promiscuous mode now. This is because of
  the use of "tcpdump" before. The device has to go into this mode before
  the sniffer/network monitor "tcpdump" ( section 5.3.1 ) can listen on a
  device. There are many ways to hide that this mode is enabled - with
  LKMs ( linux kernel modules ) for example or with rootkits.

  5.5.4) webcam

  If you have a webcam but you don't use it then, if you can, pull the
  plug from this webcam. Also if you use it then pull the plug from it
  while it is not in use. Or just simply turn it on a wall so that it is
  not pointing into your room or point it on whatever object. If you have
  a buildin webcam in your laptop for example then please make a little
  piece of paper before the lense. We should do all this because if 
  someone you don't know is on your computer he could enable your webcam
  and making screenshots or a little movie and watching it. I think you
  can imagine what all can happen with this kind of attack.

  5.5.5) microphone

  It is nearly like with the webcam but here it is not video here it is
  audio. So while you don't use it turn your microphone OFF. If you never
  use it then deinstall your microphone software and/or disable it. If you
  use linux or unix and you don't need a microphone then don't install
  one. An attacker could install software which is listening to the audio
  input from your room or from you behind the computer.

  5.5.6) wlan, bluetooth, IR

  If your computer contains hardware devices like wireless lan (cards)
  ( WLAN ), bluetooth, infra red ( IR ) and you don't use them then TURN
  them _OFF_. These devices could provide access over the air to your
  computer system when they are enabled. ( same for palms and other hand
  devices { cellphones} )

  If you use them then use them with strong encryption only. Specially
  when you use them for internet access. WLAN, bluetooth and IR sniffers
  exist so it is not that difficult to use such software to sniff on such
  networks. The point is: if you don't use them: turn them _OFF_.

  By the way: many people are making photos with their cell phones because
  today they include little cameras to make movies and photos. Many people
  are deleting their pictures and selling their phone or give it to
  another person for free. These photos are not deleted because only the
  inode of the file is deleted which is the place number where your file
  / data is stored, it is an address. Thus you can recover these pictures
  and photos which can be very private with special soft- or hardware. To
  delete them secure you can put your hands over the lense while making
  photos until the space of the handy is full. Then you delete all the
  pictures and make it again for a few times. Then it is not possible to
  recover them again with software. See section: 5.1.4 and make your own
  decisions. You can also recover SMS files with software , so try to wipe
  your whole space or program a wiper for a cell phone or search for some
  software which can do this. Again: cellphones can cause brain cancer and
  eye cancer - dont use these devices anymore and research that issue and
  make other people aware of it.

  5.5.7) router

  The router in the internet cafe and on any system can also be a system
  in which a break in can happen. A router is also a little computer but
  in many cases without a graphic card, depends how you like it. If an
  attacker has access to the router he could sniff on everything which is
  not encrypted. So the router also needs a strong security and not only
  the computer(s) ( inside the internet cafe / network ). It is a bit
  harder in a lot of case to make updates of router system and because of
  this a router also when he has a firewall option can be a big security
  hole on the network. A router is the machine what connects your computer
  to your ISP - it is the access point to the internet.

  5.5.8) wiretapping

  Wiretapping can also happen on some random computer systems and also in
  internet cafes for whatever reason. But it can also happen on places
  where you dont have access to the machines and maybe where you would not
  expect it. Some random server on the internet or ISPs can be hacked and
  there somebody can listen to all traffic which goes through the line and
  of course can log it, share it, sell it and use it for whatever. Here,
  only a strong encryption can help like the service TOR. In most cases
  some special hardware is used for wiretapping - a hardware sniffer on a

  5.5.9) lock picking

  The kensington lock for a laptop by the way is not secure. Some hackers
  show a video how it is easy to open. Guess how ? With just some
  paperboard they opened the lock. So dont buy a kensington lock for your
  laptop - pay attention if needed with your brain - this is more secure.

  Lock picking can also be used to break in into an internet cafe at night
  to steal data or to manipulate the system. Again a security cam could
  solve this security hole. ISPs can also be under attack with this and it
  already happened. A strong complete harddrive encryption will also help.
  Lock picking is the use of some steel picklocks or metal baton to open
  the lock without the key. This can also be helpfull if your key ever
  will be lost.

  5.5.a) alarm system

  You can also install an alarm system into your house or into your
  internet cafe to prevent attackers from breaking into it. You could
  build one for yourself which makes a loud noise when the door opens or
  which just shows you hidden that somebody entered the house/room which
  should not have access. The alarm system could also raise a hidden cam
  to film the whole breakin and make a call or send an email to you.
  The alarm system of course depends on your needs so there is not much to
  say here. ( there are system for windows, doors, some are detecting the
  heat of the body, some have lasers .. and so on .. )

  5.5.b) telcos & agencies

  Yeah. We should not forget the ones who offer the internet service and
  the ones who are often in business with the ones who offer the service.
  Our telcos and our government angencies. We saw it with the case of AT&T
  and the NSA ( www.nsa.gov ). The NSA had wiretapped AT&T and AT&T had no
  problem with this. So can you trust your telcos ? Of course we cant
  trust them because we dont know them personally and we saw that they
  abuse these services to spy on people.

  So every URL, every email, every IP, every content, every chat, every
  post you make and so on can be seen by these people. And they did it.
  And they will do it again and again for sure.

  5.5.c) RFID protection

  RFID is coming more and more into our lifes. People are already forced
  to take RFID in their passports. But today the security of RFID is very
  low and broken already. Anybody who has a RFID reader can read out your
  data from a low distance away. With this it is easy to track people or
  to steal or manipulate their data on the RFID chip.

  For a bit security you can build yourself a RFID protection wallet for
  your passport and so on. This is easy done. You just need some aluminium
  foil, 15-25 layers of it, for the front and the back of your wallet that
  it will cover the whole wallet. Just put it into some places inside of
  the wallet which you dont use and where dont see it maybe. But you can
  also make or build a RFID secure wallet from the ground up or buy one if
  you wanna waste some money.

  With this the RFID signals, because they are very low, can not go
  through these aluminium layers - so nobody can steal or manipulate your
  data and nobody can track you of course.

  5.5.d) ad spying

  On many websites you will find many ads, sadly. Ads are also little
  spies because every ad on the website will make connection to the
  company when you just open the site, you dont have to click on it. So if
  you search on a website and browse through the sites of the website and
  the website contains many evil google ads for example then google knows
  on what site you are surfing and on what pages you surf. If the website
  also has a search function then google could know also for what you
  searched because of the results and the special ads which pops up.

  You can block ads by disabling JAVA script and images. Or you can
  install a special software which blocks the ads.

  5.5.e) data mining

  Data mining is a very serious issue. If your telco for example "just"
  stores the time and the date when you were online and how long you were
  online maybe you think that this is no big issue. But your email service
  provider for example is storing with who you write emails and when you
  access your email account. Both are storing your IP of course too. And
  then we have a search engine like google which is collecting everything
  it can get: your searches, what sites you surf through ads and clicks in
  the search results, what videos you watch, your favourite street view
  route, your favourite maps route, the content of your emails ( google
  scans your emails "for personal ads" ) and much more.

  We can also add some services like myspace, ICQ and facebook which are
  making big user profiles and myspace also scans the whole content of
  _everything_ on its site ( private profiles and private messages
  included - they have also a tool to scan every for keywords ). They sell
  your personal data by the way and collect it for how long they want.
  Some more services can be: amazon, ebay and so on.

  And your telco could also collect the sites / hosts / IPs you have
  visited. ( NSA + AT&T ) Email provider have also access to the content
  of your email and yahoo for example makes copies of every email you
  write and receive and stores it somewhere else. ( "just for the case
  that you delete it by chance" ) And if you want them to delete your
  stuff because you "delete" your account then they can also "just" deny
  your account and "can" keep your personal stuff for how long they want.
  What i told you here i have directly from their sites.

       !                                                      !
       ! Read the policy on every site you are and from every !
       ! service you use - you will be surprised how you are  !
       ! being sold, watched, your data is stored forever and !
       ! your privacy rights are violated to zero.            !
       !                                                      !

  Then we have services which offer you GPS - in your car for example.
  Your cell phone connections are recorded too - to who you talk and how
  long and from which position. ( SMS and MMS of course too ) If your
  cell phone has GPS they can track you even more easy but with GSM only
  they can also track your route. If you have RFID in your passport, in
  your clothes or where ever then they can also track you. If you pay with
  your digital cash card they can track you too. The highway is being
  tracked with cameras already.

  Now think about a company who has access to all of these websites and
  services and to their stored data. They can create a detailed profile of
  you. One service alone maybe is not that dangerous to your privacy. But
  you have to see the whole picture - the whole global spy grid - if you
  make the connections and if you connect the dots then you see the whole
  dimension of privacy intrusion and surveillance. But these serives will
  not come into your life like "hey we also spy on you" - no. They come in
  a "good shining way" (or try) like "you need us", "you want us",
  "everybody is using us", "people from today using us", "hey, how are you
  feeling today?". They all do it for money man like bitches do it - and
  they cant get enough from that. They also try to keep you online for
  their nasty businesses - i really have read some sick statements on such
  sites directly from them.

  People who can have access to your data can be:

    - agencies ; the government ; police ; military
    - industrial companies
    - criminals ; intruders
    - the people behind the services & technics
    - industrial espionage people
    - script using lamers
    - worms ; botnets ; viruses
    - and so on ..

  And there is also a technology which calls itself "face scanning". This
  system can track you with cameras which try to recognize your face with
  the help of software and your biometric face data which you have to give
  away when you want a new passport. The more cameras are installed which
  can append such software the more they could track you with this system.

  Now think about such a system makes a false positive and a normal person
  who is innocent is coming under suspicion. ( false positive is when the
  system thinks it has success but in reality it is an error )

  Even if you use one proxy or more - with data mining they can find out
  who had access to what kind of server. To me this all looks like a big
  spy grid, the biggest one ever created - a global / worldwide spy grid.

  Strong anonymity and encryption (and maybe disinfo) are the only ways to
  avoid data mining. Or you avoid services which you really dont need.

  I wanna close this section with a statement from the evil google spies:

     "We are moving to a google that knows more about you." -- Google

  5.6) search engines

  Now this is a special section but also a mention worth. Search engines
  are no real spies but they collect your data and many wanna try to find
  out who you are, what you do, where you live, how you live and so on. So
  in other word: they try to find out all about you what they can and
  collect this data. Search engines are helpfully but when they become a
  kind of spy is this not ok i would say.

  So what can we do against this ? We can disable their cookies in our
  browser at first and do not accept cookies from them. Cookies tell the
  site from where they come a lot about where you surfed and how you had
  surfed. Many of them have a lifetime of many years and if you do not
  delete them they can collect your privacy from lots of years with all
  used search words and sites you entered. We can also surf with proxy
  and a webfilter to hide our IP and our OS ( operating system ).

  We can also enter words in the search engine for which we really don`t
  wanna search for. So if you have a cat at home then enter the word "dog"
  and so on. So with every search you can enter some "false information"
  about you or whatever. Some random input is also nice like 123 or abc.

  When you have your search results then just copy the link from the site
  into another browser window, so do not click on one link. With this they
  can not know what you have clicked. So the whole search with this here
  for them probably looks useless. To do this is your right and it is
  nothing what is wrong. Some people are building now sites to make a
  profile from _every_ people in the world (sick!). One of this sites is
  "www.spock.com" - this is called "profiling" / personal data collecting.

  Such services could also be used as an attack for / with disinformation.

  By the way: an ex agent from the CIA (Robert David Steele) said that
  google has a good connection with the CIA and that the CIA helped google
  with money.
  Now Google has a new policy and there they say that they can delete and
  censor some stuff if it is something for example that the government do
  not like. Of course, they deleted many stuff.

  A good site about google is: "http://www.google-watch.org" - there you
  can read that google aquired the company "keyhole" which is part of a
  telco which was financed by the CIA. Also: there is a job ad from google
  where they searched for a person for a job for their search products but
  only a person with government TOP SECRET security clearance could get
  this job. It is a very interesting site and a must see i would say if
  you care for your privacy. The company "keyhole" made the pictures of
  google maps. In google maps you can also find "area 51" if you type it
  in then you will become the pictures of "AREA 51 - nevada test side".

  Here is a site to search secure or / and anonymous:

   - "https://ssl.scroogle.org"
   - "http://www.thereferer.com/"

  5.6.1) aisi

  Here is a new software tool which i coded. It is called AISI which
  means: "Anonymous Independent Searching the Internet" or "As I See It".
  The program is basic said your own search bot, you can give it an IP
  range, an option what kind of search you wanna make and if the program
  has to log everything or if it also has to download every stuff it will
  find, and you can give it a "keyword" - this keyword you can use for
  URL scan or webscan. This program needs no search engines - it will
  make an independent internet search.
  Some searchengines are censoring some websites and some websites are
  blocking searchengine bots that they can not include their site in their
  archive. This program here will find them nevertheless.
  Here is a small example for the use of aisi, this example is for a
  websearch with the keyword "ufo", the program will download every site
  which contains our keyword "ufo" with option "-W":

    [user@ ~]# python aisi.py -W "ufo"

  The program will create a logfile and will log every site which contains
  our keyword "ufo" and because of option "-W" it will also download every
  HTML index.* from the site too. If we had only used option "-w" ( lower
  case ) the program had just logged every site but no HTML download. The
  search will performed inside of your computer so no keywords will be
  transmitted over the internet - so nobody can see for what you search.
  For websearch / webscan you can also use a proxy - proxy function is
  included in the program.

  It is the same with URL scan. We give an IP range, an option ( download
  HTML content or not ( uppercase means YES ) ) and one or some keywords.
  The program will then try to get the hostname from the IP and then it
  will look in the hostname if our keyword is inside the URL / hostname.
  So if we search again for the keyword "ufo" and the program will find a
  hostname like "www.ufo-secrets.com" - it will log the IP and hostname to
  a TXT logfile and with option "-U" it will also download the index.*.

  Like said the program contains also an IP range scanner and a proxy
  scanner too. Every function comes with DETAILED logging entries and
  with detailed logging TXT file names and HTML download files. Logging

  The program is written in python ( 2.5.1 ) and runs on every OS which
  can run python. For more information and details read the manual / NFO
  file of the program. Proxy support is only for web scanning.

  Here is the link to download the program:

  Warning, this version of aisi is very buggy and i am writing a complete
  new version from the ground up, using httplib instead of building
  sockets. Can be downloaded on packetstorm when it is ready of course.

  5.6.2) disinfo

  Like discussed in section 5.6, with the help of false information for
  the searchengine we can do something for our privacy. If a site or in
  that case a searchengine would ever try to make a profile of you then
  they would fail because your profile contains lots of stuff which is
  disinfo and/or is the totally opposite of other stuff included - so
  there are two totally different sorts of information. I think disinfo is
  a great digital selfdefense in that case because searchengines are
  becoming more and more information of you and others with every use. The
  more years pass by and the more you and others use them without
  protection the more they could know about you and others. Again: never
  click on the link you want/need in the search results, just make copy
  and paste. Dont give them your privavy.

  The simple concept of that defense is:

   1) - enter for what you search or enter the opposite for what
        you search or just some bogus stuff
   2) - enter the opposite for what you search or bogus stuff or
        enter for what you really search
   3) - copy out your needed link(s) and paste them into another
        window - dont click on the results you need, instead click
        on the stuff what you not need and what is disinfo
   4) - enter some more disinfo
   5) - make your friends and family aware of the problems with
        searchengines - believe me: it is very serious!

  Spying and profiling is easy with the help of searchengines and telcos -
  the sites you visit and the search terms - this is so much information
  and technically this is really no big deal, it is easy done, really.

  Without encryption and anonymity you are not secure on the internet and
  the more you give to the internet without encryption and anonymity the
  more insecure is your privacy if you care for it or not.

  5.6.3) searchengine hacking

  This is a very serious issue because search engines can find lots of
  information which should not be public and also lots of security holes.
  As an example: if you enter $username:$password into a searchengine then
  it is highly possible that a passwordlist will show up. Other cases can
  be "bash_history", "config.php", $software version x, "chat.log",
  "irc.log", "icq.log", "/etc/passwd", an $email_address - and so on.

  Just keep in mind: you can search for _everything_ you can imagine which
  is there in other systems. In most cases it is a file or some content of
  a file. The file can be from *any* software and the content can be from
  any file. Now think about how much is possible with this attack. You can
  even let a searchengine do a brute force attack on a login for you, yes
  that is possible, to try passwords with a username.

  There is a huge database about google hacking on the internet which is a
  must read for that topic. The website for this database is:

  6) how to use the tools

  From section 6.1 to section 6.3 i will explain how you can use these
  tools and in which ways you could do that. The content of the sections
  is about configuration, control and security.

  For sure, there are much more ways and ideas to secure a system with
  these and other tools but i cede this to your creative brain because
  this paper is *no* detailed security howto - it's just a *short* and
  smart overview of a possible concept - written for curious, interested
  security novices.

  6.1) configuration

  You can use these tools for a better configuration of you hardware and
  software. At first you have to check your system and network for known
  and maybe unknown security holes. Close all useless ports ( services and
  demons ) which you don't need on your system as a first simple security

  Try to break the security of your system and of your network. If you
  find bugs, maybe with the help from some exploits too, then try to fix
  these security holes with patches, updates or with your own solutions.


     You can check the funkrange between your access point and your
     wireless lan card of your wireless lan network with a wireless
     lan sniffer or with a scanner program of that kind.

     You can test the security of your firewall with a scanner, sniffer
     or a backdoor program, to call just a *few* things you can do for
     more security on your own system.

  Here is a scan with "nmap" on a linux box at "localhost":

  [root@ ~]# nmap -v -sS -O localhost
  Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) 
  at 2007-01-27 10:00 CET
  Initiating SYN Stealth Scan against localhost.localdomain 
  ( [1663 ports] at 10:00
  Discovered open port 111/tcp on
  The SYN Stealth Scan took 0.06s to scan 1663 total ports.
  For OSScan assuming port 111 is open, 1 is closed, and neither are
  Host localhost.localdomain ( appears to be up ... good.
  Interesting ports on localhost.localdomain (
  (The 1662 ports scanned but not shown below are in state: closed)
  111/tcp open  rpcbind
  Device type: general purpose
  Running: Linux 2.4.X|2.5.X
  OS details: Linux 2.4.0 - 2.5.20
  Uptime 0.003 days (since Sat Jan 27 10:00:11 2007)
  TCP Sequence Prediction: Class=random positive increments
                           Difficulty=3994719 (Good luck!)
  IPID Sequence Generation: All zeros

  Nmap finished: 1 IP address (1 host up) scanned in 2.201 seconds
                 Raw packets sent: 1679 (67.4KB) | Rcvd: 3364 (136KB)

  The programm scanned 1663 ports but just one port was open. It was TCP
  port 111. All other ports are closed. The OS detection shows a linux
  system with kernel 2.X -- that is right. You need root to do this scan.

  NMAP is always also for windows there to download.

  IMPORTANT: All these tools must also be GOOD configured. Without a good
  configuration of this tools your security could be useless and buggy.

  6.2) control

  If you want control or check the main computer, the server, of a network
  constantly then you can use a keylogger. Admins often sit in front of a
  server which must be controlled.

  This is useful to check the system and the network for unauthorized
  access. ( persons which should have *no* access to the server ) If an
  unauthorized person has access to the server of the network - the
  logfiles of that installed keylogger soft- or hardware should show this

  Here is a shot with the program "netstat", to look for connections:
  ( unix / linux )

  [user@ ~]# netstat -st
      0 active connections openings
      0 passive connection openings
      0 failed connection attempts
      0 connection resets received
      0 connections established
      6726 segments received
      3370 segments send out
      0 segments retransmited
      0 bad segments received.
      3352 resets sent
      0 packets received
      2 packets to unknown port received.
      0 packet receive errors
      0 packets sent
      18 resets received for embryonic SYN_RECV sockets
      0 packet headers predicted
      0 TCP data loss events

  And we can see: there are no active connections at TCP streams. But a
  monitoring tool would be better for this job.

