In monetary terms, the value of the data in a computer often exceeds the actual cost of the hardware and software of the machine. Therefore, encrypting the information data in our computer system is of utmost importance.

Encryption plays an important role in protecting data, not only for maintaining confidentiality of information but also to protect data from damage, destruction or alteration. An important part of the encryption process is that it allows verification of the source of information, just like an electronic signature, where the decryption key is available, while the secret encryption key guarantees the authenticity and integrity of a file.

The encryption technologies and algorithms are not limited by the properties of the storage media used. This means that data is modified to the extent that no useful information can be extracted from them, while the resources remain unaffected. It does not matter if the encryption algorithm is known to the public, because confidentiality is guaranteed by the secrecy of the unique key used for decryption.

Just because the encryption is independent of the characteristics of a storage or communication medium, it can be used for secure transfer of data through open communication channels and to protect data in portable storage devices that have been lost or the user has chosen to reject. Even if an offender has access to a file, he will not be able to decrypt the contents nor read them without the secret key.

So I decided to have a look at the latest Backtrack release (Backtrack 4 R1) which is claimed to be the best version released so far from the backtrack community. With the new Linux kernel version 2.6.34 and with significant overall improvements, this release is worth checking out. I always use the virtual machine option so that to play with it and then install the image on a hard disk by its own. Let us see below how I installed Backtrack 4 R1 on a VMWare virtual machine:

The specifications of my hardware and software are the following:

• Laptop DELL (core i3 with 4GB RAM)
• Win7 64-bit Professional
• VMWARE Workstation version 6.5.4

STEPS:

1. Download file from http://www.backtrack-linux.org/downloads/

File downloaded is bt4-r1-vm.tar.bz2 (around 2.5 GBytes)

2. Check the file with md5.exe tool to verify that MD5 is correct. This is important because such big files sometimes get corrupted when downloaded and also to verify the integrity of the file.

3. Uncompress the image with WinRAR (it took some time for winrar to open the archive – Be patient here.)

4. In VMWARE go to File>Open and select the virtual machine (BT4-R1) which you extracted above.

5. I then selected “Edit Virtual machine settings” and increased the memory from 768MB to 1024MB.

6. Then click on “Power on the virtual machine”
If you get a message that “This virtual machine may have been moved or copied” I selected “I copied it”.

7. After the Virtual machine boots up, you will get a prompt:

bt login:

Use root/toor as initial username/password

You will get the root prompt:

root@bt:~#

Now we must change the root password to something really strong.

root@bt:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

8. Now do the fix-splash as advised by the backtrack website:

root@bt:~# fix-splash

And then reboot

root@bt:~# reboot now

9. After the machine boots up, start the graphical interface:

root@bt:~# startx

DONE

Some other notes:

I like to have my virtual machine with direct access to the network interface of my host computer, so I always go to the virtual machine settings (“Edit Virtual machine settings”) and change the network adapter from “NAT” to “Bridged Mode“. With that, the LAN interface of the Backtrack in the virtual machine will have direct access to the network. If you have a DHCP server in the network, the Backtrack system will receive IP from the network, or otherwise you can configure static IP. Let’s see how to do both options below:

IP address from DHCP Server

ifconfig eth0 up
dhclient eth0

Static IP

ifconfig eth0 100.100.100.1 netmask 255.255.255.0 up
route add default gw 100.100.100.2 eth0

Also, you need to edit the /etc/resolv.conf file and change the nameserver line to add your DNS IP address.

The security problems associated with unsecured WiFi networks when you sit on the beach, cafe, etc., the applications that “show” your geographical location, the information exchanged through social networks etc are hiding serious security threats for your PC and for your personal information as well.

The use of secure wireless networks, encryption or hiding of data on disk to prevent “theft”, and serious precautions during online shopping or banking transactions, are among the practical security measures that users need to follow for protecting their personal information.

With the proliferation of social networks and the numerous applications used to share information via the Internet, PandaLabs, the anti-malware labs of Panda Security, advise users to take additional steps to avoid falling victims to malicious actions during the holidays.

These types of “geo-location” applications are used widely in recent years. Facebook applications such as Doorpl or Trip Advisor (which describes the current location of someone or the desired destination of someone), the Twitter geolocation utility (which shows from which location your tweets are sent), or the location services via GPS mobile devices (iPhone and Android users) are just some examples.

