corz.org uses cookies to remember that you've seen this notice explaining that corz.org uses cookies, okay!
corz.org text viewer..
[currently viewing: / public/ docs/ privacy/ surf.safe.basics.txt - raw]
SURF SAFE BASICS
1. Introduction
2. Browser Security
3. Browser Check
4. NetBios
5. Cookies
6. WebBugs
7. Good Housekeeping
8. Firewalls
9. Anonymity Providers
10. Resources
1. Introduction:
Safe Surfing consists in minimizing your profile and
identity trail as you surf on the internet. Every site you visit will
record your machine's unique internet protocol number or IP address.
Cookies can act as remote identifiers, and the information they store
can be retrieved by html web pages using email or post commands.
Any of the web pages that you download may contain either Active-x or Java
applets both of which can be programed to access the Windows System or
your registry. Embedded Gifs or Web-Bugs can record your presence and
'phone home' modules - often known as spyware can report on you to a
remote database.
As well as providing servers with another way to get Referer and other
information. Disabling Java also stops many pop-up ads and
interstitials. All the scripting languages like Javascript, Visual Basic
Script (VBS) etc. can execute system calls from inside a web page, query
your registry and posting sensitive data back to the server. In the case
of a hacker, invisible frames can be loaded containing scripting to
execute DOS commands such as "del C:\*.*"; "del Windows\*.*" - on other
words wipe your hard disk!
Other means of gaining referer information are for the server to ask you to
connect either on shttp or https which is SSL, both are secure protocols
that can override ordinary proxies and nullify them. Thus allowing the
server to read your true ip address and in some cases this is their
purpose not secure messaging!
Coming up in the rear is SOAP (Simple Object Access Protocol). This is a
lightweight, XML-based protocol for exchanging information in a
decentralized, and distributed environment. This is a messaging
protocol, unlike Active-x, which uses remote procedure calls (RPC). It
does not require synchronous execution or request/resonse interaction,
and SOAP messages can have multiple parts addressed to different
parties. Furthermore SOAP is progmatically extensible. In laymans speak
this protocol allows web page to speak to web page, remotely and on a
queued basis ie allowing for time lapses. SOAP boasts A Proxy and Wire
Transfer Service. This protocol has been submitted to W3C for
consideration, and is along with XML the basis for Microsofts latest web
gambit .NET. SOAP is extremely unsafe since it has access to the dns and
the underlying windows system. It can totally bypass any firewall since
messaging is web page to web page. COM controls can be written to phone
home via SOAP just as in HTTP.
Last but not least is NetBios and File and Print Sharing which is auto
enabled on installation on some old operating systems, leaving your hard
disk open for the world. So disabling all these options within your
browser and in conjuction with using a proxy, preferably one from
country outwith your own, you can leverage some form of control over
information leakage whilst you surf. Being aware of how and where ip
leakage can occur allows you to Surf Safe!
2. Browser Security
To cover your tracks and prevent others from finding out
your ip address you have to use a proxy and disable certain browser
functions, proxies are covered in more detail in Proxy Basics. These
functions are as follows:
Internet Explorer: Tools Menu ... Select Internet Options... Security tab...
Custom Level
Disable all Active-x Options Disable all Cookie Options Disable Java Disable
all Scripting Options Logon Option: Check the "Prompt for user name and
password" radio button
For netscape users, to turn off java ans also ... Edit -> Preferences ->
advanced -> uncheck "enable java" and "enable javascript" and check
"disable cookies"
To use software based proxy: Edit -> Preferences -> advanced+ -> proxies ->
check "manual configuration" -> view -> fill in the needed fields.
To enable a proxy server in IE, go to Tools > Internet Options >
Connections. If you use a dialup connection, click the "Settings" button
next to the dialup properties box. If you have a broadband connection,
click the "LAN Settings" button instead. Check the "Use a proxy" option,
then enter the proxy's hostname and port number in the fields.
To enable a proxy server in Netscape, go to Edit > Preferences > Advanced >
Proxies. Choose "Manual Proxy Configuration," then click the View button
and enter the proxy's hostname and port number in the WWW field.
To confirm that the proxy is functioning correctly, go to the IP-address
page. You should see the proxy's IP address instead of your own.
Alternatively select one of the url's from the Proxy Checking Sites list
in the Resources section below and check that the ip-address you see on
the page is the same as your proxy!
Some browsers have an auto email facility find and disable this.
What does a browser record? There are three things a browser records when
you visit a web page. Each one is stored in a different manner, in
different places. It depends on which browser and which version you use,
and even on what Operating System platform you are running it.
The three thing a browser records are:
I The page itself in your cache II The URL of the page in your history III
The URL's you typed in at the URL box (drop down list)
So the folowing tasks have to be undertaken.
Clearing the cache: Clearing the History: Clearing the URL history:
Its optional on all the main browsers ie Netscape, Internet Explorer, Opera
etc whether you choose to do this by hand and the precise syntax and
commands vary by Browser version and Operating System version, but the
principal is constant ie find where they are logged and delete the
references! Under Windows this is normally inside the Registry. So in
Netscape under windows 95: The URL history is stored in the windows
registry.
Example: Clearing the URL history - Close Netscape if it is still running.
Start the registry editor by running REGEDIT.EXE. Go to
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\URL History\
(doing a search for "URL History" will get you there immediately.)
Delete the entries URL_1 through URL_10, but NOT the Default entry.
Close the registry editor.
This is repeated for the other tasks. A simpler method is to use a program
such as Window Washer or Evidence Eliminator both will automatically
clean the required areas.
Now these items ie cache, url, and url history have been deleted but
microsoft in their wisdom chose to record the url and occassionally the
url history elsewhere in areas such as the swap file, user.dat and
system.dat and if you use microsoft office or similar softwares the
document history list may record your url history as well. Windows
Washer should be able to deal with this. To deal with the swap file read
the Swap File Basics. Remember under some versions of Windows such as
Windows NT and Windows 2000 each user has a unique profile and history
so if you use different accounts. Check them all.
3. Browser Check:
Every time you DialUp or connect to surf you should
firstly connect with a proxy checking site that will tell you what your
current browser ip is and other relevant environment variables, such as
javascript etc. It is a good idea to paste the url of the proxy checker
into the "Address" edit box situated under the General tab of the
Internet Options Properties box. This will alert you to surfing on an
unsafe ip.
4. NetBios:
NetBIOS (or Network Basic Input Output System) is a program,
that is used by Microsoft Networking. One use of NetBIOS is to allow the
sharing of files and printers between computers on a Local Area Network
(LAN). However, if you are connected to the Internet and using file and
print sharing through NetBIOS, you may be exposed to unnecessary
security risks. Most systems do not need NetBIOS to connect to the
Internet. However, some older cable modem systems mght need some
components of NetBIOS. Out of the box NetBios is configured to enable
about 9 separate components of your PC. These are :
1. Client for Microsoft Networks, the networking application
2. File and Printer Sharing for Microsoft Networks
3. Microsoft Family Logon
4. TCP/IP
5. NetBEUI (NetBIOS Enhanced User Interface)
6. IPX/SPX
7. Dial-up adapter
8. Cable modem/DSL interface
9. Local area network (LAN) interface (if applicable)
The insecure components in the pre-configured NetBIOS are: Microsoft
Networks application and file and printer sharing. Since all nine
NetBIOS components--including TCP/IP--are interconnected, your data is
vulnerable when you're online. Each time you're connected to the
Internet with the pre-configured NetBIOS, hackers can easily access your
passwords, upload malicious code to your computer and more. Your
computer is exposed to any, and all, kinds of security threats.
The solution is to re-configure your NetBIOS. TCP/IP will only be connected
to the dial-up adapter. The NetBEUI transport will also be connected to
the dial-up adapter and, therefore, TCP/IP. Since NetBEUI provides safe
local file and network sharing, your files will not be exposed in this
configuration. The Microsoft Network application, file and print sharing
and Microsoft Family Logon will all be connected to NetBEUI. The IPX/SPX
protocol should be removed from the networking component list!
Disabling File And Printer Sharing for Your Dial-Up Adapter (Win 95/98)
1) Click Start, point to Settings, click Control Panel, and then
double-click Network.
2) Click TCP/IP->Dial-up Adapter, click Properties, and then click the
Bindings tab.
3) Click to clear the File and Printer Sharing check box, click OK, and
then click OK.
4) Restart your computer.
NOTE: This disables the File And Printer Sharing component only for the
Dial-Up Networking adapter. Local network file sharing or printer
sharing is not affected. Windows NT users should disable TCP/IP Binding
from NetBIOS.
Turning Off File and Print Sharing Completely 1) Click on Start then to
Control Panels. Double click on the icon Network.
2) Click on the button File and Print Sharing.
3) To disable File and Print Sharing, uncheck both boxes. To enable File
and Print Sharing, check both boxes.
4) Click OK and then OK again. File and Print Sharing is now disabled.
5. Cookies
Recording which IP address accessed a site is a start, but it's
not enough for many places on the net. They want to know more - such as
whether you've visited before. This is done using what are called
cookies. There are many myths about cookies, which are best dispelled by
looking at a site such as www.cookiecentral.com. A cookie is simply a
piece of information that a website asks your browser to store on your
PC. The same site can then request the cookie next time you visit. This
allows it, for instance, to automatically fill in your login name on the
AvantGo pages, or supply the weather reports you asked for on the
msn.com home page. What a cookie can't do is trawl your hard drive for
your credit card number, neither can it tell a website anything it
didn't already know about you. If you tell a site your name is Tipper
instead of Albert, then that's what will be in the cookie that's stored
on your computer. So why do so many people get worked up about cookies?
Because a few companies, most notably DoubleClick, have found a way
round the fact that a server can only request cookies for its own site.
DoubleClick is an agency that supplies the ads that appear on many of
the net's most popular sites. Using cookies, DoubleClick can uniquely
identify you, allowing a profile of the type of sites you visit to be
built up, and even supplying relevant adverts for you. So how can it do
this when cookies are unique to a site? It's simple -the DoubleClick
adverts aren't on the site you visit. They're stored on DoubleClick's
own servers, and your web browser dutifully fetches them from there.
This means it has requested information from the DoubleClick server, and
can therefore have a cookie sent, or passed back to, that server.
Solution: In your browser disable all cookie access and clean regularly!
6. WebBugs:
WebBugs: There are about five different types of Web bugs, The
simplest bug is a small, clear GIF with no content and its set to be
tranparent so the web page background shines through. Its included on
the web page you surf to but is downloaded from another site. Usually
some Advert based site the download call along with the referrer
information is enough to identify your machine as visiting some site. It
normally works with cookies to send information to third parties about a
your online travels. Other more malicious forms of Web bugs are
"executable bugs," which can install a file onto people's hard drives to
collect information whenever they are online. For example, one such bug
can scan a person's machine to send information on every document that
contains the word "sex" . the sneakiest bugs are "script-based
executable bugs that can go out and take any document from your
computer" without notice, there are programs that can track live,
private recordings through Webcams or voice recorders hooked up to
computers. Other script-based bugs also execute files, but they're not
installed on a person's PC. They can simply try to control the person's
computer from its server, as well as track the consumer's travels on the
Web from behind the scenes. An example of this can be found on a popular
entertainment site, PassThisOn.com, which launches multiple browser
windows when a person tries to exit the site. These methods can bypass
your firewall since your browser will have permission to fetch stuff
from web-sites. This principle can be employed in Word documents or
emails such that when you open them, some site somewhere is notified
that some pc is opening and reading this document. Nice thought?
7. Good Housekeeping:
One consequence of surfing on the Internet is not only
do other people want to know your surfing habits and real ip. So does
your own PC! Each installed program will invariably come with some form
of a history list. This list will be stored in the registry or less
commonly in a text file with a .ini extension, usually found in the
installation folder. In the registry search for LastVisitedMRU. These
are used to enumerate your last five actions or so. ie Windows
MediaPlayer has a hidden history list that contains a description of
items last activated by it, be it some mp3 or visually enticing mpg
movie. Likewise RealPlayer has a similar facility furthermore if you use
it to search online music datatbases like DDB it will phone home to the
RealPlayer web site sending your list of preferences along with a unique
number that was written into the registry when the program was first
installed, and its usually a mixture of your real ip and some pc
generated number, ie a GUID. Thereby identifying you regardless of
whether you employ a proxy or not!
Do Url's Go To Heaven? Url's that you have surfed through may be stored
covertly within the Swap File, on a just in case they are needed again
basis, furthermore any of the microsoft products might, depending on
your preference settings, choose to add one of these url's to its
history list or Most Recently Used document list in MS Word's case.
These are then stored in proprietary files and within and any of
index.dat, system.dat, user.dat and on windows2000, Windows Millenium in
pagefile.sys. or the Swap file. Each time you switch on your computer
unknown to you these are then loaded into the respective program
registry mappings or hidden files. Latest versions of windows use
individual profiles called "UserData" stored within the registry. This
is how Windows maintains its appearance of being static, looking the
same, or attempting to achieve "persistance" across multiple boot ups.
So some Url's do go to heaven and kinda live for ever ;-)
Spyware: Some "free" software will, as it is being installed, copy a 2nd
parties programs, usually to the System folder. These type of programs
are what is known as AdWare since once online your surfing habits are
monitored by the 2rd party and advert streams are sent to the
application based on your preferences. The application author gets paid
for allowing his program to target you with adverts and this is the
price you pay for free software. Naturally you don't want any of these
things on your pc.
COM/SOAP These are ostensibly microsoft protocols. SOAP leaves you insecure
since it has access to the dns (domain name calls) and the underlying
windows system. So it can request o/s serial numbers, bad if you paid
for Windows by credit card. It can totally bypass any firewall and
router filtering, since messaging is web page to web page. COM controls
can be written to phone home via SOAP just as in HTTP. COM is the basis
for .NET and the new Windows coming you way soon. Windows has been
re-written to use COM everwhere including the windows controls such as
edit, list and treeview controls etc. This makes Windows a highly
insecure communications environment. Coupled with the fact that
Microsoft shares some of its source codes with Govt Agencies and favored
Corporations under strict terms of secrecy, this should alert the wise!
Cleaning Up: Since each application that you have installed can store a
History List of associated files, ie Internet Explorer will have a list
of Url's your browser last surfed, for its use in its "IntelliSense" or
Smart matching on partial Url's that you type into the browser
AddressBar. You need an application to sweep these out and clean up each
time that you either boot up or shut down. One such application is
Window Washer it is safe and simple to use and it allows customized
items both in the registry and any folder to be set for deletion. It
comes with a default set of Windows locations to delete ie Documents
under the Start menu is wiped clean. So for each application you will
have to work out what it stores, where it stores it and set
WindowsWasher to delete it on a regular basis. For the more trickier
case of the Swap File, User.dat and Sytem.dat see The Swap File and
Registry Basics faqs.
There are programs available to search for and remove phone home components,
where web-bugs are concerned the use of a Firewall, either Norton
Personal Firewall or Zonealarm are good 1st choices here, and proxy and
cookie cleaning on a regular basis will minimise any problem here. A
security site is working on a Web-Bug filter at present.
8. Firewalls
A Firewall is a program that filters all ingoing and outgoing
connections to the internet. Anyone who is running ADSL or Cable and
other fixed ip services are more vulnerable to security breaches. A
Firewall will allow you to set filters on which packets can enter or
leave your computer. Most Firewalls come with standard settings enabled
such as Application privileges, Internet traffic blocking, local network
access to the systems services and shared accounts, and the blocking of
known advertising companies. Along with the disabling of javascript this
will stop all those annoying pop up windows appearing. A firewall will
also allow you to decide what appears in the packets that leave your
computer ie your type of computer , operating system , timezone etc all
which helps to enforce your privacy. If your computer is personal and
for home use then find yourself a copy of AtGuard which is an excellent
configurable Firewall, and if you cannot find a version, then Norton
Personal Firewall is a good substitute since it purchased a licence to
the AtGuard kernel.
9. Anonymity
Providers Here is a list of providers who provide reasonable
privacy and security to their users. Their numbers are few, most of
these providers use telnet, some use SSH, or S/Key to log in for added
protection.
HushMail: --------- HushMail Is the world's first 1024 bit encrypted free
mail service!
Anonymous.To:
-------------
Anonymous.To Offer Free Anonymous Email Accounts.
Freedom.net:
------------
Freedom.net Offer anonymous mail, telnet, IRC, SSH
and web-surfing.
SecureNym:
----------
SecureNym Offers secure and anonymous web based
E-mail by subscription.
Pop3Now:
--------
Pop3Now Lets you access your mail from the web
with SSL encryption.
Cyberpass:
----------
Cyberpass Run by Lance Cottrell, a well known
cryptographer & cypherpunk.
LOD Communications:
-------------------
LOD Communications Offers for $10 a month a shell
account with WWW page.
AnonMailNet:
------------
AnonMailNet Offers Web2Mail & Web2News interfaces
with standard Internet
services.
Data Haven Project
------------------
Data Haven Project For $10 a month shell account
with full access.
Offshore Information Services:
------------------------------
Offshore Information Services Offer anonymous
services from Anguilla B.W.I.
Nymserver:
----------
Nymserver Offers anonymous e-mail and newsgroup
posting, PGP, & finger info.
Somebody.net:
------------
Somebody.net Offers anonymous surfing and
anonymous email services
Resentment.org:
---------------
Resentment.org Now offers free SSL web mail accounts
Altopia Privacy:
----------------
Altopia Privacy accounts now, Anonymous accounts
later...
10. Resources:
Window Washer
Evidence Eliminator
GUID Cleaner
Cache Cleaner
Spyware Faqs
Spyware Cleaner
Spyware Cleaner
Web_Bugs:
About Cookies :
~http:
Proxy Lists:
~http:
Proxy Checking Sites:
~http:
~http:
~http:
Firewall Sites:
Firewall check :
Firewallls:
Home PC Firewall Guide :
Firewall Resource Centre :
Firewall Guide :
Firewall Q&A :
The TIS Firewall Toolkit FAQ :
Zeuros Network Solutions Firewall Resource :
Firewalls FAQ :
Personal Firewalls:
ZoneAlarm: http:www.zonelabs.com/
BlackICE:
AtGuard: :- now owned by Symantec
Norton:
McAfee
SafeGuard
Sphinx