The Complete Privacy & Security Podcast – Episode 086

Posted on July 13th, 2018

EPISODE 086: This Week In Privacy

This week we discuss the ProtonVPN allegations and other privacy-related news from the week.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher


SHOW NOTES:

THIS WEEK IN PRIVACY:

ProtonVPN Attacks
https://www.reddit.com/r/ProtonVPN/comments/8ww4h2/protonvpn_and_tesonet/

ProtonMail DDOS Attacks
https://techcrunch.com/2018/06/27/protonmail-suffers-ddos-attack-that-takes-its-email-service-down-for-minutes/

Amazon VPN Blocking (and solution)

Chrome marking non-HTTPS as Non-Secure

New Phishing with Breach Data
https://inteltechniques.com/blog/2018/07/12/new-phishing-campaign-using-breach-data/

Complete Online Data Removal Workbook
https://inteltechniques.com/data/workbook.pdf

OFFENSE & DEFENSE:

Offense: https://weleakinfo.com/
Defense: Discussion

LISTENER QUESTIONS:

I recently purchased a house into a land trust, the electric was set up in the trust fine but the insurance is not willing to put the policy in the land trust name but requires the names of the occupants, is this a major breach or is this an acceptable compromise in your opinion?

I don’t think I’ve heard you guys discuss privacy issues around predictive keyboards and voice commands. Should I be worried about using the default keyboard on my iphone? Is it sending everything I type to Apple or elsewhere? Is this similar to Google suggested search?


The Complete Privacy and Security Desk Reference Volume I
https://inteltechniques.com/book4.html

The Complete Privacy and Security Desk Reference Volume II
https://inteltechniques.com/book7.html

Michael’s Website
https://inteltechniques.com/

Justin’s Website
https://operational-security.com/

Please submit your listener questions to us at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 086

Data Removal Workbook Updated

Posted on July 12th, 2018

I have applied several updates to the Hiding From The Internet Free Data Removal Workbook (https://inteltechniques.com/data/workbook.pdf). It now contains opt-out instructions for 131 invasive websites. I send a huge thanks to everyone in the Forum that passes along their research.

Filed under Privacy | Comments Off on Data Removal Workbook Updated

New Phishing Campaign Using Breach Data

Posted on July 12th, 2018

I woke up today to find five emails from concerned clients. They all referenced the exact same phishing email that is making the rounds heavily today. First, here is the verbatim message to all five recipients that contacted me:


I do know, REDACTED (a real, accurate password), is your pass word. You do not know me and you’re most likely thinking why you are getting this e-mail, correct?

In fact, I actually setup a malware on the adult vids (porno) web site and you know what, you visited this site to experience fun (you know what I mean). While you were watching video clips, your web browser initiated functioning as a RDP (Remote Desktop) with a keylogger which gave me access to your display screen and cam. Just after that, my software gathered all of your contacts from your Messenger, FB, as well as email.

What did I do?

I made a double-screen video. 1st part shows the video you were watching (you have a nice taste rofl), and 2nd part shows the recording of your web cam.

exactly what should you do?

Well, in my opinion, $2900 is a reasonable price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: 1PLrSKJmzww51A178UgGukF8bXood9ivaQ
(It is cAsE sensitive, so copy and paste it)

Important:
You now have one day to make the payment. (I’ve a special pixel in this message, and right now I know that you have read this message). If I do not get the BitCoins, I will definately send out your video recording to all of your contacts including relatives, colleagues, and many others. However, if I do get paid, I’ll destroy the video immidiately. If you really want proof, reply with “Yes!” and I will send out your video to your 8 friends. It’s a non-negotiable offer, therefore please do not waste my personal time and yours by responding to this email.


First, the emails did include accurate passwords for the recipients, but the passwords were old and no longer used for the majority. I assume that a leaked combo list was used to generate these messages. That is the last accurate piece of information in this entire message. The rest is scare tactic and never happened. The sender(s) likely hope for 1% of the recipients to pay the ransom, worried that their porn habits could be shared with their contact list.

A search of that Bitcoin address revealed no transactions and no history. A second address of 1BKo4NWp2a96QLZ7wCzdwbTaoofi2e4a94 also revealed nothing. Numerous addresses will likely be used, and I will keep watching for any payments.

Searching the wording within this message also revealed no results. This is a new variant of a worn-out phishing email. If you receive one of these, the only move is to delete it, and change any passwords similar to the cited example.

