EPISODE 125-What Happened?
This week I discuss the attacks toward the site which forced removal of the online OSINT tools.
SHOW NOTES:
Discussion
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
EPISODE 124-Does DNS Matter?
This week I am joined by Jim Nitterauer to discuss DNS services and how it may protect your internet traffic.
SHOW NOTES:
INTRO:
NONE
DOES DNS MATTER?:
@jnitterauer
[email protected]
DNS Risks
Browsers using embedded DNS
Provider Comparison
Google 8.8.8.8
Cloudflare 1.1.1.1
Quad9 9.9.9.9
OpenDNS 208.67.222.222
DNS Encryption:
DNS over HTTPS vs DNS over TLS
Firefox Configurations:
network.trr.mode from 0 to 2.
network.security.esni.enabled from False to True
network.trr.uri (CF by default)
Test:
https://www.cloudflare.com/ssl/encrypted-sni/
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
EPISODE 123-Researching & Acquiring Data Breaches & Leaks
This week my guest Jesse and I talk about researching data breaches and leaks, and the conversation goes much deeper than any other discussion I have had on this show about the topic. This should offer some insight for both the privacy crowd and the OSINT enthusiasts. I also discuss the latest privacy news since the last show.
SHOW NOTES:
INTRO:
https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/
https://www.wired.com/story/rants-and-raves-square-emails/
https://www.theregister.co.uk/2019/05/08/airbnb_host_jailed/
https://blog.mozilla.org/firefox/block-cryptominers-with-firefox/
https://blog.mozilla.org/firefox/how-to-block-fingerprinting-with-firefox/
https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124
RESEARCHING & ACQUIRING DATA BREACHES & LEAKS:
Breach vs Leak
Database comparisons
Service Comparisons:
https://www.shodan.io/
https://www.binaryedge.io/
Search Strings:
https://www.shodan.io/search?query=product%3Aelastic+port%3A9200+
https://www.shodan.io/search?query=product%3AMongoDB+
Demo:
https://www.shodan.io/search?query=product%3Aelastic+port%3A9200+instagram
http://3.8.0.106:9200/instagram/_search?size=100
CFAA:
https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
EPISODE 122-Listener Questions
This week I discuss the Firefox Addons certificate fiasco and tackle numerous listener questions about privacy, security, and OSINT concerns.
SHOW NOTES:
INTRO:
Firefox Addons Issues:
https://hacks.mozilla.org/2019/05/technical-details-on-the-recent-firefox-add-on-outage/
PRIVACY QUESTIONS:
You mentioned a network-wide ad blocker last week. Have you tried Pi-Hole? If so, any thoughts?
Did you know that Brew for Mac has Google analytics embedded into it? Does that change your opinion of using it?
if someone went through a complete opt out process and removed everything connected to their home address, then began using a PO/CMRA/PMB for all official mail, would you recommend to resubmit the opt outs for the PMB address?
Purism recently announced their 'Google replacement' concept, Librem One. What are your thoughts?
You talked about some researchers accesing an open mongodb or elastic "database", isn't this illegal under CFAA? One thing is finding them and alerting the company but another thing is actually going through the "files" and downloading the data. Can you please talk about this?
I was wondering if you had any general tips for someone at my age. (18-24). I find that I do not appear on many (if any at all) of the OSINT resources that you have on your site, probably as a result of my age. I have become a legal adult only a few years ago, and I want to take advantage of this fact. How can I PREVENT myself from appearing on any of these databases etc.
Someone I know works in the small loan industry and they scolded me for not having a social media presence, because they take social media into account when approving loans. How likely is this to be a consideration in various sectors like finance in the US?
When traveling abroad, should I take a travel-only phone with me?
I use the Bluetooth feature on my car stereo. Is this a privacy risk?
I understand the use of a VPN to protect one's traffic from that "hacker in a coffeeshop" idea. But why use one at home? If you fear that your ISP is watching your traffic, aren't you just handing that power over to the VPN company now to do the same?
My estate planning attorney checked out titling our home with a Living or Land Trust. Unfortunately, in my county if you title in either way then you have to forfeit the homestead tax credit. This credit is a big portion of figuring the property taxes you owe. If you remove the credit you end up paying a lot more taxes - which I don't have. Is there some other trick or way to still get the homestead tax credit yet have one's primary home be titled in a Living or Land Trust?
As a listener with a family and children, being able to call 911 at home and when in public is a priority. How do you handle that situation with MySudo?
OSINT QUESTIONS:
While currently working on developing my OSINT skill set, I often wonder what would be 3 things that any good OSINT investigator should be able to do.
Do you have any preference in virtual currency search options? It seems there are a ton of sites to search wallets and BTC addresses but all have different results.
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
EPISODE 121-This Week in Privacy & OSINT
This week I discuss my recent exposure using a credit card at a coffee shop, United Airlines' announcement to cover the cameras facing every passenger, another open database leak, the potential malware present on Dell computers, private baby names (seriously…), and five OSINT tips for online investigations.
SHOW NOTES:
INTRO:
Mark Z.
THIS WEEK IN PRIVACY:
Square Readers
https://www.forbes.com/sites/kateoflahertyuk/2019/04/30/data-of-80-million-americans-exposed-in-mystery-database-mega-leak
https://www.shodan.io/search?query=product%3Aelastic+port%3A9200+nal
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
https://ppw.kuleuven.be/okp/_pdf/Laham2012TNPEW.pdf
https://www.emeraldinsight.com/doi/abs/10.1108/02683940810849648
https://www.aeaweb.org/articles?id=10.1257/0002828042002561
THIS WEEK IN OSINT:
https://emailrep.io/
https://leadferret.com/search
https://vincheck.info/free-license-plate-lookup/
https://www.vehiclehistory.com/license-plate-search/
https://inteltechniques.com/buscador/index.html
LISTENER QUESTIONS NEXT WEEK:
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques