Presentation is loading. Please wait.

Presentation is loading. Please wait.

Name: John Ostrander Website: exclusionzone.org GPG: B9151AAE

Published byDominic Blake Modified over 6 years ago

Similar presentations

Presentation on theme: "Name: John Ostrander Website: exclusionzone.org GPG: B9151AAE"— Presentation transcript:

1 Name: John Ostrander Website: exclusionzone.org GPG: B9151AAE 1906 : F4DE : DA5B : 6681 : F3FB : 46CD : A99B : 31D8 : B915 : 1AAE

2 Warnings & Disclaimers
I am not a lawyer Do not misconstrue anything I say as legal advice There is no such thing as a 100% secure system Hardware bugs, software bugs, and OpSec bugs still exist InfoSec and OpSec are a system These are just tools; not a comprehensive solution InfoSec and OpSec take study and practice This will not protect you from an APT Alphabet soup is slimy I am human I wont maliciously mislead y'all, but I make mistakes too

3 WhatD.o while( Privacy != 'Respected' || Autonomy != 'Respected' || Agency != 'Respected' ) { if( ToolChain == 'A good start' ){ Wayne(CryproPartyOn); } else{ RenewResearch(ToolChain);

4 Tools We Will Be Using Tails
(From: “Tails is a live system that aims to preserve your privacy and anonymity.” “It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.” “It is Free Software and based on Debian GNU/Linux.” “Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, client, office suite, image and sound editor, etc.”

5 More Tools We Will Be Using
TOR The Onion Router (From: “Tor is an open and distributed network that helps defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.” “Tor protects you by bouncing your communications around a network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. “

6 Yet More Tools We Will Be Using
GPG Gnu Privacy Guard (From: “GnuPG allows to encrypt and sign your data and communication, features a versatile key management system…” “GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License.” Enigmail Enigmail is a gui frontend for the IceDove client that leverages GPG and makes encrypting and decrypting easy peasy.

7 Still More Tools We Will Be Using
MAT Metadata Anonymization Toolkit Tool that allows one to strip metadata from most popular digital file types Pidgin Chat messaging client for IRC, ICQ, Jabber, AIM, etc OTR plugin for Pidgin Off The Record Chat encryption standard that allows for one to chat with accomplices with reasonable assurance that the chats are confidential KeePass2 Password vault that allows the user to securely store multiple unique passwords inside an encrypted container

8 Tails Specific Warnings
Straight from the horses’ mouth(s): Tails does not protect against compromised hardware Tails can be compromised if installed or plugged in untrusted systems Tails does not protect against BIOS or firmware attacks Tor exit nodes can eavesdrop on communications Tails makes it clear that you are using Tor and probably Tails Man-in-the-middle attacks Confirmation attacks Tails doesn't encrypt your documents by default Tails doesn't clear the metadata of your documents for you and doesn't encrypt the Subject: and other headers of your encrypted messages Tor doesn't protect you from a global adversary Tails doesn't magically separate your different contextual identities Tails doesn't make your crappy passwords stronger Tails is a work in progress

9 Getting Tails Booted Shut down computer
Ensure booting from USB/CD/DVD/Disk is enabled Crypto angels can help with this Insert your shiny new DVD Turn on computer Spam the button to select boot device (F10, F12, F2) Crypto angels up Select USB/CD/DVD/Disk as boot device ??? Profit!

10 Move to Install Check List

11 Some Rules of Thumb for TOR
Do not try to torrent things It hurts the network DHT kills the anonymity Use additional crypto everywhere you can This helps mitigate compromise by malicious exit nodes HTTPS, GPG, X.509 Do not use Java Script or Flash unless you really need to If you have to use Java Script then it’s wise to reboot and use it with persistence turned off If you have to use Flash then download the .swf and run it offline with persistence turned off

12 Some Do’s and Do not’s Do Not Do Log into your clearnet accounts
Torrent things “Do malicious things” “Use it to buy illegal things” “Use it to circumvent the law” Do Browse the Internet your commrades ShitPost on IRC ShitPost on chans Make BitCoin Transactions Stream “not pirated” content

13 My Personal Guidelines
Trust no one; question everything Avoid circuits that lie entirely inside of 5 eyes, 6 eyes, 9 eyes, 14 eyes, and NATO countries Avoid exit nodes hosted by institutions that receive government monies Verify data retrieved by non-trusted means through 3 or more circuits for authenticity Clearnet files Self signed certs Cat pictures Never use Flash Try no be dumb

14 Things to Keep in Mind Your ISP can see that you are using TOR, just not what you are doing over TOR That camera in the coffee shop There are ways that you can be deanonymized Traffic correlation Exploits Writing style Meta Data Ignorance Laziness

15 Questions?

16 Resources https://www.exclusionzone.org https://tails.boum.org

Download ppt "Name: John Ostrander Website: exclusionzone.org GPG: B9151AAE"

Similar presentations

Stay Safe Online in Six Steps Presented by: Scott Rhinehart 540 Lake Center Parkway, Suite 102 Cumming, GA 30040 Office: 678-513-1864 ext 58727 Fax: 770-887-9339.

Stay Safe Online in Six Steps Presented by: Scott Rhinehart 540 Lake Center Parkway, Suite 102 Cumming, GA Office: ext Fax:
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
ToR. Tor: anonymity online Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet.

ToR. Tor: anonymity online Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet.
You can run that from a USB Drive ? Portable Applications: the good, the bad and the ugly Jeff Gimbel © 2007.

You can run that from a USB Drive ? Portable Applications: the good, the bad and the ugly Jeff Gimbel © 2007.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

Instant Messaging Security Flaws By: Shadow404 Southern Poly University.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Sofya Rozenblat 11/26/2012 CS 105 TOR ANONYMITY NETWORK.

Sofya Rozenblat 11/26/2012 CS 105 TOR ANONYMITY NETWORK.
Www.sti-innsbruck.at © Copyright 2012 STI INNSBRUCK www.sti-innsbruck.at Tor project: Anonymity online.

© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.

ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
PLUG IT IN SIX Protecting Your Information Assets.

PLUG IT IN SIX Protecting Your Information Assets.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.

NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.

Similar presentations

Ads by Google