Filed under Hacking, Security | Comments Off on New Phishing Campaign Using Breach Data

The Complete Privacy & Security Podcast – Episode 085

Posted on June 29th, 2018

EPISODE 085: This Week In Privacy

This week we discuss a potential iOS vulnerability, embedded malware packages, software choice considerations, and new listener questions.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher


SHOW NOTES:

THIS WEEK IN PRIVACY:

New Book Released
https://amzn.to/2t7ejas

iOS Vuln?
https://www.cnet.com/google-amp/news/apple-refutes-hackers-claim-he-could-break-iphone-passcode-limit/

Facebook Tones
https://metro.co.uk/2018/06/22/facebook-wants-hide-inaudible-messages-tv-ads-force-phone-record-audio-7652112/

Filezilla Malware?
https://www.reddit.com/r/technology/comments/8pdubg/filezilla_contains_malware_in_latest_version/

Forklift 3
https://binarynights.com/
50% off code: SUMMER2018 (non-affiliate)

OFFENSE & DEFENSE:

Offense: http://www.phonenumberdata.net/
Defense: phonenumberdata@live.com

Complete Online Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

LISTENER QUESTIONS:

Michael, I have seen your Complete Online Data Removal Workbook, but I am afraid of searching my name. I feel that if they don’t have my information on their site, searching my real name might give them an indication of my existence, hence allowing them to OSINT on me.

I have been using my yubikey for logging into my keepass xc password manager. I am contemplating using it for windows log in now also. Is this safe to do? I am also thinking about full disc encryption with veracrypt. I can keep the yubikey safe but Is it too risky using a yubikey fixed password for so many things?


The Complete Privacy and Security Desk Reference Volume I
https://inteltechniques.com/book4.html

The Complete Privacy and Security Desk Reference Volume II
https://inteltechniques.com/book7.html

Michael’s Website
https://inteltechniques.com/

Justin’s Website
https://operational-security.com/

Please submit your listener questions to us at https://inteltechniques.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 085

The Complete Privacy & Security Podcast – Episode 084

Posted on June 22nd, 2018

EPISODE 084: This Week In Privacy

This week we talk about the encryption fails for Paul Manafort and Michael Cohen.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher


SHOW NOTES:

INTRO:

Disroot Nextcloud:
https://disroot.org/en/services/nextcloud

Allsync Nextcloud:
https://allsync.com/

THIS WEEK IN PRIVACY:

Discussion

OFFENSE & DEFENSE:

Offense: https://www.studordud.com
Defense: https://www.studordud.com/Manage

Complete Online Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

LISTENER QUESTIONS:

I need to book a 3-month trip overseas ASAP and, faced with prohibitive hotel prices, private renting seems the only option, such as an Air BNB. The service wants to verify all personal info. Would you be able to provide any advice or share your own work-arounds when using such platforms?

Do you guys have trouble using PIA in conjunction with Sudo. I emailed Sudo some time back and they said to not use a VPN while using their app. I get frequent errors when viewing email and text messages. Is this a known issue to the community?


The Complete Privacy and Security Desk Reference Volume I
https://inteltechniques.com/book4.html

The Complete Privacy and Security Desk Reference Volume II
https://inteltechniques.com/book7.html

Michael’s Website
https://inteltechniques.com/

Justin’s Website
https://operational-security.com/

Please submit your listener questions to us at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 084

Facebook Tools Update

Posted on June 22nd, 2018

Facebook constantly tweaks its search structure, which occasionally breaks some of my custom search tools (https://inteltechniques.com/osint/facebook.html). Recently, locating a person’s profile by their school, likes, employer, and location started displaying errors or blank pages. I updated several search options within the right-side portion of the Facebook Tools page in order to correct these issues, and added some new functionality. The Multiple Variables option is also working again. However, there are come caveats.

You Must be logged into a Facebook profile
You should refresh the tools page to get the latest updates
Some countries are blocked from these types of searches (Change to US)
Some profiles are blocked from these searches (Flagged accounts)
Some tools require a User ID instead of keyword (These are marked)
Some can accept either a user number or user name

I anticipate several additions to this tool in the coming weeks as new search techniques become stable. If you have any questions or experience issues, please post them to the OSINT forum.

Filed under Facebook, OSINT, Search | Comments Off on Facebook Tools Update

The Complete Privacy & Security Podcast – Episode 083

Posted on June 15th, 2018

EPISODE 083: This Week In Privacy

This week we talk about Firefox privacy extensions, Apple security changes, Copperhead OS, PIA no-logging, Wire support, and our new book.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher


SHOW NOTES:

INTRO:

KeePassXC Browser:
https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/

Firefox Containers:
https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

THIS WEEK IN PRIVACY:

CP&SDR Volume II:
https://inteltechniques.com/book7.html

Apple closing USB vulnerability:
https://www.techradar.com/news/apple-tightens-iphone-security-loophole-to-prevent-police-hacking

Cooperhead OS Dead?
https://news.ycombinator.com/item?id=17289536

PIA Logging tested again:
https://torrentfreak.com/private-internet-access-no-logging-claims-proven-true-again-in-court-180606

Wire iOS browser integration:
https://twitter.com/wire/status/1003532081044090880

Equifax successfully sued:
https://krebsonsecurity.com/2018/06/librarian-sues-equifax-over-2017-data-breach-wins-600/

OFFENSE & DEFENSE:

Offense: makelia.com
Defense: Locate the link to your profile, email info@makelia.com with the subject line removal.

