The Privacy, Security, & OSINT Show – Episode 112

Posted on February 22nd, 2019

EPISODE 112: Privacy Lessons from the Road

This week I discuss some lessons learned when attempting anonymous travel, the most recent privacy related news, Facebook’s search changes, and a site that generates photos of people who do not exist.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

PRIVACY LESSONS FROM THE ROAD:


PRIVACY NEWS:

https://arstechnica.com/information-technology/2019/02/catastrophic-hack-on-email-provider-destroys-almost-two-decades-of-data/

https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2?utm_source=reddit.com

https://www.techradar.com/news/major-security-issues-found-in-popular-password-managers

OSINT:

https://inteltechniques.com/menu.html
https://thispersondoesnotexist.com/


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 112

The Privacy, Security, & OSINT Show – Episode 111

Posted on February 8th, 2019

EPISODE 111: Back to Basics: Phones & MySudo

This week I revisit the need for an anonymous telephone and explain my latest use cases for MySudo. Later in the show, Paul Ashley, CTO at Anonyome Labs, joins me to give us the latest MySudo updates.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

BACK TO BASICS: PHONES & MYSUDO:

Mint Mobile Starter Kit:
https://amzn.to/2MRbGTI

MySudo
https://mysudo.com/

Paul Ashley, CTO Anonymome Labs
https://twitter.com/Sudo_Dr


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 111

The Privacy, Security, & OSINT Show – Episode 110

Posted on February 1st, 2019

EPISODE 110: Testing Your Online Security

This week I discuss easy ways to test your VPN, DNS, Browsers, extensions, and custom settings. I also revisit canary tokens as a test of your potential exposure.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

SPONSORS:

Privacy.com: https://privacy.com/inteltechniques

PRIVACY: TESTING YOUR ONLINE SECURITY:

https://panopticlick.eff.org/
https://www.deviceinfo.me/
https://browseraudit.com
https://browserleaks.com/
https://detectmybrowser.com/
https://ipleak.net
https://www.dnsleaktest.com/
https://www.emailprivacytester.com

OSINT:  TESTING DEFENSE TO CANARY TOKENS:

http://canarytokens.org/generate


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 110

The Privacy, Security, & OSINT Show – Episode 109

Posted on January 25th, 2019

EPISODE 109: Privacy News & Buscador 2.0 Release

This week I talk about the latest privacy news and David Westcott joins me to announce the official release of the free Buscador OSINT Virtual Machine.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

SPONSORS:

Silent Pocket: https://silent-pocket.com/discount/totalprivacy
Authentic8: https://info.authentic8.com/

PRIVACY/SECURITY:

Latest Breach Discussion:
https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/

Chrome Proposes to Eliminate Script Blockers:
https://www.theregister.co.uk/2019/01/22/google_chrome_browser_ad_content_block_change/

Archive.org Ignoring Robots.txt:

User-agent:ia_archiver
Disallow: /
User-agent: archive.org_bot
Disallow: /

MyLife Removal Update:
https://www.bbb.org/consumer-complaints/file-a-complaint/get-started

“Dumb” Blu Ray Players:
Magnavox 4K blu day player

A.I. is Now Watching Us:
https://www.cbsnews.com/news/60-minutes-ai-facial-and-emotional-recognition-how-one-man-is-advancing-artificial-intelligence/

China Crowdsourcing Debt Shaming:
https://www.dailymail.co.uk/news/article-6620879/China-launches-app-tells-500-yards-debt.html?ito=social-facebook

OSINT:  Buscador 2.0 Release:

David Westcott:
https://twitter.com/ninjininji

Buscador 2.0:
https://inteltechniques.com/buscador/index.html

LISTENER QUESTIONS:

Q: When I was in grade school, my parents signed a release allowing the school to publish my full name, school assignments/awards, and picture on their website. Since then, the websites been archived and cannot be removed. Besides that, the school says they wouldn’t remove it anyway since they have a valid release signed. Now, when I search my true name, pictures of me and the school I went to and my hometown and old friends and such are all readily available. Is this something I should be concerned about? Is there anything that can be done to remove it or bury it under disinformation or something?

Q: I’ve been using Lastpass for a few years and have recently started looking into non-cloud options like KeePassXC. I just came across a few services, like LessPass, MasterPassword, and getVau.lt, which take contextual data like the site and your login ID along with a master password to calculate passwords for services. Because of this there is no need to store passwords and you can even generate a password directly from the websites by entering the site, login, and your master password. What are your thoughts on something like this?