  You could also install backdoor clients on every computer which are
  connected on the main server. With this you can control everything easy
  f.e. shut down the computer when he's not in use any more, start and
  cancel internet connections and so on.

  When i say control - i don't mean spy at others with this control. I
  mean control a computer system with this. The meanings between control a
  system and control a person ( a human life ) is immense. In ethical
  speech: Everybody should *always* respect the privacy of others.

  With "ps -A" ( linux / unix ) you can see what programs are running:

    [user@ ~]# ps -A
    PID TTY          TIME CMD
   3081 tty1     00:00:00 ps
    PID TTY          TIME CMD
      1 ?        00:00:00 init
      2 ?        00:00:00 keventd
      3 ?        00:00:00 ksoftirqd_CPU0
      4 ?        00:00:00 kswapd
      5 ?        00:00:00 bdflush
      6 ?        00:00:00 kupdated
     99 ?        00:00:00 kjournald
    335 ?        00:00:00 knodemgrd_0
    456 ?        00:00:00 khubd
    838 ?        00:00:00 portmap
   1003 ?        00:00:00 cron
   1009 tty1     00:00:00 bash
   1010 tty2     00:00:00 bash
   1011 tty3     00:00:00 getty
   3085 tty1     00:00:00 ps

  So here is no logger running and no spyware or sniffers visible. Do NOT
  forget: because you do not see something must not mean that there is
  nothing like sniffers and so on. They could be hidden.

  Under windows you can take a little look at the "task manager" if you
  wanna see what services are running at moment. With this program you can
  start and stop services. But here are the same rules like said before:
  not always is what you see the only thing which is there.

  6.3) security

  However, these tools are for testing the security of *your* system and
  *your* network. They are not for illegal activities, like told before.

  Use these tools to check and secure your system and your network for
  known and unknown bugs ( security holes ) - there are lots of ways to
  do that.

  Develop your own security concept which is proper to the needs of your
  network and your system. Security is a concept with lots of
  possibilities but not all are secure - flexibility is *always* good.

  Well, that's all about this here. I won't tell you more, use your
  creativity and your intelligence too. At least you have to consider
  about what is to do or not to do at the right time - at least it's your
  own system.

  So this here is more for your mindset. Check your situation. Make planes
  && ( and ) "make install" on them.

  Read security mailing lists, search for good and good visited
  ( independent ) security sites ( f.e.: http://www.rootkit.com/ ) - get
  informed and stay informed. Knowledge is the best for good security.
  A very good technic site for security is: "http://www.phrack.org/" .
  "http://www.astalavista.com" is also a very good security site and a
  click worth.

  Also read this under unix, it is very good information:

    [root@ ~]# man security

  7) attacker detection

  The detection of an attack can be very hard if you are a novice user or
  administrator. Bugs are not dead and they seem to be normal in the
  development of hard-, soft- and wetware - bugs are a part of our life.
  Every human has bugs and often soft- and hardware too.

  If you can't detect an attacker on your machine then your system seems
  to be insecure and your detection unusable at least. Again, you should
  set up a good configured firewall and also an automaticly intrusion
  detection system.

  ( tip: It's always good to read security mailing lists to widen your
  knowledge. A very good site is: "http://www.securityfocus.com/" -
  "http://www.slashdot.org" is also a good news site and a read worth )

  Protection is the step which you should choose before a possible
  detection could happen. We'll talk about this in "section 8".

  7.1) intrusion detection

  You can do lots of different things to detect an attacker on your
  system. A good way is to check your logfiles constantly as often you can
  and you could also do a SHA1 checksum on every logfile that you can see
  if something in that files was changed or deleted. You can also use
  SHA256 which is securer.

  Here is a example how a SHA1 hash could look like:

    [root@ /var/log/]# ls -l wtmp
    -rw-r--r--  1 root  wheel    130 Jan 27 10:00 wtmp
    [root@ /var/log/]# sha1 wtmp
    SHA1 (wtmp) = 1413445651bbabeb2652860f06f7d2acb5bb994b

  SHA1 makes a a 160 Bit cryptographic checksum.

  MD5 by the way is broken and insecure. It exists an attack where two
  different compiled bin files have the same MD5 checksum.

  You could also write or use a software wich makes automaticly copies
  from your logfiles often and send them through a encrypted connection to
  another server or encrypt and save them on your own harddrive or
  something of that kind - again, like said before: use your own
  creativity and imagination. The unix / linux program "diff" is very good
  to see differences from 2 given files - it does not make a checksum, it
  scan every single byte in the file.

  You can also check every file which seems important to you. Do a SHA1
  or SHA256 checksum on them and maybe control the sizes of them if
  you can.

  Use tools like "snort", "tripwire" and "chkrootkit" to detect some
  possible attacks on your system. Control your traffic with a good
  firewall filter. Make a portscan to find open ports that should be
  closed. Create a little honeypot to find attackers before they can
  break your security concept or privacy. 

   - "http://sf.net/projects/tripwire"
   - "http://www.snort.org"

  F.e.: Write a little honeypot by simulating an FTP, HTTP, SSH or
  whatever server. Write it so that when somebody connects your program
  logs the source IP from the packet, gives an alert, makes a trace and /
  or disconnected your connection to the internet. A nice idea would also
  be a fake FTP server with anonymous access ( and logging of course ) .
  This program could run on every machine in the cafe or just on the main
  server. You could also create a honeypot for SYN scans ( half scans ).

      ( If you are a beginner and wanna start with programming
        then it is no wrong decision in my oppinion to learn
        python - www.python.org . It is OS independent and very
        good documented (good to learn), a good HowTo is included
        and many code examples. Reading on "http://rfc.net" is
        also recommend. And of course: get a UNIX and study it. )

  A run with "chkrootkit" on your system could look like this:

    [root@ ~]# chkrootkit | grep INFECTED

  7.2) autorisation

  If an attacker has passed by every security and has successfully entered
  your system then he should have a *hard* way to do something on your
  computer. But often he has root ( admin rights ) when he is on your
  system over a security hole, if not - you got luck.

  With the program "w" ( linux / unix ) you can check who is logged in:

  [user@ ~]# w
  10:20:00 up 8 min,  2 users,  load average: 0,08, 0,09, 0,04
  USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
  root     tty1     -                10:00    0.00s  0.88s  0.00s w
  user     tty2     -                10:01    2:19   0.03s  0.03s -bash

  So there are just two users logged in  - "root" and "user".

  Give important files which others should *not* read or use only root
  permissions ( f.e. with "chmod 700" ) and put them in protected
  directories or on encrypted partitions on your harddrive. ( f.e. with
  "gbde" )

  Before an attacker can do everything he want, he must become the highest
  authority status on your system at first ( "su" / root ).

  Here is a little example for the use of "chmod" ( unix / linux ). First
  we create a file with the word test in it, look at the actual chmod and
  read it with "cat". After this we change the chmod to 600 for read and
  write rights ( r/w ) but only for root. User will have no rights. (0)

    [root@ ~]# echo "test" > testfile
    [root@ ~]# ls -l testfile
    -rw-r--r--  1 root  wheel  5 Jan 27 10:20 testfile
    [root@ ~]# cat testfile
    [root@ ~]# chmod 600 testfile
    [root@ ~]# ls -l testfile
    -rw-------  1 root  wheel  5 Jan 27 10:21 testfile
    [root@ ~]# cat testfile

  Then we log in with user status and try to read it again with "cat".

    [user@ /root]# cat testfile
    cat: testfile: Permission denied

  You see, it is not possible to read it now. Only root can read it.

  With the program "last" you can see your and maybe other logins which
  were done on your machine in the past, here is a little snippet:

  [root@ ~]# last
  ad      :0                            Sat Dec 15 15:25 still logged in
  reboot   system boot  2.6.19          Sat Dec 15 15:25 - 16:02  (00:37)
  reboot   system boot  2.6.19          Sat Dec 15 05:01 - 05:03  (00:02)
  reboot   system boot  2.6.19          Thu Dec 13 11:13 - 11:21  (00:07)
  reboot   system boot  2.6.19          Mon Dec 10 13:40 - 13:40  (00:00)
  ad      :0                            Sun Dec  9 19:51 - 19:51  (00:00)
  reboot   system boot  2.6.19          Sun Dec  9 19:50 - 19:51  (00:00)
  wtmp begins Sat Dec  8 18:17:36 2007

  Again, find out the best security concept for your computer or network,
  it's an *individual*, complex field and because of this we can't go to
  deep in every possible detail - it's too much for a quick and smart

  However, everything which is important to you and others should be
  protected. *Never* give persons which you don't know good enough admin
  rights - this would be careless. You *can't* know what they will do
  with this permissions! ( f.e. invite other users or create new profiles
  for others and so on )

  7.3) antivirus

  An antivirus program can help you to find viruses, worms in your
  operating system and also evil programs like rootkits, dialers and
  trojan horses. The most viruses are known for windows probably but also
  linux and unix can be infected with them. An antivirus program is
  scanning for *known* signatures of evil software. So if a new virus
  comes out or a trojan and your antivirus software does not know the
  signature of this evil software - the program will NOT find it
  probably. So here you need updates of your software probably _every_
  day cause every day a new evil virus is born. So this means because
  you have an antivirus software you will not find every virus with it -
  only the ones which are in the database of your program. ( the known
  signatures )

  A good and FREE software is AVIRA. It supports windows, linux and unix
  and can be downloaded here: "http://www.free-av.com/" . There you will
  also find a software to detect and delete rootkits.

  7.3.1) worms

  Worms are a big threat to the internet because they attack a huge amount
  of computers and can infect millions of computer systems in a short time
  to build a botnet ( see sec. 7.3.2 ) But bots can not only attack
  computer systems, they can also attack websites over MySQL injection,
  PHP bugs, weak server software, bad configured servers & of course JAVA
  script. So dont think because your private pictures are behind your
  password protected account f.e. on a "social" network site ...

