A GOOD READ

I read this on AR by Sicilian30

Internet safety (Please read)
Alright guys, I have been wanting to post this thread for some time, and I got brave .. so here goes.
Some safety precautions that you may find that will help you protect yourself on the Internet.
Now by no means what I say in this thread are to be taken in any aspect that I am a dealer or participate in any sort of illegal activity, because I do not practice in such matters. However, I do read a lot, and knowing what I know, and seeing what I see, I get inside info pretty steady.
Okay with that said, here a few things that most of you guys need to be aware of. The FBI and DEA have very useful tools at their disposal, to help catch people doing illegal activities on the Internet, email etc.
One of the tools that is raising eyebrows, is this new thing they call, “The Magic Box”. Now I have been doing searching and trying to find out how this technology works, but so far all I have come up with is, that this “computer” or device, can lock into your Internet connection and record your keystrokes as they are leaving your computer. So what this means is, that there is no need for a keyboard sniffer, to be loaded on your computer. They (meaning anyone who is trying to look for suspicious activity) simply tap into your Internet connection and monitor what you do, by watching and recording the signals and packets leaving your computer. They can also ask ISP companies to watch and track your movements, on the Internet. Also if you use encrypted emails accounts, the “Magic Box” not only can record where you go and how many times you access your email, but can also provide prying eyes with your user name and password. This way someone can log into your account without having the encryption key. This brings me to another point; online emails, such as hush mail, cyber rights, zip lip, etc.
I personally would recommend you delete everything in your boxes. Inbox, sent items, and trash. Keep them deleted, and always if you “RESPOND” to someone else email, it is best to delete the text that you are responding to. This could lead to a trail, and as most of you know, when you respond to an email, all previous conversations are there in that responding email.
Don’t’ forget about the sent and trash folders with your “Online email accounts as well”. Also another good practice is to maybe check and answer your emails from other computers such as friends, work, etc. But beware, some offices, can record where you go, and could have keyboard loggers installed as well. Watch out.
I would also recommend an ISP that changes your ** numbers regularly, (DHCP leases). What this means is every 2 or more hours your ** number changes, therefore it is harder for someone to lock onto your ** number.
Again, I am not exactly clear how this technology works or any counter software that will prevent this. The FBI, for obvious reasons do not and will not share this info with the public. This is because they know that if they let everyone know how the technology works, there will be hackers all over the world trying to find ways to get around this, and stop it.
I know of one case that it was used to bring down a hacking ring, and actually led FBI to the guys that were committing the crimes. They were grabbing their emails, everything they would type to one another, sites they visited, keystrokes they made etc. They used all of this along with phone tapping to catch these hackers. Actually the “Magic Box” is similar to a phone tap, just on a computer and Internet level.
I can’t say I blame the FBI for not sharing to the public how this technology works. We live in a country in which national security is a very important thing now, since September 11th. I applaud the FBI and DEA for cracking down on Terrorists activities and hope that this technology will lead to stopping them as well as other things that are happening on the Internet.

Now a possible way of working around this:

For those of you who are interested, I believe that this technology can be worked around if you are fearful that someone is snooping around where they shouldn’t be. There are a few rules and guidelines I would suggest to people, if they are worried about prying eyes. One way to counter act this, disconnect your computer from your Internet connection. Once this is done, open up a word document, or other type of word processor, even notepad, type what you wan to type, save the file, and reconnect your Internet connection. (This may require a restart).
Yet another simpler way of doing this is to have a program such as Zone alarm. Go into zone alarm, set it to “Internet Lock”, that way no traffic leaves your computer via Internet. Open up your Word Processor and type what you want, copy it, now reengage your Internet connection via Zone alarm by taking the Internet lock off, now surf to your website, (bare in mind, now someone could be recording your keystrokes, therefore, it may be good to keep the website or email addy in your favorites.) Now compose an email, or whatever, now paste the info you just copied into your email, thread, or whatever, then send. To my knowledge there is no way for them to track this unless they intercept your username and password, and you forget to delete your sent items or trash mail boxes. Now this works if you are using a secure online email service. It may not be as effective if you use a regular email program such as outlook express, or use hotmail or another none encrypted email.
Once your computer is restarted and logged onto the Internet, surf where you want, open your document that you previously saved containing the text you want to send, copy the text you typed previously, and then paste it in an email, thread or whatever. This in theory from what I know about this technology, does not allow someone to snoop on your keystrokes, because you have no connection to the Internet. Once you have copied and pasted, the info you want, use a good “file shredder” to delete that document. I use Norton Utilities to delete files, or X cleaner has a good shredder built into it.

Secondly if you are a source, I would suggest your keep your price lists on a diskette. They are easier to destroy, and can be easily transported from computer to computer. Always have a back up plan, like a quick way of formatting your computer or keeping incriminating evidence from your hard drive. I also see a lot of guys who actually are starting to use external drives to store data on then moving that hard drive to an undisclosed location. I don’t recommend this, due to if anyone finds it, then they got any info they need. The FBI and special teams have ways of retrieving data from formatted hard drives and yes deleted files. This can be done, and is done all the time. So really the only way of protecting yourself, is to keep things off your hard drive. This means using cleaners, and file shredders.
I am not going to stress the importance of a firewall, updated virus scanner, history and Internet Cache Cleaners; I have other post that explains the importance of these items.
Again, I feel that this info is important to some of the members here, because no one likes someone snooping around on their computers. I was also told by one member here, that there are “special teams” of FBI and DEA agents that troll the boards, and try to catch people practicing illegal activities. Of course this does not apply to the members here at AR, we do not participate in Illegal activities here, well none that I know of.. LOL..
I like the fact that the members here, try to help others not only with AS questions, but diet, nutrition, and other things that it is hard to find answers anywhere else.
Just some info I wanted to share with you all.
Here is also a very interesting article which describes something similar to what I am talking about.
http://www.corpwatch.org/news/PND.jsp?articleid=1092

bump

paranoia self destroya

MAGIC LANTERN installs so-called “keylogging” software on a suspect’s machine that is capable of capturing keystrokes typed on a computer. By tracking exactly what a suspect types, critical encryption key information can be gathered, and then transmitted back to the FBI, according to the source, who requested anonymity.
The virus can be sent to the suspect via e-mail — perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect’s computer and insert Magic Lantern, the source said.
Magic Lantern is one of a series of enhancements currently being developed for the FBI’s Carnivore project, the source said, under the umbrella project name of Cyber Knight.

MENTIONED IN UNCLASSIFIED DOCUMENTS
Advertisement





The FBI released a series of unclassified documents relating to Carnivore last year in response to a Freedom of Information Act request filed by the Electronic Privacy Information Center. The documentation was heavily redacted — most information was blacked out. They included a document describing the "Enhanced Carnivore Project Plan,” which was almost completely redacted. According to the anonymous source, redacted portions of that memo mention Cyber Knight, which he described as a database that sorts and matches data gathered using various Carnivore-like methods from e-mail, chat rooms, instant messages and Internet phone calls. It also matches the files with the necessary encryption keys.

FBI pushes telcos to ease surveillance





• Webcam spying abounds
• Heat-seeking cameras
• Spies in the sky
• The high-tech hunt
• FBI cracks encryption
• Biometrics in a new age
• Warming to Big Brother?
• Rolling up freedom
• What should 'they' watch?
• A high-tech home front
• Special Section






MSNBC.com repeatedly contacted the FBI to discuss this story. However, after three business days the FBI was still requesting more time before commenting. MSNBC.com has filed a Freedom of Information Act request with the bureau.
Word of the FBI’s new software comes on the heels of a major victory for the use of Carnivore. The USA Patriot Act, passed last month, made it a little easier for the bureau to deploy the software. Now agents can install it simply by obtaining an order from a U.S. or state attorney general — without going to a judge. After-the-fact judicial oversight is still required.