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 109

The Privacy, Security, & OSINT Show – Episode 108

Posted on January 18th, 2019

EPISODE 108: Our TV’s, Doorbells, & Private Messengers Are Spying On Us

This week I discuss the latest smart-home threats and Justin Seitz joins me to talk about how you may be exposing your IP address on instant messengers.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

SPONSORS:

Privacy.com: https://privacy.com/inteltechniques
Authentic8: https://info.authentic8.com/

INTRO:

Smart TV Woes:
https://www.businessinsider.com/smart-tv-data-collection-advertising-2019-1?utm_source=reddit.com
https://www.techdirt.com/articles/20190114/08084341384/vizio-admits-modern-tv-sets-are-cheaper-because-theyre-spying-you.shtml

Ring Doorbell Issues:
https://boingboing.net/2019/01/10/surveillance-a-go-go.html

Home Assistance Devices Privacy:
https://www.theverge.com/circuitbreaker/2019/1/15/18182214/amazon-echo-google-home-privacy-protection-project-white-noise

GoDaddy Injecting Data Into Websites:
https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/

OSINT:  How To Blow Your Online Cover With URL Previews:

Justin Seitz:
https://twitter.com/jms_dot_py

How To Blow Your Online Cover With URL Previews:
https://hunch.ly/osint-articles/osint-article-how-to-blow-your-online-cover<

LISTENER QUESTIONS:

Q: What are the risks of using a dedicated Sudo number for 2FA?
Q: I have a security clearance, and I’m about to have my 10 year re-investigation and am wondering how not having had a physical address other then a Texas PMB service the last 5 years might give me trouble.


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 108

The Privacy, Security, & OSINT Show – Episode 107

Posted on January 11th, 2019

EPISODE 107: Listener Questions

This week I attempt to answer the most common questions sent from listeners over the past month.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

SPONSORS:

Silent Pocket: https://silent-pocket.com/discount/totalprivacy
Authentic8: https://info.authentic8.com/

INTRO:

Cell Phone Data For Sale:
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile

New Training Videos:
https://inteltechniques.com/25

Buscador 2.0 BETA:
https://inteltechniques.com/buscador/index.html

PRIVACY LISTENER QUESTIONS:

Trusts:
Should I use a land trust or living rust?
Do you have a template?
Should I buy the land trust training or the book?
How do I find an attorney for this?

NOLO Trust Book:

2017 version: https://amzn.to/2T4VJLV
2019 version: https://amzn.to/2ASCmPs

I am seeing more stores require a fingerprint in order to use a credit card. What do you do in these situations?

I bought my car in cash, Title is in my name. If I transfer title into a trust, as you mentioned on the show, the VIN historical record will still lead to me. Should I just wait until I get a different car?

What do you provide for your address on your credit report? Are you specially updating it to your alternate physical address?

I have found that all financial institutions require that you have a physical address and cannot use a PO Box for the address. I have a PO Box that I signed up for with USPS however as part of their requirements, I cannot use the physical street address for financial purposes. So my question is, how can I prevent my physical address from being used by these financial institutions.

I recently purchased a new car from a local dealer, financing it through the manufacturer. Using the car’s GPS technology, does either the dealer or the finance company or the corporate manufacturer have the ability to track the location of my vehicle?

I searched my name on various people search sites. Some had it, some didn’t. As these are the top 10, should we opt out of these with information we assume they have?
Should we opt-out with information we know they have? Can we assume the top 10 definitely have our information?

For those of us whose jobs require us to have a photo on a website, and where that photo has been used previously in press releases, etc, what are the best strategies for (a) choosing a new photo that has the least chance of being used in image recognition or for other unhelpful purposes; (b) asking news sites etc to remove your picture in prior stories, etc; and (c) getting the photos off Google Images?

What do you do with deleted/deactivated account information? Keep it in your password manager? Dump them onto some like an archive spreadsheet. I’ve got alot of accounts in my password manager and get overwhelmed trying to figure out what to clean out.

Airplane mode disables the cellular modem preventing cell tower triangulation. The GPS modem is still receiving location data. Do iPhones log GPS data and send it back when airplane mode is turned off?

OSINT LISTENER QUESTIONS:

What happened to the FB live map? Any alternative options?

I conduct a lot of online investigations and rely on Google, but I worry about how much privacy I lose. Any suggestions?

I use KeepasXC to store all of my covert account logins for my OSINT work. Having two databases is a pain when I need to access my own data. Any harm in combining all of this into one database as long as it never gets stored online?

I use several social network accounts as part of my covert online investigations. I use Google Voice numbers in order to receive 2FA sms messages to log into the accounts. Two questions: a) Is having the Google Voice app on an iPhone reckless? b) If so, what is the best option to get the messages?

How do I get started in a career in OSINT?


