Hacklog Volume 1 Anonymity: it security & Ethical Hacking Handbook

Download 2,32 Mb.

Pdf ko'rish

bet	35/57
Sana	01.01.2022
Hajmi	2,32 Mb.
	#289651

1 ... 31 32 33 34 35 36 37 38 ... 57

Bog'liq
Hacklog Volume 1 Anonymity IT Security Ethical Hacking Handbook

Clearnet access (Gmail, Yahoo, Hotmail, Libero, etc.); you should only rely to
services allowing access from TOR nodes, Proxies and VPNs... Although it may
sound quite obvious, we have to make a second consideration: never use the
same key used for anonymity operations with your email in the clearnet, or one
you accessed at least once without the proper precautions. That would allow
anyone with the right skills to identify you. There are different cases and tools
allowing to use mail encryption. Here you will find some, right to properly kick
start your search:
-

Enigmail
[88]
: Thunderbird and SeaMonkey extension; requires GnuGP
already installed.
-

Mailvelope
[89]
: extension allowing you to use the OpenPGP encryption
within webmails like GMail, Yahoo Mail, Outlook, etc. using Chrome and
Firefox-based browsers.
-

GPGMail
[90]
: included in the GPG Suite, this tool allows you to encrypt
from the Mail program on OSX
-

APG
[91]
: available for Android, allows to easily integrate GPG with files
and mails
-

SecureGmail
[92]
: extension that allows to protect mails from the GMail
services and all GApps-based systems
Among the Debian repositories, you can find Icedove
[93]
: created by Mozilla
Foundation and re-branded in Debian style, this mail client is based on
Thunderbird. In order to install it, use the command:
$ su
$ apt-get install icedove
then install the Enigmail extension too, in order to use GPG in Icedove:
$ apt-get install enigmail
Once launched, you can activate the PGP signature and encryption by simply
clicking the “Enigmail” button, usually on top of the mail header (Figure 27).

Figure 27: using Enigmail within the Icedove client on Debian GNOME 3
Now that you learned how PGP/GPG works, I wish to remark the importance
of this tool examining a recent fact.
During the Silk Road takedown, it emerged that many admins, including the
famous creator Ross Ulbricht, didn’t encrypt their communications. When Ross
was arrested, detectives found hundreds of files in his computer. According to
Silk Road 2 users, such files included documents with personal information
about admins and moderators, saved as text files, which helped the investigators
to identify his accomplices.
7.2.3 Where to store the PGP/GPG keys
After all that paranoia, it would be ridiculous if you left the encryption keys
(and other important files) nicely exposed in your computer, don’t you think?
Here’s why, if someone gets to pay you a visit, you have to be ready to hide, or
destroy – in the worst case scenario – a removable media like a USB drive or a
SD card, if your computer allows you use it (even better if a micro SD with SD
adapter).
Using a micro SD may be the best way to hide your keys; such card is so
small you can hide it between your fingers, inside your ear (why not?), in your
shoes or in your underwear. Just use your imagination! Anyway, we will review
how to store keys and other information in depth in the “Data Backup” chapter.

Conversely, hiding or destroying a USB drive is not that easy; besides the
concealing difficulties, it is technically more difficult to destruct. SDs, instead,
can be cracked with no effort, making any content illegible. To have a deeper
insight of this topic, skip to the “Data Shredding” chapter.

Download 2,32 Mb.

Do'stlaringiz bilan baham:

1 ... 31 32 33 34 35 36 37 38 ... 57