The Privacy, Security, & OSINT Show – Episode 127
Posted on June 21st, 2019
EPISODE 127-Back to Privacy
This week I return to news and commentary about the latest privacy concerns and present a dark web OSINT tip.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 300 videos with over 100 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Stitcher / Spotify
SHOW NOTES:
BACK TO PRIVACY:
Bank Fail
Inline Scripts: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
Anonymous Apple Purchase Update
Apple Sign In: https://techcrunch.com/2019/06/03/apple-sign-in-privacy/
Ebay Data Removal: https://www.ebay.com/help/account/changing-account-settings/closing-account?id=4199
JoinToken Failure: https://jointoken.com
https://globalnews.ca/news/5347720/weight-loss-grants-customer-health-information/
OSINT:
https://darksearch.io
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
Amazon: http://amzn.to/2IAyNzm
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 127
The Privacy, Security, & OSINT Show – Episode 126
Posted on June 14th, 2019
EPISODE 126-A Bad Week for OSINT, Great for Privacy
This week I discuss the disappearance of many online investigation resources such as Facebook Graph, Pipl (Free), and numerous custom OSINT search tools. On the flip-side, I talk about how this is beneficial toward privacy.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 300 videos with over 100 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher / Spotify
SHOW NOTES:
A BAD WEEK FOR OSINT:
FB Research: https://gist.github.com/nemec/2ba8afa589032f20e2d6509512381114
Tools: https://sowdust.github.io/fb-search/
Pipl: https://pipl.com/corp/next-step-for-pipl/
HIBP: https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/
OSINT:
http://inteltechniques.com.ozx.co/
http://img.sur.ly/thumbnails/620×343/i/inteltechniques.com.png
https://today-date.com/
http://today-date.com.ozx.co/
https://www.easycounter.com/report/today-date.com
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
Amazon: http://amzn.to/2IAyNzm
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 126
The Privacy, Security, & OSINT Show – Episode 125
Posted on June 7th, 2019
EPISODE 125-What Happened?
This week I discuss the attacks toward the site which forced removal of the online OSINT tools.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 300 videos with over 100 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher / Spotify
SHOW NOTES:
Discussion
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 125
The Privacy, Security, & OSINT Show – Episode 124
Posted on May 31st, 2019
EPISODE 124-Does DNS Matter?
This week I am joined by Jim Nitterauer to discuss DNS services and how it may protect your internet traffic.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 300 videos with over 100 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher / Spotify
SHOW NOTES:
INTRO:
NONE
DOES DNS MATTER?:
@jnitterauer
jim@creativedata.net
https://www.youtube.com/watch?v=Wl-M007tFO0
DNS Risks
Browsers using embedded DNS
Provider Comparison
Google 8.8.8.8
Cloudflare 1.1.1.1
Quad9 9.9.9.9
OpenDNS 208.67.222.222
DNS Encryption:
DNS over HHTPS vs DNS over TLS
Firefox Configurations:
network.trr.mode from 0 to 2.