   [ By the way and because of this stupid "web 2.0" hype today from the
     mostly stupid media and commercial industry: the internet itself is
     a social network if you wanna call it that way - since the days when
     only phone lines existed - in that time people made connections to
     BBSs and how such a BBS ( Bulletin Board System ) looked like you
     can see for example on "http://www.textfiles.com" . These "social"
     sites dont want you there because they like you, no, they want you
     there because they wanna make money with your poor online life. Some
     time back these parasites dont existed. These business pigs dont have
     a suspension to get the young kids for money reasons. So kids: dont
     live online, believe me or not, a "life" online is not possible, your
     life will be sold online. What they call "life" specially for you is
     just a business plan of pigs. ]

  ... that this means your stuff is secure there. Worms can use security
  holes to go into the system into your account easy to download your
  pictures and to put them online somewhere else - this happened and can
  happen even when nobody will notice it and when there is nothing to read
  about it on the internet or seen in the media. I mean, do you know your
  password is stored in plaintext or encrypted? Do you even care about it?

  You can keep this rule in your mind: what is not encrypted on the
  internet can be read by someone else. Period. For example: your email,
  your chatlog, your surfing on sites - everything you can imagine and
  what is possbile. Do you trust the people who give you an email for
  free ? You shouldnt because you dont know them. Worms can also steal
  your passwords, your pictures on your computer, your textfiles on your
  computer, your logfiles - everything what is possible.

  So here encryption, anonymity and updated antivirus software could be a
  solution. Again: You can program a worm for any reason you want so it is
  a lot possible. Worms could also enter military systems ... i hope this
  will never happen.

  7.3.2) botnets

  Botnets can contain millions of infected computer systems like said. And
  with these botnets people can make DOS ( Denial Of Service ) attacks
  against other websites or systems. Botnets can also send spam or can
  create a huge brute force attack for example. You could drop some
  special packets from the bots with your firewall or you just use or code
  a software which will block the bot packets. Updates of your OS and your
  antivirus software again can help. You can also make your system new
  from time to time - it may cost a bit time but it is secure.

  7.4) logging

  Logging is very important but it also can also be a security risc. Some
  logfiles can show attackers a lot about how the system is used, how
  often, when it is used, who uses it and how long and so on. But like
  said it is important because you can see if a person has access on your
  system who is not allowed to have access.

  An attacker could use logging cleaners to wipe away the evidence of his
  intrusion. Some can be detected and with some ways you will not find out
  what he did probably. If you were online just for a little while then
  check your log files soon after. Or better: check them always after
  every surfing if possible. If you were online for hours, days, weeks and
  months and you check your log files then you have *A LOT* to watch - too
  much probably. In a few minutes a detailed logging of every packet can
  cause *a few* megabytes of traffic! If you run different kinds of 
  software which all are logging there stuff then you have even more to
  watch. So do it as soon as possible and how often you can.

  As a little security concept we could store our log files into the RAM
  with a RAM file system / partition in linux or unix. After every reboot
  all of our log files are delete and you can not restore them with the
  help of software from the RAM. So a "cat /dev/mem | grep $whatever"
  after a reboot will not find something from the session before. In unix
  we can use "mdmfs" and in linux "ramfs". ( use "man mdmfs" or/and
  "man ramfs" for more information )

  As two examples, for unix and linux "/etc/fstab" could look like this:

    [root@ ~]# cat /etc/fstab
    md /tmp mfs rw,-s200m 2 0
    md /var/log mfs rw,-s50m 2 0
    md /root mfs rw,-s400m 2 0

  So this was for unix. In that example we are mounting on every boot
  "/tmp" for our temp data, "/var/log" for our logging data and "/root"
  for our root directory. The "-s" is for the size of the partition and
  the "m" behind for megabyte. The system will always only take the
  space when it needs it.

  In linux it could look like this:

    [root@ ~]# cat /etc/fstab
    /dev/ram2 /tmp ramfs noatime 0 0
    /dev/ram3 /root ramfs noatime 0 0
    /dev/ram4 /var/log ramfs noatime 0 0

  That is all. "/dev/ram*" are our RAM devices which will be mounted.

  Nevertheless we can _wipe_ all logging files before we reboot or before
  we shut down our system.

  8) how to avoid attacks

  A good protection is a good way to avoid attacks from an unknown and
  unauthorized access of other strange people.

  You can use encryption and you should make updates for your system and
  the programs on it every few days. The more you are using the internet
  the more you should do updates.

  8.1) encryption

  Encryption is good for your network connections, chat connections,
  private data, your email and also for a secure surfing on the internet.

  For network connections or chat connections you can use ssl and ssh
  ( "http://www.openssh.org" and "http://www.openssl.org" ) tunnels or
  programs which support these services. ( f.e. the chatprogram "irssi"
  for IRC, or mozilla mail { "http://www.mozilla.org" }, to call just a
  few - "http://www.irssi.org" . ) Xchat - "http://xchat.org" - a chat
  tool - is also very nice.

  ( tip for beginners: Do not use your real name as nickname in chats. )

  A nice client to client program is cspace ( "www.cspace.in" ) which
  uses a strong encryption with RSA and SSL. It is a chat tool and you
  can also send files with it.

    Tip: The ICQ (I Seek You) messenger by the way are logging everything
         you write and after you hit send, they have COPYRIGHT of all
         which you wrote - that is right. And then they can do with your
         stuff whatever they want, also commercial usings - selling your
         thoughts / privacy. You can read this in their policy on their
         website. Do NO longer use these evil service. ( Use encryped and
         anonymous IRC servers instead or use Jabber. ( "www.jabber.org" )
         Both can be used with TOR. )

  If you use wirelesslan connections, set a security key on them. You can
  attack wirelesslan now with aircrack ( "http://www.aircrack-ng.org/" ).
  That means that WEP and WPA-PSK is not so secure any longer. If you
  want to encrypt your private data or your emails you should use pgp or
  gnupg, they use a strong and secure algorithm. ( up to 4096 bit )
  ( "ftp://ftp.kiarchive.ru/pub/unix/crypto/pgp/" )

  With "gbde" you can also encrypt your swapspace by the way.
  ( at FreeBSD: "/usr/src/sbin/gbde/" )

  To do so we need 2 files and two lines in FreeBSD, and do a random
  overwriting before:

    [root@ ~]# dd if=/dev/urandom of=/dev/ad0s1b bs=1m
    [root@ ~]# cat /boot/loader.conf
    [root@ ~]# cat /etc/fstab | grep bde
    /dev/ad0s1b.bde   none   swap   sw   0   0

  This is all you have to do to encrypt your "swap space" on FreeBSD.

  For a secure surfing on the world wide web ( www ) you can use anon
  proxyserver with an opensource browser like firefox. You can additive
  use http encryption ( "https" ) - http secure - if you surf on sites
  which support these service. ( "www.mozilla.com/firefox/" ) For a secure
  file transmission use an encrypted ftp connection ( sftp ) - secure ftp.
  ( at FreeBSD: "/usr/src/secure/usr.bin/sftp/" [ in the "../src/.."
  archive you can compile the software for yourself if it is there with a
  "make && make install" on your unix / linux terminal. ] )

  For a secure and anonymouse surfing you can use the site:
  "http://www.anonymouse.org/" . Another good secure and free program is
  TOR. ( "www.torproject.org" ) . TOR can be used under windows, unix and
  linux. You can chat and surf over TOR anonymously and SECURE, it uses a
  lot of mix notes as proxys, your connection is always encrypted with it.

    ( Hint: TOR servers , the exit nodes , _could_ also be government
      servers to spy on you, same with proxy servers. You _must_ disable
      JAVA in your browser to avoid a posible IP ( yours ) spy attack. You
      can insert code over TOR exit nodes but without JAVA this attack is
      not possible. )
  There is an option in privoxy, the webfilter which is mostly included in
  TOR, which is for hiding your browser and operating system, so nobody
  can see this data. You can enable this option in the special privoxy
  file, just search a bit in the privoxy directory. You can also disable
  logging in TOR - just edit the special file in the TOR directory, this
  is all easy because all files have *good* comments. When there are
  logfiles present - an attacker can very easy see what sites you have
  visited. Important: to see if you HTTP or FTP proxy is running in your
  browser and if you are anonym go to a site like:
  "http://www.ip-adress.com/" - there you will see your IP, your actual
  HOST, your operating system and your browser. You have to edit the file
  "default.action" and search for the line: "-hide-user-agent \" - change
  this line to "+hide-user-agent{Privoxy/1.0} \" if you wanna hide your
  operating system and your browser.

  Here are more (SSL) web proxy sites:

   - "https://www.vtunnel.com/"
   - "https://www.fastwebproxy.net/"
   - "https://www.beatfiltering.com/"
   - "https://www.polysolve.com/"
   - "https://www.snoopblocker.com/"
   - ...
  For fresh proxy servers search in: "http://www.proxy-servers.org" .

  To encrypt a file under UNIX with "bdes" you can use this syntax:

    [root@ ~]# bdes < input > output.bdes
    [root@ ~]# bdes -d < output.bdes > output

  The first line is for encryption. The second is for decryption. This
  tool uses a strong DES encryption.

  You can also encrypt your files secure with RAR, the compress program,
  that is right because it uses a strong 128 bit AES encryption. 7zip is
  also a compress tool and uses a stronger 256 bit AES encryption. Both
  programs run on many operating systems. The difference between a file
  which is RAR encrypted and a file which is BDES encrypted is that file
  two ( BDES encrypted ) looks just like /dev/urandom data and the other
  RAR file looks like an encrypted RAR file ...