FBI HAS ALREADY STOLEN KEYS



If Magic Lantern is in fact used to steal encryption keys, it would not be the first time the FBI has employed such a tactic. Just last month, in an affidavit filed by Deputy Assistant Director Randall Murch in U.S. District Court, the bureau admitted using keylogging software to steal encryption keys in a recent high-profile mob case. Nicodemo Scarfo was arrested last year for loan sharking and running a gambling racket. During their investigation, Murch wrote in his affidavit, FBI agents broke into Scarfo’s New Jersey office and installed encryption-key-stealing software on the suspect’s machine. The key was later used to decrypt critical evidence in the case.


Net Privacy





Magic Lantern would take the method used in Scarfo one step further, allowing agents to “break in” to a suspect’s office and install keylogging software remotely. But in both cases, the software works the same way.
It watches for a suspect to start a popular encryption program called Pretty Good Privacy. It then logs the passphrase used to start the program, essentially given agents access to keys needed to decrypt files.
Advertisement


Related deals from MSN Shopping
Xbox® James Bond 007: Nightfire
$49.99
JCPenney

More Xbox games



Encryption keys are unbreakable by brute force, but the keys themselves are only protected by the passphrase used to start the Pretty Good Privacy program, similar to a password used to log on to a network. If agents can obtain that passphrase while typed into a computer by its owner, they can obtain the suspect’s encryption key — similar to obtaining a key to a lock box which contains a piece of paper that includes the combination for a safe.

BREAKING NEW GROUND



David Sobel, attorney for the Electronic Privacy Information Center and outspoken critic of Carnivore, did not outright reject the notion of a Magic-Lantern-style project, but raised several cautions.
“This is breaking new ground for law enforcement, to be planting viruses on target computers,” Sobel said. “It raises a new set of issues that neither Congress nor the courts have ever dealt with.”
Stealing encryption keys could be touchy ground for federal investigators, who have always fretted openly about encryption’s ability to help criminals and terrorists hide their work. During the Clinton administration, the FBI found itself on the losing side of a lengthy public debate about the federal government’s ability to circumvent encryption tools. The most recently rejected involved so-called key escrow — all encryption keys would have been stored by the government for emergency recall.

LEVELS PLAYING FIELD WITH CRIMINALS
A spokesperson for Rep. Dick Armey (R-Texas), said he thought Magic Lantern, as described to him by MSNBC.com, was considerably more palatable than key escrow.


Tech Policy and Law





“Citizens should have ability to keep their files and e-mails safe from bureaucratic prying eyes. But this would only be usable against a limited set of people. It’s not as troubling as saying the government should have all the keys,” said the Armey spokesperson. He also said Magic Lantern didn’t raise the same Fourth Amendment concerns regarding search and seizure as Carnivore, because Magic Lantern apparently targets one suspect at a time. Armey, an outspoken Carnivore critic, has complained about the potential for the FBI’s Internet sniffing software to capture too much data as packets fly by headed for a suspect — known in the legal world as an “overly broad” search.
Sobel was concerned that the keylogging software itself could result in overly broad searches, since it would be possible to observe every keystroke entered by a suspect, even if a court order specified a search only for encryption keys. Developers in the Scarfo case went to some trouble to limit the data stored by the keylogging software installed on Scarfo’s computer, shutting the system on and off in an attempt to comply with the court order, according to Murch’s affidavit. But given the confusion surrounding keylogging and encryption, and the mystery surrounding projects like Carnivore, Sobel said he’s worried about the bureau’s use of software that hasn’t been clearly explained to the public or the Congress.
“It is a matter of what protections are in place. At this point, the best documented case is Scarfo, and that raises concerns,” he said. “The federal magistrate who approved the technology in Scarfo had no understanding of what this thing was. I hope there can be meaningful oversight (for Magic Lantern).”










How much can Internet companies learn about you while you're surfing? Quite a lot, actually. As you surf, prying eyes can learn more and more about you -- your likes and dislikes, your habits, your purchase history. Here's a hypothetical example of one surfer's day online.


Surfer goes to Randomhomepage.com. He doesn’t register, and doesn’t accept a cookie.
What RandomHomepage.com knows:

Surfer came to Randomhomepage.com from BigSearchEngine.com.
Surfer’s IP address is 206.255.255.255. That might also reveal the surfer's ISP, company or school.
Surfer uses Windows 95 and Netscape.



Surfer visits LocalNewsWebsite.com. He visits regularly, isn’t a registered user.
What LocalNewsWebsite.com knows:


Surfer almost always arrives at LocalNewsWebSite.com from either BigSearchEngine.com or SmallSearchEngine.com.
Surfer has visited four times in the past month.
Surfer spends only 30 seconds on the home page.
Surfer clicked to the sports page, the technology page, and the weather page before leaving.



Surfer visits MajorNewsSite.com. He isn’t a registered user.
What a third-party company knows:


A banner ad network which is MajorNewsSite’s partner recognizes Surfer (not by name, but by computer).
Surfer also visited three hockey news Web sites recently. Surfer gets ads designed for hockey fans.
MajorNewsSite uses technology that maps IP addresses to real-world locations; the site learns the surfer probably lives in Columbia, Mo.



Surfer registers at RandomSweepstakes.com contest Web site.
What RandomSweepstakes.com knows:


Surfer’s name, address, phone number, gender, work phone, personal tastes.
The information can be sold to anyone.
The information can be mapped to any additional information gleaned from cookies, such as previous Web sites visited.
Hackers can break in and steal it.
If the Web site is acquired, the new company owns the information.



Surfer buys a book from BigBookStore.com.
What BigBookStore.com knows:


All Surfer’s prior purchases.
Any products Surfer ever searched for.
All Surfer’s personal information.
Using a technique called collaborative filtering, what other books Surfer might want.




Printable version

heres a question, if you have zonealarm and it takes one click to engage the internet lock, thus no inbound or out bound keystrokes should be able to be recorded, then why type ur text in a word document/notepad then cut and paste to the site, if you say have ur email acount up on the screen waiting for you to log in ur name and then pass word why cant you engage the internet lock, then type the name in then unlock the internet lock and hit send, then when it asks for ur password then i would say engage the internet lock once again, and type in ur password, then unlock the zonealarm internet lock again and hit enter and voila your in ur acount and no key strokes have been recorder

im just not getting why you should type what you need typed that you want hidden on another application and cut and paste it when you can just engage the internet lock and type what u need to right there and then unlock it and send it
wont it work this way as well?

Do-it-yourself Internet anonymity
By Thomas C Greene in Washington
Posted: 14/11/2001 at 12:46 GMT


Along with the recent government hysteria over terrorists, we've seen legislative measures and 'emergency powers' inviting law-enforcement agencies worldwide to conduct Internet surveillance on an unprecedented scale. But because the state-of-the-art of electronic dragnets makes it difficult if not impossible to exclude the comings and goings of innocent citizens, we thought this a good time to run down the basic techniques for ordinary, law-abiding folk to come and go anonymously on the Net, and keep their private business private.

How do you make a truly anonymous post to a newsgroup or a BBS? How do you keep the Web sites you visit a secret? How do you send e-mail and ensure that its contents can't be read by someone who intercepts it? How do you chat anonymously?

We'll invoke our foil, Windows addict Harry Homeowner, and lay it out in terms the average user can profit from, though with hopes that even you power users might learn a thing or two in the process.

Proxies
These are your first line of defense, so let's start with them. Proxies provide a useful layer of mediation between your machine and the Internet. There are several types, but Web proxies and Socks proxies are the two most relevant to our purposes.