network.security.esni.enabled from False to True
network.trr.uri (CF by default)
Test:
https://www.cloudflare.com/ssl/encrypted-sni/
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Filed under Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 124
The Privacy, Security, & OSINT Show – Episode 123
Posted on May 24th, 2019
EPISODE 123-Researching & Acquiring Data Breaches & Leaks
This week my guest Jesse and I talk about researching data breaches and leaks, and the conversation goes much deeper than any other discussion I have had on this show about the topic. This should offer some insight for both the privacy crowd and the OSINT enthusiasts. I also discuss the latest privacy news since the last show.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 300 videos with over 100 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher / Spotify
SHOW NOTES:
INTRO:
https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/
https://www.wired.com/story/rants-and-raves-square-emails/
https://www.theregister.co.uk/2019/05/08/airbnb_host_jailed/
https://blog.mozilla.org/firefox/block-cryptominers-with-firefox/
https://blog.mozilla.org/firefox/how-to-block-fingerprinting-with-firefox/
https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124
RESEARCHING & ACQUIRING DATA BREACHES & LEAKS:
Breach vs Leak
Database comparisons
Service Comparisons:
https://www.shodan.io/
https://www.binaryedge.io/
Search Strings:
https://www.shodan.io/search?query=product%3Aelastic+port%3A9200+
https://www.shodan.io/search?query=product%3AMongoDB+
Demo:
https://www.shodan.io/search?query=product%3Aelastic+port%3A9200+instagram
http://3.8.0.106:9200/instagram/_search?size=100
CFAA:
https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 123
The Privacy, Security, & OSINT Show – Episode 122
Posted on May 10th, 2019
EPISODE 122-Listener Questions
This week I discuss the Firefox Addons certificate fiasco and tackle numerous listener questions about privacy, security, and OSINT concerns.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 100 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher / Spotify
SHOW NOTES:
INTRO:
Firefox Addons Issues:
https://hacks.mozilla.org/2019/05/technical-details-on-the-recent-firefox-add-on-outage/
PRIVACY QUESTIONS:
You mentioned a network-wide ad blocker last week. Have you tried Pi-Hole? If so, any thoughts?
Did you know that Brew for Mac has Google analytics embedded into it? Does that change your opinion of using it?
if someone went through a complete opt out process and removed everything connected to their home address, then began using a PO/CMRA/PMB for all official mail, would you recommend to resubmit the opt outs for the PMB address?
Purism recently announced their ‘Google replacement’ concept, Librem One. What are your thoughts?
You talked about some researchers accesing an open mongodb or elastic “database”, isn’t this illegal under CFAA? One thing is finding them and alerting the company but another thing is actually going through the “files” and downloading the data. Can you please talk about this?
I was wondering if you had any general tips for someone at my age. (18-24). I find that I do not appear on many (if any at all) of the OSINT resources that you have on your site, probably as a result of my age. I have become a legal adult only a few years ago, and I want to take advantage of this fact. How can I PREVENT myself from appearing on any of these databases etc.
Someone I know works in the small loan industry and they scolded me for not having a social media presence, because they take social media into account when approving loans. How likely is this to be a consideration in various sectors like finance in the US?
When traveling abroad, should I take a travel-only phone with me?
I use the Bluetooth feature on my car stereo. Is this a privacy risk?
I understand the use of a VPN to protect one’s traffic from that “hacker in a coffeeshop” idea. But why use one at home? If you fear that your ISP is watching your traffic, aren’t you just handing that power over to the VPN company now to do the same?
My estate planning attorney checked out titling our home with a Living or Land Trust. Unfortunately, in my county if you title in either way then you have to forfeit the homestead tax credit. This credit is a big portion of figuring the property taxes you owe. If you remove the credit you end up paying a lot more taxes – which I don’t have. Is there some other trick or way to still get the homestead tax credit yet have one’s primary home be titled in a Living or Land Trust?
As a listener with a family and children, being able to call 911 at home and when in public is a priority. How do you handle that situation with MySudo?
OSINT QUESTIONS:
While currently working on developing my OSINT skill set, I often wonder what would be 3 things that any good OSINT investigator should be able to do.
Do you have any preference in virtual currency search options? It seems there are a ton of sites to search wallets and BTC addresses but all have different results.
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 122
The Privacy, Security, & OSINT Show – Episode 121
Posted on May 3rd, 2019
EPISODE 121-This Week in Privacy & OSINT
This week I discuss my recent exposure using a credit card at a coffee shop, United Airlines’ announcement to cover the cameras facing every passenger, another open database leak, the potential malware present on Dell computers, private baby names (seriously…), and five OSINT tips for online investigations.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 100 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher / Spotify
SHOW NOTES:
INTRO:
Mark Z.