PandaLabs constantly analyze the latest trends in Internet and are able to advise users for their protection throughout the year and more specifically during a massive holiday period like the summer.

If you take your own computer with you on vacation:
- Before you do anything, keep a back up of all your data.
- Make sure you have a reliable and updated antivirus/antimalware protection software and that all necessary security patches are installed.
- In order to mitigate the consequences of theft of your computer, use the encryption technology for information stored on your hard disk, even if such work is tedious and complicated. This will prohibit any access to your files without correct password.
- Clear the temporary files, logs, cookies and password reminders or auto-complete features you use on the browser. This would eliminate the automatic access to webmail, social networks, bank accounts or your favorite online stores.
- Do not connect on unprotected WiFi networks, as you can “get hooked” by hackers who can intercept information shared with your community. Even if you have to pay for network access, it is better and safer to use a secure network you can trust.
- Pay attention to email. The phishing attacks and spam are becoming smarter for stealing sensitive personal data.

If you use another computer on your vacation:
- It’s better not to use someone else computer. You do not know what is installed on this computer. It is possible that PCs in cyber-cafes, hotels or airports, from where you might log into your bank account, etc. are infected by a dangerous Trojan Horse.
- If you do not really have a choice and must go into websites that require your personal credentials, make sure you change them immediately after use in order to minimize the risk.
- Avoid doing online transactions if possible. Remember that any information you enter can be used by another user.
- Do not accept any inducement for storage of personal data offered by many web browsers.
- When you are finished using the computer, delete all temporary files, browser history, the cookies, the log files and any other information stored on computer.
- If you download something on the computer, remember to delete it before turning the computer off.

Using social networks
- Never use the travel planning applications offered by these networks in order to be sure that it is impossible to identify who you are. Do not accept the geolocation detection (geolocation function) in Twitter and do not use this technology in mobile phones.
- Do not reveal your plans for your holidays in chat rooms, IRCs, social communities, etc.
- If you spend time in chat rooms while you’re on vacation, do not disclose any personal or confidential information to someone you don’t know.
- Share the above tips with your children, which are often more open to good faith to share information via the Internet.
- If you notice any suspicious behavior while you are connected to a social network (people with great interest for other people’s destinations, dates, etc.) contact the police. Prevention is always better than cure.

I have a QNAP TS-109 II Network Attached Storage (NAS) device which I use for data storage, download station, torrent client etc. This NAS is a Linux Box so I thought about using it for another application in addition to the other mentioned above: as an SSH tunneling box for encrypting traffic when I’m outside of the home (on an unsecured wi-fi hot spot for example). Since the NAS is already running an SSH deamon, you can enable it to work as an SSH tunneling server. Basically you can use PuTTY (SSH client) to create an SSH tunnel with the NAS using local port forwarding. PuTTY creates a local port on your PC (e.g 9999) which listens for connections and sends all traffic that is destined to this local port over to the remote NAS SSH server. This traffic is sent over the encrypted SSH tunnel between your PC and the remote NAS. At the NAS end, the traffic exits the NAS towards the Internet (TCP Forwarding must be enabled on the NAS). With that setup you essentially create a secure encrypted tunnel that can be used to access the internet securely when you are connected on a public wi-fi hot spot or even in a hotel room.

First, we need to make some changes on the sshd configuration of the NAS station. Open a CLI connection with the NAS (using telnet or ssh) and edit (using vi) the sshd_config file located under /etc/ssh/ path. You need to change the following settings in sshd_config:

• Uncomment the #AllowTcpForwarding no parameter (remove the # ) and change it to yes.
  AllowTcpForwarding yes
• Uncomment the #PermitTunnel no parameter (remove the # ) and change it to yes.
  PermitTunnel yes

However, the changes above will not be permanent since the QNAP NAS device will change all configuration to default settings when rebooted. Therefore we need to somehow make the changes permanent. What we can do is the following:

• Copy the modified sshd_config file into a shared location on the NAS.
• Use the “autorun.sh” script to copy the modified sshd_config file from the shared location and overwrite the original sshd_config file located under /etc/ssh/
• Then restart the sshd deamon to take the new modified settings.