Grossly oversimplified, a proxy is a remote machine which you connect through to the Net, which forwards your IP traffic, and which you then appear to be originating from. When you contact a Web site via an anonymous proxy, it's the proxy's IP which shows in their logs.

You can use either Web or Socks proxies with your browser, and Socks proxies with other Net clients to obscure your IP from prying eyes. But you do have to choose them with care.

Socks proxies are the best, general-purpose proxies. This is so because Socks are non-caching, which means, for example, that there won't be a record of the Web pages you fetched while connecting through one, except on your own machine -- and this you can fix rather easily (more on that in 'Browser Settings'). It also means they're slow, but if you want anonymity, you shouldn't quibble.

But older versions of Internet Explorer and Netscape don't support Socks. What to do? You can upgrade, but I prefer an older browser with fewer 'features', which I equate with fewer security leaks (though these should be patched regularly, of course). Rather than upgrade, you can download an application called SocksCap, and use it to 'socksify' any IP client you use. It will work with browsers, e-mail clients, telnet, SSH, chat clients, even your l4me e-mail bomber. Test it; socksify your e-mail client and send a message from one of your accounts to another. Check the header. Is the originating IP your proxy? If so, your e-mail now appears to originate from the proxy's IP. This can be extremely useful, as we'll see below.

Useful but not foolproof. Of course the proxy machine's admin can easily learn that you connected to it after perusing his logs, so a proxy doesn't actually conceal you; it just adds a layer between you and whatever you're contacting on the Net. This layer can be thick or thin, depending on where the proxy machine is physically located. If your proxy is located in a country unlikely to cooperate with requests for their logs from foreign officials, or a country where your mother tongue is rarely spoken, it can be, in practical terms if not theoretical terms, quite an effective layer of protection.

It's easy to determine a proxy's country of origin with the $20.00 Patrick Project DNS utility, which will resolve IPs to addresses and vice versa, and a good deal more to boot. You cheapskates out there can go to SamSpade.org and do it all for free.

Now you know how to determine your proxy's location. The more exotic the better: Korea is better than Japan; Thailand is better than Korea; Indonesia is better than Thailand; Papua New Guinea is pure gold. Kenya is better than Morocco; Ghana is better than Kenya; Guinea is better than Ghana; Burkina Faso is pure gold. You get the picture.

Now you need to test the proxy for anonymity. Some of them can leak appalling amounts of information, like your true IP, for example. There are several environmental variables checkers on line which will tell you just what information your proxy is leaking to the world, and a nice links page to a heap of them is located at Proxys4all.com.

And what do env checkers tell you? The chief variables you need to know about are:

REMOTE_ADDR: Your apparent IP, which should be the proxy. If not, use another proxy.
REMOTE_HOST: Your apparent address, which should resolve to the proxy IP. or better yet not be resolvable at all. If it resolves to you, use another proxy.
HTTP_X_FORWARDED_FOR: Sometimes your true IP is revealed -- get another proxy.
HTTP_USER_AGENT: Your browser type -- unimportant.
FORWARDED: Reveals the fact that you're using a proxy; not fatal, but better if blank.
VIA: Reveals the fact that you're using a proxy; not fatal, but better if blank.
CLIENT_IP: Sometimes your IP is revealed -- use another proxy.
HTTP_FROM: Sometimes your IP is revealed -- use another proxy.

You can use a free application called ProxyHunter to scan ranges of IPs and find your own proxies. These you can evaluate, determining location and anonymity according to the guidelines above.

A scan such as this is non-invasive and non-destructive, but it's still possible one may get a nastygram from one's ISP for performing them.

Socks proxies are located on port 1080, so you'll want to use that in most searches with ProxyHunter. HTTP proxies on ports 80, 3128 and 8080 are useful, and can be loaded directly into your browser, but they're not quite as secure.

