CategoriesHackingTechnology

A 19 year old Becomes a Millionaire by Hacking

A Teenager Becomes a Millionaire Through White Hat Hacking:



Hacking often refers to the breaching of information without a person’s consent or knowledge. It basically is the unauthorized intrusion into a computer or a network. It can be used to alter or change a system for different purposes or goals. Hacking can also mean the involvement of unusual or improvised alterations to equipment or processes.

A hacker has expertise in computer skills, and will know their way around systems and security features. They are often skilled programmers who use their technical knowledge to exploit bugs in order to break into computer systems.

The above-mentioned information is a very generic definition of hacking, It is what most people associate with “hacking” or “hackers”. They’re often used in a negative connotation, giving us the same feeling whenever we come across these words. However, it is very important to clarify that hacking is not only used in a negative sense. In fact, “ethical hacking” is on the rise.

“Ethical hacking” is also known as penetration testing. By definition, it is an act of intruding/penetrating into system or networks to find the threats and vulnerabilities in those systems which a malicious attacker may find and exploit, causing loss of data, These vulnerabilities could also lead to financial loss or other major damages. Ethical hacking or “white hat” hacking is different from intrusive or “black hat” hacking, in that its purpose is to increase and improve the security of the networks or systems. It does this by fixing the vulnerabilities found during testing. The tools and methods of ethical hackers might be similar or even the same at times, but the intentions and reasoning behind the act are totally different.

Recently, a teenager named Santiago Lopez made millions of dollars utilizing ethical hacking on HackerOne.

HackerOne is the number 1 ranked platform that helps organizations find and fix critical vulnerabilities that have the potential of destroying or exploiting your information in any sense. HackerOne is well known and has partnership with the U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,200 other organizations in order to find and protect them against all kinds of vulnerabilities.

Like most of the hackers, Lopez is also self-taught. His specialty and expertise lies in finding Insecure Direct Object Reference (IDOR) vulnerabilities.

Lopez first gained interest in this field from watching a movie about hacking. His interest grew in this area, and then he started watching and learning to hack from online tutorials and by reading blogs. At the age of 16 he signed up for HackerOne, not knowing what he was getting into. He knew that he had to hack into company databases and he kept his name @try_to_hack in order to motivate himself further. He still goes by this name. Once he had signed up for HackerOne, he earned his first fifty dollars in a few months and that’s what motivated him further and showed him a path that he could do it.

Lopez continued making the internet a better place for many people who are associated with and have put their entire trust in HackerOne. Lopez choose ethical hacking because; “To me, this achievement represents that companies and the people that trust them are becoming more secure than they were before, and that is incredible.”

So this is how Lopez, a 19-year-old teenager worked his way up in the hacker community and proved himself by earning the first million dollars of his life. His story is a textbook definition of how practice, enthusiasm and talent matters – and is needed to get the top spot in any field.

CategoriesInternetSocial Media

What Happens with your Social Media Accounts After you Die?

What happens to your data after you die really depends on the social media platform you are looking at. Due to federal privacy laws, there are some things that companies are not willing to let you do with someone else’s account after they’ve died. There have been battles in government on both state and national levels on if family should be able to access the deceased’s social media profile. Currently, the laws applying to social media sites are not complete in ways that make administrating them straight forward – each social media platform approaches the subject in a different way. They have their own policy that people should be aware of.

Facebook

Previously, there were only three things that could happen to your Facebook account after your death. One, you could just leave it as it was. Two, it would be deleted. Third, you have the profile memorialized. What that does is puts the profile in this special state that locks that account. It doesn’t send out notifications nor does it come up when you search for it. Only friends will be able to see the account.

Recently, Facebook announced that they were going to give the profile owner the ability to assign someone the responsibility of managing your profile after you die. The assignee won’t be able to view your private messages. However, they will have the ability to update your profile. They’ll be able to changes your cover and profile photos. They can accept or deny friend requests. They’ll even be able to archive posts and photos. Facebook is calling this new role as a “legacy contact”.

If you want to assign someone the role of “Legacy Contact”, all you have to do is go into the settings of your profile. There, you will see a link called “Security”. After that, there will be a section where you can select “Legacy Contact”. You will be able to set up a message that will tell them what you would like and how they are to handle your profile. When your death has been reported to Facebook, the message will be sent to the “Legacy Contact”.