THIS WEEK IN PRIVACY:
Square Readers
https://www.forbes.com/sites/kateoflahertyuk/2019/04/30/data-of-80-million-americans-exposed-in-mystery-database-mega-leak
https://www.shodan.io/search?query=product%3Aelastic+port%3A9200+nal
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
https://ppw.kuleuven.be/okp/_pdf/Laham2012TNPEW.pdf
https://www.emeraldinsight.com/doi/abs/10.1108/02683940810849648
https://www.aeaweb.org/articles?id=10.1257/0002828042002561
THIS WEEK IN OSINT:
https://emailrep.io/
https://leadferret.com/search
https://vincheck.info/free-license-plate-lookup/
https://www.vehiclehistory.com/license-plate-search/
https://inteltechniques.com/buscador/index.html
LISTENER QUESTIONS NEXT WEEK:
privacypodcast@protonmail.com
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 121
The Privacy, Security, & OSINT Show – Episode 120
Posted on April 26th, 2019
EPISODE 120-Private Purchase Failures
This week, I discuss recent privacy news, my failed attempt to buy anonymous iPhones, how prepaid credit cards can get us in trouble, and a new Instagram search tool that can help query bio information.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 90 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher / Spotify
SHOW NOTES:
INTRO:
https://motherboard.vice.com/en_us/article/ywyz3x/hackers-could-read-your-hotmail-msn-outlook-microsoft-customer-support
https://www.nytimes.com/interactive/2019/opinion/internet-privacy-project.html
https://internethealthreport.org/2019/23-reasons-not-to-reveal-your-dna/
https://customercare.23andme.com/hc/en-us/articles/212170688-Requesting-account-closure
https://www.foxnews.com/tech/teens-1b-suit-claims-apples-facial-recognition-software-led-to-false-arrest
PRIVATE PURCHASE FAILURES:
https://www.apple.com/shop/product/MP7X2LL/A/iphone-se-128gb-space-gray-unlocked
https://mygift.giftcardmall.com/#transactions
OSINT:
https://www.searchmy.bio/search?q=gmail.com
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Filed under General | Comments Off on The Privacy, Security, & OSINT Show – Episode 120
The Privacy, Security, & OSINT Show – Episode 119
Posted on April 12th, 2019
EPISODE 119-How to Find Hidden Recording Devices
This week, my guest is Tom Gibbons, and he will explain the best ways to locate hidden recording devices such as microphones and cameras. Also, I have a slew of recent privacy news and a new OSINT tip to discuss.
Support for this show comes directly from the IntelTechniques online OSINT & Privacy video training. We now have over 85 hours of content, with more added every month. Listeners of this show always receive a 25% discount at https://inteltechniques.com/25.
Listen to all episodes at https://inteltechniques.com/podcast.html
or Subscribe at:
RSS / iTunes / Google / Stitcher / Spotify
SHOW NOTES:
INTRO:
Apple Update
https://www.forbes.com/sites/thomasbrewster/2019/04/10/what-happened-when-the-dea-demanded-passwords-from-lastpass/#10f93bdb7ebe
https://www.zdnet.com/article/cybercrime-market-selling-full-digital-fingerprints-of-over-60000-users/
https://www.bombitup.net/
https://www.foxnews.com/tech/thousands-of-amazon-workers-listening-to-alexa-recordings-hear-personal-information-even-potential-crimes-report
https://news.sky.com/story/family-discovers-hidden-camera-livestreaming-in-airbnb-11684049
HOW TO FIND HIDDEN RECORDING DEVICES:
Tom Gibbons
http://www.tscmnet.com/
Thermal Imaging Camera: https://amzn.to/2UJF70w
Network Scanning Apps:
https://itunes.apple.com/us/app/blue-hound/id1067368392?mt=8
https://play.google.com/store/apps/details?id=com.overlook.android.fing&hl=en_US
OSINT:
https://www.carvana.com/trades/new?licenseplate=HACKER&state=CA
Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf
Affiliate Links:
PIA: https://privateinternetaccess.com/pages/buy-vpn/crimeinfo
ProtonVPN: https://protonvpn.net?aid=IntelTechniques
Amazon: http://amzn.to/2IAyNzm
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 119
New Online Investigation (OSINT) Resources
Posted on April 9th, 2019
It has been a while since I posted a collection of new OSINT resources, so this one is lengthy. The following were recently added to the online search tools, live training curriculum, and online training courses.
