Internet Explorer privacy mode browsing vulnerability

Internet Explorer 8 and above comes with a feature called InPrivate browsing, this privacy setting instructs the browser not to save the browsing history, temporary Internet files, form data, cookies, and usernames and passwords and stops that personal data from being retained by the browser leaving no evidence of your browsing or search history, once you close the browser everything is meant to be gone, not quite.

Internet Explorer index.dat files storing browsed sites

Index.dat is a little known Windows file that Internet Explorer uses, this file does not exist in Firefox, Chrome, Safari and Opera browser.

The index.dat file is extremely hard to find, not only it is marked as hidden but also designated as a system file and as such a Windows search will not find it. System files and folders are are effectively cloaked from casual searches even if you instruct Windows to show hidden files, in addition the index.dat file is locked and Windows prevents it from being deleted.

Note: There are other Windows components using a file named index.dat this is not exclusive of Internet Explorer, do not confuse them.

Internet Explorer InPrivate mode browsing

Internet Explorer InPrivate mode browsing

The index.dat file is a database file containing information such as visited websites, search queries and recently opened files. Its purpose, according to Microsoft, is to enable quick access to data used by Internet Explorer, no other browser uses it, this little file will be very helpful for a computer forensics investigator hell-bent on recoving your internet browsing activities.

Items such as the cached filename and page header information will be written to index.dat file while you use Internet Explorer privacy mode (aka porn mode).

The index.dat file can not be erased manually like your Internet cache and history can, you will need some specialist privacy software to erase the contents of Internet Explorer index.dat.

More Internet Explorer privacy mode vulnerabilities

Internet Explorer InPrivate browsing mode will not run completely in volatile RAM memory, while using InPrivate browsing mode in Internet explorer temporary internet files will be stored on disk so pages work correctly, but deleted when you close the browser.

This clearing of the cache is another privacy risk as it is simply marked as free space but not actually overwritten, and like with all the data that is not securely erased, it can be retrived until it is overwritten.

A computer forensics expert can recover the deleted internet cache of your Internet Explorer InPrivate mode without too much effort, in a matter of minutes.

Internet Explorer plugins like Silverlight are also able to set a cookie that will not be removed after the session.

Index.dat file computer forensics

Index.dat file computer forensics

Privacy mode browsing vulnerabilities in Chrome, Safari & Firefox

Although Internet Explorer is the only browser to use index.dat you should still be wary of other browsers privacy mode because they will also leave some tracks on your hard disk.

A team of researchers from Stanford and Carnegie Mellon University found that local attackers can access the DNS resolution history in a cache on a machine and enable him to reconstruct if and when a user visited a website, according to the researchers. This scenario assumes you are using the privacy mode for internet surfing in a public computer.

At home when using privacy browsing mode with Chrome, Safari and Firefox, you will need to watch out for plugins, according to these researchers “Browser addons (extensions and plug-ins) pose a privacy risk to private browsing because they can persist state to disk about a user’s behavior in private mode.

Stanford University researchers paper: Analysis of Private Browsing Modes in Modern Browsers

How to delete Internet Explorer index.dat file?

Internet Explorer index.dat is a binary file and you can not use Notepad to look at its content. You will need to use a free hexadecimal editor like HxD freeware Hex editor but it requires some skill, it is much easier to download something like the free Index.dat Analyzer from Systenance this tool can view and erase your index.dat files content.

To delete index.dat you can open it with the hex editor and overwrite everything with zeroes, then save it, make sure the file is not opened as Read-Only. The quickest and easier way to delete your index.dat file is by using specialist privacy software to clean it.

How to deactivate geolocation tracking in Firefox and Opera browsers

The latest Opera 10.6 and Firefox 3.5 browsers come with a feature called location-aware, this feature allows websites compatible with Geode (not many at present) to learn where you are.

Google location services are used to determine your whereabouts using your computer’s IP address, nearby wireless access points and a random client identifier given to you by Google, which is meant to expire in two weeks.

The first time you go to a website that requests geolocation information, Google Location Services terms and conditions are presented, you will need to agree to them, which can easily be done inadvertently or wihout understanding what that means, after that, every time a website requests geolocation information your internet browser tells you, and gives you a choice: to send your location data, or not to send it.

Where are you?

Where are you?

Both browsers, Opera and Firefox come with location aware enabled by default, I don’t know about Internet Explorer because I care about internet privacy and do not use that piece of crap.

How to disable location aware in Firefox and Opera browsers

To disable location aware in Firefox, type about:config in the toolbar and change the geo.enabled value to false by double-clicking on the key.