Google

For Google, you have to submit a request to gain access to the deceased user’s account. Go to https://support.google.com/accounts/contact/deceased?hl=en. From there, you can select the action you want to do. You can close someone’s account. You can submit the request for funds from a deceased person’s account. You can request data from someone’s account. You can even put in a request to have the account looked at if you believe the account has been hacked. Lastly, you can even set up plans in for what should happen to your account when you die. Similar to Facebook, you assign someone a role of “Inactive Account Manager”.

Twitter

Twitter has a page that you can access to put in a request to remove someone’s account. The link is https://support.twitter.com/forms/privacy. It’s the third option down. After you fill out the request form, they send out a confirmation email with instructions. Once you get there, you’ll have to submit documentation for support.

Instagram

Instagram has something similar to Facebook. You can submit a request to have their profile memorialized. You can also have the account removed from Instagram. If you have someone’s account memorialized, you won’t be able to log in as them because Instagram sees that as an invasion of privacy. They will just set up the profile so as not to display the account in a manner that is disrespectful. They also add security to the account so nobody can use it normally.

If you want the account removed, you’ll have to provide three forms of proof. One, you’ll need the death certificate. Second, you’ll need the birth certificate. Finally, you’ll need something showing you are the representative of that person. It needs to be something from the local law.

LinkedIn

LinkedIn will remove the account if the person has died. On their website you will need:

  • The member’s name
  • The URL to their LinkedIn profile
  • Your relationship to them
  • Member’s email address
  • Date they passed away
  • Link to obituary
  • Company where they most recently worked

Once you have that, go to https://help.linkedin.com/app/ask/path/ts-rdmlp. You’ll need to fill out the form.

Pinterest

Go to https://help.pinterest.com/en/articles/reactivate-or-deactivate-account#Web. There select the fourth one down. Once you supply the needed information. They will deactivate the account so it won’t be accessible to anyone. They need five items:

  • The full name of the person submitting the request
  • Information on the deceased such as the full name and email
  • A link the profile. You can also search for it at http://pinterest.com/all/
  • Proof of death such as a news article or death certificate
  • Documentation of your relationship to them

For the documentation on your relationship to the deceased, if your name is in the obituary then that is enough. If not, then you’ll need some other form of documentation such as a birth or marriage certificate. A notarized document will work too.

Overall

It should be noted that not every social media will just delete the account. It isn’t that easy. The old saying is true: Whatever you put on the internet cannot be taken back.

Legality over Digital Asset Management

As stated earlier, not all states are specific about what to do with someone’s social media account after their death. Currently, there are only 19 states that have laid out plans and passed laws that dictate this. There are plans to standardize this, however. It’s being done under the Uniform Law Commission or the UFC. It’s called The Uniform Fiduciary Access to Digital Assets Act. There have been several drafts over the years with 2015 being the most recent. The page for the committee over this can be found by clicking here. You can also click here to view the summary of the act. There has been a lot of opposition to this act in fears that it violates privacy acts. So far, about half the states have pushed for laws for Uniform Fiduciary Access.

CategoriesHackingSuggested Media

The Hacker Wars Movie: An Overview

“The Hacker Wars” Movie Trailer:

What motivates someone to hack? What is a hacker’s life like? These are the questions the documentary “The Hacker Wars” seeks to answer and present to the viewer. In addition to these questions, the documentary seeks to show the viewer the battle over the internet, privacy, and freedom. At one side is the government and large corporations. At the other there are hackers who seek to disrupt their operations.

“The Hacker Wars” (available on Amazon) is a documentary that was released in 2014 that follows several hackers and hacker community leaders. Their crimes, arrests, and outcomes are followed, along with providing details on the background and political beliefs of the hackers. As explained by the documentary, the hackers depicted seek to expose security flaws in governments and large corporations’ information systems. By exposing their flaws, lies and deceits – their ultimate aim is to start social and political movements that will result in a government that better serves the people.

The documentary begins following Andrew “Weev” Auernheimer. Auernheimer headed an organization called “Goatse Security” which exposed an AT&T flaw. This flaw allowed Auernheimer to gather over 100,000 iPad users’ data. The data included high officials in government and celebrities. In short, he was able to gather this data from publicly accessible sources. This means that he did not illegally hack into anything. However, after AT&T refused to fix the problem, he released this data to the public by sending the data to a media outlet called Gawker Media. This ended with him being arrested and sent to prison where he served over a year out of a 41 month sentence. His time was cut short when the conviction was overturned in April 2014 by the Third Circuit.

The documentary allowed a pathway into his political views. Auernheimer is a self-titled internet troll. However, viewers get another viewpoint on what trolling means. In his view, trolling doesn’t mean causing havoc for the sake of causing havoc and anarchy. Rather, trolling meant getting others to show who they really were once the curtain of public niceties went away. By exposing flaws in companies’ securities, he could force people to see organizations as they really were. He felt the government further impeded this by consistently creating laws that limit the constitutional right of free speech.

The film moves out and pushes focus on Barrett Brown. While not a hacker, he is a journalist who focused on facilitating and distributing publications on internet security. He is linked to the Stratfor hack in 2012. Stratfor is an intelligence consulting firm with many ties to the government. Brown was arrested on the charge that he shared a link to the leaked data over the internet. Charges were added after he was accused of threatening a federal officer.

Brown’s political motives were focused on the cyber-military-industrial complex. The film explained how trillions of dollars flow into the complex. He believes that this complex and other related industries help to eat away at human rights, privacy, and democracy. As a result of this, he founded a wiki and collaboration effort called “Project PM” that aimed at collecting data on this complex. By studying the data, he hoped to track how the government used these private corporations to collect data on citizens.

The film also explains that Brown had links to the hacktivists called “Anonymous”. He was even considered by some to be a spokesperson for them. The film also went to explain a portion of his motives were linked to his childhood. His family was brought down by the FBI and forced into a lower standard of living after his father was left broke after fighting charges that were later dropped.

The Stratfor leak was really caused by Jeremy Hammond who the film also profiles. He was convicted in November 2013 for 10 years for hacking and leaking the information to WikiLeaks. The film explains that Brown played his part by disseminating this information. The film presents footage from a 2004 DEF CON where he pushed the idea of electronic civil disobedience and called for action against those who sought to control and manipulate others.

The film really climaxes over the history of Sabu and his link to Anonymous. Hector Xavier Monsegur, also known as Sabu, helped found the group LulzSec. However, it was later found out the Sabu was turned by the FBI into an informant in 2011. Inside, he helped provide information on the groups Anonymous, LulzSec and Antisec. The film goes on to explain and further imply that by controlling Sabu, the FBI was really able to hack into Stratfor. In short, the FBI, in some ways, controlled Anonymous or the hacking community to gain access to the intelligence Stratfor had.

The film also gives insight to a project called TrapWire. This technology, through surveillance, was able to gather information and report incidents to police and law enforcement. The film follows Auernheimer’s group as they simulated suspicious activity in front of cameras that were linked into this system. They later found out that they were actually reported to law enforcement. The film goes on to imply that this system was being used more prominently in the US more than what the government wanted the public to know.

The film goes on to tackle some really tough issues. For one, is it morally wrong to hack into a site? The hacktivists presented were of the opinion that people had the right to hack into these sites. Their actions were justified by the hope and aim of making people more aware of what the government was doing. They were also of the opinion that to really get corporations and governments to really change was to expose these weaknesses. To expose these weaknesses, they had to hack into the site.

Another issue the film sought to address is the idea of free speech. These hackers supported the idea that government no longer wanted to allow the right of free speech. Some of these weaknesses in information security were not accessed by hacking. Rather, the information came from public resources. By charging the hackers with publishing this information, the government was infringing upon their right to free speech. In short, the film implied that today’s hackers fight for free speech and putting government back to where it belongs, which is taking care of us rather than controlling and surveying us.

Watch “Hacker Wars” on Amazon by clicking here.

CategoriesHow To GuideLinuxPrivacy

How to Install Tor Browser for Linux

Do you use a Tor browser to make yourself anonymous on the internet? Want to make it better? Try using the Tor browser for a Linux machine running Ubuntu.

What is a Tor browser? It is a browser that works in conjunction with the Tor network. The Tor Network utilizes a technology called onion routing which is designed to encrypt internet traffic in layers. Every layer addresses to a node. Each layer knows only the next node or onion router the packet needs to be sent to or relayed to. This layering of internet traffic allows anonymous communication. All of this leads to accessing something called the Dark Web or Darknet which are sites that you normally can’t get to through Google or any normal browser.