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 107

The Privacy, Security, & OSINT Show – Episode 106

Posted on January 3rd, 2019

EPISODE 106: Blur Breach, Fake Porn, & Domain Histories

This week I discuss the Abine/Blur breach, more fake porn issues for my clients, and revisit the power of domain registration archives for online investigations.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

SPONSORS:

Pay With Privacy: https://privacy.com/inteltechniques
Authentic8: https://info.authentic8.com/

INTRO:

Fake Porn Issues
New Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

BLUR/ABINE BREACH:

Discussion
https://www.abine.com/blog/2018/blur-security-update/

OSINT: DOMAIN REGISTRATION ARCHIVES:

https://whoisology.com/

LISTENER QUESTIONS:

Q: Any thoughts on “click them all” options such as adnauseam.io?

Q: I see that there are open-source third party email clients for Protonmail and Tutanota. Do you think these are safe and what is the benefit?


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 106

The Privacy, Security, & OSINT Show – Episode 105

Posted on December 28th, 2018

EPISODE 105: Advanced Disinformation & Telephone Archives

This week I wrap up the discussion about disinformation techniques and present a new OSINT tool that pulls historic phone numbers, names, and addresses.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

SPONSORS:

Silent Pocket: https://silent-pocket.com/discount/totalprivacy
Authentic8: https://info.authentic8.com/

INTRO:

10-50 Victim

ADVANCED DISINFORMATION:

Discussion

OSINT: TELEPHONE ARCHIVES:

https://inteltechniques.com/menu.html

LISTENER QUESTIONS:

Q: Let’s say I have a VeraCrypt container that contains my .kdbx password database file.  Now I go in and remove the .kdbx file extension, so Windows just sees this as a generic “file”. If someone somehow cracked into my VeraCrypt container, would they have any way of knowing that file is in fact a KeePass database?  Assuming that I don’t name the file “my_keepass_db”, would this be a valid way to disguise my database? Whenever I need to access the file I could just add the extension back temporarily.

Q: To complete a vetting process, the organization I am working with uses PeopleFacts to complete a back ground investigation. I have provided all of my real life information to this web site with exception to my Social Security Number. What is your take on this risk?


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 105

The Privacy, Security, & OSINT Show – Episode 104

Posted on December 21st, 2018

EPISODE 104: Australia vs. Privacy

This week, I talk with Paul Ashley about the Australian Assistance and Access Act and what it means to all of us globally. I also recap the recent OSINT webinar and discuss new ways of searching breach data.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

SPONSORS:

Pay With Privacy: https://privacy.com/inteltechniques
Authentic8: https://info.authentic8.com/

INTRO:

Marriott Calls

AUSTRALIA vs. PRIVACY:

Paul Ashley
https://twitter.com/Sudo_Dr

OSINT: BREACH DATA:

https://inteltechniques.com/menu.html

LISTENER QUESTIONS:

Q: When one prints digital photographic images taken with their digital camera at a self-print machine in the United States, e.g. at a Walmart or CVS pharmacy, are the images and/or metadata from the images stored or uploaded to a company or Kodak server somewhere? What about printing online to store?

Q: In a recent episode, you said you change the name of your travel alias once a year. I assume you stay in hotels frequently and earn reward points. How do you change your travel name without losing your points and upper tier status in the hotel reward program. I’m a platinum plus member with Marriott with nearly 1 million points. I enjoy the perks like Executive lounge access, free high speed Internet, early check in, etc. Do you just forfeit the reward program benefits each year?


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 104

The Privacy, Security, & OSINT Show – Episode 103

Posted on December 14th, 2018

EPISODE 103: Intermediate Disinformation, Reputation Management, & Usenet Archives

This week I continue the conversation about disinformation tactics, introduce the idea of future reputation management, and discuss a recent OSINT project collecting Usenet archive data.

Listen to all episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Google / Stitcher  / Spotify


SHOW NOTES:

SPONSORS:

Silent Pocket: https://silent-pocket.com/discount/totalprivacy
Authentic8: https://info.authentic8.com/

INTRO:

Locked account issues
Taylor Swift’s facial recognition system
Spam messages from email searches

INTERMEDIATE DISINFORMATION & REPUTATION MANAGEMENT:

Proactive vs Reactive
Domains
Social Networks
Family Trees
Business Listings:
https://advertising.superpages.com/contact/
https://www.merchantcircle.com/signup#step=stepOne
https://getstarted.thryv.com/free-listing-yp/
https://smallbusiness.yahoo.com/local
https://www.bingplaces.com/
Paste Sites
Classifieds
Address
Telephone

OSINT: USENET ARCHIVES:
https://internetarchive.readthedocs.io/en/latest/
https://archive.org/details/usenethistorical
https://archive.org/details/giganews

LISTENER QUESTIONS:

Q: Have you had success with getting auto insurance for a car titled in a trust?

Q: I will soon be joining the InfraGard and one of their requirement is they will run the background check. Does it mean I will fail their check since I have credit freeze on my account? Should I remove the freeze prior to asking them to run the background check?


Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 103

Search

Recent Posts