  The links to download are:

   - "http://www.win-rar.com/"
   - "http://www.7-zip.org/"

  Under windows, to encrypt a partition secure, you can use the tool
  "truecrypt". ( "http://www.truecrypt.org/" ) For SSH you can use "putty"
  ( "http://www.chiark.greenend.org.uk/~sgtatham/putty/" ) and for SFTP 
  use "psftp" . To encrypt files under windows you can use the program
  "file2file", it uses a strong AES encryption and is free and very small.
  ( "http://www.cryptomathic.com/" ) or "http://sf.net/projects/openssl32"
  - the good windows OpenSSL version. A nice encryption tool under linux
  is "mcrypt" ( man mcrypt )

  If you use filesharing programs or networks ( peer to peer [p2p] ) and
  you wanna be anonymous you should check out these links here:

   - "http://gnunet.org/"
   - "http://freenetproject.org/"
   - "http://mute-net.sourceforge.net/"
   - "http://www.i2p.net/"
   - "http://www.freehaven.net/"

  If you want a free, secure and anonymous operating system you can try:
  "http://sourceforge.net/projects/anonym-os/" - Anonym OS .

  And don't forget: use *strong* passwords!

  8.1.1) harddrive encryption

  Now this is a special topic because it is a very secure solution. Like
  the title says it it means to encrypt your whole harddisk. And because
  of this all data on your HD is encrypted and secure and nobody can steal
  , manipulate, read or hack your system or your files. All the data the
  HD has just looks like /dev/urandom data and you only can encrypt them
  / the OS with the read key / password. So with this not only our files
  are protected but our whole HD with the operating system.

  For windows you can encrypt it with truecrypt and in linux you can
  encrypt it with LUKS / dm_crypt / cryptsetup. You really shoud use one
  of these encryptions. If you are online with this system and a person
  has access than the system can be manipulated of course. But if you have
  just an encrypted partition, which is also possible with these tools,
  then your data is still secure too.

  8.2) updates

  Check your system and your programs as often you can for new updates.
  An update is often a bugfix or a new implementation of a new feature for
  the program. But with a new update often comes a new bug. Nevertheless,
  do updates if a new stable version of your needed system or program is
  available because this is much securer than to have older versions of
  them on your harddrive.

  Download the needed bugfixes, patches and updates only from trusted
  sites or from the original site of the system or the program and try to
  check the SHA1 files if they are present, this could prevent you from
  download errors or a possible file manipulation over your data stream.

  A complete system "update" for linux "debian" in five steps: ( just the
  lines without the output from "stdout" )

    [root@ ~]# apt-get update
    [root@ ~]# apt-get upgrade
    [root@ ~]# apt-get dist-upgrade
    [root@ ~]# apt-get clean
    [root@ ~]# apt-get autoclean

  You must be root to do this by the way. You can also install new
  software with an "apt-get install $program" on the "terminal".

  Windows normally makes automatic updates but this option could also be
  a security risc. So i would say you better check them sometimes by hand
  and / or search http://www.microsoft.com/" for bugfixes, patches and
  security reports. And do not forget: you better close the remote control
  from windows if you do not need it.

  8.3) backups

  Backups of your files are _important_. An attacker could delete or
  change some sensitive contents of this files. Without a backup you have
  to write, configure or program them again. This could cost you much of
  your valuably time. Sure, you can't avoid an attack with a backup - it's
  for prevention.

  Do a backup of your files as often you can if the content of this files
  has changed. Save your files at "secure" places - protected and
  encrypted if possible or necessary. Two or more backups at different
  places are maybe better than just one. ( f.e. at your USB -- of course
  *encrypted* ) A secure place could be a fire save tresor.

  For a backup from your "/home/user/" directory you can hit the following
  two lines into your terminal on a unix system: ( Without the output from
  "stdout" . )

    [root@ ~]# mkisofs -R -o backup.raw /home/
    [root@ ~]# cdrecord -v speed=20 dev=2,0,0 backup.raw

  We created a file with all the backup data in ISO 9660 format with rock
  ridge extensions with "mkisofs". After this we burned it with
  "cdrecord". You must do a "cdrecord --scanbus" to detect your device
  from your cdrom before probably. Another good burning program for unix
  and linux is "K3B" .

  For windows i would say "deepburner" is a very good burning program.
  It has many good options , is just 5MB big and is for FREE.
  ( www.deepburner.com )

  8.3.1) data recovery

  You could make an ISO file from your system or from one special
  partition and then save it encrypted on USB or a CD. When this partition
  is destroyed or manipulated you can simply copy the saved ISO file on
  the same place it was before. With this you do not have to compile
  everything new. Do this after you made a FRESH and CLEAN installation.

  8.3.2) important tools

  To secure your system a bit more you could also save all important
  programs to USB or CD and save it on a secure place. You could copy
  these programs every day new on your harddrive. These tools could be:
  "ps", "netstat", "w", "who", all sort of hash program ( sha1 etc. ),
  "chkrootkit" and also your kernel. Sure, there are much more programs
  you could save and copy every day - develop your own concept here.

  After copying them: check them all. ( run them all )

  8.4) basic tips

  There are a few basic tips you should *keep* in mind to prevent a
  possible abuse of your private files or accounts.

  - Before you start a session in an internet cafe and enter some
    sensitive data like your account login and the fitting password you
    should look under options in the used browser and check if the
    automatic storing of logins and passwords is enabled. If that's the
    case: turn it *off* and *delete* all stored accounts. This may help
    lots of other people too.

    You could enter this stored accounts simply. You have only to type
    the stored login data into the right login field and the matching
    password comes automaticly.

  - After your session: delete the history in the browser, delete all
    downloaded files and also delete the trash, delete the cache and close
    the browser - you often can "surf" simply back to the visited sites
    about the back button in the browser if the browser wasn't closed
    after a session. Delete also your cookies.

  - If it is possible then delete the cache , the downloads and the
    history with a wiper. This is much more secure.

  - If possible after a session then wipe the free discspace and your
    private data.

  - It is also good just to disable the history, cache and cookies.

  - Run XP AntiSpy and configure it at windows systems. It is free.
    ( http://www.xp-antispy.org/ )

  - Disable also JAVA, automatic software update / download / install,
    active X and maybe picture viewing if possible and enable your
    popup blocker AND disable flash ( it can be used in a TOR attack )

  - You should not make accounts on "social" networking sites ( the good
    known "web 2.0" hype ) if you wanna have a good privacy. I mean
    services like myspace or facebook. With these accounts you can make
    good profiles of people, also just with their comments on other
    profiles which do not need acces with a login - this can tell a lot
    about peoples lifes.

    Many bosses make researches on such sites to look what kind of person
    wants to get the job. So imagine: what will the boss think when he is
    seeing you drunken on a photo or making very stupid comments? Maybe
    or probably another person will get the job - so please: TAKE THIS

    Such a profile can be used against the owner. ( also very good for
    password attacks ) My tip is: make real friends, not virtual friends
    with one "click/add". There are profiles on myspace with 100s, 1000s
    or 10.000s OR 100.000s of "friends" - do you really think that these
    are all TRUE and GOOD friends - with just one "click" or "add" ?

  - To exclude the content of your website from search engines you have
    to configure a "robots.txt" file, search the net for more information.
    Some sites make screenshots of your site ( www.archive.org ) every
    month or more times and store it forever in their archive, if you had
    personal content on your site you will find it there back to the year
    1996. So if you had a website with personal content on it in the year
    2000 and it had no "robots.txt" file - it can probably found there. If
    you have problems with this you can write them to delete your site(s).

  - A nice software piece to detect evil software on your system is
    "Spybot search and destroy", you can run it under windows, it is for
    FREE and very small and fast. Here is the link: "www.spybotsd.org"

  8.5) live CD

  A live CD can also help to protect against a possible attack and it can
  take down much of the riscs. But there are some points we should keep in
  mind because without them we are not so secure as we want to be.

  So we download an ISO for a live CD from a http or ftp site and burn it.
  ( Maybe http://www.distrowatch.com/ ) Now there are two ways how we can
  use it:

   - your own private live CD , just downloaded or selfmade
   - the internet cafe has a live CD for every computer on the network,
     also just downloaded or selfmade

  In case one we must ask in the internet if it is ok that we wanna use a
  live CD for surfing because of security reasons. Many internet cafes
  have their own, often selfmade, money software. There they can see how
  long you were online and how much you have to pay. I would say that the
  case is rare where you can use a / your own live CD. But if you can you
  must have a little bit knowledge of how you must configure your network
  IP. ( Normally a live CD makes this all automatic but you can make it
  also by hand with "pump" or "ifconfig" and "route" under Unix / Linux. )

  In case two they could have live CDs for surfing and also selfmade ones
  with selfmade software for the surfing costs. But to go to a higher
  security lever we can do much more than using a live CD. If we have
  about 1GB of RAM we could just use the the live CD without any
  harddrives (HD) installed or mounted. Cause HDs are easy to mount under
  unix and linux, this kind of software is normally installed on every
  unix and linux box as a standart. So if someone hacked you over your
  live CD and you do a reboot - all data is like before. But with a
  mounted HD with windows on it for example the attacker can manipulate
  windows *easy*. So the better idea would be to just run a live CD from
  RAM ( A very good small one is *DSL* - Damin Small Linux, a 50 MB live
  CD! So the rest of space would be for downloads. ) or use a HD just as
  a place to store something ( data ) so nobody can manipulate the
  operating system ( OS ) because there is no OS on the HD - only free

  And after a reboot, if you installed or downloaded something your
  system is so fresh like before, cause you can NOT manipulate a live CD
  when it is in use. ( Doing it would be hard! ) Even when somebody hacked
  you over your live CD while you were online - after a reboot everything
  is ok again. ( Only from RAM or with a HD only for storing something
  without an OS. ) But the question we must ask ourself is now: Can we
  *trust* the live CD we are using in the internet cafe ? Could they be
  manipulated ? Who knows ...

  Here are some more of the riscs we must look at. If there was some data
  on the HD , a trojan horse could be binded on it without you can see it
  so easy. Sourcepackages on it can be replaced with manipulated code. And
  so on and so forth. I think you understand what can happen.

  Also the attacker could have sniffed your passwords or some sensitive
  data. If you reboot or not it does not change the fact that he has them.
  A reboot can NOT help against this case - that is clear.