The Darknet isn’t just a place where people go to do illegal activity. It also provides a refuge for whistleblowers. Journalists can utilize Tor browsers to ensure privacy and secure communication with their sources. While the Darknet does have its fair share of illegal activity, it also has areas where information can be freely accessed without censorship.

Understanding the Darknet

Normal websites use something called DNS or Domain Name Server. It simple terms it associates a website url to an IP address. When you type in https://www.google.com/ your computer sends out a request. This request goes to DNS servers that return the actual IP address that the website is. If you ever want to see this in action, go to the command line in your OS. Do a ping command to Google. This will allow you to see the actual IP address you are communicating to Google with. Tor browsing is different in that it doesn’t use DNS. This means that unless you know the specific address of the website, you can’t get there.

This also means that Google doesn’t index those sites either. For Google to present that page as a page result anytime you do a search, Google has to index the site. This means that Google scans the site for content. Each page is indexed by Google. That way, Google can present a possible result of your query. In these two major ways, these sites stay off the grid.

Why the Tor Network Needs Their Own Browser

Most browsers are designed to allow it to collect information about you as a user. It stores passwords so you don’t forget them. It stores browsing history so you know which sites you’ve been to. It also allows you store cookies on the computer. These cookies store information about you and other details. For the largest part, these cookies allow you to get advertisements based on your general interest. Have you ever been to Facebook and seen something advertised that you were thinking about buying? Now, clear out your cookies and go to the page. The advertisement that you see will be different. This is an example of how cookies are used. Unfortunately, these cookies can also be used to track you.

The downside to the Tor Network is that it only keeps secure communications within the network. Once the packet leaves the network, it is no longer secure. The Tor browser helps with this. The browser is designed as to not store any information on you. However, certain precautions still should be taken.

Why Use Linux Over Windows

There are a few reasons why you should use Linux over Windows. The first one is that Linus is open source. This means that anyone can look at the code, share and collaborate to make it better. At first thought, this sounds like a bad idea. However, the more people that can work on it the better it will be.

Another downside is that Linux doesn’t just automatically give you administrator privileges. Windows does this. The first person that sets up the computer with their profile normally has administrator privileges by default. This can be bad in that this allows the user to be able to do whatever they want. It makes it more difficult to get the user to do something when they don’t have the rights and privileges to do so.

The next downside to using Windows with the Tor browser is numbers. Hackers develop code that will affect as many as clients as they possible can in the shortest amount of time that they can do it in. This means that they will write code for whatever OS they think will impact the most people. Windows still has the market when it comes to OS. Hackers use this to their ability.

Installing a Tor Browser for a Linux Computer Running Ubuntu

The first step is going to the website. Go to https://www.torprogject.org. On the left side of the page, click on “Installing Tor on Debian/Ubuntu “. Scroll down to Option Two. There, it will tell you not to use the packages in Ubuntu’s universe. Next, the site gives you the link to Wikipedia page will show you the different Ubuntu versions. Next, there are a series of dropdown menus. Depending on what you pick on, you will get a list of instructions on how to set up Tor. For example, if you chose “Ubuntu Lucid Lynx” as your OS with the Tor version as “stable” come not from the source, it will look as below:

You need to add the following entry in /etc/apt/sources.list or a new file in /etc/apt/sources.list.d/:

deb http://deb.torproject.org/torproject.org lucid main

deb-src http://deb.torproject.org/torproject.org lucid main

Then add the gpg key used to sign the packages by running the following commands at your command prompt:

gpg –keyserver keys.gnupg.net –recv 886DDD89

gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

You can install it with the following commands:

$ apt-get update

$ apt-get install tor deb.torproject.org-keyring

Once that is done, you can move on to set two. Set two is how to configure your applications to use Tor. It’s important to note here that applications don’t natively use Tor automatically. This means that internet traffic that doesn’t use a browser will not be protected. You have to configure your applications to route their traffic through the Tor browser. Firewalls will need to be updated. After that, you should have a working Tor browser.

Categories3D PrintingScienceTechnology

3D Bioprinting – 3D Printing Human Tissue and Organs

There are many dangers associated with organ transplants. The organ has to match the body. If not, the body could reject the organ making a very dangerous situation for the patient. What if you could just print it? What if you could just pop in the specifications for an organ in a machine and it will make one for you using the patient’s very own cells? This is printing 3D organs.

How 3D Printers Work

A 3D printer is a machine capable of creating things from basic building blocks of material. It can use plastic, glass, metal and biological materials such as living cells. The first patent for technology dates back to 1980 by a Japanese doctor. 3D printing is an extension of Rapid Prototyping (RP) technologies. Originally, 3D printers were used to create prototypes in fields of engineering. However, as the technology progressed, people began to be able to use it for other applications.

Understanding Organ Transplants

To fully understand how 3D printers can print tissues and organs, you first have to understand organ transplants. Blood types and even sizes have to fit before a transplant can take place. To add to this, there is a time limit on how long an organ can stay outside the human body. Normally, there is a four hour time window. From the moment the organ leaves the body, doctors have four hours to find a match and perform the operation. On top of this, there is guarantee the organ will not be rejected even if all the characteristics match.

At first, doctors began to look at growing organs in the laboratory. While they were able to successfully create heart cells, creating a whole operational heart is a different matter. Heart and lung organs are complex and not easily created even with today’s technology. Doctors began to look for other solutions to this problem.

How 3D Printing will Aid in Organ Transplants

Organs have two major parts. One is the cells that occupy the organ. The other part is the tissue or ECM scaffolding that the cells rest on. Through a process called decellularization a detergent is used to clear off all the cells that reside on that scaffolding. From there, doctors are able to grow the recipient’s cells on the scaffolding. Once the cells grow on the scaffolding, doctors will have an organ that has less of a chance of being rejected by the body because the patients own cells are in the organ.

Before 3D printing the scaffolding still had to come from a human body, meaning doctors still had to wait for an organ to become available. With 3D printing, scaffolding can be produced . This increases the rate at which organs become available for transplant.

3D Printing in the Future

As of right now, 3D printing is on the rise and is becoming more and more available. In fact, small 3D printers can be bought for just a few hundred dollars on Amazon. Organ 3D printing is growing in research and development. It is gaining more attention and recognition as a viable option. In fact, in 2011 a successful transplant was done that saved the life of new born baby Kaiba Gionfreddo who needed a splint in order to live. 3D printed organs are the future.

CategoriesBitcoinInternet

Bitcoin 101 – What is Bitcoin?

Imagine a currency that is not tied to any country. Imagine a currency that isn’t even regulated either by government or any outside entity. If you can imagine that then you’ve imagined something called  bitcoin. Bitcoins sound like something straight out of a science fiction novel. However, they are very real and they are growing in popularity.

Bitcoins are a type of currency that are completely electronic. No one country supports or even endorses this currency. In fact, some countries have even tried to suppress its very use. They can either be stored on your computer or in the cloud virtually. There are no banks or middle men. The bitcoins go directly from you to the intended group.

The Origins of Bitcoins

The strangest thing about bitcoins is that no one is quite sure who created them. In 1998, a paper by Wei Dai, addressed the idea that currency could be created by using methods of digital cryptography. In simpler terms, you could use encryption as a way of regulating the creation of currency. You could even use it to verify transactions as well. Eleven years after the paper was published, a user that went by the name of Satoshi Nakamoto developed and published the specifications for the first bitcoin.

Oddly enough, there is no record of Satoshi. In fact, Satoshi is believed to be a pseudonym. Satoshi means “wise”. Naka means “medium, inside, or relationship”. Moto means “foundation”. Overtime, people have claimed to have figured out who he or she is but so far no one has been really identified as this person. Possible figures include Michael Clear, Neal King, Vladimir Oksman, and Charles Bry. However, not one of these people has claimed to have been the person.

After Satoshi developed this thing called bitcoins, he slowly began to fade from the community that helped birth bitcoins into existence. The most recent update about Satoshi is he/she has been nominated for a Nobel Prize this year.

Understanding Cryptocurrency

Cryptocurrency is currency created from digital cryptography or encryption. More specifically, it is the result of solving a very complex mathematical formula. Bitcoins have a network of users. Everyone shares a large record of all the transactions of bitcoins. This large transaction or record book is called a “block chain”. This block chain is then processed by computers to validate everyone’s transaction. Once that computer validates a transaction, it rewards bitcoins. This process is called “mining”. So, it’s a currency that validates itself. The validation process creates more currency for others to use. Thus, it’s a self-supporting currency.