To disable geolocation tracking in Opera go to Settings > Preferences > Advanced > Network, and uncheck Enable geolocation.

Test your geolocation browser awareness at: http://browserspy.dk/geolocation.php

Learn more about geolocation tracking in Firefox and Opera

Mozilla location aware browsing FAQ: http://www.mozilla.com/en-US/firefox/geolocation/

Opera browser geolocation help page: http://help.opera.com/Windows/10.60/en/geolocation.html

Live CD for anonymous internet browsing: The (Amnesic) Incognito Live System

After the sole developer of Incognito, arguably, the best Linux live CD for anonymous internet browsing, announced that he could not carry on with his work in the project, another anonymous live CD, Amnesia, decided to merge with Incognito Linux live CD, and hence, the (Amnesic) Incognito Live System was born.

 

Information security awareness poster

Information security awareness poster

 

Version 0.5 of The Amnesic Incognito Live CD is now out and includes lots of goodies for anonymous internet surfing, encryption and erasing your online tracks, such as:

  • Tor 0.2.1.25
  • Vidalia 0.2.8
  • Claws Mail 3.7.5 with OpenPGP support.
  • Pidgin automatically connects to irc.oftc.net with a randomized nickname.
  • At shutdown time, only prompt to remove CD; just halt when booted from a USB stick.
  • Forbid any IPv6 communication with the outside.
  • Added some wifi drivers: Ralink rt2570, rt2860 and Broadcom STA.

My hats off to this great live CD for anonymous internet surfing!

For those who fear that the Chinese or British secret services will seize their computers one day, a live CD is the sure way to avoid leaving any tracks on your computer.

The (Amnesic) Incognito Live System homepage

 

How to stop DNS leakage while using a VPN

The DNS leakage problem explained

Whenever you type a domain name, your Internet browser contacts a DNS server and makes a DNS Query.

Most Virtual Private Network providers fail to mention that while your connexion is encrypted using a VPN there is a high chance that a DNS leak will occur and your ISP will still be able to see what you are doing over the internet.

The problem occurs primarily when routers and computers are set to use automatic DHCP, this can force name lookups to bypass the name server supplied by the active VPN connection and instead use the one supplied by your ISP which allows them to see the websites you visit.

DNS leak test

If you want to check if you suffer from DNS leakage, connect to your usual VPN/proxy and visit http://entropy.dns-oarc.net

After you click on Test my DNS you should ignore everything and look only on top of the page where it says DNS Resolver(s) tested.

Use a whois tool to resolve the IPs listed there and if your ISP name comes up, then you have a DNS leak.

Solving DNS leakage

The easiest way I have found to stop DNS leakage is by not using the ISP name servers and choose a free public DNS provider instead.

List of free public DNS providers:

Comodo public DNS

NS1: 8.26.56.26
NS2: 8.20.247.20

Google public DNS

NS1: 8.8.8.8
NS2: 8.8.4.4

OpenDNS public DNS

NS1: 208.67.222.222
NS2: 208.67.220.220

DNSAdvantadge public DNS

NS1: 156.154.70.1
NS2: 156.154.71.1

Instructions to change your computer DNS settings

Instructions to use Comodo public DNS

Instructions to use Google public DNS

Instructions to use OpenDNS public DNS

Instructions to use DNSAdvantadge public DNS

After you have done the change, carry out again the DNS leak test mentioned above. You should now see the DNS belonging to your new choosen provider.

Note: It looks as if Comodo Secure DNS and DNSAdvantadge are using the same network (UltraDNS).

DNS Nameserver speed test

Changing your DNS server can also increase or decrease the speed at which the websites are resolved, you can test your nameservers speed with the free utilities below:

NameBench (DNS benchmark utility)

GRC DNS Benchmark (No installation needed)

Review: Virtual Pritate Network for private internet surfing AceVPN

I have been using AceVPN for three months now and this review is based on this length of time. Before getting into a Virtual Private Network for anonymous internet surfing purposes, you should understand that a VPN will make it more difficult for TLA agencies such as the CiA and Mi5 to spy on you, but a VPN is a single hop proxy, if they want you bad they will most likely have you.

For serious anonymous internet surfing you should use Tor, which unfortunately it is slow for most activities other than posting at bulletin boards.

At the moment there is a 50GB monthly bandwith cap on AceVPN, I think this is a very reasonable amount of bandwith, the average surfer will probably download half that and since P2P programs are not allowed on AceVPN I can hardly see anyone going over the limit.

The Good Stuff

Every time I have emailed AceVPN, around five times, I always got a useful reply in under 24 hours. AceVPN at the time of writing this, has servers in the US, UK and France and claims to be planning new servers at other countries.

One of the USA VPN I was using got blocked by Hulu, a US only TV website, apparently they do not like people from abroad being able to watch their films through a proxy. AceVPN has a secret list of VPNs to access US only sites such as Hulu TV, Pandora radio and Crackle TV, if you email AceVPN support and tell them you want to watch Hulu and they are blocking your proxy, they will send you a new non public configuration file with new servers for the VPN.

AceVPN uses OpenVPN to tunnel the data as opposed to the more unsecure PPTP, and besides Windows, AceVPN also works in Mac, Linux/BSD and the iPhone, any device where you can install OpenVPN should work.

You can choose the UDP or TCP protocol for tunneling. Normally you should choose the UDP protocol, this is que fastest method to download data through the VPN, the TCP protocol is provided because some ISPs and private networks block all UDP traffic to stop certain applications from accessing the internet.

World Internet Plugged In

The Bad Stuff

When you sign up for AceVPN they will send you a very hard to remember cryptic password that you can not change, you will need to enter this every time you want to access the VPN, better write it down somewhere, I personally have it saved on a .txt file on my Desktop.

AceVPN has servers in several countries but  in order to choose what server you want to connect to you will have to manually edit the OpenVPN config file in Notepad and comment out the servers you want to avoid, there is no control panel to do this.

Torrents and P2P programs are not allowed at AceVPN, even if some users use it, as  per terms and conditions this is forbidden.

Conclusion

AceVPN is great value for money and it stops your ISP from logging your internet activities making the life of those who spy on others much more difficult, AceVPN is also one of the cheapest VPN available and the wide choice of servers located in different countries guarantees that if one goes down you can still connect somewhere else.

Be aware that during my time with AceVPN one of their USA servers was seized by the FBI, this was due to a DMCA request according to AceVPN management.

While AceVPN claims not to keep logs, the FBI is known to have great computer forensic facilities and only God knows what kind of personal private data from innocent people they managed to retrieve from that server.

I will be greatly surprised if these professional meddlesome informers resisted the temptation of not looking at other users accounts, I will say it again because people’s lives may be at stake, never forget to use full disk encryption as a security back up. A VPN will make the spooks job more difficult but not impossible, privacy advocates are a high target for TLA, people who have a private life scare the shit out of them, they are not used to that, be ready for an early morning raid from people wanting to know what you do in your spare time, whether you use VPN or you don’t, the Obama deception is here, this is not a joke, the CiA means business, your little VPN will not be enough to stop them, think bigger.

http://www.acevpn.com

UPDATE: As of 01 December 2009, I am having serious problems to watch USA TV with AceVPN (it’s very slow), after various speed tests at http://www.speedtest.net I have detected that their USA servers are very slow at times, in the order of 500Kb/download.

This may change in the future but as for now be warned of this problem. Their French and UK server speed was acceptable.

Review: Private internet surfing SSH tunneling Cotse

I have been using Cotse for private internet surfing for over a year and I think this is an accurate review of Cotse based on that. This privacy provider also gives you access to private email, IRC Chat via web interface, web based remailer, SSH tunneling and webhosting.

The first thing to understand is that Cotse SSH tunneling is not for anonymity, but privacy. You will be able to hide from your ISP what websites you are visiting and what you are downloading from the internet, and it will not matter if your ISP keeps logs for one year or twenty years, all they will see when you surf the internet is that you are connected to an SSH tunnel, and anything after that can only be seen and logged by Cotse, your ISP will be powerless to stop this.

In order to use the SSH tunnel in Windows you will need to download an SSH client, my favourite client being KiTTY but there are others around. In Unix,  you simply open the shell and type (example assumes you are using tunnel1):

ssh -L 5000:127.0.0.1:9999 username@tunnel1.cotse.net

With 5000 being the local port being forwarded to port 9999 on the server, using this port will pass on your OS and browser ID to the visited sites, if you forward the traffic to port 8888 Cotse will fake your operating system and browser ID as Windows Vista and Firefox regardless of what OS you use.

You can also forward to port 8080 which uses privoxy, this protects your privacy even further by stopping aggressive advertisements displaying on the screen, but privoxy will slow down  your internet browsing a little.