You can load a good Socks in your chat clients like IRC and ICQ; and with SocksCap you can run your telnet and e-mail clients and browser through one as well.

For even more anonymous surfing, you can give yourself an added measure of security by connecting to a Web proxy like Anonymizer through a Socks (or even a decent HTTP proxy). Feel free to e-mail me if you can't figure all this stuff out -- but please, I beg you, give it a fair go on your own first. I'm a humble news reporter, not a help desk.

When you find a Socks proxy with ProxyHunter, or by perusing the many public Web sites where they're listed, and you get satisfactory results from the env check, and your proxy is located on some God-forsaken corner of the Earth, then you've acquired a decent layer of protection. Congratulations. But that's far from the whole shebang.

Anonymous dialups
Whenever you dial in to an Internet connection, your ISP can determine your phone number with caller ID. This information is recorded, and can be turned over to nosy Feds on request with an administrative subpoena, which doesn't require a judge's approval.

If you've got a regular ISP account billed to a credit card, your ISP knows perfectly well who and where you are, so concealing your phone number from them is hardly an obstacle to associating you with your Net activity. In much of Europe, the telco is the ISP, so the possibility of making anonymous dial-ups is remote. In that case, all I can suggest is trying to find a data-capable pay-as-you-go mobile phone, and of course paying cash for it. If you're asked your name, lie. If you're asked for ID, leave.

However, there are free ISPs like NetZero on which you can register with totally fictitious personal information, and to which you can connect with caller ID disabled. This isn't a solution in itself, but combined with the judicious use of good proxies, it can add a second layer of anonymity to your comings and goings. It can make you a bit more difficult to identify.

These ISPs don't allow you much free surfing time -- usually something like ten hours a month; and they feed adverts to you and they're slow (made slower still by proxy use); but they can be a superb means of connecting when you need to be even more anonymous than usual, such as when you make a controversial post to a newsgroup or BBS, or send a sensitive e-mail.

Get your ducks in a row: first, go to an Internet cafe or a library. If they require identification, go elsewhere. When you find a public place where you can surf anonymously, set up an account with NetZero using fictitious personal information. Even better, go through a Web proxy while you're at it.

Record your login, password, and a dialup number convenient for your home location. Now go home, and disable caller ID (contact your phone company for instructions), and dial in to your new fictitious account. And always dial in with caller ID disabled.

Finally, use an anonymous Socks proxy with your e-mail client for newsgroups, and a Socks along with a Web proxy for BBS posts. Theoretically, you can still be traced because the phone company knows what you're up to; but unless you're under active surveillance by the Feds, you can safely gamble that no one from NetZero is ever going to peg you.

You're getting very close to effective anonymity, and you still haven't gone beyond what our friend Harry Homeowner can handle.

There are other things you can do with this caller-ID-off+Netzero+Socks+Web-proxy setup. You can, for example, open a Web-based e-mail account with fictitious personal information and send and receive anonymously, so long as you set up your NetZero account properly, and always connect to it with caller ID disabled, always use a Socks with your browser, and/or always use a Web proxy.

You've got ten hours a month. Spend them wisely, and you can surf almost anywhere or post almost anything on line with no repercussions.

But what if your e-mail is intercepted by something hideous like the FBI's packet sniffer Carnivore? Unless you stupidly identify yourself in your mail, you're almost certain not to be identified -- but you still may not want the contents read by anyone but the intended recipient. You don't have to be a criminal to desire privacy, much as the Feds like to pretend otherwise.

Crypto
Now this is funny. If you use a nice, free crypto program like PGP, you can easily encrypt your e-mail. Just follow the instructions -- there's really nothing to it.

The problem here is that the Feds, if they happen to be watching, can gather that you sent an encrypted message to Recipient X, a fact which you may not wish them to know.

If you follow the scheme above, you can send a message anonymously via a Web-based account. But unless I'm missing something, you can't use PGP to encrypt Web-based e-mail messages.