  But what we can do after an attack when we noticed it sooner or later we
  will discuss in the following section. ( 9. - after a broke in )

  Other good LIVE OSs are:

   - "http://www.gentoo.org/"
   - "http://www.dragonflybsd.org/"
   - "http://www.freesbie.org/"
   - "http://www.puppylinux.org/"
   - "http://live.debian.net/"

  Hint: Debian LIVE is also very nice as LIVE OS and you can download it
  as *.iso or *.img file for CD or USB stick/drive. I think it is a nice
  idea to put debian LIVE on a SD card with a lock switch instead of
  using a live CD because it is much faster than CD and you can also make
  it *write protected* with the lock switch which means that even if they
  hack into your system: after a reboot the system is fresh like before.
  With debian LIVE you can also build your own LIVE OS how you want it
  with everything you want and need on it. ( called persistent mode )

  8.6) secure email

  It is no wrong decision to use free, secure and anonymouse email
  accounts. Because when they hacked your email account and you gave all
  your personal information ( real name, address, birthday etc. ) away -
  the attacker can do a lot with this data - social engeneering f.e. . So
  use better email accounts where you only need a nickname, a password and
  nothing more. Two good sites in my oppinion are: 
  "http://www.rootshell.be/" and "http://www.safe-mail.net/" -- there you
  have a free, SECURE and anonymous email account. Secure because you have
  a SSL connection when you enter your email box. Without SSL everybody
  could sniff your password in plaintext over your connection - with SSL
  your password is encrypted. You better DO NOT use email accounts without
  SSL. Avoid your real name as your email address.

  Tip: For more security delete all your email after you read it, so read
  it and then delete it, then you do something for your mind and for your
  security because when somebody hacked your account he has nothing to
  read so no information. It is good for your mind because many stuff then
  is saved in your brain so your brain has more work to do in a good way.

  Do not abuse these free good services with lame anonymous jokes or
  useless spam. They are made secure and free for *you* as a gift. For
  more security on your email account you can delete every email you get
  after you had read it - so read it and then delete it. If someone has
  access to your account he will probably find nothing or not much because
  there is nothing stored. Store it in your brain instead.

  8.6.1) remailer

  You can also use a remailer where you do not need a login and a
  password - you just need the email from the person which you wanna write
  and the remailer program or website of course. Your source IP will be
  deleted and the email which the person you wrote will get will have a
  source IP from the remailer site. So remailers are for your anonymity.
  Here are some services and programs:

   - "http://sourceforge.net/projects/mixmaster/"
   - "http://www.quicksilvermail.net/"
   - "http://anonymouse.org/anonemail.html/"

  8.6.2) how to deal with spam

  This section here gives you some tips if your internet cafe has its own
  website with an email to contact you to protect you from spam in very
  simple but secure ways.

  Today, when you publish your email openly, you have high chances to get
  "attacked" by spam. I think more people should handle their email like
  their telephonenumber - would you put it on the web openly that everyone
  can call you at home? ( Ok, some people do this .. ) If you look on
  business websites and their guestbook you can see that many people wrote
  their email in it in plaintext that bots can easy use it for their uses.
  If you sign into a guestbook you should not put your private email in it
  and you should not sign in with your real name - if you want privacy.
  But you could make a second non private email account if you wanna use
  your/a email openly. Also do not use user email accounts from T-Online
  for example because when this account will be hacked they also have your
  user data and much more. Many email addresses of this kind include the
  real name of the person as email name - you should not do this, except
  or private or business reasons.

  So how can we deal with spam? I think it is better to _AVOID_ spam from
  the first place then to fight it after you have it. And this is SO EASY.
  Write your email not down like "myname@domain.com" - write it down like
  "username (AT) domain (DOT) com" - with this syntax a bot will not
  understand that it is an email. You could also place your email on a
  selfmade image with a graphic program - again, a bot can not understand
  this kind of data. Spammer would have to write down every email by hand
  and had to surf the web by themself because bots will be USELESS. To
  program a bot who could understand such data would be very difficult.

  So with this ways you do not need an anti spam software or filter. But
  you could also configure your email server that it will block the evil
  IPs - in that case you can search for a blacklist of spamservers too.

  If you have already spam problems then delete the email account now and
  make yourself a NEW one and do not make the same mistakes again.

  8.7) insecure bios

  Do NOT trust BIOS passwords. When you have access to the inside of the
  computer in the cafe you can just take out the BIOS battery, reverse the
  BIOS battery put it and then put it in right reversed again. Then you
  have a complete BIOS RESET and the password is deleted. Now you could
  enable disabled CD-ROMs , HD's or whatever. I tested it on an own
  computer - an AMD 200MHz model with VESA BIOS. When you only take out
  the battery for some time and put it in again without reversing it then
  the password is not deleted and there is no reset - so no effect. So it
  was when i tested it. So the battery is here is like our KEY. And yes,
  this may sounds lame and maybe it is but it is functioning.

  Please ONLY try this when the energy from the computer is TURNED OFF.

           normal:                    reset:             1) +
                                                         2) -
               __________ 4               __________ 4   3) battery
   .--1----------------.        _/.6---2-----..\_        4) +
   [_            3    _]       [           3     ]       5) -
     `\.6____2____../'         `-1---------------'       6) isolation
          =============== 5       ================== 5

  There are many master password lists in the internet and special ways
  to hit some keys on boot to get the BIOS password too. ( Use a
  searchengine to get this information. ) So BIOS is not very secure. It
  can also be hacked and manipulated - so it can hide a trojan horse. You
  could update it every day to avoid this.

  Some passwords from BIOS can be disabled with special jumper positions
  on your hardware. You must search for the special manual of your board
  to get this information. A very good paper about BIOS hacking is here:
  "http://phrack.org/issues.html?issue=64&id=12#article" .

  To get some BIOS information under linux you can enter the following
  syntax into your shell:

  [root@ ~]# dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null \
  | strings -n 8 > info

  With this you should get information like this:

    [root@ ~]# cat info | grep BIOS
    Phoenix NoteBIOS 4.0 Release 6.0

  8.8) bank account

  I would just say here: do *NO* money transmission in an internet cafe.
  Doing it at home is also not so save but in an internet cafe it is much
  more dangerous and insecure. You should *go* to your bank and make your
  money transmission there, this is more secure. Think about what we talk
  here and think about what will happen if somebody has access to your
  money and bank account over the internet. You can simply avoid this by
  doing it at your bank. Here is trashing also possible - so destroy your
  papers before you send them into he trash or send them to the trash at
  your home.

    ( Many stuff today is *much more secure* when you do it by hand, not
      by technology. Our world goes in a direction where everything will
      be done by robots and computers, so "everything" goes automatic.
      This is not bad at all but when these systems will fail it can
      cause great problems. Think about the hot summers where the hot
      temperature can destroy computer chips and what all can happen
      through this. I have seen also lots of places where machines became
      the jobs of humans to save money of course - on train stations,
      there the working places from the humans who worked there before
      were CLOSED FOREVER. The machines can work 24/7/365 with just a bit
      electric energy - no human can do such a job. )

  8.9) kernel
  The kernel is a very important part of the operating system. It is
  managing a lot of processes. You should configure your own kernel for
  your OS or/and you should always make kernel updates ( bug and
  security fixes ) and/or you should install securiy kernel patches.

  A good site for secure linux kernels is: 

  8.a) anonymity

  To avoid profiling anonymity is a great solution. We will keep this
  short here because there are just some basic things to say about that

    1) - never give out personal information that can be seen in public
    2) - dont publish private photos public on the internet
    3) - dont use social sites
    4) - dont use chats
    5) - dont send private data unencrypted
    6) - dont give personal information to strangers
    7) - use a proxy or disinfo when you use searchengines
    8) - dont "live" online, dont surf too much, dont become addicted
         from the internet
    9) - dont publish private videos online
    a) - never use your real name online in public
    b) - always try to hide your traces
    c) - dont trust other people online
    d) - think about *the fact* that everything what you do online can
         and often will be logged and that everything which is *not*
         encrypted can and often will be read by unknown persons
    e) - think and use your brain .. it was created for this reason ..

  When people have the chance to connect all the data you leave online, no
  matter what kind of data then a detailed profiling of your whole life is

  9) after a broke in

  This is a very important section. What you must or have to do after a
  broke in / attacker detection is important like securing the system

  You could notice an attacker by a look in the log files, an alert from a
  detection program, an alert from a honeypot, a changed file, a deleted
  file, an open port with a strange software on it, a massive data streams
  over your connections, a massive noise from your working harddrive, your
  CD-ROM is reading a CD from "alone", your upload is away , you just
  make a search - and find something (program), someone (attacker) or a
  trace (log entry) or the admin could notice the attacker behind the
  server with a monitoring tool or an intrusion detection system. However.

  So what can we do then ? If the attacker is connected you can make a
  tracert or a portscan to his system and maybe send him a message. You
  can disconnect your internet connection. The best is to *pull the plug*
  and then search for more. The longer the attacker is connected to your
  system physically the more chances he has to wipe his traces or to get
  more data from your system. If you do not pull the plug, his (hidden)
  programs could make a new connection from the computer to the internet
  automaticly - this is possible. When you pulled the plug you can search
  for his programs which often encrypt all data they send and try to hide
  themself in tricky ways. ( trojan horses or rootkits ) Offline you are
  secure against online attacks.

  It would be better when you tell the local admin from the cafe what
  happened. He then has to scan the whole network, the server, the router
  and probably every connected computer in the cafe. Lots of work, yes.

  As admin from the internet cafe you better set up a *fresh* and
  completely *new* system with completely *new* and *strong* passwords.
  You should make software updates and also search all other computers for
  bugs. If you know the kind of the attack or the bug or the attacker file
  (program) then scan all other computers with this knowledge and secure
  them if needed. Then change all passwords on the whole computer network
  and tell all people there that they should change their passwords too
  because of a (possible) attack. If you as admin find a user physically
  hacking the cafe then act friendly never the less and dont let the
  person in again.

  As user change all your online passwords too. ( email and so on ) Delete
  or better *wipe* private data from the HD and tell the admin and all
  users there what happens. If you as user find the admin or a user
  physically hacking the cafe then (if it is the admin) tell all users
  what is happening, leave the cafe, decide if you will call for help,
  safe the traces before and wipe all private data, change all your
  passwords somewhere else and never visit this cafe again maybe. If it is
  a user then please him to stop this and tell him that this is a bad idea
  and tell the admin what happens.

  In short form: after a broke in: pull the plug, make a new and clean
  system with bugfixes, patches and updates , make your *whole* system
  more secure than before and change all passwords, physically and online.

  a) rest of risc

  The biggest hole in every network, software and system is the human
  himself. He is programming, hacking, administrating, securing,
  penetrating, scanning, cracking or whatever.

  Sometimes you have to trust admins but at least you don't know them.
  Trust only people you know good enough. Try to use mostly opensource
  software where you can find the sourcecode to every program and on which
  lots of people are working for *free* ( A long life to the open source
  scene! ) to find new bugs and make new updates, patches and stable

  However, without a look in the "source code" you can't "trust" a
  ( possible backdoored ) "program" or human. ( "Sourcecode" in the case
  "human" would be the mindset or soul of the individual. ) The hacker
  plasmoid from THC wrote an excellent paper with source code to attack
  the human brain called "fuzzy fingerprints" which is a very good read by
  the way - i think it is a general issue which is covered in a detailed
  example how it can happen.

      ( To hack your source code or better your brain you can do things
        different - f.e.: turn off TV and keep away from mass media for
        some days or more time, if you smoke or drink (too much) then
        stop it for a week or a month or forever, give your money to poor
        people and SEE the difference - this will have a great and good
        effect. Meanwhile do other things you like. )

  b) last words

  I hope you have learned a bit about security with this paper. These
  informations here are not only for internet cafes. They should show you
  how insecure things mostly are and should give you an overview about
  security as a whole. Please share this information with others if you
  like it.

  Try to use your time useful and also try to use the creativity of your
  brain. You always learn at best by doing the thing you want to learn.

  And don't forget: Never trust other people until you know them
  personally really good. This secures your system and your *life* lots of
  more, doesn't it? The internet is *full* of vipers and liars - many
  people talk many stuff on the internet to you and others which is often
  _not_ true. You *better* *keep* this always in your mind. You *better*
  *never* forget *this*. Many will try to give you a false ID of themself
  to make you blind or to play with you. Yes, that is true.

  Some people live a life in the internet as a person they arn't and can
  NOT be in reality or real life. You better do not waste your time with
  such unknown people or make some virtual friendships - it can be real
  dangerous - you better believe it. Internet is a *dangerous* place -
  there should be warning signs everywhere.

  You should also always consider with a clear brain what you give to the
  internet. If you set some personal data into the internet and it is
  spreading like grass then it is very hard to stop this. So you better
  avoid giving personal data to the internet - but this is your decision,
  sure. Say also clear that you have all rights of your stuff - many
  people think when your stuff is on their site - it is now their stuff,
  that is really evil.

  Tip: Do not spend too much time in the internet nor change your real
       life for a "second ( virtual ) life" in the internet. Do NOT trust
       virtual reality and do not get lost in cyberspace - it has often
       its own evil and thumb anomalies because there many people want to
       be "the boss", "play the boss" or act very antisocial - simply
       avoid or ignore those people and try to be root "everywhere" you
       can. Also research everything you can and cut truth from disinfo,
       this is important.

  Yeah, finally, the more the technic comes into our lifes the more we
  have to pay attention in which way it comes into it and what it can
  cause, look at the cellphone problem. The more humanity is connected to
  the internet and computer system the more humanity has to pay attention.
  I mean think about when a computer will be in your icebox which will buy
  milk for you with just a little touch screen, you know. Think about when
  people attack such systems - and that is not a little scenario. Check
  what you let into your life like a human firewall, like a selfhacked BIO
  network monitor in your brain - research everything and ask questions.

  Special thanks goes out to the friendly hacker (from THC) who helped me
  with this paper; packetstormsecurity.org & texfiles.com for hosting it.

  -- ad: fingerprint: 386A 9EDA 3E66 ED5E F7DE  04F0 D9AE 1747 2BCD C7E8

  c) source codes


 9758c9d3faea96c5a1c935e1696273f45a06b1fc98ca935cdca3f366cf14dfb9  rarb.uu

  You can decode them with "uudecode".

begin 644 rarb_v_1_0.tar.gz
M'XL( .M;@TD  ^P\;7?3QM+]:IV3_S!5 DVH[4BR)=L!<P^%4#BW33@$;NDE
M_F9L/WSRSX.7/Q]\<^V7@=? MNEN#FRC>:?+-$SG&],T^X9CVP.K]XUA6J;1
MT/=,TQ(#W[5'GN<.^\;0-/K^2/0#TQ>F:9N>/1P,O,"U7 O@9_=(A%$L-*?G
M]7O"PQK7#833%T[H]7TG&/G#L!_V>TXP'(ULUQ@80^';@6'V V&,G!!1^B,[
M\ !F(EET\ZGF&$9?#)V@%PK',@-O:%F]P'9<QQ=>: X&PZ$Y&B%:T_'[HN]X
MAM4?.4/3\H8#+PR&-L#>XWW-&03(\B T!L&@-^B-A$"#$[Y R*&+C(9(Q!<^
M=F-@>5;?&MK#<&@*=S@:]OW P:[-W:3K:STW"$(?ZT>A:XK>0'@]SQ@A1Y;C
M^X9M"%OT1B,C, >NC1VWW*$]&/B&%?8\8?6%"9"ALU&_?'. *.R@/S)&H8F,
M],)>#^ XS8(XRHMN<5)H7]H:;Z[/?65U_"\=^-II7!'_#:-GROC?LQW+L2G^
MGFW=^/_GN-:_W?:B9#N?@K:NK</S!\]_@(,GNS_]!#_O[KV$'WX%-X .6*A!
M!O 641Q FL#C3(@?#AZ!T[4@Z@V=NU"(O! !'$?%M*J]#3]%R>*$FY)];6Y!
ME$.ZR""?BCB&<)'X190F;3@6D$>S>;R$12X@B-PXG<!49 +"-,/6/[Y\VH87
MA+!+'KF)XKL-(H@*QOG.C1<BQ\8$N"3.$R$"[$-&9+" ^763%($SV#]H,^ L
M1<:C!!]G+O6/B*>P2 *1H;TA(4*=(S9?0+&<"]"12=5KG3GA@GRJ:]C4GPK_
M^Y6Z-6D+?V@MI>A.IXB*&,7 !M@A.X0?LD7!VD<9=<CDL&_ZH=;J=!B7_N#E
MB_WG.](^_[7[_*"[ V;7Q!>9'.^ 974,NV,,=#!M&!A@8^,G(IZ#G@ELA7,#
M>$U]>4-8*?L!':UECBF0' /A-8Z*7/FC*$!?S ,7&:*(":^I?UQU,$T710YZ
MSG<JV3U!T]%_7[ !H:41MU1NW4?SU;06:W/\%HV8[?GV;<AFT GIY2U5D]5N
M9C/- :T7*:%EQK$(NCK8T#-8>:V[=Z5H&I0K.Z"<H:1].G^@;JV21Z;T_:,F
MTBY4 B"!_$+$+^@#4"?P1_HU44#/-DJ^#\_ZSJIT'V&#.$4[WS^JA'(.6\3%
M&;NHV@JJ.2-371J]OG66!U73P*4<I$@QR^S LUJ\;7B91"=M-4*@7M&5T54-
M^6*68TVY'H%5L_*1<BL>7[">QN\=3K+P12V(88$<I@F!FM 0D,PY*?4C#"[$
M9LMRF6';(YM+\FO1P@-,^)\__?')BP-XOGNP^_Q?NX]D[M^EU-^1,X 1=-=N
MM=T,#Q1)7F 0GV?I)'-G9>04>15,<Y[:3EV<%+D)CA_E?)#2PPJ<!H)9%YX6
MX,8Y3?:3JFI-2WW,D246<8)/->8D/>9&4>+'BP")NC#/Q2+ T6&188-T5DT_
MN;T+JO1(+.?8E:JR2-,N=85ZZ>-,L6!<=[J8Q@(/0AQ_3QJDN<!=TV*13/ I
M#6'9A:8DL@5VD6?_/'*TY3!" X@:-[KPB^"%A$Q,,,3C1$,-5*%+;R4BYDNM
MLZ3)SLHB#/7ID? B%)?5==8T-965"S([/$'K=?N-&E5Q:N*&(L[@/^@5U;K$
M#EO4G0?QL;O,(4[3(]0=V@'E >5P7@WZ:E1' 7R\P=[9)CK;VRAU#^-=1,G!
MNC(3N)<7091VI_=/E2'LF<(,YZI<6.%:,G/*D.124;-)$<T$-^ F>3H3*E]9
M#S"?202O6SS=WP.=LP:]KI " +WA7HW:!R]?/-E_#CI.F!1N-,ZYLD_DP)]B
M2"&4I9L*1OHCG'9'!:N*&5BR&:<>NO@[5)GK<;^((GK/L@WO2Z"9&R4-3 1!
M19N$$NWKCU8)@UF6$ C1FJ,:BW!3)_^^E<,Z_APF&,YNY7J[5$A;*:"M1$T\
MM5# ^:9^F!P6!B2+F8=>>H@S4<BC24)/%EKI'.5"TL\)K(=6?8P%AU(C!-.'
M&6:._ ;X:JM'<MX2)39T&,J-8P09@(QYB 3?AC+N'2;8>E1)\K# :;/2 #Z;
MZ>#<TN&YI2-9BGWVW<82=2ELKFS:JH0E*?-S)HI%EH#1$(!Q 4:I,:YK.,K5
MQC:,PZ1L?@X/5I.''],TP(Q =,]M@$'+7<1%L\$O69I,I#&U@99*3[<TZ>U#
MPV1?2X[?P.N*YS=7&3!(&\9P<?M]"4B+0XUXT>*0IV(*U$ L_$8O/JAP<WF8
M%MQ"MS*,RETB%%5M4X"C#'V1P?&: :)PD^4+]]%P'5J;YK=[T.LQX5;K[BK<
MO?$*X/TQ0H($929)2*4T\#HK.??[TJ )G+\W\"<I_I+#*D*.^2,0=H^_625Y
M+)57(+W2C:1:9/ (YZ@1N.4#1H,*MBD_0<M9M/3,UEOZ+T;"I-')A*B.X,\_
MY9-9/UHC&IW+MUY=T:\?[?K1J1\']>-P5 EOE7%BHS*F4JQ6@_L5W^3F*_ZI
MH## %Y1ESTM$#85+'?#O!Q5W*WVX&(EP9#@W/I167@$W4MRSG0#^H,(?UU;G
M7G4/KXPT]*6H,2J4X9@L$G.Y^KLN(FQS\58C>/_%_/.3HOA%89LC- ?LI S8
MJ8+_'?%R'D!SB&EZS)-B'$9IPHD(CMVD:'1U%: <^E:2M;3DA+\$7CZ ?.QH
M-%1S.6(PI$G2F Q4&G?34=R5I0,VME-^\;[V"]FVBN ,.9.0,X1<XJV$1%#B
M8-5KE.77:IK1XD IT^80'+B%6R8V3=L/2MLMFV\U/*ANGHAC6N"2H]&I44!7
MQ.OD554UR:N(R*[(!J <Z<(D\,-YEE!%L1+/BB5<K?/&0DE3\]87T_S(J+7E
MR+6..VB>=< @6[XT\)R6>3.X&*N1IX'IZ]"(7#F]?=Y8:_\=>KDX#UU98+ '
M3[F,0K7W2M+<HI3#Q:GI1\CH\B3U:AGQ]Y6FC(9?93 97!I,C.L*)H/+@XGQ
MC2OV?SI]?#Y]_J=W<_[[LUS5^9_Z^ _O[,$7>N=]B_^.YA?N6NQRNX=N AYO
M8%'G?W0T)O00?9'0 RV=X./[:,Z/QU.WX"5WM7F"CO?0QQ':'\D;&"32%]7^
MDD?N+$K@8$8YN#RKLPF1,W3 ZO:[..1NT09OQ)?3T1*ZCWD_A:D3XD619AK^
M3L>T70)+Y%82;1WO8W6H8P<,JVOTN\:  .CCN3I-LPZ=F#[LOP&YZUYK\1[_
M_@EWNBB7^]!)\+FSI[+=J\$# G^TNIGT%.W].:\^(U*2/@*[\K15O>V(%]]8
MN73\EFP2A8>2^FYC_!VJA>CI8-W?#L2[[601QV_)3(( &5--Q,D<#7:#WW3X
M'LS3T!&OJ]-^+;V#.F9;T3>4:FC'#98V;&:]R)8\@93;Q=1GM(K158- 6#H2
M<R26!,"6P<D#DU L=2:%I&=*,@$V;ZWS"3QP_6+AQO5N86J"M70;OYW2A\A.
MV;24Q9]0N%$,'?,MHPF$GRVE;2 S6$1XD:?Q6U+$"73FDA%"0!K1P:S%LRHJ
M0L?;M\CYT3-J5!P9/A49QXP59!0[.L\^"A5+2]IRW4>K/L7#0*CF22I/ J)&
M]Q/#6&6)#4.\P Z)7*7?B@3*L XBDA<DFWUWD3WN71;(]F[,\E-"RF=18I(R
M'=: LD2<GWQ7E!&\8IIG*IRM\J8Q3%.YS3IO_].4*?Z/'QUMS/_5GOOKIW'5
M^<^^79W_Q(F_2?-_P^G?S/\_QV4-NX;9-48[L*;A##80L2A$4/ZWACQ 0L<'
MQ EM W+ET$%GY''6NJ9%=#+&0S_9Q+GOD0=;D-,DG?92,#J<56%[VFBJMEYQ
MQON;I' "Z':1/3^=+VEFO:;-:3:MJ& C&E\ZD%-/D&"<3B;TS=9-*$(5M),;
MT92$.FIO(NU>X7\;R19).7ROG%IR:=M%U2-43-E?[-XT\J<P$RYVB5 PJ3!"
M>EQ,\K;<NB8_V1W3O[K0?M**1:5 VCA2'0G;*0=3'"#J0Q+[#U_P_<GNJ[(Y
MC08*07D*=_?5;GE46.Y=/99GR=3!G*!=&[<\E;6FU0>7H#ZVI* R_;]J3?=C
MW= D>+,@ODY<+J5;3K#H@?Y2WNDURGB!&)_B29JA*\WH,:*P[L;SJ4NW8D*(
MWQ=$(/.9TVR&3 4![6S$9^*1%C0EA2+& !CY])3.Y+W $6V-5HE3^K\F+/*P
M^JHATQ]NA+ R;@/W@V5K=NOBFK'/9-!4"U_XS^'4IE\3[%%#_1^-+U[8L-$A
MW2VBU0@N;G7$YHTB<K?0$=UU>I!28 L&'".[>/M4$!A)[4M,.GRCF [8!>]5
MX:&F (K1M5K-)A+ 0[='_<[_^R;PHHF$.X*-%/K;5L(.JS^G+>S"A!#\9?1M
MY0LNXD,0U%W'C3W6L =]*K"&VG7>9$#B*$^D/,9_Y 6^1,=;\R)GL2*OT>G>
M,QI9(3=S,\JG:K5<I9%S.R304U* *S.A3D9"189!YX&<5$H*1(3DPU*D!5'$
M/N6QZY+D T!VN7CC5/81X.ML#+A3$>GB"N^0W/V+NF\_:]T9IL8Q?QD*>D,+
MJ7)S,G]T 0&$=8SECNR53)<L=G=.V@AI-P7=;?<7@G3+LL1(!D$!8[H?F0_G
M2-42((Q2C\FTH".?XI,>2"B,&D<NNLP!.)C=$Z0D1W[V/(&;)W!?-- AV2&Z
MK2CQXQMC_L_@ J2?48*&&#)/D-'A; HW8^<]<*SN2/8/ZEJ4>D3S&XCX^]"4
M-;HBYQ==LQ\ WP4 T4WX\^9,E'Y[]A?38OM)NP?$L+$JLPN+7]K1@=!TB=: 
M[K)I,(.-/?69ZCD]-J1?PXOX"D851$[XP\6>%!:C-4\H1TZ?2RU3#&>(" CT
M9^#8 GL@LD.C5B5DT RZBG/W.&)KUM#,%8ZDI\',*\&R,\9*40'A<YZ-%H;>
MR>@.JW'>A>"K1.<T718\D3.HS$-7'H& G&4AL(%)*I(<'T%ZHV4DUQRIR3:Y
M ,J;F-:1;O+(!?G^QE)%UD%:"16BZ1\VY>"^G-YGL)O_OA/1^PV",EWNK@CJ
M'1N(ABV4'7 ?'" PW<*\<95&7)CH9:+T3F!F59"4R%44F0E2#+D+HD%7I<H\
M2-7D.':[2FW\&C?T1C(C2E E,R]54RQL%82EL"H2@^T4N]Y)3[!;PL,M^B'/
MME?54'/_I(O@7^\)L'A)'-8:C>9YSC2BO%&%)/KN!XMB#H/LIY.QM8'DF I4
M$%M]<QN>W[^:X\7FN!*>2%OBHD.CB:4_.VO8-Q_"S-XVZ#(5 MX^TUL *Y_]
MV5>37%3R^-<4@2Q-NGGI*V(H9G%/,8I AAR^9I&Q:2K0CCRI*4H[K) -;#O&
MMJD?Q^B6;)(;+*+EY:2TJX8,2<D(&(FMA?/CFIJ2JW;G )!:W^\:V(:P(JHN
M1*7B MTC2VNGLB\!NYZ4' !D-"V%;9N@,O"ZEBU &I00/-PZ85&X TL[:T5V
M0T08YO/'?'701FH6LC ?U_AJ:^(/XH[N%-(!'UGVI7#4T(I%3JI#$>[4:#+,
M ;(V&#J+\D2TD;E&M#V'2.E@H9\6KONAS+'KC0%I->"3<[;\J&OF1JJKT@KX
M<(I.0*&041>9P;=OU,(9;14SP!^7K)Q='BJL4>A/> V,*O=,$E4]8^,$46\8
M"31$VB6W@ (M-K<;Q1H^E!S,A8#0??JNA]8US"_;^(X2'N8DYJFFF%ITA7PP
M*I"1EN'Z$\I [48V?Y?9/$U43^\*:WI*CC- ZE]*0?_ Q]W8"U5BQ<!PM)_V

  d) mirrors

  - "http://packetstormsecurity.org/papers/general/ICI.TXT"
  - "http://packetstorm.syrex.com/papers/general/ICI.TXT"
  - "http://packetstorm.foofus.com/papers/general/ICI.TXT"
  - "http://packetstorm.austin2600.net/papers/general/ICI.TXT"
  - "http://packetstorm.iamthebrain.com/papers/general/ICI.TXT"
  - "http://packetstorm.blackroute.net/papers/general/ICI.TXT"
  - "http://packetstorm.setnine.com/papers/general/ICI.TXT"
  - "http://packetstorm.rlz.cl/papers/general/ICI.TXT"
  - "http://packetstorm.ussrback.com/papers/general/ICI.TXT"
  - "http://packetstorm.orion-hosting.co.uk/papers/general/ICI.TXT"
  - "http://packetstorm.linuxsecurity.com/papers/general/ICI.TXT"
  - "http://packetstormsecurity.nl/papers/general/ICI.TXT"
  - "http://packetstorm.digital-network.net/papers/general/ICI.TXT"
  - "http://packetstorm.dtecks.net/papers/general/ICI.TXT"
  - "http://packetstorm.wowhacker.com/papers/general/ICI.TXT"
  - "http://packetstorm.neville-neil.com/papers/general/ICI.TXT"
  - "http://textfiles.com/uploads/"

     "If War Would Be A Solution -- Freedom And Peace Would Become An

     "Talking About Peace And Freedom While Making War Is Like Giving
      Poison While Saying It Is Water."

[EOF] - End Of File

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH