Here is a collection of security tools that you should look through to add to your arsenal to help keep the peace on your pc/network or unleash war on others for whatever reason.

You can simply install these tools by clicking on the title within firefox in Ubuntu Hardy Heron.

Most of these are command line tools which need to be invoked via the Terminal:
Applications->Accessories->Terminal

If you need help with these tools, please read the manual via man "application" in the terminal, and feel free to comment if you need a little assistance or care to add to this growing list

Sniffers:

dsniff
Various tools to sniff network traffic for cleartext insecurities
This package contains several tools to listen to and create network traffic:

* arpspoof - Send out unrequested (and possibly forged) arp replies.
* dnsspoof - forge replies to arbitrary DNS address / pointer queries
on the Local Area Network.
* dsniff - password sniffer for several protocols.
* filesnarf - saves selected files sniffed from NFS traffic.
* macof - flood the local network with random MAC addresses.
* mailsnarf - sniffs mail on the LAN and stores it in mbox format.
* msgsnarf - record selected messages from different Instant Messengers.
* sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
* sshow - SSH traffic analyser.
* tcpkill - kills specified in-progress TCP connections.
* tcpnice - slow down specified TCP connections via "active"
traffic shaping.
* urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
* webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
* webspy - sends URLs sniffed from a client to your local browser
(requires libx11-6 installed).

Please do not abuse this software.

-

imsniff
Simple program to log Instant Messaging activity on the network
The imsniff program can be used to log IM activity on the network. It uses
libpcap to capture packets and analyzes them, logging conversation, contact
lists, etc.

Users connecting after imsniff is started can get pretty good results,
including complete contact lists and events (displaying a name change, for
example). Users already connected will be able to get the conversations, but
will miss the other information.

The only required parameter is the interface name to listen to. This can be
any interface that libpcap supports. A sample imsniff.conf.sample file is
included.

imsniff is beta software, for now, only MSN is supported. Others could follow.

Author: Carlos Fernandez

-

ksniffer
network traffic analyzer for KDE
KSniffer is a network traffic analyzer, or "sniffer" for KDE.

A sniffer is a tool used to capture packets from your network.

it detects network protocols like IP, TCP, UDP, ICMP and ARP.

-

nwatch

Network service detector
NWatch is a sniffer but can be conceptualized as a "passive port
scanner", in that it is only interested in IP traffic and it organizes
results as a port scanner would.

The advantage of this tool is that services that are open for a short
period of time can be detected with NWatch while successive nmap scans
will miss them. The disadvantage is that the service have to be actively
used to be detected.

-

scapy

Scapy is a powerful interactive packet manipulation tool, packet
generator, network scanner, network discovery, packet sniffer, etc. It
can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping,
tcpdump, tethereal, p0f, ....

In scapy you define a set of packets, then it sends them, receives
answers, matches requests with answers and returns a list of packet couples
(request, answer) and a list of unmatched packets. This has the big advantage
over tools like nmap or hping that an answer is not reduced to
(open/closed/filtered), but is the whole packet.

Homepage: http://www.secdev.org/projects/scapy/

It was previously named scapy. This is a transitional package
so scapy users get python-scapy on upgrades. This package handles
scapy -> python-scapy. It can be safely removed.

-

Snort

Flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.

This package provides the plain-vanilla snort distribution and does not
provide database (available in snort-pgsql and snort-mysql) support.

-

tcpick
TCP stream sniffer and connection tracker
This libpcap-based textmode sniffer can:
* track, reassemble and reorder TCP streams
* save the captured flows in different files or display them in the terminal
* display all the stream on the terminal with different display modes like
hexdump, hexdump + ascii, only printable characters, raw mode, colorized
mode ...
* handle several network interface types, including ethernet cards and PPP
interfaces

-
Tshark

Wireshark network traffic analyzer (console interface)
Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Wireshark decodes numerous protocols (too many
to list).

This package provides the console version of wireshark, named
"tshark".

-

WireShark
network traffic analyzer
Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Wireshark decodes numerous protocols (too many
to list).

This package provides wireshark (the GTK+ version)

-
Last But not least for the sniffers is my personal fav:
Ettercap
Multipurpose sniffer/interceptor/logger for switched LAN
Ettercap supports active and passive dissection of many protocols
(even ciphered ones) and includes many feature for network and host
analysis.

Data injection in an established connection and filtering (substitute
or drop a packet) on the fly is also possible, keeping the connection
synchronized.

Many sniffing modes were implemented to give you a powerful and complete
sniffing suite. It's possible to sniff in four modes: IP Based, MAC Based,
ARP Based (full-duplex) and PublicARP Based (half-duplex).

It has the ability to check whether you are in a switched LAN or
not, and to use OS fingerprints (active or passive) to let you know the
geometry of the LAN.

Wireless Tools:

aircrack-ng
Grab the latest @ www.aircrack-ng.com
wireless WEP/WPA cracking utilities
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a
40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets have
been gathered. Also it can attack WPA1/2 networks with some advanced
methods or simply by brute force.

It implements the standard FMS attack along with some optimizations,
thus making the attack much faster compared to other WEP cracking tools.
It can also fully use a multiprocessor system to its full power in order
to speed up the cracking process.

aircrack-ng is a fork of aircrack, as that project has been stopped by
the upstream maintainer.

-

Kismet
Wireless 802.11b monitoring tool
Kismet is a 802.11b wireless network sniffer. It is capable of sniffing
using almost any supported wireless card using the Airo, HostAP, Wlan-NG,
and Orinoco (with a kernel patch) drivers.

Can make use of sox and festival to play audio alarms for network events
and speak out network summary on discovery. Optionally works with gpsd
to map scanning.

-
Prismstumbler
Wireless network sniffer
Prismstumbler is a packet sniffer for 802.11b wireless LANs.

-
SWScanner
Simple Wireless Scanner
SWScanner is a KDE application specially designed to make easy the whole
wardriving process, but also intended to facilitate many tasks related
to wireless networks. SWScanner is compatible with NetStumbler files and
supports GPS devices.

-

WEPLab
tool designed to break WEP keys
WepLab is a tool designed to teach how WEP works, what different
vulnerabilities it has, and how they can be used in practice to
break a WEP protected wireless network.

WepLab can dump network traffic, analyse it or crack the WEP key.

-

Portscanning:
NMAP
The Network Mapper
Nmap is a utility for network exploration or security auditing. It
supports ping scanning (determine which hosts are up), many port
scanning techniques, version detection (determine service protocols
and application versions listening behind ports), and TCP/IP
fingerprinting (remote host OS or device identification). Nmap also
offers flexible target and port specification, decoy/stealth scanning,
sunRPC scanning, and more. Most Unix and Windows platforms are
supported in both GUI and commandline modes. Several popular handheld
devices are also supported, including the Sharp Zaurus and the iPAQ.

-

PnScan
Multi threaded port scanner
Pnscan is a multi threaded port scanner that can scan a large network
very quickly. If does not have all the features that nmap have but
is much faster.

-

DoScan
port scanner for discovering services on large networks
doscan is a tool to discover TCP services on your network. It is
designed for scanning a single ports on a large network. doscan
contacts many hosts in parallel, using standard TCP sockets provided
by the operating system. It is possible to send strings to remote
hosts, and collect the banners they return.

There are better tools for scanning many ports on a small set of
hosts, for example nmap.

-
HPING3
Active Network Smashing Tool
hping3 is a network tool able to send custom ICMP/UDP/TCP packets and
to display target replies like ping does with ICMP replies. It handles
fragmentation and arbitrary packet body and size, and can be used to
transfer files under supported protocols. Using hping3, you can test
firewall rules, perform (spoofed) port scanning, test network
performance using different protocols, do path MTU discovery, perform
traceroute-like actions under different protocols, fingerprint remote
operating systems, audit TCP/IP stacks, etc. hping3 is scriptable
using the TCL language.

-
Paketto
Unusual TCP/IP testing tools
The Paketto Keiretsu is a collection of tools that use new and unusual
strategies for manipulating TCP/IP networks. scanrand is said to be
faster than nmap and more useful in some scenarios.

This package includes:
* scanrand, a very fast port, host, and network trace scanner
* minewt, a user space NAT/MAT (MAC Address Translation) gateway
* linkcat(lc), that provides direct access to the network (Level 2)
* paratrace, a "traceroute"-like tool using existing TCP connections
* phentropy, that plots a large data source onto a 3D matrix

-

Packit
Network Injection and Capture
Packit is a network auditing tool. Its value is derived from its ability
to customize, inject, monitor, and manipulate IP traffic. By allowing you
to define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet
header options, Packit can be useful in testing firewalls, intrusion
detection systems, port scanning, simulating network traffic, and general
TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP.

-

ScanSSH
get SSH server versions for an entire network
The ScanSSH protocol scanner scans a list of addresses and networks for
running SSH protocol servers and their version numbers. Version 2.0 adds
support for scanning arbitrary ports and specifically open proxies. The
ScanSSH protocol scanner supports random selection of IP addresses from
large network ranges and is useful for gathering statistics on the
deployment of SSH protocol servers in a company or the Internet as whole.

-
p0f
Passive OS fingerprinting tool
p0f performs passive OS detection based on SYN packets. Unlike nmap
and queso, p0f does recognition without sending any data.
Additionally, it is able to determine the distance to the remote
host, and can be used to determine the structure of a foreign or
local network. When running on the gateway of a network it is able
to gather huge amounts of data and provide useful statistics. On a
user-end computer it could be used as powerful IDS add-on. p0f
supports full tcpdump-style filtering expressions, and has an
extensible and detailed fingerprinting database.

-

Misc Tools:
TCPTraceroute
A traceroute implementation using TCP packets
The more traditional traceroute(8) sends out either UDP or ICMP ECHO
packets with a TTL of one, and increments the TTL until the destination
has been reached. By printing the gateways that generate ICMP time
exceeded messages along the way, it is able to determine the path packets
are taking to reach the destination.

The problem is that with the widespread use of firewalls on the modern
Internet, many of the packets that traceroute(8) sends out end up being
filtered, making it impossible to completely trace the path to the
destination. However, in many cases, these firewalls will permit inbound
TCP packets to specific ports that hosts sitting behind the firewall are
listening for connections on. By sending out TCP SYN packets instead of
UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common
firewall filters.

Traceroute
Traces the route taken by packets over an IPv4/IPv6 network
The traceroute utility displays the route used by IP packets on their way to a
specified network (or Internet) host. Traceroute displays the IP number and
host name (if possible) of the machines along the route taken by the packets.
Traceroute is used as a network debugging tool. If you're having network
connectivity problems, traceroute will show you where the trouble is coming
from along the route.

Install traceroute if you need a tool for diagnosing network connectivity
problems.

Homepage:

Whois
the GNU whois client
This is a new whois (RFC 3912) client rewritten from scratch.
It is inspired from and compatible with the usual BSD and RIPE whois(1)
programs.
It is intelligent and can automatically select the appropriate whois
server for most queries.

The package also contains mkpasswd, a simple front end to crypt(3).

-

Rootkit Detection:

Chkrootkit
Checks for signs of rootkits on the local system
chkrootkit identifies whether the target computer is infected with a rootkit.
Some of the rootkits that chkrootkit identifies are:
1. lrk3, lrk4, lrk5, lrk6 (and some variants);
2. Solaris rootkit;
3. FreeBSD rootkit;
4. t0rn (including latest variant);
5. Ambient's Rootkit for Linux (ARK);
6. Ramen Worm;
7. rh[67]-shaper;
8. RSHA;
9. Romanian rootkit;
10. RK17;
11. Lion Worm;
12. Adore Worm.
Please note that this is not a definitive test, it does not ensure that the
target has not been cracked. In addition to running chkrootkit, one should
perform more specific tests.

-

RkHunter
rootkit, backdoor, sniffer and exploit scanner
Rootkit Hunter scans systems for known and unknown rootkits,
backdoors, sniffers and exploits.

It checks for:
- MD5 hash changes;
- files commonly created by rootkits;
- executables with anomalous file permissions;
- suspicious strings in kernel modules;
- hidden files in system directories;
and can optionally scan within files.

Using rkhunter alone does not guarantee that a system is not
compromised. Running additional tests, such as chkrootkit, is
recommended.

-

UnHide
Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.

unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)

unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.

This package can be used by rkhunter in its daily scans.

-

Secure Erase:
wipe
Secure file deletion
Recovery of supposedly erased data from magnetic media is easier than what many
people would like to believe. A technique called Magnetic Force Microscopy
(MFM) allows any moderately funded opponent to recover the last two or three
layers of data written to disk. Wipe repeatedly writes special patterns to the
files to be destroyed, using the fsync() call and/or the O_SYNC bit to force
disk access.

-

Undelete/Recovery:

Foremost
Forensics application to recover data
This is a console program to recover files based on their headers and
footers for forensics purposes.

Foremost can work on disk image files, such as those generated by dd,
Safeback, Encase, etc, or directly on a drive. The headers and footers
are specified by a configuration file, so you can pick and choose which
headers you want to look for.

-

e2undel
Undelete utility for the ext2 file system
Interactive console tool to recover the data of deleted files on
an ext2 file system under Linux. It does not require knowledge
about how ext2 file systems works and should be usable by
most people.

This tools searches all inodes marked as deleted on a file system and
lists them as sorted by owner and time of deletion. Additionally,
it gives you the file size and tries to determine the file type in
the way file(1) does. If you did not just delete a whole bunch of
files with a 'rm -r *', this information should be helpful to find
out which of the deleted files you would like to recover.

E2undel will not work on ext3 (journaling) filesystems.

Homepage: http://e2undel.sourceforge.net

-

Recover
Undelete files on ext2 partitions
Recover automates some steps as described in the ext2-undeletion
howto. This means it seeks all the deleted inodes on your hard drive
with debugfs. When all the inodes are indexed, recover asks you some
questions about the deleted file. These questions are:
* Hard disk device name
* Year of deletion
* Month of deletion
* Weekday of deletion
* First/Last possible day of month
* Min/Max possible file size
* Min/Max possible deletion hour
* Min/Max possible deletion minute
* User ID of the deleted file
* A text string the file included (can be ignored)

If recover found any fitting inodes, it asks to give a directory name
and dumps the inodes into the directory. Finally it asks you if you
want to filter the inodes again (in case you typed some wrong
answers).

Note that recover works only with ext2 filesystems - it does not support
ext3.

http://recover.sourceforge.net/linux/recover/

-

Port Scan Detection:

PSAD
The Port Scan Attack Detector
PSAD is a collection of four lightweight system daemons written in
Perl and in C that is designed to work with Linux firewalling code
(iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels)
to detect port scans. It features a set of highly configurable danger
thresholds (with sensible defaults provided), verbose alert messages
that include the source, destination, scanned port range, begin and
end times, tcp flags and corresponding nmap options (Linux 2.4.x
kernels only), reverse DNS info, email alerting, and automatic
blocking of offending ip addresses via dynamic configuration of
ipchains/iptables firewall rulesets.

In addition, for the 2.4.x kernels psad incorporates many
of the tcp signatures included in Snort to detect highly suspect scans
for:

* various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven)
* DDoS tools (mstream, shaft)
* advanced port scans (syn, fin, xmas) such as those made with nmap

Homepage: http://www.cipherdyne.org/

-
PortSentry
Portscan detection daemon
PortSentry has the ability to detect portscans(including stealth scans) on
the network interfaces of your machine. Upon alarm it can block the
attacker via hosts.deny, dropped route or firewall rule. It is part of the
Abacus program suite.

Note: If you have no idea what a port/stealth scan is, It's recommended to
have a look at http://sf.net/projects/sentrytools/ before installing this
package. Otherwise you might easily block hosts you'd better not (e.g. your
NFS-server, name-server, etc.).

-

Snort
Flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.

This package provides the plain-vanilla snort distribution and does not
provide database (available in snort-pgsql and snort-mysql) support.

-

Privilege escalation detection:
Ninja
Ninja is a privilege escalation detection and prevention
system for GNU/Linux hosts. While running, it will monitor
process activity on the local host, and keep track of all
processes running as root. If a process is spawned with
UID or GID zero (root), ninja will log necessary information
about this process, and optionally kill the process
if it was spawned by an unauthorized user.
A "magic" group can be specified, allowing members of this
group to run any setuid/setgid root executable.
Individual executables can be whitelisted. Ninja uses a
fine grained whitelist that lets you whitelist executables
on a group and/or user basis. This can be used to allow
specific groups or individual users access to setuid/setgid
root programs, such as su(1) and passwd(1).

Homepage: http://forkbomb.org/ninja

Filesystem Integrity:

Aide
Advanced Intrusion Detection Environment - static binary
AIDE is an intrusion detection system that detects changes to files on
the local system. It creates a database from the regular expression rules
that it finds from the config file. Once this database is initialized
it can be used to verify the integrity of the files. It has several
message digest algorithms (md5, sha1, rmd160, tiger, haval, etc.) that are
used to check the integrity of the file. More algorithms can be added
with relative ease. All of the usual file attributes can also be checked
for inconsistencies.

This package contains the statically linked binary for "normal"
systems.

You will almost certainly want to tweak the configuration file in
/etc/aide/aide.conf or drop your own config snippets into
/etc/aide/aide.conf.d.

Upstream URL: http://sourceforge.net/projects/aide

-

Integrit
A file integrity verification program
Integrit helps you determine whether an intruder has modified your
system. Without the use of integrit, a sysadmin wouldn't know if the
programs used for investigating the system are trojan horses or not.
Integrit works by creating a database that is a snapshot of the most
essential parts of the system. You put the database somewhere safe,
and then later you can use it to make sure that no one has made any
illicit modifications to your file system.

Integrit's key features are the small memory footprint, the design
with unattended use in mind, intuitive cascading rulesets for the
paths listed in the configuration file, the possibility of XML or
human-readable output, and simultaneous checks and updates.

See http://integrit.sourceforge.net/ for more information.

-

Debsums
Verify installed package files against MD5 checksums.
debsums can verify the integrity of installed package files against
MD5 checksums installed by the package, or generated from a .deb
archive.

-

Fcheck
IDS filesystem baseline integrity checker
The fcheck utility is an IDS (Intrusion Detection System)
which can be used to monitor changes to any given filesystem.

Essentially, fcheck has the ability to monitor directories, files
or complete filesystems for any additions, deletions, and modifications.
It is configurable to exclude active log files, and can be ran as often
as needed from the command line or cron making it extremely difficult to
circumvent.

-

SamHain
Data integrity and host intrusion alert system
Samhain is an integrity checker and host intrusion detection system that
can be used on single hosts as well as large, UNIX-based networks.
It supports central monitoring as well as powerful (and new) stealth
features to run undetected on memory using steganography.

Main features
* Complete integrity check
+ uses cryptographic checksums of files to detect
modifications,
+ can find rogue SUID executables anywhere on disk, and
* Centralized monitoring
+ native support for logging to a central server via encrypted
and authenticated connections
* Tamper resistance
+ database and configuration files can be signed
+ logfile entries and e-mail reports are signed
+ support for stealth operation

Homepage: http://la-samhna.de/samhain/index.html

-

SleuthKit
Tools for forensics analysis
The Sleuth Kit (previously known as TASK) is a collection of UNIX-based
command line file system and media management forensic analysis tools.
The file system tools allow you to examine file systems of a suspect
computer in a non-intrusive fashion. Because the tools do not rely on
the operating system to process the file systems, deleted and hidden
content is shown.

The media management tools allow you to examine the layout of disks and
other media. The Sleuth Kit supports DOS partitions, BSD partitions
(disk labels), Mac partitions, and Sun slices (Volume Table of
Contents). With these tools, you can identify where partitions are
located and extract them so that they can be analyzed with file system
analysis tools.

When performing a complete analysis of a system, we all know that
command line tools can become tedious. The Autopsy Forensic Browser is
a graphical interface to the tools in The Sleuth Kit, which allows you
to more easily conduct an investigation. Autopsy provides case
management, image integrity, keyword searching, and other automated
operations.

The Sleuth Kit's upstream homepage can be found at
http://www.sleuthkit.org/sleuthkit/.

-

Stealth
A stealthy File Integrity Checker
The STEALTH program performs File Integrity Checks on (remote) clients. It
differs from other File Integrity Checkers by not requiring baseline
integrity data to be kept on either write-only media or in the client's file
system. In fact, client's will contain hardly any indication at all that they
are being monitored, thus improving the stealthiness of the integrity scans.

STEALTH uses standard available software to perform file integrity checks
(like find(1) and md5sum(1)). Using individualized policy files, it is highly
adaptable to the specific requirements of its clients.

In production environments STEALTH should be run from an isolated computer
(called the `STEALTH monitor'). In optimal configurations the STEALTH
monitor should be a computer not accepting incoming connections. The account
used to connect to its clients does not have to be `root': usually
read-access to the client's file system is enough to perform a full integrity
check. Instead of using `root' a more restrictive administrative or
ordinary account might offer all requirements for the desired integrity
check.

STEALTH itself must communicate with the computers it should monitor. It is
essential that this communication is secure, and STEALTH configurations will
therefore normally specify SSH as the command-shell to use to connect to its
clients. STEALTH may be configured so as to use but one SSH connection per
client, even if integrity scans are to be performed repeatedly. Apart from
this, the STEALTH monitor might be allowed to send e-mail to remote clients
system's maintainers.

STEALTH-runs itself may start randomly within specified intervals. The
resulting unpredicability of STEALTH-runs further increases STEALTH's
stealthiness.

STEALTH's acronym is expanded to `Ssh-based Trust Enforcement Acquired
through a Locally Trusted Host': the client's trust is enforced, the locally
trusted host is the STEALTH monitor.

-

TripWire
file and directory integrity checker
Tripwire is a tool that aids system administrators and users in
monitoring a designated set of files for any changes. Used with
system files on a regular (e.g., daily) basis, Tripwire can notify
system administrators of corrupted or tampered files, so damage
control measures can be taken in a timely manner.

Have anything else worth mentioning? Please leave a comment

Expand full post here...

Summary only...

I ran across a nice sysctl.conf file that will help secure your computer and prevent many different attacks on your computer like Man In the Middle Attacks, Syn attacks, source routing scans/attacks, spoofing protection/logging, and many others, read below.

Lets Harden our kernel:
sudo gedit /etc/sysctl.conf
Now lets paste the following example below then ctrl-s save and exit
After you make the changes to the file lets apply the changes without a reboot:
sysctl -p
sysctl -w net.ipv4.route.flush=1

Example:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

#Prevent SYN attack
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

# Disables packet forwarding
net.ipv4.ip_forward=0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disables the magic-sysrq key
kernel.sysrq = 0

# Modify system limits for Ensim WEBppliance
fs.file-max = 65000

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Set maximum amount of memory allocated to shm to 256MB
kernel.shmmax = 268435456

# Improve file system performance
vm.bdflush = 100 1200 128 512 15 5000 500 1884 2

# Improve virtual memory performance
vm.buffermem = 90 10 60

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the maximum total TCP buffer-space allocatable
net.ipv4.tcp_mem = 57344 57344 65536

# Increase the maximum TCP write-buffer-space allocatable
net.ipv4.tcp_wmem = 32768 65536 524288

# Increase the maximum TCP read-buffer space allocatable
net.ipv4.tcp_rmem = 98304 196608 1572864

# Increase the maximum and default receive socket buffer size
net.core.rmem_max = 524280
net.core.rmem_default = 524280

# Increase the maximum and default send socket buffer size
net.core.wmem_max = 524280
net.core.wmem_default = 524280

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

# Increase the maximum memory used to reassemble IP fragments
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464

# Increase the maximum amount of option memory buffers
net.core.optmem_max = 57344

# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 1024

## DO NOT REMOVE THE FOLLOWING LINE!
## nsobuild:20051206

The above script was found here

Is there any other sysctl settings worth mentioning for hardening?

Expand full post here...

Summary only...

In todays world we need some protection against the anti-P2P organizations, script kiddies and big brother, Iplist is a kick-ass tool that will help protect your privacy!

What is iplist?
iplist is a list based packet handler which uses the netfilter netlink-queue library (kernel 2.6.14 or later). It filters by IP-address and is optimized for thousands of IP-address ranges.

Some typical reasons for using iplist are:

• to protect your privacy while sharing with others on p2p networks
  
• to ban unwanted clients from servers
  
• to block whole countries or networks
• to block spam- and ad-servers
• to block known hackers

Installation for Hardy Heron:
wget http://internap.dl.sourceforge.net/sourceforge/iplist/iplist_0.19-0hardy2_i386.deb
sudo dpkg -i iplist_0.19-0hardy2_i386.deb
There is packages for all other Ubuntu/Linux Versions Here

After the installation ipblock can be found in main menu -> Internet -> ipblock.

Lists
The default choice for lists is similar to peerguardian, you have the option to add/remove what you need.

• level1.gz - Anti-p2p companies, Fake p2p file sources, Government, Military, Science, Research Labs, Bad Education facilities, and more.
• ads-trackers-and-bad-pr0n.gz - Advertising and data tracker servers
• spyware.gz - Malicious spyware and adware servers
• edu.gz - Educational institutions and universities
• bogon.gz - Spoofed IP-addresses

These lists are maintained by www.bluetack.co.uk. Custom p2p or dat lists can easily be added. Note that lists can optionally be compressed with gzip.
Settings

All options can be configured in this tab. Auto-updating lists is important and the default choice of 2 days is reasonable because www.bluetack.co.uk updates their lists 3 times per week. Using out-of-date lists is not recommended.

To ignore specific network traffic like HTTP or EMAIL (pop3) use the ignored ports section.

More information can be found @ the developers site here
More information on Blocklists can be found here

Expand full post here...

Summary only...

Dont you hate when you run into a locked down pdf on the web? I search google all the time for title filetype:pdf and some are locked, this is the solution! PDFCrack is a GNU/Linux (other POSIX-compatible systems should work too) tool for recovering passwords and content from PDF-files. It is small, command line driven without external dependencies. The application is Open Source (GPL).
Features

* Supports the standard security handler (revision 2 and 3) on all known PDF-versions
* Supports cracking both owner and userpasswords
* Both wordlists and bruteforcing the password is supported
* Simple permutations (currently only trying first character as Upper Case)
* Save/Load a running job
* Simple benchmarking
* Optimised search for owner-password when user-password is known


Install pdfcrack in Ubuntu

sudo aptitude install pdfcrack

pdfcrack Syntax

pdfcrack -f filename [options]

pdfcrack Options

-b, - -bench - Perform benchmark and exit.
-c, - -charset=STRING - Use the characters in STRING as charset.
-m, - -maxpw=INTEGER - Stop when reaching INTEGER as password length.
-n, - -minpw=INTEGER - Skip trying passwords shorter than INTEGER.
-l, - -loadState=FILE - Continue from the state saved in FILENAME.
-o, - -owner - Work with the ownerpassword.
-p, –password=STRING - Uses STRING as userpassword to speed up breaking ownerpassword (implies -o).
-q, - -quiet - Run quietly.
-s, - -permutate - Try permutating the passwords (currently only supports switching
first character to uppercase).
-u, - -user - Work with the userpassword (default).
-v, - -version - Print version and exit.
-w, - -wordlist=FILE - Use FILE as source of passwords to try.

pdfcrack Example

pdfcrack mylocked.pdf

More information on this great utility can be found @ the authors site here
Lifehacker.com Has some alternative utilities and ideas for cracking pdf's here
UbuntuGeek has some information about this tool here

Expand full post here...

Summary only...

PSAD is a collection of four lightweight system daemons written in Perl and in C that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options (Linux 2.4.x kernels only), reverse DNS info, email alerting, and automatic blocking of offending ip addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the tcp signatures included in Snort to detect highly suspect scans.
Lets install it shall we?
clickme for 1-click install or:
sudo apt-get install psad
To check PSAD status simply run:
sudo psad -S
or
psad –Status
For more Detailed documentation about PSAD configuration, alerting and logging howto check out:
http://www.cipherdyne.org/psad/docs/

Expand full post here...

Summary only...

Ok this is my favorite feature of tor, I have a Completely Anonymous ssh server setup for myself to access from anywhere but I prefer not have people from outside my network access the ssh server. So, only people with my exact *.onion address can access my computer which is only me!
Lets get started!

The first thing I do is setup Vidalia GUI and TOR, there is more information here
Now once you got vidalia and tor setup and running follow these steps:

Next edit ~/.vidalia/torrc and add these two lines:

gedit ~/.vidalia/torrc
HiddenServiceDir /home/YOURUSERNAME/.vidalia/ssh
HiddenServicePort 22 127.0.0.1:22
The HiddenServiceDir contains a text file that we will cat after we execute tor for our anonsecrethostname.onion
Port 22 is of course SSH

Grab connect.c and lets configure it:
wget http://ubuntu-debs.googlecode.com/files/connect.c
gcc connect.c -o /etc/ssh/connect
sudo gedit /etc/ssh/ssh_config
Append this to /etc/ssh/ssh_config

# use /etc/ssh/connect to use tor to connect to ssh in torland
Host *.onion
ProxyCommand /etc/ssh/connect -S localhost:9050 %h %p

You can append -d for verbose after /etc/ssh/connect if you have problems...

Grab your secret host name:
cat ~/.vidalia/ssh/hostname
Right Click Vidalia, Stop Tor and Restart it and your done!
Were done! Now you can do a "ssh user@16xdigit.onion" every time your local tor-server is running.
Enjoy,
defcon
Here is the verbose output when connecting:

ssh dude@ka93kasd55srt56.onion -p 22
DEBUG: No direct address are specified.
DEBUG: relay_method = SOCKS (2)
DEBUG: relay_host=localhost
DEBUG: relay_port=9050
DEBUG: relay_user=dude
DEBUG: socks_version=5
DEBUG: socks_resolve=REMOTE (2)
DEBUG: local_type=stdio
DEBUG: dest_host=ka93kasd55srt56.onion
DEBUG: dest_port=22
DEBUG: Program is $Revision$
DEBUG: checking ka93kasd55srt56.onion is for direct?
DEBUG: ka93kasd55srt56.onion is for not direct.
DEBUG: resolving host by name: localhost
DEBUG: resolved: localhost (127.0.0.1)
DEBUG: connecting to 127.0.0.1:9050
DEBUG: begin_socks_relay()
DEBUG: available auth method[0] = NO-AUTH (0x00)
DEBUG: available auth method[1] = USERPASS (0x02)
DEBUG: atomic_out() [4 bytes]
DEBUG: >>> 05 02 00 02
DEBUG: atomic_in() [2 bytes]
DEBUG: <<< 05 00
DEBUG: auth method: NO-AUTH
DEBUG: atomic_out() [29 bytes]
DEBUG: >>> 02 01 00 03 16 32 74 36 12 6a 65 77 ab 35 35 35 32 7e 6f 76 74 2r 7a 6e 69 6f 9e 08 ae
DEBUG: atomic_in() [4 bytes]
DEBUG: <<< 05 00 00 01
DEBUG: atomic_in() [6 bytes]
DEBUG: <<< 00 00 00 00 00 00
DEBUG: connected
DEBUG: start relaying.
DEBUG: recv 38 bytes
DEBUG: sent 38 bytes
DEBUG: sent 792 bytes
DEBUG: recv 498 bytes
DEBUG: recv 286 bytes
DEBUG: sent 24 bytes
DEBUG: recv 152 bytes
DEBUG: sent 144 bytes
DEBUG: recv 498 bytes
DEBUG: recv 222 bytes
The authenticity of host '[ka93kasd55srt56.onion]:22 ()' can't be established.
RSA key fingerprint is a5:f5:a1:6a:re:be:55:t1:4b:b8:y2:e3:aa:09:0f:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[ka93kasd55srt56.onion]:22' (RSA) to the list of known hosts.
DEBUG: sent 64 bytes
DEBUG: recv 48 bytes
DEBUG: sent 64 bytes
DEBUG: recv 64 bytes
dude@ka93kasd55srt56.onion's password:


Expand full post here...

Summary only...

This howto is for Gutsy or Hardy Heron. It shows you how to configure the onion router tor, and install the P2P client torchat. this client is written in python and runs on windows & MAC too!
TorChat is a peer to peer instant messenger with a completely decentralized design, built on top of Tor's location hidden services, giving you extremely strong anonymity while being very easy to use without the need to install or configure anything.

TorChat just runs from an USB drive on any Windows PC. (It can run on Linux and Mac too, in fact it was developed on Linux with cross platform usability in mind from the very first moment on, but the installation on other platforms than Windows is a bit more complicated at the moment)

Tor location hidden services basically means:

• Nobody will be able to find out where you are.
• If they are already observing you and sniff your internet connection they will not be able to find out
• what you send or receice
• to whom you are sending or receiving from
• where your contacts are located

1. Install Tor & Privoxy
sudo apt-get install tor privoxy

2. Configure Privoxy
sudo gedit /etc/privoxy/config
add this line at the end: (with the dot at the end)
forward-socks4a / localhost:9050 .
Restart Privoxy:
sudo /etc/init.d/privoxy restart
Now go to Firefox addons and install this neat SwitchProxy Tool. After a FireFox restart, go to Extra > Switch Proxy > manage proxies > add > standard > next.

Enter the following information into both the HTTP Proxy and SSL Proxy fields.
Hostname: 127.0.0.1 Port: 8118.
Use SocksV5 and port 9050 for socks
Set up any proxy exceptions you may need (localhost, 127.0.0.1 is a good idea) and then click on OK.(Do this also for the proxy label)

3. Configure Tor:
sudo gedit /etc/tor/torrc
Find the following section and change it to:

############### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 11009 127.0.0.1:11009

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

Now lets create the hidden tor dir & restart tor:
sudo mkdir /var/lib/tor/hidden_service/
sudo /etc/init.d/tor restart

4. Install Torchat
Now you can use firefox with tor. But we want chat, so get the latest Torchat source (at the time of writing this howto it was version 0.9.9.64)
mkdir ~/torchat
wget http://torchat.googlecode.com/files/torchat-source-0.9.9.64.zip
unzip torchat-source-0.9.9.64.zip
move source code:
(assuming the py files are unpacked in the folder /home/username/src)
sudo mv src/* ~/torchat/
Install needed python-wx:
sudo apt-get install python-wxgtk2.8 python2.5
Create starter menu entry:
sudo gedit /usr/share/applications/torchat.desktop
paste into the editor window:

[Desktop Entry]
Encoding=UTF-8
Name=torchat
Comment=anonymous chat client
Exec=python /usr/share/torchat/torchat.py
Icon=/usr/share/torchat/icons/torchat.ico
Terminal=0
Type=Application
Categories=Application;Internet;

5. get your user ID for torchat:
sudo less /var/lib/tor/hidden_service/hostname
This will display something like:
hanZcp5y3fljsnay.onion
The red part is your id, tell this ID (without the .onion) to your friends to add you to their torchat.
6. Tell Torchat your User ID:
sudo gedit ~/torchat/tc_client.py
Change OWN_HOSTNAME to your userid, or it will NOT work!
OWN_HOSTNAME = "hanZcp5y3fljsnay" #.onion ( <-- change the 16 Quoted chars with your onion ID... the red one from step 5)
7. Run Torchat:
Now start torchat with the Start menu Icon or from a terminal:
python ~/torchat/torchat.py

You will see a window with your contact list. One of the contacts is labled "myself". This 16 numbers and letters are your unique address inside the Tor-Network. Wait a few minutes until the icon becomes green. Give this address to your friends so that they can add you to their list or add your friends address to your list. It all basically behaves like you would expect from an instant messenger.

The Author states that starting TorChat & logging in the tor network can sometimes take up to 15 Minutes (it takes around 1 minute for me)

The contents of the folder /var/lib/tor/hidden_service are your personal key. They must always be kept secret. If someone wants to impersonate your identity he must and will try to steal the contents of this folder from you.

Keep this always in mind. It would probably be a good idea to use TorChat in conjunction with something like TrueCrypt.

8.Removing TorChat
If you have installed torchat following 4. (from source) run:
sudo rm /usr/share/applications/torchat.desktop
sudo rm -R ~/torchat/
In both cases, don't forget to safely delete the tor hidden_service directory /var/lib/tor/hidden_service/ with e.g. the shred tool!
Credits:
Bits & pieces for this howto were in true open source spirit shamelessly taken from:
- HOWTO surf anonymous by user dutch
- Torchat, written by prof7bit
- Truecrypt FAQ
- privoxy & tor manpages
- Installing SwitchProxy for Tor
- Ubuntu Forums

Expand full post here...

Summary only...

A ssh tunnel for Firefox to a remote computer is good security measure. Especially when connecting via an untrusted network like a wifi hotspot or other public networks. The tunnel encrypts and sends the data to your remote machine then it is sent over the web to your destination. This tutorial assumes you have an account on a remote machine you can ssh into. This is a pretty easy set up.


Now all you need to do is login your remote computer that you have access to with SSH then issue this 1 command:
ssh -D 9999 -C me@ipaddress.com

The -D switch - Specifies a local “dynamic” application-level port forwarding. We are also adding the -C switch for compression.

Next we need to put the settings into Firefox.

Firefox> Edit> Preferences> Advanced tab> Network tab> Settings button.

Select Manual proxy configuration
SOCKS Host: localhost Port: 9999
SOCKS v5
No Proxy for: localhost, 127.0.0.1

Note: Sometimes localhost can cause a problem. If your settings are right and it still is not working replace localhost with 127.0.0.1.

Expand full post here...

Summary only...

I absolutely love clipperz, I use this every day and had to share it with you all, to me this pwnz KeepassX and other offline managers, here is some information from the clipperz site!

Click To Play

Clipperz - Keep it to yourself!
What does Clipperz do?

You can think of Clipperz as your web Rolodex, a card index where you can enter any sort of confidential data without worrying about security. It can be used to store and freely organize passwords, confidential notes, burglar alarm codes, credit and debit card details, PINs, software keys, …

What problem does Clipperz solve?

Clipperz does solve the “password fatigue” and make the Internet the most convenient and safe place to store private and sensitive data. However since passwords are the most common type of sensitive information that you need to protect, we added a lot of functionalities to make Clipperz the best online password manager.

Features

One-click login

Users can store the details of their online services into Clipperz and quickly create a “direct login” link for each of them: just one click to authenticate and access the online service without typing any username and password. View this video or read more …

Offline copy

Users can dump their encrypted data from Clipperz servers to a local hard disk or USB drive and create a read-only portable version of Clipperz to be used when no Internet connection is available. Clipperz offline copy can also be easily moved to a USB drive. more …

Clipperz Compact

A stripped down edition designed for the Firefox sidebar. It makes “direct logins” even more addictive! And it works with Opera panels too. more …

Import and export

It’s your data! No vendor lock-in: you can move your data out of Clipperz anytime. On the other hand Clipperz provides bulk data import from a variety of formats (CSV, Excel, Keepass, Roboform, …). more …

Zero-maintenance

Nothing to install. Nothing to backup. You can always access your precious data from any computer, any browser, any OS.

Anonymity

Clipperz is completely anonymous. To open a Clipperz account no personal information or email is requested. Just pick a username and a passphrase. more …

Sharing (coming soon)

A public key infrastructure is transparently embedded within Clipperz. Users can define “trusted contacts” and policies for sharing secrets with them. Trust mechanism from the real world could be moved within Clipperz without bothering with certificates and authorities. more

Register today @ Clipperz, it is free and opensource!

Expand full post here...

Summary only...

[updated] - Added ppa archive, Updated Tor to latest Version, Updated To latest Vidalia Version and added Tor speed Tweaks!

Do you want completely anonymous internet access? For Free? Tor is the open source leader to anonymous connections on the internet, you can anonymize your internet presence from AIM/ICQ/MSN/ Jabber/IRC/WWW/FTP and you can even issue a torify command at the command prompt to anonymize your wget/ssh/lynx/ftp/perl or whatever. Basically tor is for the people by the people, it is only alive because we make it so, we can choose to use it freely or use it freely and help it out by running a server on your computer to make the internet safer. Basically tor encrypts your data communications through chained/linked proxies all over the internet.

Vidalia is a cross-platform controller GUI for Tor, built using the Qt framework. Using Vidalia, you can start and stop Tor, view the status of Tor at a glance, and monitor Tor’s bandwidth usage. Vidalia also makes it easy to contribute to the Tor network by helping you set up and manage your own Tor server.

Vidalia runs on most platforms supported by Qt 4.1 or later, including Windows, Mac OS X, and Linux or other Unix variants using the X11 window system.

Here is how to set it up

First things first lets get the latest tor and its dependencies then install Tor
This post may be outdated, here is the latest src
sudo apt-get install libevent
wget http://www.torproject.org/dist/tor-0.2.0.22-rc.tar.gz
tar zxvf tor-0.2.0.22-rc.tar.gz ; cd tor-0.2.0.22-rc
./configure && make
sudo make install
Ok now tor should be installed...

Now lets Install Vidalia GUI
I prefer to grab the latest version and compile to source but I will give you the quick and easy way and then how to compile from src
Open up System->Preferences->Software Sources and enter these repositories into 3rd Party Repositories:
deb http://ppa.launchpad.net/adnarim/ubuntu gutsy main
deb-src http://ppa.launchpad.net/adnarim/ubuntu gutsy main

Then apt-get:
sudo apt-get install vidalia

Alternatively you can install this package by compiling it from source, here is how:

This will apt get tor and the dependencies, wget vidalia, extract and cd to the directory and configure for you.

sudo apt-get install qt4-dev-tools qt4-designer libqt4-dev cmake

wget http://www.vidalia-project.net/dist/vidalia-0.1.1.tar.gz
This vidalia package may be outdated, check here for the latest version!
tar zxvf vidalia-0.1.1.tar.gz

cd vidalia-0.1.1

cmake . && make

sudo make install

Now the latest vidalia and Tor are compiled and installed!

Once installed press alt F2 and open the run prompt and type in “vidalia” without the quotes, this will start tor, vidalia and you can configure tor/vidalia by right clicking on the tray applet and click on settings, right there you can view all the nodes and choose what to connect to, see node uptimes, os’s and locations with a graphical map.

For web browsing in firefox I prefer using an extention named FoxyProxy it works well with firefox and swiftfox, you can grab this extention directly from here
If you prefer stronger anonymity & protection I strongly Suggest Torbutton for firefox
Direct Download NOW
Install the addon and go through the Tor wizard and it will set you up for you and you can view which tor nodes you connect through actively via vidalia

I hope you enjoy my first tutorial on ubuntu privacy concerns. I hope many more people use tor and set up a server to anonymize the world.

[updated]
Speed Tweaks for tor:
Ok we all know tor can be slower than a turtle so, lets get to editing our torrc so we can improve the speed!
gedit ~/.vidalia/torrc

Paste this at the beginning of the torrc:

# Set the Tor Circuit Build time to find faster tor servers, increments of seconds
CircuitBuildTimeout 2
# connections while Tor is not in use.
KeepalivePeriod 60
# Force Tor to consider whether to build a new circuit every NUM seconds.
NewCircuitPeriod 15
# Set How many entry guards we should we keep at a time
NumEntryGuards 8

Now ctrl-s Save and exit, and restart tor/vidalia

Expand full post here...

Summary only...

WARNING: Do NOT try these examples; they will cause data loss!
If you intentionally want to wipe your hard drive or destroy all data on it, here are a few examples!

The following examples are provided to warn about the dangers of dd, if used incorrectly. Trying any of these commands with the proper privileges will almost certainly result in major data loss, and may make the system unusable. In order to prevent accidental copying and pasting, “dd” has been replaced with “[dd]” here.

This overwrites the complete first hard disk with null bytes, erasing it (though not in a manner that is as secure as overwriting with random data):

[dd] if=/dev/zero of=/dev/hda

This overwrites the first few blocks of the first hard disk with the file, resulting in a loss of the partition table:

[dd] if=funnysong.mp3 of=/dev/hda

This will completely corrupt an entire hard disk (/dev/dsp is the sound player/recorder):

[dd] if=/dev/dsp of=/dev/hda

This will overwrite an entire disk with pseudorandom data, making its initial contents unrecoverable outside a clean room in a hard drive forensics laboratory, and probably unrecoverable there as well.

[dd] if=/dev/urandom of=/dev/hda

The examples above presume device names (valid on some Linux systems) that may be different on other platforms. Here are some common variations.

Mac OS X:

[dd] if=/dev/zero of=/dev/disk0

Minix:

[dd] if=/dev/zero of=/dev/c0d0p0

NetBSD/OpenBSD (does not work if securelevel > 1):

[dd] if=/dev/zero of=/dev/rwd0
Let me know if you find anything more destructive/efficient!

Expand full post here...

Summary only...

Previously I posted a tutorial on setting up wipe with Nautilus, It has come to my attention that since ext3 is a journaling file system that wipe isn't enough to securely delete files from people that have the tools/hardware to recover files, today I will show you how to delete a file that is unrecoverable to the best of my knowledge.. Read on if you like :)
WARNING: DO NOT RUN THESE POSIX COMMANDS UNLESS YOU ARE EXTREMELY CAREFUL

Issue these commands carefully
dd if=/dev/zero of="file you want shreded"
sync
shred -u -v -n 5 "file you want shreded"
sync

Breaking it down, the commands say this:

* dd: "move data around"
* if=: "the input file is..."
* /dev/zero: "not a file at all, but a device that outputs an unending stream of zeros"
* of=: "and the output file is..."

* sync writes any data buffered in memory out to disk. This can include (but is not limited to) modified super blocks, modified inodes, and delayed reads and writes. This must be implemented by the kernel; The sync program does nothing but exercise the sync(2) system call.

* shred Overwrites the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data.

If you have any other suggestions please share your knowledge, security & privacy should be common knowledge in todays world
defcon

Expand full post here...

Summary only...

Adding wipe to your Nautilus context menu is useful in making it so that you can securely delete any number of files and/or folders at one time simply by selecting them, right clicking, and clicking wipe. Before you can add wipe to the context menu you must have nautilus-actions and wipe installed. To install them on a Debian based system, at the terminal, simply type:

sudo apt-get install wipe
sudo apt-get install nautilus-actions

When you install nautilus-actions a GUI based tool will be installed to allow you configure context menu additions. Access it by, at the terminal, typing:
nautilus-actions-config

Adding the wipe command to the context menu is now very straight forward. The following instructions were written for nautilus-actions 1.4.1:

1. Click the +Add button.
2. For the label enter: Wipe.
3. For the tooltip enter: Use the wipe utility to securely delete the file(s)/folder(s).
4. For the path enter: wipe
5. For the parameters enter: -rf %M
6. Go to the Conditions tab and select the radio button labeled "Both" for when the command should appear and check "Appears if select has multiple files or folders"
7. I left everything else at their defaults. If you don't want to do any further customization just hit OK and close the configuration tool.

8. You can select an icon, I prefer the gtk-dialog-warning icon.
The parameters to wipe, -rf %M, causes files and folders to be deleted without prompting. Due to the -r command, if there are files or subfolders in a selected folder they will also be wiped. If you would like for files to be wiped even when write permission is not set change the parameters to: -rcf %M.

The final step is to reset nautilus. At the terminal type:

nautilus -q
nautilus

You will now have a command for wipe in your Nautilus context menu that allows you to securely delete any number of files and/or folders in two clicks.

Expand full post here...

Summary only...