Complete Online Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

LISTENER QUESTIONS:

I slowly been trying to de-google-fy my life. One issue I’ve had as a heavy Youtube user I’ve been trying to watch without getting my browser fingerprint and ip tracked. Do you have any other suggestions or simplifications.

https://hooktube.com/

Cloudfare offers a DNS service to as an alternative to, say, Google’s DNS service. What do you think of this? If VPN is not an option for someone, would this be a recommended option (instead of, say, OpenDNS)?


The Complete Privacy and Security Desk Reference Volume I
https://inteltechniques.com/book4.html

The Complete Privacy and Security Desk Reference Volume II
https://inteltechniques.com/book7.html

Michael’s Website
https://inteltechniques.com/

Justin’s Website
https://operational-security.com/

Please submit your listener questions to us at https://inteltechniques.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 083

The Complete Privacy & Security Podcast – Episode 082

Posted on June 8th, 2018

EPISODE 082: When Privacy Enthusiasts Die

What happens to all of our encrypted data and accounts when we die? This week, we discuss privacy considerations before we pass.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher


SHOW NOTES:

INTRO:

Credit Freezes will be Free:
http://money.cnn.com/2018/05/22/pf/free-credit-freeze/index.html

DNA Breach:
https://krebsonsecurity.com/2018/06/researcher-finds-credentials-for-92-million-users-of-dna-testing-firm-myheritage/

Wired/Yubikey deal:
https://subscribe.wired.com/subscribe/wired/115698

Mooltipass Mini:
https://www.themooltipass.com/

WHEN WE DIE:

Common problems when private people die:

Accounts are impossible to locate
Passwords all unique & secure
Data is encrypted (if found)
Devices are locked
Contacts are missing
Mail is inaccessible

OFFENSE & DEFENSE:

Offense: old-friends.co
Defense: Find name, Go to profile, hover, “Remove me”. Must allow scripts in browser.

LISTENER QUESTIONS:

I am getting ready to travel internationally in a few weeks. I have concerns about bringing my phone and laptop with me due to you having almost zero rights to privacy at customs (Including US customs) and that they can force you to turn on your phone, and unlock it. Furthermore, I’ve read that they can also remove the your electronics from your sight, bring it to another room, and can only imagine what they’re doing. Any advice you can lend on your recommendations for international travel?

I see that Firefox now supports 2FA, what does this mean, and should I enable it?


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://inteltechniques.com/

Justin’s Website
https://operational-security.com/

Please submit your listener questions to us at https://inteltechniques.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 082

The Complete Privacy & Security Podcast – Episode 081

Posted on June 1st, 2018

EPISODE 081: Nomad Update

This week we discuss RFID blocking, catch up with Jesse and Cameron on their road to nomad life, explain Tinder offense and defense, and answer listener questions.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher


SHOW NOTES:

INTRO:

RFID Blocking:
Amazon: https://www.amazon.com/silentpocket
Card Wallet: https://silent-pocket.com/collections/rfid-blocking-wallets/products/simple-card-wallet
Passport Wallet: https://silent-pocket.com/collections/rfid-blocking-wallets/products/simple-passport

NOMAD UPDATE:

https://www.hopalongrving.com

OFFENSE & DEFENSE:

Offense: Tinder
Defense: Discussion

LISTENER QUESTIONS:

Are you familiar with the service MyPermissions? Any better than manually changing?

Do you think it’s worth while to go through all the trouble on an existing house and changing the utilities, etc? I don’t ever plan on moving so I’d like a permanent privacy solution for my residence.


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://inteltechniques.com/

Justin’s Website
https://operational-security.com/

Please submit your listener questions to us at https://inteltechniques.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast – Episode 081

Important Updates to Buscador 1.2

Posted on May 30th, 2018

If you use the free Buscador OSINT Linux Virtual Machine, you have likely noticed that the Instagram tool stopped working. If you use the included custom Firefox browser, you may have noticed a delay in loading pages and annoying ads creep in after the latest update. This is due to a Firefox extension (add-on) that started injecting ads, and was removed by the Firefox repository. I HIGHLY recommend executing the following instructions within every copy of Buscador that you use.

REMOVE “COPY ALL LINKS” FIREFOX EXTENSION:
Please remove Copy All Links from Firefox, the extension has started injecting ads within web traffic. Click Tools > Add-Ons, and “Remove” next to Copy All Links.

UPDATE SCRIPTS:
Open Terminal and execute:

rm update_scripts.sh (this removes the old script)

wget https://raw.githubusercontent.com/beast-fighter/saves_the_day/master/update_scripts.sh (this downloads the new script)

sudo chmod +x /home/osint/update_scripts.sh (this makes the new script able to execute)

update_scripts (this runs the new script updater)

REPAIR INSTALOOTER:
Open Terminal and execute:

sudo -H pip uninstall instalooter
sudo apt remove python-enum34 –purge
sudo pip install pyopenssl
sudo -H pip install instalooter

Filed under OSINT, Search, Security | Comments Off on Important Updates to Buscador 1.2

Search

Recent Posts