So how do you have your cake and eat it too? It's quite simple: you create an encrypted text file and attach it to your Web-based anonymous e-mail, or copy it into the message body.

Now all the Feds can determine is that Recipient X got an e-mail message with an encrypted body or an attachment from [email protected] or whatever.

Easy peasy, even for our Harry.

Browser settings
Proxy or not, your browser can leak ghastly amounts of information about you. Fortunately, tightening it up is easy when you know what to do.

Since our Harry almost certainly uses MS Internet Explorer, we'll deal with that, though Netscape users should find this information easy to apply to their own setups.

Get into Tools/Internet Options. Set 'days to keep pages in history' to zero. Go to Tools/Internet Options/Security. Go to 'Custom Level' and disable 'Download unsigned ActiveX Controls' and 'Initialize and script ActiveX Controls not marked safe for scripting'; set 'Java permissions' to 'High Safety'; disable 'Meta Refresh'; disable 'Launching programs and files in an IFRAME'; set 'Software Channel permissions' to 'High Safety', disable 'Userdata persistence'; disable 'Active scripting', 'Allow paste operations via script', and 'scripting of Java applets'.

Accept session cookies but not stored cookies. Never use in-line auto-complete, and never allow Windows to save any of your passwords.

Now go to Tools/Internet Options/Advanced and clear 'Enable Profile Assistant', select 'Do not save encrypted pages to disk', clear 'Enable page hit counting', and select 'Empty Temporary Internet Files folder when browser is closed'.

That should about do it.

While you're about it, pop over to Control Panel/Network and ensure that File and Printer sharing are disabled.

Spyware
While you're on the job, never do anything with your company's computer that you wouldn't want your Grandmother to know about. Spyware is ubiquitous in the work place. Don't even mess with a company-issued laptop, which may well contain 'remote administration' features which will enable a company admin to connect to it. If you want to be anonymous, use your own equipment. If you're using anyone else's hardware, assume that anonymity is impossible.

You can get a fab program for detecting Trojans called The Cleaner for $30.00 from Moosoft. A number of Trojans fail to be detected by the fine products of the popular anti-virus companies, in spite of their powerful suggestions to the contrary. Moosoft picks up most of them.

Most software firewalls are notoriously bad at stopping, or even notifying you, when a malicious program sends data out from your machine. An application like The Cleaner can go a long way towards assuring you that no such contaminant exists on your box.

PC Hygiene
There's a crucial difference between deleting a file and wiping it. A deletion leaves a file's entire contents on your disk, until the space it occupied happens to be overwritten by a subsequent file. In the mean time, the data can be recovered with forensic techniques. A proper wipe, on the other hand, overwrites that space immediately so the file's contents can't be recovered. Utilities capable of this include BCWipe, Norton Wipeinfo, Evidence Eraser, and PGP.

The only certain way to keep your machine free of incriminating files and alien malware is to wipe your HDD periodically and clean-install your OS from original media while preserving those files and progies you can't do without. If you're serious about anonymity and file preservation, then you'll cough up the $200.00 or so needed to maintain two HDDs, because nothing beats a spare, non-removable magnetic storage device; and nothing beats a true file wipe, which is the only insurance against forensic probing.

This is how I do it -- and I do it frequently: I have two HDDs in my Windows box. When I get ready to wipe my primary, I've already done an fdisk and format /u and a thorough 'government wipe' on the secondary using Norton Wipeinfo. I simply copy all the files and progies I wish to preserve onto that thoroughly-wiped secondary disk. I then switch the primary and secondary, and install Windows from original media onto the wiped disk, from which I'll boot. I install Norton Utilities, naturally.

I then fdisk and format /u the former primary and do a thorough 'government wipe' using Norton Wipeinfo. Thus it's ready, and spotless, whenever I need it. I tend to do this every two or three months, depending on what I've been up to.