Trumail API (https://api.trumail.io/v2/lookups/json?email=test@inteltechniques.com): This API was demonstrated in my recent webinar about email search. It serves as a verification option to identify legitimate email addresses and filter burner accounts. It also explicitly identifies disposable and free email services, while announcing whether an account is a catch-all.
Spycloud (https://portal.spycloud.com/endpoint/enriched-stats/test@test.com): This API provides a positive or negative indicator for an email address present in the Spycloud collection of data breaches. While the information is minimal, no API key is required. It also identifies the number of breached email records for the domain.
VIN-NHTSA (https://vpic.nhtsa.dot.gov/api/vehicles/decodevinextended/3GTEK13Y87G527460?format=json): This is an official government VIN search for vehicle make/model details. The output is very detailed, and below is a portion.
“Message”: “Results returned successfully”,
“SearchCriteria”: “VIN:3GTEK13Y87G527460”,
“Value”: “GENERAL MOTORS LLC”,
“Value”: “Sierra”,
“Value”: “2007”,
“Value”: “1500 (1/2 ton)”,
“Value”: “TRUCK “,
FAXVIN (https://www.faxvin.com/): This alternative option allows you to enter a VIN to identify full details about the vehicle (but no owner information).
Vehicle History (https://www.vehiclehistory.com/): Vehicle search by VIN which provides details about the make/model/recalls/thefts/etc.
O’Reilly License (https://www.oreillyauto.com/): This option allows you to enter a VIN or license plate to identify full details about the vehicle (but no owner information).
Carvana (https://www.carvana.com): This alternative option allows you to enter a VIN or license plate to identify full details about the vehicle (but no owner information).
Facebook Live (https://www.facebook.com/search/str/Live/videos-live): A less powerful replacement for the Facebook Live Video Map, which was eliminated earlier this year.
Facebook Intersect Search Tool (https://www.osintcombine.com/facebook-intersect-search-tool): Graphical option for Facebook intersect searching.
Carbon Dating The Web (http://carbondate.cs.odu.edu): This service uses public archives of a domain to estimate the creation date. The following demo of my own site was only off by two months.
DomainBigData ( https://domainbigdata.com): This is a typical Whois lookup site, but contains a free historic record, as seen below. This can identify the owner of a website which currently possesses a private registration.
URLScan (https://urlscan.io/): This resource provides an additional screen capture of the target address, which is often dated prior to undesired website changes or deletions. This is a small supplement to archive sites.
Website Informer (https://website.informer.com):This offers yet another unique historical view of a domain.
DomainIQ – Hosting Research (https://www.domainiq.com/hosting_research): The screen capture archive of this resource has been extremely helpful in the past. It is currently down, but will hopefully return. When working, the following screen would be full of archived screen captures of a website.
FluidDATA Podcast Search Engine (https://fluiddata.com): This resource allows you to search the spoken text of many podcasts. Useful for searching email addresses such as mike at gmail dot com.
BitcoinAbuse (https://www.bitcoinabuse.com): This Bitcoin service identifies incidents of malicious use of cryptocurrencies. Great for tracking the use of Bitcoin in email scams.
Google: This Google Search operator will find practically any type of file publicly linked, using the word Book as an example.
AIOSearch (http://www.aiosearch.com): This service searches the most popular file sharing hosts.
The following three background removal services will attempt to remove any undesired content from an image. This can lead to better results when conducting a reverse image search in attempts to identify a person or object.
Remove.bg (https://www.remove.bg/)
Clipping Magic (https://clippingmagic.com/)
Background Burner (https://burner.bonanza.com/)
Filed under OSINT | Comments Off on New Online Investigation (OSINT) Resources