Cotse SSH tunnel logged out
Cotse SSH tunnel

You can pay for the service with a money order, check, Paypal or credit card, however paying by credit card requires you to reveal your real ISP email address or they will decline payment, according to Cotse this is due to fraud prevention reasons. For anonymous payments you will be better off using a money order or using a virtual credit card and pay through Paypal. Read my post on opening a Paypal account using a fake name to learn how to do this.

Logging Policy

Cotse claims they keep logs of your activities for five days, I think this is reasonable. In an ideal World logs would not exist,but unfortunately some people will abuse privacy services and those users will have to be weeded out one way or another.

Most proxy services will tell you that they do not keep any kind of logs, but technically speaking this is impossible since from the moment you connect to their proxy logs are being created, what happens is that they claim that those logs do not get stored more time than necessary, until you disconnect, and then get overwritten, hence they call it a “no logs” proxy service.

When reading about the logging policy of a privacy service you should consider that it is very easy for them to lie to you and hide their real logging policy. Cotse could easily claim they keep no logs and you would have no way of knowing if these claims are truth or not. By making clear your activities are being stored for five days and then overwritten, Cotse gives me the impression of being an honest provider in regards to their privacy claims of what they can do for you and what not.

There are far too many privacy snakeoil out there advertising the impossible, although I believe it is possible to run a “no logs” privacy service, the problem will always be finding out who is lying and who is not.

Internet IP logs
Internet IP logs

The Good Stuff

You can use Cotse SSH tunnel with Unix systems as well as Windows, their tunneling service is ideal to be used together with a live Linux CD leaving no computer tracks.

You not only get an SSH secure tunnel but also a private email service (Squirrelmal interface) with POP and IMAP, you also get a fairly decent hosting account with no speech limitations other than illegal content in the US where Cotse and its servers are based.

You have no bandwidth limitations when using SSH tunnelling and Cotse provides alternative ports like 443 in case your ISP blocks the default SSH port 22.

Unlike a VPN, if the SSH tunnel goes down for some reason, your real computer IP will not be exposed and your internet will stop working, this is a good thing. In a VPN, when the service goes down, your internet connection simply borrows your real IP instead with the risk of exposing your identity.

The Cotse email address that comes with the SSH tunnel has automatically expiring aliases, SSL connexion and a highly configurable spam filter, as well as hiding the sender IP on the headers.

Cotse helpdesk is excellent and they always reply under 24 hours, downtime of the SSH tunnel is also minimal, in one year I must have experienced thirty minutes downtime altogether, speed through the tunnel is unnoticeable from the direct connection.

The Bad Stuff

You are not allowed to use torrents through the SSH tunnel as p2p incoming connexions cause issues to the other customers, and the tunnel will disconnect automatically after 600 minutes of continous use (ten hours), you will have to reconnect after that.

Using a credit card for payment will require you to reveal your ISP  assigned email address, payments with a virtual credit card under assumed name will only be possible using Paypal. Your other alternative is a money order or check.

Webspace monthly bandwidth is poor at 1000MB, it will be enough for a text only personal website but no more than that. Their IRC web based chat is blocked by some Undernet servers (due to abuse), other than that it works fine at other networks.

Setting up Cotse SSH tunnel can be a bit overwhelming for someone who is new to the internet, it may take them a while to figure out how to configure everything.

Conclusion

Cotse makes excellent value for money, and you not only get an SSH tunnel but also a private email address and webhosting. If you want a cheap private proxy with no bandwith limitations that works accross Unix as well as Windows, then Cotse is probably for you.

Their five days logs policy is worse than other sites promising not to keep any kind of logs, but you can not be sure those sites are telling you the truth, in fact you can not even be sure Cotse is not logging your activities for longer than the five stated days, you have no way around this other than running your own proxy server.

http://www.cotse.net

Notice: Review based on the basic SSH Internet Shield Cotse service, you can upgrade this for extra features.

SSH tunneling between two computers
SSH tunneling between two computers/em

Secure your browser to avoid British police hacking

British police is now allowed to hack into personal computers without a warrant. Be very careful not to piss off your local police officer because he/she may go fishing into your computer to try and find out if you have paid your taxes this year or if your cat vaccines are up to date.

In order to carry out mass surveillance of  personal computers a huge amount of UK police officers will have to be given computing skills, this is highly unlikely to happen. It would not make any sense for the Government to spend millions of pounds training police officers in computers for the occassional use with the antiwar or animal rights protester.

Dangerous hacker

Malicious computer hacker

Suspects of terrorism and other serious offences will be likely to have a highly skilled and experienced computer forensics  officer on their case, the others will have Robbie the bobby.

