Thursday, December 15, 2011

Slinging yourself around the internet

Sometimes your need to use the Internet, but you have a connection you can't exactly trust (coffee shop and hotel wifi come to mind).  In other situations you may feel a need to hide your real IP address, possibly for security reasons.

There are more than a few tools which you can use to do these sort of things.  This post will focus on some of the more popular tools.  I am assuming that you are both running Unix of some kind or other, and know how to use it.  There probably are equivalent tools for Windows, but I am not familiar with them.

I am not going to tell you exactly how to install each and every one of these tools, because it varies from system to system, but I will provide basic information about how to use them.  I also suggest verifying that things are actually working before moving any sensitive information.

Additionally, these tools only work for TCP connections.  UDP will not work.

SSH Tunnels
If you have a Unix system, you probably have SSH installed.   People usually use it  to connect to other machines (pretty much as as an encrypted replacement for telnet) or to copy files from one machine to another.

SSH has a feature that even extremely skilled people are not always familiar with.  You can open a tunnel across the SSH session to another host.  When you start up the tunnel, it opens a port on your local machine.  If you connect to this port, the connection runs across the ssh connection and out the machine you connected to, to a host and port combination you specified when you created the tunnel.

Picture this scenario: you're out of town, and you want to take a look at your bank's web site.  Your only internet connection is an open wifi network, and having played with a sniffer or two in your day, you not want to send your banking information across such a network.  Back at home the router connected to your cable modem is configured to forward SSH to one of your computers (and a dynamic dns entry to go along with it), and a computer running a SOCKS proxy on
You fire up a terminal window and type:
ssh -L1081: , and then log in as normal.  After that, you configure your web browser to connect to a SOCKS proxy running on port 1081 on your local machine, then browse away.  

Everything your browser does now runs across your strongly encrypted SSH connection.  

It is important to note that you can use tunnels for a lot of things other than SOCKS proxies.  If you want to lock down access to a web based application, you can make a white list consisting of a single host and then open tunnels through that machine.

You now know how to run your applications which allow you to specify a proxy across a tunnel, but not all applications allow you to do that.  This is where a handy tool called  proxychains comes into play.

Proxychains is a pretty powerful tool, it actually allows you to run your connection through a series of different proxy servers.  However, this complexity is outside the scope of this post. If you simply specify a single proxy server (in this case localhost and the port you've opened) in the [ProxyList] section of the config file.  This is enough for basic functionality.

Once this is done, simply type: proxychains [command].  Your application will now seamlessly run across the proxy.

TOR, or The Onion Router is an anonymity tool originally developed by the US Navy, later the EFF, and currently by the TOR project.  While the technical details of how TOR works should be read about by the user, all that will be mentioned in this post is that TOR encrypts traffic and conceals its source.  When TOR is up and running on a system, it starts a SOCKS proxy that listens on port 9050.  If you point a SOCKS aware application at that port, it should go across the TOR network.
There is a tool similar to Proxychains called torsocks.  It is also used in a very similar manner (torsocks command).

You now have a basic idea of how to securely tunnel through part of the Internet to another part.  Please be aware that a good number of these tools are under constant development, so they may not behave exactly as specified.  The important things to grasp are the concepts of tunnels and proxies.  If those are understood, you should be able to correct for any minor differences encountered.

Wednesday, December 14, 2011

Why root access matters

I have long held the belief that a person should have complete and total control of his digital devices.  While this is largely because I think if a person shells out for a high tech toy, she should be able to run whatever software she likes, tweak any and all settings, and so on.  Some insufficiently suspicious folks called me paranoid when I would mention that without full control of the device, you can't be sure that all the software running on it is benign.

About two weeks ago, it was learned that several cell phone carriers have been shipping Android phones with a hidden application called CarrierIQ installed.  This application can do things like monitor the phone's location via GPS, and check signal quality as well.  In addition to this, it can monitor text messages for specific strings and what URLs have been visited.

Yesterday, the FBI declined a Freedom of Information Act request about the software on the grounds that the information was related to "a pending or prospective law enforcement proceeding".  Today, the EFF reported that they believe keystroke data is being inadvertently transmitted to third parties.

It is important to note that at least some (if not all) of the information CarrierIQ gathers does serve legitimate diagnostic purposes.  In my line of work we occasionally need to perform packet inspection to resolve various network issues.  There is a very large and very real potential for privacy abuse here, but it doesn't happen.  While it is true that there are a variety of policies and procedures to make sure that our customers' privacy is respected, we simply don't have the time to dig through other people's packets. 

Carrier IQ probably is not slinging your text messages and browsing history off to the CIA (that'd be much easier to do on the carrier's network anyway).  None the less, if people had full control of their phones in the first place, this application would not have been hidden, and not gone unnoticed for an undetermined period of time.

Anyone who hides things from you on devices you own or tries to keep you in a walled garden is not your friend.