The Complete Privacy & Security Podcast – Episode 080
Posted on May 19th, 2018
EPISODE 080: This Week In Privacy
This week we talk about third parties buying cell location data, EFail hype, GDPR notices, DNA collection at birth, mic blocker fails, a new opt-out workbook, Offense/Defense, and your listener questions.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
Correction from last week
Third parties buying cell location data
EFail/PGP-https://protonmail.com/blog/pgp-vulnerability-efail
Privacy Policy Updates
DNA collection at birth https://cbsnews.com/news/california-biobank-dna-babies-who-has-access
Mic blockers
Opt-Out Workbook https://inteltechniques.com/data/workbook.pdf
OFFENSE & DEFENSE:
Offense:
number2name.com/###/###
number2name.com/state/city/last name/firstname
number2name.com/il/chicago/smith/john
Defense:
It appears they are run by Infopay
Optout: dataoptout@infopay.com
Details: http://number2name.com/about
LISTENER QUESTIONS:
I’d like your thoughts on remote wiping tools such as find my iphone, which are usually recommended by security folks. Are the privacy risks worth the benefits?
What are your thoughts on placing a credit freeze at National Consumer Telecommunications and Utilities Exchange (NCTUE)?
The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html
Michael’s Website
https://inteltechniques.com/
Justin’s Website
https://operational-security.com/
Please submit your listener questions to us at https://inteltechniques.com/podcast.html
Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 080
Free Online Personal Data Removal Workbook
Posted on May 15th, 2018
I received an email today from a reader of the latest edition of my privacy book Hiding from the Internet. In the book, I include an entire chapter of opt-out links for removing personal information from people-search, data-mining, marketing, and data broker websites. The reader asked if I maintained a digital version of the workbook with active hyperlinks for easy navigation. While I try to maintain a page for hyperlinks from the book, it did not quite replicate the workbook model that is in the official publication. Today, I am releasing the entire workbook in PDF format for free. I hope it helps the process of cleaning up unwanted online details. The direct link is below.
https://inteltechniques.com/data/workbook.pdf
Filed under Privacy, Security | Comments Off on Free Online Personal Data Removal Workbook
Filtering (Private & Public) Common Friends on Facebook
Posted on May 13th, 2018
In my previous career, I relied heavily on the ability to filter a friends list only to those in common with at least two suspects. I could provide two Facebook user names, and receive a list of all friends that they each had in common. If I had a burglary spree and I knew two of the three thieves, Facebook would help me identify the third. If I was investigating a homicide, I could input the suspect and the victim, and quickly identify a short list of priority interviews. This was my shortcut to the subjects that may provide actual information versus a lengthy list of people that may not know the victim well. The ability to compare common friends of two individuals on Facebook can be accomplished with a URL. In the following example, I will filter the list of common friends between Christopher Hadnagy (christopher.hadnagy.92) and Jayson Street (jayson.e.street). First, I must use my Facebook Search Tool to translate christopher.hadnagy.92 to 100019852604792 and jayson.e.street to 734444097. The following URL displays the results, which include ONLY people that are friends with BOTH of my targets.
https://www.facebook.com/browse/mutual_friends/?uid=100019852604792&node=734444097
This technique has been around for a long time, and is not likely new to many readers. In the past, filtering only two people was sufficient. Today, many online targets have thousands of friends, and filtering common results with another target is not enough. The result is still more profiles than can be easily investigated. Additionally, I cheated a bit in this example because both of those subjects have a completely public friends list. There is really no reason I should not be able to isolate common friends. Consider the following example which brings in a person with a “private” friends list and more than two targets.
Assume (theoretically) that I have just finished the first draft of a book titled “The Invisible Life: My Successes and Failures at Making People Disappear”, which includes extremely detailed examples of every advanced privacy strategy that I use with wealthy clients that want to fall off radar, story-driven to help explain my process. I know that Chris Hadnagy has written several successful books on the topic of social engineering, and I see that he is friends with Bill Pollock, the founder of the publishing company No Starch Press. Assume that I want to infiltrate this connection and achieve an unfair advantage toward promoting this title to Bill. We can already see all friends on Hadnagy’s profile, but notice that Bill is a bit more private and chooses not to display his friends:
The official Facebook URL to see common friends is the following:
https://www.facebook.com/friendship/christopher.hadnagy.92/bill.pollock.735
This result discloses two of eighteen mutual friends between our two targets. If I translate Bill’s profile ID and recreate the previous link, I receive the entire list of common friends between the two, regardless of Bill’s privacy settings:
https://www.facebook.com/browse/mutual_friends/?uid=100019852604792&node=788247118
The results identify eighteen people that may influence Bill’s book submission process. That is a lot of people if I wanted to send unsolicited review copies of my book in order to generate buzz in Bill’s circles. Instead, I might want to filter this list only to those that are friends with Chris (public), Jayson (public), and Bill (private). I previously had a working Facebook URL that made this process simple, but it stopped functioning in the past month. Instead, we can make quick use of a spreadsheet to replicate the filter. I copied and pasted all results from the following two URLs into Excel:
https://www.facebook.com/browse/mutual_friends/?uid=100019852604792&node=788247118
https://www.facebook.com/browse/mutual_friends/?uid=100019852604792&node=734444097
This resulted in a list of several names. In Excel, I highlighted the column, then chose Home > Conditional Formatting > Highlight Cell Rules > Duplicate Values. The result in this scenario was red highlighting around only those cells that are friends with all three targets. After sorting by cell color and removing duplicates, I am left with fourteen people that know all three of my subjects. This can be very beneficial considering that Chris and Jayson have hundreds of Facebook friends and Bill keeps his friends list private. There are many investigative scenarios where this can expose immediate people of interest. Below is my actual result, including hyperlinks to each Facebook profile:
My apologies to Chris, Jayson and Bill. Hopefully this does not ruin any potential with No Starch Press for a future book!
Filed under Facebook, OSINT, Search | Comments Off on Filtering (Private & Public) Common Friends on Facebook
The Complete Privacy & Security Podcast – Episode 079
Posted on May 11th, 2018
EPISODE 079: Revisit Your Threat Model
This week we talk about different threat models, online photo storage solutions, and various digital security strategies.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
Nextcloud
https://nextcloud.com/
Nextcloud Web Host File
https://download.nextcloud.com/server/installer/setup-nextcloud.php
MacUpdater
https://www.corecode.io/macupdater/
REVISIT YOUR THREAT MODEL:
What do I want to protect?
Who do I want to protect it from?
How bad are the consequences if I fail?
How likely is it that I will need to protect it?
How much trouble am I willing to go through?
https://ssd.eff.org/en/module/assessing-your-risks
https://arstechnica.com/information-technology/2017/07/how-i-learned-to-stop-worrying-mostly-and-love-my-threat-model/
OFFENSE & DEFENSE:
Offense: e-yearbook: site:e-yearbook.com “name here” high school name
Defense: support@digitaldataonline.com (Polite requests go a long way)
LISTENER QUESTIONS:
Which is better for my privacy and security of my home internet connection, my cable company Wi-Fi, or my cellular hotspot?
As a long time user of KeePass, I’m interested in best practices. Is using a key file a good idea? If so, where should I keep the file? Any other tips?
The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html
Michael’s Website
https://inteltechniques.com/
Justin’s Website
https://operational-security.com/
Please submit your listener questions to us at https://inteltechniques.com/podcast.html
Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 079
The Complete Privacy & Security Podcast – Episode 078
Posted on May 4th, 2018
EPISODE 078: OnlyKey by CryptoTrust
This week we talk with CryptoTrust founder Tim Steiner about the OnlyKey USB device.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
CryptoTrust
https://crp.to/
OnlyKey
https://onlykey.io/
OFFENSE & DEFENSE:
Offense: https://sneakyinfo.com
Defense: https://sneakyinfo.com/removal.php
LISTENER QUESTIONS:
Do you have any opinion on what would be a good venue for hosting a members-only support group? Slack seems a bit reckless.
Any tips on sharing photos with friends and family? I have been using Google Drive due to its high storage capacity and ease of use (e.g. the ability to send a link to a photo album) but for obvious reasons I am trying to de-Google my life.
The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html
Michael’s Website
https://inteltechniques.com/
Justin’s Website
https://operational-security.com/
Please submit your listener questions to us at https://inteltechniques.com/podcast.html
Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 078
The Complete Privacy & Security Podcast – Episode 077
Posted on April 27th, 2018
EPISODE 077: This Week In Privacy Questions
This week we answer six listener questions and tackle an important new Offense/Defense
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
LISTENER QUESTIONS:
I have just found some sites have information on me thanks to the WHOIS information on an old domain. I want to remove the information from these sites and one asks for an ID photo to prove its me. Would you recommend sending one? Also on the other page its impossible to contact them for it to get removed. Any suggestions?
I had a credit card purchase a while back, and received a new card number since. The annual renewal came due, which I didn’t want to renew, and thought the change in card number would be sufficient. However, the merchant managed to find out the new card number and successfully bill the new card. What impact might this have to someone using a card with an alias name if a similar situation occurred?
I want to switch my main number to sudo – but im worried about not being able to use my sudoapp number in mysudo. Do you share this same concern?
New iPhone user here. I just made a junk appleid and signed in, does this sync anything with apples servers? If someone were to steal this account info – could they restore my apps with accounts saved? Would they have my Sudos?
Any thoughts on this Github Apple service removal tool:
https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3?
Also, Does reformatting my Mac and using a new Apple account really achieve anything?
Regarding episode 39, can cell phone company’s “ping” non – smart phone when they are turned off. Another words, am I disclosing my location with my flip phone when it is off?
OFFENSE & DEFENSE:
OFFENSE: https://www.linkedin.com/sales/gmail/profile/viewByEmail/test@email.com
DEFENSE: Discussion
The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html
Michael’s Website
https://inteltechniques.com/
Justin’s Website
https://operational-security.com/
Please submit your listener questions to us at https://inteltechniques.com/podcast.html
Filed under Podcast, Privacy, Security, Uncategorized | Comments Off on The Complete Privacy & Security Podcast – Episode 077
Answering Your Online Security Questions
Posted on April 26th, 2018
During my live Cyber Keynotes, I discuss the ways that I would steal your online accounts, identify your recycled passwords, and craft and spoof unique phishing emails to infect your company’s network. Many of my audiences assume that all “hacking” occurs through large servers and hidden firewalls. In reality, I would prefer to attack you the easiest way possible. One abundant option is to use the public information you share on social networks against you. Consider the following selection of “security questions” required in order to create an Apple account.
The idea is that you choose a question, provide the answer to Apple, and then confirm the answer to them if you ever get locked out of your account. The reality is that anyone who can identify these answers online is one step closer to accessing your account. If you chose one of these options and provide a correct answer, and also happen to be one of 4 million people that take online quizzes at the Good Old Days Facebook page, I might be able to identify your answers quickly. Below are a handful of recent quizzes where people can share some fairly personal details.
If those did not help me, I would look on other Facebook pages to find the following posts where people respond with their personal answers.
The lesson here, which will be obvious to many, is to never provide real information within online security question challenges. When a service forces you to provide your first car, give them an answer completely unrelated to vehicles. Be sure to document this within your password manager.
On the OSINT side, we can get a bit creepy with the following searches on Facebook. The first identifies every user that has “liked” the Good Old Days Facebook page:
https://www.facebook.com/search/str/580909025427843/likers/intersect
Next, we can isolate our query to display comments where a person replied “German shepherd” on a post from this same Facebook page:
https://www.facebook.com/search/str/German shepherd/stories-keyword/580909025427843/stories-topic/intersect/
The results include the following redacted post in response to “What was your first pet’s name?”
On the defense side, please revisit your security questions within your important online accounts. If the answers match the questions, and the details could be found online, change them immediately. On the offense side of the house, these online posts can provide valuable data for your investigations.
Filed under Hacking, ID Theft, OSINT, Search, Security | Comments Off on Answering Your Online Security Questions
LinkedIn Profiles by Email
Posted on April 25th, 2018
The following link will identify and display a LinkedIn profile by providing an email address (replacing the address present):
https://www.linkedin.com/sales/gmail/profile/viewByEmail/lorangb@gmail.com
This is a vital tool, and helps verify valid email addresses. It should work in any browser, but requires you to be logged into LinkedIn. I hope it sticks around a while.
Original Source: https://booleanstrings.com
Filed under OSINT, Search | Comments Off on LinkedIn Profiles by Email
Searching SubDomains with FindSubDomains.com
Posted on April 24th, 2018
I have stressed the importance of searching subdomains for several years. Online services for this come and go, and application-based solutions such as Knock and SubBrute have various levels of success. One of the more robust options is the website FindSubDomains.com. The following example should help explain the power of this free service.
After the recent Southwest flight emergency landing, I was seeking any hidden pages at the southwest.com domain that could reveal additional information about the company. I was not expecting to find anything related to the incident, but grew curious to what content might be behind the curtain of the standard website which allows for flight searching. I navigated to FindSubDomains.com and entered southwest.com as the domain. The direct URL for this is as follows.
https://findsubdomains.com/subdomains-of/southwest.com
I was presented with almost 200 subdomains for southwest.com, a portion of which appear below.
These results include hyperlinks to the subdomains, the IP addresses of the servers hosting the content, and the country of origin. I found the following subdomains of interest, including a brief summary of the intelligence gleaned from the find.
luv.southwest.com forwards to the permission policy of the Responsys marketing company at https://policy2.responsys.net/permission.htm. I can now assume that Southwest sends marketing communications (spam) through this company.
wbmd.southwest.com presents an option for opting-out of Southwest’s advertisement cookie placement. I don’t know how effective that would be, but interesting that they have the option.
mbp.southwest.com possesses little information, but confirms that Southwest uses the NCR ticketing platform API for their passenger ticketing solution. This would be beneficial to an internal social engineering test.
investors.southwest.com forwards to Southwest’s investor portal, identifying an annual operating income of $3.5B.
api-extensions.southwest.com connects to some type of API for Southwest. I did not dig too deep into that. Another option is at api-customer.southwest.com.
bagclaim.southwest.com allows for search of lost baggage tickets if you know the last name and an incident number.
mobile.qa1.southwest.com and mobile.qa5.southwest.com offer a mobile test site of a previous app build, but it appears to connect to live data. When southwest.com is slow due to demand during a snow storm, I know where I will try.
I then started receiving a lot of “Access Denied” subdomains without a prompt for credentials. Those would be very interesting targets during an internal audit.
Nothing here is super sensitive or interesting, but it shows that there is almost always valuable details that are not visible on the main landing page. I think subdomains should be a mandatory step during any research into a domain name.
Filed under OSINT, Search | Comments Off on Searching SubDomains with FindSubDomains.com
The Complete Privacy & Security Podcast – Episode 076
Posted on April 20th, 2018
EPISODE 076: Huge Sudo Updates from Steve Shillingford
This week, Anonyome Labs CEO Steve Shillingford co-hosts to discuss all things related to MySudo.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher
SHOW NOTES:
ANONYOME LABS:
SUDO APP:
OFFENSE & DEFENSE:
OFFENSE: https://www.reverse-lookup.co/lookup/+16185551212
DEFENSE: https://www.reverse-lookup.co/opt_out
LISTENER QUESTIONS:
What podcasts do you listen to and recommend to other privacy enthusiasts?
I am getting ready to travel internationally in a few weeks. I have concerns about bringing my phone and laptop with me due to you having almost zero rights to privacy at customs (Including US customs) and that they can force you to turn on your phone, and unlock it. Furthermore, I’ve read that they can also remove the your electronics from your sight, bring it to another room, and can only imagine what they’re doing. Any advice you can lend on your recommendations for international travel?
The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html
Michael’s Website
https://inteltechniques.com/
Justin’s Website
https://operational-security.com/
Please submit your listener questions to us at https://inteltechniques.com/podcast.html
Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 076