The problem that may come up is what happens when the currency fills the market? Meaning, if currency is being created more each day, won’t there be a day when there are too many bitcoins around for it to be worth anything? The answer is no. There is a cap on how many bitcoins that can be created. Only 21 million bitcoins can ever be created. This means that the more people mine for this the less there will be. However, current projections, at a rate of 25 every ten minutes, predict bitcoins will run out near the year 2140.

Why Banks and Governments Hate Bitcoins

Bitcoins are not popular with everyone. In particularly, governments don’t like bitcoins for the simple reason of anonymity. Bitcoins can be traded without compromising your identity. You keep your anonymity even when buying and selling. Keeping your anonymity means the government can’t track those transactions. Not being able to track those means not being able to tax them or regulate them. This means businesses and individuals can do business without the government trying to take a portion of it. Naturally, governments don’t want this. China has even made attempts to scare their citizens into not using them in 2013. However, the anonymity of bitcoins has made it difficult for governments to get their citizens away from it.

Banks don’t like them for the simple fact that it takes away the middle man. In this case, the banks are the middle man. Bitcoins use something called a bitcoin wallet that either rests on the computer or in the cloud. Either way, a bank has nothing to do with this process. This means that a lot less transactions would be going through the banking system. Every processed transaction creates profit for the bank. This has potential to create the current banking system.

The Advantages and Disadvantages of using Bitcoins

The major advantage of using bitcoins is the anonymity of it. If privacy is something you want, then you want to use bitcoins. The other advantage of it could be taxation. If you are a business, you could potentially avoid some taxes by converting some of your transactions to bitcoins. (note – this article is for educational purposes only, socialhax does not condone illegal activity such as tax evasion).

One of the disadvantages of using bitcoins is its volatility. There can be large price fluctuations in a short period of time. In fact, from 2012 to 2014 the price of bitcoins actually has fallen over time. Plus, not everyone takes bitcoins. It’s adoption has slowly begun to grow but unless you are doing business online, your ability to purchase day to day items such as gas is limited. Another disadvantage to bitcoins is there is not regulation to control its use. While this is a good thing in terms of privacy and anonymity, it can be a problem for those whose bitcoins are taken from them. If you so happened to be hacked, as the case with inputs.io who lost $1.2 million from hackers, that money is gone since it wasn’t ensured by anyone like the FDIC in today’s banks.

The Dangerous Side of Bitcoins

The anonymity of bitcoins has attracted some bad attention. Since it can’t be tracked by any law enforcement, it has made itself a prime currency for illegal activities. This includes anything from drugs all the way to human trafficking. Before, illegal activities could be tracked by following cash flows in and out of accounts. However, the use of bitcoins has made this impossible. While this hasn’t seemed to stop the use of bitcoins, it has put a damper on it acceptance in the mainstream. Law enforcement agencies use this as an example to help warn people about it use.

To Sum up Bitcoins

Bitcoins are growing in its use. In the future, we will definitely see more and more of its use. However, as of today, its use is mainly for those looking for privacy and anonymity along with freedom from taxation. Most households probably won’t be using cryptocurrency for a while. However, individuals and companies can benefit off its use.

Resources

https://bitcoin.org/en/faq#who-created-bitcoin

http://www.coindesk.com/information/who-is-satoshi-nakamoto/

http://www.cnbc.com/2014/01/23/cnbc-explains-how-to-mine-bitcoins-on-your-own.html

CategoriesHow To GuideInternetPrivacy

How to Install Tor Browser on Windows

One of the great things about the internet used to be the anonymity of it. You have the freedom to share information without compromising your privacy. However, with technology becoming ever better, it is becoming increasingly difficult to stay hidden on the web. If you are looking for privacy over the web, look no further than using Tor.

What Tor is

What is Tor and how does it work? To fully understand Tor, it needs be broken down into separate parts. That first part is called onion routing. Onion routing is a system designed to block any kind of efforts to track communications. It allows two ends to communicate to each other without letting either party know who exactly they are communicating with. It also ensures encryption.

The second part is the Tor network. The tor network is a large connection of servers that are operated by volunteers. These servers run onion routers that funnel internet traffic through virtual pathways. In simple terms, they scramble the traffic in a way that makes it almost impossible to track who is talking to whom.

The last part is a Tor browser. Most browsers are set up to store information on the user. If you allow your browser to store your password for any site, then it is tracking information on you. The normal browser stores cookie files and browsing history. Both of these are information stored on you so that it can either deliver a better service to you or deliver advertisements based on your general interests. Neither of these support efforts towards privacy.

Installing a Tor Browser on Windows

The first step to installing the Tor browser is to go to the website at www.torproject.org/download. Download the version for your operating system. Follow the installation directions in the same way for normal applications. Once the installation is complete, run the browser. From here, you’ll be able browse the internet anonymously with limitations.

There are limitations and considerations to using a Tor browser. First, the tor network only provides privacy and encryption while inside the network. This means that any communication passed once outside the network is vulnerable. Next, the tor browser does not protect all of your computer’s activity. If your computer is not going through Tor then it is not providing anonymity. Also, it does not protect against document downloaded through Tor while online. If you download a document while using Tor, do not open the document. If you must, start a virtual machine and open it within the machine while it isn’t connected to the internet. The last thing is not allowing plugins to run on the Tor browser. Plugin extend the functionality of a browser. However, they are extension that run on your computer that have the ability of opening holes in your security.

The Deep Web

While anonymity can provide a place to freely share ideas, it can also be a source of illegal activity. With that being said, the Tor browser allows you to surf websites that operate illegal and sometime immoral activities. Websites like “The Hidden Wiki” do not censor some material that others may find offensive. To sum it up, Tor browsing offers anonymity but at its price.

CategoriesInternetPrivacySecurity

How Do SSL Certificates Work?

How do you exchange private data over the internet? Part of the answer lies with SSL certificates. Secure Socket Layer (SSL) certificates work by creating a private line of communication in which allows private data to be delivered.

The main problem with communication and security over the internet is eavesdropping. Others may be able to access the data exchange between your computer and the website’s servers. This is also called a main-in-the-middle attack. SSL certificates are a way of ensuring that no one is able to intercept and decrypt this information.

To better understand how SSL certificates work, let’s imagine a boy is being picked up at the train station for the first time by someone who he’s never met. How can he know for sure to trust the person picking him up? The answer is simple. His parents write a letter signed by them stating they trust that individual. By trusting his parent’s authority, the boy can now trust the person picking him up.

This is quite similar to how SSL certificates work. Web sites can create certificates and have them signed by something called a CA or Certificate Authority. An example includes DigiCert. By having them signed, browsers can then identify website and servers by their certificate. They then know if they can trust them. This is the basic concept of how SSL Certificates help to identify and trust the websites we are communicating with.

What about actually communicating? What if two people want to talk in that same train station without worrying if someone else is listening? The answer lies with keys. To illustrate the concept of keys and how they help with encryption, imagine each of the two people have a box and a set of keys. The keys are labeled private and public. They exchange their public keys. Now, each person has a private key, the other’s public key, and a box.

The basic process works like this: One person writes a message and places it into the box. They then lock the box with the other’s public key. They then pass the box along. Once the box is at its destination, only the person holding the private key can open the box locked by its very own public key. If the other person wants to send a message back, they can send back a letter in the box locked with the other’s public key. The entire communication, also called a session, can go back and forth securely using this method.

This is much like how SSL certificates are used to create private and public keys. Web servers send the user a copy of its public key along with the certificate. The browser can then decide to trust the website based on this information. If it does, it can then send messages back and forth simply by encrypting and decrypting keys.

Identifying websites that have and use SSL are easy. Simply look for the lock at the top of the browser. Never exchange private data unless there is a lock up at the top of the browser. If there isn’t, there is not an acceptable level of encryption being used on that site. Anyone who sells anything online needs to have an SSL .All banks and e- commerce sites need to have an SSL to help ensure security.

CategoriesHow To GuideLinuxOpen SourceUbuntu

How to Install Ubuntu from a USB Flash Drive


The above video shows how to install Linux Ubuntu 15.10 with a USB

(As of this writing – 14.04 is still the newest stable release, instructions for installing either version are outlined below:)

Don’t feel like paying for a Windows registration key with that OS? Ever thought about trying an open source operation system? There are many other options out there for people who want a newer OS but don’t want to pay for the cost of Windows. For example, let’s take a look at Ubuntu:

Ubuntu is an open source operating system that’s been around since 2004. It is based on the Linux operating system family. Its uses range all the way from personal computers and mobile devices to servers.

You can install Ubuntu easily even from a USB. First, go to the website and download the OS. If you’re interested in the desktop version of Ubuntu, you can go to http://www.ubuntu.com/download/desktop. They currently have two releases: 14.04.13 and 15.10. Each release has a version for either 64 bit or 32 bit. If you have less than 2 GB of RAM, download the 32-bit version.

You’ll download the file as an .iso file. An .iso file is a digital copy of a disc. Take this .iso file and place it onto your flash drive. Once this is complete insert it into the computer in which you wish to install Ubuntu.

The computer will need to boot from that flash drive. Most computers have a boot menu that you can get to when the computer first boots up. Once you access this, you can tell the computer to boot from that flash drive. After these changes have been made, you can then boot from the flash drive.

Once you are booting from the USB flash drive, you will see the normal menu to select your language. Go through the installation guide. You will be given the option to install Ubuntu on your computer’s hard drive.

The requirements to do this are pretty simple. Your USB flash drives needs to have around 2GB space. The Ubuntu site lists that it’s possible to have a 1 GB flash drive as long as the .iso file has enough space.

There are things to consider when using this method. One of them is speed. It would be faster to use a CD/DVD disk due to the limitation of standard USB 2. Also, it is possible to use other standards of USB such as 1.1. However, speed will be great affected. USB 3 can also be used.

CategoriesSecuritySocial Media

The Importance of Two-Factor Authentication

Security is not about whether something can be cracked or hacked. The fact is that, given enough resources, anything can be hacked. This is especially true for social media accounts. However, the goal is to balance security measures with the severity of what would happen if the account were to be hacked. The more sensitive the information, the more security measures need to be used. In other words, in order to better secure and ensure privacy over the internet, multi-factor authentication needs to be used. If you want to better secure your social media accounts, use two-factor authentication.

Methods of Authentication 

Multi-factor authentication simply means combining ways to ensure the right people are able to access a system. There are different ways or factors that allow someone to be authenticated over the internet or any other system.

The first one is what the user knows. This is usually something like a password. In order to log into an email account, someone has to know their username and password. This is using only one factor in authenticating someone.

The next factor or method of authenticating someone is what the user or person has. This can be a badge or an ID. You are being authenticated by something you have on you. A driver’s license can be identified as this method as well.

The last factor is what the person is. This can be fingerprints, DNA, and even retina patterns. This means that biometric scanners are a way of authenticating you by what you are. Some laptops have fingerprint scanners which only allow you to use the computer if you are scanned and authenticated.

Two-Factor Authentication

Two-factor authentication is the balance between resources and risks. Hackers may steal your password to your social media accounts. However, it would be more difficult for them to steal both a password and your mobile phone. By including your phone in your security setup with your social media accounts, you are using two-factor authentication to better secure your privacy.

For example, Facebook allows you to use your phone to control login approvals. When you log in, Facebook will send you a code to your phone. You then put in the code that they send you. The two factors in this authentication method are what you know and what you have. You have to know your password and have possession of your phone in order to log in.

Hacking Your Social Media Account with Just Your Email

Hacking into a social media account that doesn’t use two-factor authentication is simple. All a hacker needs is an email password. Email accounts are easy to know. After all, everyone usually has their email address as public knowledge. From there, a hacker can narrow your password to something you are familiar with. Rarely do people have complicated passwords. A hacker would possibly try different passwords at intervals so not to cause any locks on your account.

After a given period of time, a hacker could come to the right password. After that, all the hacker would have to do is click the “Forgot Password” link on any social media site and they would send the password right to the hacker. This is all with one- factor authentication.

The Best Security Method for Social Media

The best method for privacy on social media sites is including your phone in your privacy settings. Most social media sites and even Google include features to send codes right to your phone. This method allows you to use two-factor authentication in order to gain better security and control over your social media accounts.

Resources

https://www.facebook.com/about/basics/how-to-keep-your-account-secure/login-approvals/