• montalk
  • montalk
  • forum-keeper-upper
  • Offline
  • Registered: 2004-03-24

Topic: security software

Here are some useful programs to check out if you want to increase your computer/internet privacy. I'm sure the secret government can read our thoughts, but that's not my concern. Rather, privacy software woudl be a good idea in light of the expanding police state and the Patriot Act, where wiretapping and online interception of emails (Echelon and Carnivore, for example) is being done on an increasingly local level. Federal, state, and local law enforcement are getting bolder in their surveillance and data gathering activity, but fortunately they possess none of the secret government tech. Therefore, some of the privacy software available does a good job of either slipping you under the radar or locking any sensitive info from prying eyes. As far as the metaphysics of it all goes, I would say, if you decide to use any of these programs, just be aware without being paranoid smile "Paranoia will destroy ya" -- good quote from the c's.

http://www.skype.com  -- encrypted netphone. With this program, you can dial any other Skype user in the world and talk to them by voice for free. Or, if you sign up and pay for an account, you can dial any regular landline phone as well. The plus of this one is that the conversation is not only digital, but encrypted as well. So even if someone intercepts it, they won't easily be able to decode it.

http://www.pgp.com/downloads/freeware/index.html  -- the famous PGP software, though this is freeware that doesn't have the bells and whistles. PGP allows you to encrypt emails you send to others using their personal encryption key. When they receive the encrypted email, they then use the second (private) part of their key to decode it. Same for you. You can keep all your keys on a floppy disk and remove it from the computer when you're elsewhere. You can also encrypt files on your computer, using a passphrase. This is the standard for encryption.

http://www.gnupg.org/ -- an open source version of PGP...this one's called GPG...requires more computer skills to set up, but works equally as well. It's purely a command-line-interface (no buttons to click, you type in file commands into a DOS window), but with another program for windows http://winpt.sourceforge.net/ you can get a nice program interface.  This one's more suited to Mac and Linux users.

http://www.seclude.org/ -- encrypted chat program with authentication. One of the more secure instant messengers, though at this stage it doesn't allow file transfers.

http://www.cypherix.com/downloads.htm  -- Cryptainer LE lets you create a 20MB large "virtual disk drive" on your comptuer that's encrypted. It's basically a folder you can drag and drop files into, and the whole folder is passphrase protected.

add more if you find some...

Acquiring fringe knowledge is like digging for diamonds in a mine field.

montalk's Website

2 Reply by cameron (edited by cameron 2004-08-29 18:44:49)

  • From: US.VA
  • Registered: 2004-03-27

Re: security software

Hi all -
Here's an email exchange that pertains to this topic.  It speaks to the caution we should take when getting rid of 'old' computers -- especially their harddrives.

Subject: Donating Computers with Software
Date: Wed, 25 Aug 2004 10:59:23 -0400

All-

I am starting a computer/other technology recycling project in the Central
Ssuquehanna Valley of Pennsylvania. I plan to make it a non-profit once I get
the funds to get all the paperwork done, but I need to know if you have any
good link or any knowledge on what I can and cannot give when it comes to
software. I have a good supply of machines coming in, but I have heard that I
have to wipe the disk clean, but I cannot afford to buy software so I want to
just clean off personal data and hand them over as is to students and families.

Any ideas?

I also have thought about selling some machines to users and businesses who want
to buy cheap stuff as a means of funding my project until I get grants etc and
would like your input.

Date:     August 29, 2004 10:34:23 PM EDT

You are absolutely right.  Sanitizing those hard drives (affordably) have to be a top priority, not only for the sake of your donators, but to cover your legal liability as well.

While most computer literates know that simply deleting a file doesn't necessarily get rid of the data, even some IT professionals are convinced that simply re-formatting and repartitioning a hard drive will make its contents irretrievable.  WRONG!  To prove that point, a couple of college students bought a bunch of hard drives and set about to recover their data with “homegrown“? tools they authored.

The data they recovered included privileged client ­attorney information from a law firm's file server, mental health records of services provided by a community organization, ten thousand personal email messages and  more than 3800 credit card records detailing type of card, owner names, addresses, account numbers and pins. Most frightening of all, one drive had evidently been used in an ATM and contained account numbers, dates of access, and account balances.

Fortunately there are tools available that will make data irretrievable.  And at least the three below are free.

AutoClave
http://staff.washington.edu/jdlarios/autoclave
Free Self-booting PC disk
Erases the entire disk including all slack and swap space.

Eraser
www.heidi.ie/eraser
Free Windows
Erases directory metadata. Sanitizes Windows swap file when run from DOS. Sanitizes slack space by creating huge temporary files.

Wipe
http://wipe.sourceforge.net
Free Linux
Erases single files and accompanying metadata or entire disks.

The guys who did the work on this are Simson Garfinkel and Abhi Shelat, both from the Massachusetts Institute of Technology

Their paper is called “Remembrance of Data Passed:
A Study of Disk Sanitization Practices“? and can be found at

http://www.computer.org/security/v1n1/garfinkel.htm

Good luck in your new endeavor.

MU'06