In my oppinion your local copper will be trained in 15 minutes on how to use a  trojan horse like eBlaster or Win-Spy. The police will send it to you by email, or you can be made to  inadvertently download it through your internet browser visiting a campaign site or forum. Then Robbie the bobby can use his point and click mouse to spy on you like a cheap 007 James Bond agent, with no knowledge at all about networking, computer antiforensics tools, encryption, cracking or anything else that requires a brain.

You will need a good internet browser to protect your family privacy and stop Robbie the bobby from spying on you and your children. Besides the obvious advice of saving all your holiday snaps inside an encrypted container, you should also use a secure an updated internet browser that will not be exploited to plant a trojan horse in your computer.

Computer ignorant hacker at work

Innocent computer user

Multiplatform Internet Browsers (Unix,Windows and MAC):

Based on Presto rendering engine:

  1. Opera Internet Browser(Unix,Windows and MAC)

Based on Mozilla Gecko rendering engine:

  1. Seamonkey Internet Browser(Unix,Windows and MAC)
  2. Firefox Internet Browser(Unix,Windows and MAC)
  3. Flock Internet Browser(Windows only)
  4. K-Meleon Internet Browser(Windows only)

Based on Webkit/KHTML rendering engine:

  1. Google Chrome Internet Browser(Windows only)
  2. Safari Internet Browser(Windows and MAC)
  3. Konqueror Internet Browser(Unix,Windows and MAC)

MAC only Internet Browsers:

  1. Camino Internet Browser
  2. OmniWeb Internet Browser
  3. iCab Internet Browser

Unix Only Internet Browsers :

  1. Epiphany Internet Browser
  2. Elinks text only Internet Browser
  3. Dillo Internet Browser

IE Embedded Internet Browsers:

These are not really proper internet browsers but more like skins that embed in Internet Explorer. They are an improvement over Internet Explorer an add some extra features, but as they use the same base code and rendering engine as IE the security vulnerabilites will be corresponding and you get no major extra security gains.

Internet Explorer is probably the worst browser out there in functionality, security and privacy, but this is or should be a free World, if you want to risk unknow people knowing everything about you while you know nothing about them, then feel free to do so.

  1. Maxthor IE Embedded Internet Browser
  2. PhaseOut IE Embedded Internet Browser
  3. AvantBrowser IE Embedded Internet Browser

PhaseOut IE embedded browser skin
PhaseOut IE embedded browser skin

Internet browsers that run from a USB key or encrypted container:

This is the best way to avoid leaving any tracks on your computer, and a must have for those using the Library or an internet cafe for internet surfing.

If you do all your internet browsing from inside an encrypted hardrive or encrypted USB key then all the cache and history will be stored there too. But do not get too excited yet as huge amount of private data can still be recovered from the operating system.

The files you download and view may be stored on a temporaty folder by Windows Media Player, Microsoft Word, etc… The names of the files you view can also be stored in unsuspected places inside the OS, and all USB thumbdrives have a unique ID number that will be stored in the Windows registry as soon as you plug it in.

Thanks to this unique number it is possible to proof that the owner of that thumbdrive used it on that computer and it is also possible to find out the maker/brand of your thumbdrive without even having it.

  1. K-Meleon Portable Internet Browser
  2. OffByone Portable Internet Browser
  3. Arora Portable Internet Browser
  4. Firefox Portable Internet Browser
  5. Google Chrome Portable Internet Browser
  6. Opera Portable Internet Browser

Opera USB thumbdrive

Internet browsers highlights:

The Safari browser has a privacy mode that will do all your internet surfing in RAM and will not store anything on your hard disk provided you have enough amount of RAM available.

OffByone is the smallest internet browser in the World, it is only 850Kb in size and it runs completely in RAM, which means no traces of your internet surfing will be left on the computer. It supports SSL sites but OffByone will have problems navigating webpages that make heavy use of Javascript and cascade style sheets.

Konqueror internet browser support for Windows and MAC is in beta, which means it may work or may not. Konqueror origins are in Unix and KDE.

SeaMonkey, Flock and Opera internet browsers are an all in one internet application suite, they include embedded features like an IRC chat client, newsreader and notepad.

You should avoid embedded Internet Explorer internet browsers as they do not offer any major security advantadge over IE.

What internet browser is the best?

As individuals we all have different needs and wants, it is not possible to advise an absolute browser for everyone without knowing what they want from it and how they will use it.

With so many choices available I would simply avoid Internet Explorer like the plague due to its tracked record of security problems. On my next post I will tell you the internet browser I use myself and what features I like and do not like from it. :)

Computer owned
Computer owned