As soon as I get a sense that my current primary contains material I'd rather not preserve for posterity, I repeat the process. With two HDDs, it all takes about forty-five minutes. With this method you wipe not only your files, but your registry and swap file too. Forensics, as it's normally practiced, becomes futile.

If this seems too extreme, a utility called the Evidence Eliminator Eliminator (E3) by Radsoft (not to be confused with Robin Hood Software's lame 'Evidence Eliminator') will wipe a good many of your messes and excesses for a cool $80.00. It's considerably cheaper than a spare HDD, and pretty thorough. It doesn't merely delete files, it wipes them properly. To add to its effectiveness, you can use a proper file wipe utility like BCWipe or Norton Wipeinfo to eliminate your swap file, where a good deal of what you've been up to is stored. The file is in your C:\ directory and is named Win386.swp.

One final item; whenever you clean-install your OS and apps, always use an alias for yourself and your machine. MS Word, for example, includes user info in your documents. So make sure this info is not specific to you. And never send any MS Office document to any destination when you're concerned about privacy. Just copy the contents into a text editor like Notepad and send the .txt file, or copy and paste it into the body of an e-mail.

Follow these basic guidelines, and you'll be quite safe, though not perfectly safe. It's a bit like copulation -- there are quite effective birth control methods, but the only way to be absolutely certain you won't ever get pregnant is not to do the deed.

But that's no fun. And neither is never using a computer. So practice safe computing and stop fretting. As with the pill, the odds are immensely in your favor. So smile, relax, and enjoy. ®

Presser said:

heres a question, if you have zonealarm and it takes one click to engage the internet lock, thus no inbound or out bound keystrokes should be able to be recorded, then why type ur text in a word document/notepad then cut and paste to the site, if you say have ur email acount up on the screen waiting for you to log in ur name and then pass word why cant you engage the internet lock, then type the name in then unlock the internet lock and hit send, then when it asks for ur password then i would say engage the internet lock once again, and type in ur password, then unlock the zonealarm internet lock again and hit enter and voila your in ur acount and no key strokes have been recorder

im just not getting why you should type what you need typed that you want hidden on another application and cut and paste it when you can just engage the internet lock and type what u need to right there and then unlock it and send it
wont it work this way as well?

Click to expand...

is or can anyone answer this question i have here

i c your point.

Shit what you said makes sense to me Presser, I can't see what the difference would be. But this is all a little over my head, so Bump for you computer nerds. Damn posts like these make me paranoid. I think that if they want your ass they can have your ass, unless you are about the sneakiest fooker out there.

You would be correct Press.. If It truely locks out all keystoke activity.. when the lock is engaged.. Then it wouldn't matter if you typed in the email itself or a word doc.

I'm not even close to being qualified to answer your question but:

If I was doing something on the internet that I could go to jail for, I would use both the cut /paste method and the internet lock.

Furthermore, If someone told me I only needed 5 safety precautions, I would still use all the other precautions I had.

Big pain in the ass loging off, cut/paste, loging on - but seems better than the alternative to me.

Just my opinions bro. I'm a fukin scaredy cat. LOL.

well im just trying to make it easier for you cats who want more security, and it takes 2 seconds to engage the internet lock with zonealarm then type in ur info and undo the lock and send info,

I HATE the fact that MuscleChemistry requires me to accept all cookies. Just thought I'd throw that on the table. Don't know if there's anything you can do about it, but sometimes it keeps me away from MC.

not sure what u mean, cant u adjut that in ur cp

Presser said:

well im just trying to make it easier for you cats who want more security, and it takes 2 seconds to engage the internet lock with zonealarm then type in ur info and undo the lock and send info,

Click to expand...

I hear ya. I'm just talking about the "Highly classified" stuff you wouldn't want to fall into the wrong hands.

Like to get more info on this.

Bump for a good thread.

Heh; forgot it was a sticky, lol.

bump

BUMP

Holy Shit, I remember this. One hell of a read.

great thread ,everyone should read this one.