I have copied the modified sshd_config file under /share/HDA_DATA/
Now, in order to create the autorun.sh file, do the following:
# mount -t ext2 /dev/mtdblock5 /tmp/config
# vi /tmp/config/autorun.sh

Get into vi editor and enter the following lines:
cp /share/HDA_DATA/sshd_config /etc/ssh/
killall sshd

Save the file and make it executable.

# chmod +x /tmp/config/autorun.sh
# umount /tmp/config

That’s it for the NAS.

Now in order to create the ssh tunnel, we will use PuTTy as shown below:

Open up PuTTY and go to Tunnels. At Source Port enter a desired local port that will be listening on your local PC (e.g 8888). Select Dynamic and press Add.

As you can see above, port 8888 is created. This port will start listening on your local PC after you connect with SSH to the NAS.

Now go up to “Session” and put the IP address of your NAS ssh server. The picture above shows a private IP address (192.168.10.111) but in real situations this should be the domain name or the public IP address of your NAS server. Click “Open” to log in to the NAS with your SSH username and password. When you log in, a secure SSH tunnel will be created between your PC and the remote NAS server.

If you need to encrypt all of your internet browsing traffic, you have to configure a SOCKS proxy on your browser with IP address 127.0.0.1 and port 8888.

Kaspersky Lab announced recently the estimations of their security analysts about the activity of cyber criminals for 2010.

In 2008, the company’s analysts predicted an increase in system infections by viruses. Unfortunately, these estimates proved accurate. In 2009 we saw the emergence of sophisticated malware with functionality based on rootkits, the significant use of worm Kido (also known as Conficker), but also we observed numerous Internet attacks, the proliferation of botnets, fraud using mobile SMS and attacks on social networking websites.

Estimates for 2010

According to the experts at Kaspersky Lab, there will be a change in the types of attacks. More specifically, there should be a change from the attacks waged through websites and applications to attacks via file-sharing and peer-to-peer networks.

Already in 2009 there was series of massive attacks based on malware that spread via torrents. This method was used for the deployment of web threats such as viruses like TDSS and Virut, and the invasion of computers running Mac OS X. In 2010, we should expect a significant increase in this type of attacks on P2P networks.

The cyber criminals will continue to compete unleashing viruses. Currently, cyber criminals try more and more to be legalized and there are many ways to profit using the spread of malicious viruses through botnet networks. Today, botnets are used mainly for “black market services”. However, future services are expected to become more “gray” color.

The so called “cooperation programs” will give botnet administrators/owners the ability to profit from activities such as sending spam, DoS attacks or via sending malicious software applications that are not clearly a form of criminal activity.

The decline observed in the use of Trojan viruses that banged users of online gaming in 2009, is likely to occur in the use of fake antivirus programs in 2010. This category of threat first appeared in 2007 and in 2009 it reached its zenith. The worm Kido, for example, went to install rogue antivirus programs on infected computers.

However, the “market” of fake antivirus programs is now saturated and profits for cyber criminals have fallen. Furthermore, these activities are closely monitored by the legitimate security companies. In this context, an increasing degree of difficulty for the development and distribution of rogue antivirus programs is introduced.

With regards to attacks on web services, Google Wave is expected to monopolize the interest in 2010. There is no doubt that attacks in this new Google service will follow the usual model. First comes the sending of spam messages, then phishing attacks, then the exploitation of vulnerabilities of systems and the end comes with the spread of malware. The availability of Chrome OS operating system by Google, which is based on Internet technology, is a notable development, but experts of Kaspersky Lab expect that cyber criminals will not show great interest around this software platform.

However, it is expected that 2010 will be a difficult year for iPhone users and for phones with Android operating system. The first malicious programs for these platforms appeared in 2009, which is a clear indication that there is increased interest from cyber criminals. As for the users of iPhone, only those who have cracked appliances will be at risk, but the same does not apply to users of devices with Android software, as all of them can fall victims to attacks. For example, the growing popularity of mobile phones with Android software in China, combined with the lack of effective controls for the security of applications offered from third parties, is expected to contribute to the rise in the number of attacks by malicious programs.

The identification of new vulnerabilities in the systems will be the main cause of mass infection by viruses. These vulnerabilities will be mainly related to software developed by third parties (such as Adobe, Apple, etc.), but also Windows 7, whose marketing has recently started. If a large number of such software vulnerabilities is not found in 2010, it may well be one of the “quieter” years long.