SlideShare une entreprise Scribd logo

Privacy on the Internet - Init6 InfoSec August Meeting

Télécharger en tant que PPTX, PDF
Jose L. Quiñones-Borrero
Jose L. Quiñones-Borrero

Presented by: Jose Quinones Learn about technologies that may help you maintain your privacy on the Internet.

Technologie
1  sur  22
Obsidis Consortia, Inc. Privacy on the Internet “This presentation is dedicated to the NSA” José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
How the Internet works?
The NSA scandal has revealed … • They can and will capture all traffic possible • All encrypted traffic is considered suspicious and is retained indefinitely • They trace up to 3 hops/connections (people) to and from the target. • This is not something new, don’t be naive. • The Patriot Act was extended until Dec 2017
…here come the technologies • Encryption – SSL/TLS/IPSec – PGP/GPG – AES/RSA/DES • Tunneling – SSH – Tor – VPN
(The Onion Router) • "Onion Routing" refers to the layers of the encryption used. • The original data, including its destination, are encrypted and re-encrypted multiple times, and sent through a virtual circuit comprising successive, randomly selected Tor relays. • Each relay decrypts a "layer" of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The final relay decrypts the last layer of encryption and sends the original data, without revealing or even knowing its sender, to the destination. • This method reduces the chance of the original data being understood in transit and, and conceals the routing of it
How does Tor works?
How Tor protects you from snooping
Cautions with Tor • Traffic on exit nodes can be captured/sniffed • Incompatible applications can bypass Tor and reveal your location/personal information • “User” fingerprinting may be possible – User agent, OS, plugins, etc… – Client side scripting can collect valuable information • Exit nodes should not (NEVER) be trusted
VPN • Protocols – PPTP (weakest) – L2TP/Ipsec – SSL • Private VPN service – VPN service you pay for to protect your information – VPN providers are bound by its country’s laws • OpenVPN
How a private VPN works
SSH Goodness • Remote – ssh –R remote_port • Static (redirect a local connection to a remote ip:port) – ssh –L local_port:remote_ip:remote_port user@host • ssh –L 10000:10.10.10.10:80 user@host • Dynamic (socks5) – ssh –D local_port user@host • ssh –D 10000 user@host • Other options • -f (sent to backgrond • -N (prevent execution on remote server • -o (send proxy command) 9/26/2013
Proxychains • Forces TCP applications that don’t support proxies to go thru them • Uses proxies in config file: – /etc/proxychains.conf – socks4, socks5, http • Simple to use – proxychains firefox http://mozilla.com – proxychains nmap -sT -p 80 1.2.3.4 9/26/2013
Metadata • With whom do you communicate? – Telephone, Email, Text/SMS, chat • What is you pattern of communication? – frequency, periods of time, volume, time line • Where do you go and go goes the same “place”? – “places” you visit
Immersion at MIT https://immersion.media.mit.edu/ • Immersion presents users with a number of different perspectives of their email data. • It provides a tool for self-reflection at a time where the zeitgeist is one of self-promotion. • It provides an artistic representation that exists only in the presence of the visitor. • It helps explore privacy by showing users data that they have already shared with others. • Finally, it presents users wanting to be more strategic with their professional interactions, with a map to plan more effectively who they connect with.
My Work
My Hobbie
My Person
Always be: Paranoid!
Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com
More Info • Tor – https://www.torproject.org/docs/documentation.html.en – https://www.youtube.com/watch?v=LAcGiLL4OZU – https://www.eff.org/pages/tor-and-https – http://www.aldeid.com/wiki/Tor/Usage/Nmap-scan-through-tor • SSH – https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling- explained/ – http://technologyordie.com/ssh-tunneling-and-proxying – https://www.youtube.com/watch?v=TEuus9-nXNY • VPNs – http://openvpn.net/index.php/open-source/documentation/howto.html – http://www.linuxforu.com/2012/01/ipsec-vpn-penetration-testing- backtrack-tools/
Open Discussion … Q & A

Recommandé

Anonymous traffic network
Anonymous traffic networkAnonymous traffic network
Anonymous traffic network
Apurv Singh Gautam
 
Socialforum2011 04-02
Socialforum2011 04-02Socialforum2011 04-02
Socialforum2011 04-02
Tommi Karttaavi
 
Darknet
DarknetDarknet
Darknet
Vishnu Shaji
 
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Thoughtworks
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymity
anurag singh
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
Bangladesh Network Operators Group
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
Prashant Rana
 
Encryption and decryption in TOR
Encryption and decryption in TOREncryption and decryption in TOR
Encryption and decryption in TOR
anjalika sinha
 

Recommandé

Anonymous traffic network
Anonymous traffic networkAnonymous traffic network
Anonymous traffic network
Apurv Singh Gautam
 
Socialforum2011 04-02
Socialforum2011 04-02Socialforum2011 04-02
Socialforum2011 04-02
Tommi Karttaavi
 
Darknet
DarknetDarknet
Darknet
Vishnu Shaji
 
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Tor - Using alternative networks to protect your online privacy, by Tobias Cl...
Thoughtworks
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymity
anurag singh
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
Bangladesh Network Operators Group
 
Tor network seminar by 13504
Tor network seminar by 13504 Tor network seminar by 13504
Tor network seminar by 13504
Prashant Rana
 
Encryption and decryption in TOR
Encryption and decryption in TOREncryption and decryption in TOR
Encryption and decryption in TOR
anjalika sinha
 
Darknet (ec)
Darknet (ec) Darknet (ec)
Darknet (ec)
Bradley W. Deacon
 
Darknet
DarknetDarknet
Darknet
Rafel Ivgi
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
Brent Muir
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
Ahmed Mater
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
Jack Maynard
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh Kulkarni
PraneshKulkarni22
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNet
James Bollen
 
TOR NETWORK
TOR NETWORKTOR NETWORK
TOR NETWORK
Rishikese MR
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network tor
Khaled Mosharraf
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
Mohammed Bharmal
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
Ahmed Mater
 
Darknet
DarknetDarknet
Darknet
Shubham Dwivedi
 
Sw2 b12
Sw2 b12Sw2 b12
Sw2 b12
Irvine_ps
 
Sw2
Sw2Sw2
Sw2
nekomaru09
 
Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)
Saprative Jana
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
antitree
 
Tor browser
Tor browserTor browser
Tor browser
Akshit Arora
 
Encrytion ppt
Encrytion pptEncrytion ppt
Encrytion ppt
Raj Sampat
 
Tor Tracer
Tor TracerTor Tracer
Tor Tracer
Vishal Aditya
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
Ashly Liza
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
Jose L. Quiñones-Borrero
 
Workshop OH 2012-06-23
Workshop OH 2012-06-23Workshop OH 2012-06-23
Workshop OH 2012-06-23
Alessandro Domanico
 

Contenu connexe

Tendances

Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNet
James Bollen
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
Ashly Liza
 

Tendances (20)

Darknet (ec)
Darknet (ec) Darknet (ec)
Darknet (ec)
 
Darknet
DarknetDarknet
Darknet
 
TOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying MarkersTOR Packet Analysis - Locating Identifying Markers
TOR Packet Analysis - Locating Identifying Markers
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorAcpe 2014 Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh Kulkarni
 
Cybersecurity and the DarkNet
Cybersecurity and the DarkNetCybersecurity and the DarkNet
Cybersecurity and the DarkNet
 
TOR NETWORK
TOR NETWORKTOR NETWORK
TOR NETWORK
 
Introduction to anonymity network tor
Introduction to anonymity network torIntroduction to anonymity network tor
Introduction to anonymity network tor
 
Tor: The Second Generation Onion Router
Tor: The Second Generation Onion RouterTor: The Second Generation Onion Router
Tor: The Second Generation Onion Router
 
Tor Project and The Darknet
Tor Project and The DarknetTor Project and The Darknet
Tor Project and The Darknet
 
Darknet
DarknetDarknet
Darknet
 
Sw2 b12
Sw2 b12Sw2 b12
Sw2 b12
 
Sw2
Sw2Sw2
Sw2
 
Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)Hacking Tor ( How does Tor work ?)
Hacking Tor ( How does Tor work ?)
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
 
Tor browser
Tor browserTor browser
Tor browser
 
Encrytion ppt
Encrytion pptEncrytion ppt
Encrytion ppt
 
Tor Tracer
Tor TracerTor Tracer
Tor Tracer
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 

En vedette

Presentació REFUGEKIT - CAT
Presentació REFUGEKIT - CATPresentació REFUGEKIT - CAT
Presentació REFUGEKIT - CAT
refugekit
 
That's how things are done here
That's how things are done hereThat's how things are done here
That's how things are done here
Faisal Nisar
 

En vedette (9)

CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Workshop OH 2012-06-23
Workshop OH 2012-06-23Workshop OH 2012-06-23
Workshop OH 2012-06-23
 
Valeurs Actuelles - Les intentions de vote aux élections régionales en Nord-P...
Valeurs Actuelles - Les intentions de vote aux élections régionales en Nord-P...Valeurs Actuelles - Les intentions de vote aux élections régionales en Nord-P...
Valeurs Actuelles - Les intentions de vote aux élections régionales en Nord-P...
 
Opinion way corref l'engagement dans la vie religieuse - décembre 2015
Opinion way corref l'engagement dans la vie religieuse - décembre 2015Opinion way corref l'engagement dans la vie religieuse - décembre 2015
Opinion way corref l'engagement dans la vie religieuse - décembre 2015
 
Presentació REFUGEKIT - CAT
Presentació REFUGEKIT - CATPresentació REFUGEKIT - CAT
Presentació REFUGEKIT - CAT
 
Jug Padova febbraio-2012 - ISF & Open Hospital (odp)
Jug Padova febbraio-2012 - ISF & Open Hospital (odp)Jug Padova febbraio-2012 - ISF & Open Hospital (odp)
Jug Padova febbraio-2012 - ISF & Open Hospital (odp)
 
Jug Padova febbraio-2012 - ISF & OpenHospital (pptx)
Jug Padova febbraio-2012 - ISF & OpenHospital (pptx)Jug Padova febbraio-2012 - ISF & OpenHospital (pptx)
Jug Padova febbraio-2012 - ISF & OpenHospital (pptx)
 
That's how things are done here
That's how things are done hereThat's how things are done here
That's how things are done here
 
Ecoscope Vague 11 - novembre 2015 - axys consultants, Le Figaro, BFM Business...
Ecoscope Vague 11 - novembre 2015 - axys consultants, Le Figaro, BFM Business...Ecoscope Vague 11 - novembre 2015 - axys consultants, Le Figaro, BFM Business...
Ecoscope Vague 11 - novembre 2015 - axys consultants, Le Figaro, BFM Business...
 

Similaire à Privacy on the Internet - Init6 InfoSec August Meeting

Anon p2p slides
Anon p2p slidesAnon p2p slides
Anon p2p slides
chintaan
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 
5 Anonymous Communication exercises fee d
5 Anonymous Communication exercises fee d5 Anonymous Communication exercises fee d
5 Anonymous Communication exercises fee d
gawodaf378
 
Barsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersBarsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-users
ProQSys
 

Similaire à Privacy on the Internet - Init6 InfoSec August Meeting (20)

Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
 
Anon p2p slides
Anon p2p slidesAnon p2p slides
Anon p2p slides
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
FreedomBox & Community Wi-Fi networks
FreedomBox & Community Wi-Fi networksFreedomBox & Community Wi-Fi networks
FreedomBox & Community Wi-Fi networks
 
Tor
TorTor
Tor
 
Anonymity Network TOR
Anonymity Network TOR Anonymity Network TOR
Anonymity Network TOR
 
Blockchain for good
Blockchain for goodBlockchain for good
Blockchain for good
 
5 Anonymous Communication exercises fee d
5 Anonymous Communication exercises fee d5 Anonymous Communication exercises fee d
5 Anonymous Communication exercises fee d
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Internet .ppt
Internet .pptInternet .ppt
Internet .ppt
 
Collecting user-data-socially-responsibly
Collecting user-data-socially-responsiblyCollecting user-data-socially-responsibly
Collecting user-data-socially-responsibly
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptx
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.ppt
 
Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...
Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...
Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...
 
Barsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-usersBarsamian alexander-identifying-network-users
Barsamian alexander-identifying-network-users
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
 
Tor project
Tor projectTor project
Tor project
 

Plus de Jose L. Quiñones-Borrero

Plus de Jose L. Quiñones-Borrero (13)

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
 

Dernier

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Dernier (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Privacy on the Internet - Init6 InfoSec August Meeting

  • 1. Obsidis Consortia, Inc. Privacy on the Internet “This presentation is dedicated to the NSA” José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
  • 2. What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
  • 4. The NSA scandal has revealed … • They can and will capture all traffic possible • All encrypted traffic is considered suspicious and is retained indefinitely • They trace up to 3 hops/connections (people) to and from the target. • This is not something new, don’t be naive. • The Patriot Act was extended until Dec 2017
  • 5. …here come the technologies • Encryption – SSL/TLS/IPSec – PGP/GPG – AES/RSA/DES • Tunneling – SSH – Tor – VPN
  • 6. (The Onion Router) • "Onion Routing" refers to the layers of the encryption used. • The original data, including its destination, are encrypted and re-encrypted multiple times, and sent through a virtual circuit comprising successive, randomly selected Tor relays. • Each relay decrypts a "layer" of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The final relay decrypts the last layer of encryption and sends the original data, without revealing or even knowing its sender, to the destination. • This method reduces the chance of the original data being understood in transit and, and conceals the routing of it
  • 7. How does Tor works?
  • 8. How Tor protects you from snooping
  • 9. Cautions with Tor • Traffic on exit nodes can be captured/sniffed • Incompatible applications can bypass Tor and reveal your location/personal information • “User” fingerprinting may be possible – User agent, OS, plugins, etc… – Client side scripting can collect valuable information • Exit nodes should not (NEVER) be trusted
  • 10. VPN • Protocols – PPTP (weakest) – L2TP/Ipsec – SSL • Private VPN service – VPN service you pay for to protect your information – VPN providers are bound by its country’s laws • OpenVPN
  • 11. How a private VPN works
  • 12. SSH Goodness • Remote – ssh –R remote_port • Static (redirect a local connection to a remote ip:port) – ssh –L local_port:remote_ip:remote_port user@host • ssh –L 10000:10.10.10.10:80 user@host • Dynamic (socks5) – ssh –D local_port user@host • ssh –D 10000 user@host • Other options • -f (sent to backgrond • -N (prevent execution on remote server • -o (send proxy command) 9/26/2013
  • 13. Proxychains • Forces TCP applications that don’t support proxies to go thru them • Uses proxies in config file: – /etc/proxychains.conf – socks4, socks5, http • Simple to use – proxychains firefox http://mozilla.com – proxychains nmap -sT -p 80 1.2.3.4 9/26/2013
  • 14. Metadata • With whom do you communicate? – Telephone, Email, Text/SMS, chat • What is you pattern of communication? – frequency, periods of time, volume, time line • Where do you go and go goes the same “place”? – “places” you visit
  • 15. Immersion at MIT https://immersion.media.mit.edu/ • Immersion presents users with a number of different perspectives of their email data. • It provides a tool for self-reflection at a time where the zeitgeist is one of self-promotion. • It provides an artistic representation that exists only in the presence of the visitor. • It helps explore privacy by showing users data that they have already shared with others. • Finally, it presents users wanting to be more strategic with their professional interactions, with a map to plan more effectively who they connect with.
  • 20. Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com
  • 21. More Info • Tor – https://www.torproject.org/docs/documentation.html.en – https://www.youtube.com/watch?v=LAcGiLL4OZU – https://www.eff.org/pages/tor-and-https – http://www.aldeid.com/wiki/Tor/Usage/Nmap-scan-through-tor • SSH – https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling- explained/ – http://technologyordie.com/ssh-tunneling-and-proxying – https://www.youtube.com/watch?v=TEuus9-nXNY • VPNs – http://openvpn.net/index.php/open-source/documentation/howto.html – http://www.linuxforu.com/2012/01/ipsec-vpn-penetration-testing- backtrack-tools/