The Complete Privacy & Security Podcast-Episode 014

Posted on January 17th, 2017

Episode 014: JJ Luna

This week’s episode of The Complete Privacy & Security Podcast is now available. This week, we sit down with J.J. Luna, the original godfather of privacy.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

JJ Luna
http://jjluna.com/

OSINT SEGMENT:

I Search From
http://isearchfrom.com/

LISTENER QUESTIONS:

Email address for Ancestry.com Removal
customersolutions@ancestry.com

Epic
https://www.epicbrowser.com/

Disconnect
https://addons.mozilla.org/en-US/firefox/addon/disconnect/

Self Destructing Cookies
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/

HTTPS Everywhere
https://www.eff.org/https-everywhere
https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/

No Script
https://addons.mozilla.org/en-US/firefox/addon/noscript/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Search, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 014

The Complete Privacy & Security Podcast-Episode 013

Posted on January 10th, 2017

Episode 013: Blur CTO Andrew Sudbury

This week’s episode of The Complete Privacy & Security Podcast is now available. This week, we sit down with co-founder and CTO of the online privacy company Abine (maker of Blur) to talk about privacy masking.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

Abine

OSINT SEGMENT:

LightShot

LISTENER QUESTIONS:

Twitwipe

Facebook post manager plugin


Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 013

The Complete Privacy & Security Podcast-Episode 012

Posted on January 3rd, 2017

Episode 012: Listener Questions Part II

This week’s episode of The Complete Privacy & Security Podcast is now available. This week, we tackle more listener questions about all things related to privacy and digital security.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

Fastmail

Protonmail

Telegraph

Telegram

Objective-See

TOR

AirVPN

Sudo App

ScanDisk Ultra fit

Davdroid App

Thunderbird

CarbonCopyCloner

Mozy


Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 012

Privacy & Security Video Training is Active Today!

Posted on December 28th, 2016

A few years ago, I started teaching a 2 day course on digital privacy and security. This quickly expanded and became the second most requested training that I offer. The hosts that request this training usually offer it in-house, and do not allow outside registration. In order to get the training out to everyone, I have created an online video training course, very similar to my OSINT training. This new online option currently contains over 18 hours of HD video, with monthly updates as technology changes. This course covers everything from basic computer security and software configuration to completely anonymous purchases and disinformation strategies. While the whole course is not likely applicable to every person, I believe that anyone can benefit from the ideas shared throughout the 20 modules of training. The pricing will be identical to the OSINT training, but we are offering access for half-price while we build up interest. Current members of the OSINT training will receive a further discount. We will not be externally advertising or marketing the course, similar to what we have done with the OSINT training. For complete details, please visit Privacy-Training.com.

Filed under Privacy, Security | Comments Off on Privacy & Security Video Training is Active Today!

The Complete Privacy & Security Podcast-Episode 011

Posted on December 27th, 2016

Episode 011: Nine New Lives with Sudo CEO Steve Shillingford

This week’s episode of The Complete Privacy & Security Podcast is now available. In this episode, we sit down with Steve Shillingford, the CEO and founder of the privacy app Sudo.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

SudoApp
https://sudoapp.com/


OSINT SEGMENT:

Many Contacts
https://www.manycontacts.com/


The Complete Privacy and Security Desk Reference

Michael’s Website

Justin’s Website


Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy | Comments Off on The Complete Privacy & Security Podcast-Episode 011

Internet Search Resource: Searx

Posted on December 26th, 2016

Meta Search Engines are nothing new, and there are several options that exist. These sites combine search results from multiple engines into one view, removing duplicates. The open-source project Searx allows anyone to take the code and create a personal search engine. Alternatively, you can use any of the pre-built engines such as the following.

https://searx.me/
https://searx.ch/
https://www.opengo.nl/

Each will conduct a standard search across Google, Bing, and Yahoo. The results are quickly combined and most include a direct link to the Wayback Machine’s archive of each. However, my favorite piece of this tool is the “Download Results” option. These allow you to download your search results as a CSV, JSON, or RSS file. This can be beneficial when conducting numerous searches for later review. I have recently included this option in my Search Engines page on the IntelTechniques Search Tool.

 

Filed under OSINT, Search | Comments Off on Internet Search Resource: Searx

Internet Search Resource: Forensically

Posted on December 21st, 2016

Forensically is a robust image analyzer that offers a huge collection of photo forensic tools that can be applied to any uploaded image. This type of analysis can be vital when image manipulation is suspected. Previous tools have offered one or two of the services that Forensically offers, but this new option is an all-in-one solution for image analysis. Loading the page will present a demo image, which is used for this explanation. Clicking the “Open File” link on the upper left will allow upload of an image into your browser for analysis. Images are NOT uploaded to the server of this tool, they are only brought into your browser locally. The following image is the standard view of a digital photo.

screen-shot-2016-12-21-at-1-48-51-pm

The Magnifier allows you to see small hidden details in an image. It does this by magnifying the size of the pixels and the contrast within the window. There are three different enhancements available at the moment. Histogram Equalization, Auto Contrast and Auto Contrast by Channel. Auto Contrast mostly keeps the colors intact, the others can cause color shifts. Histogram Equalization is the most robust option. You can also set this to none.

The Clone Detector highlights copied regions within an image. These can be a good indicator that a picture has been manipulated. Minimal Similarity determines how similar the cloned pixels need to be to the original. Minimal Detail displays blocks with less detail than this are not considered when searching for clones. Minimal Cluster Size determines how many clones of a similar region need to be found in order for them to show up as results. Blocksize determines how big the blocks used for the clone detection are. You generally don’t want to touch this. Maximal Image Size is the maximal width or height of the image used to perform the clone search. Bigger images take longer to analyze. Show Quantized Image shows the image after it has been compressed. This can be useful to tweak Minimal Similarity and Minimal Detail. Blocks that have been rejected because they do not have enough detail show up as black. Below is a result.

screen-shot-2016-12-21-at-1-48-41-pm

Error Level Analysis compares the original image to a recompressed version. This can make manipulated regions stand out in various ways. For example they can be darker or brighter than similar regions which have not been manipulated. JPEG Quality should match the original quality of the image that has been photoshopped. Error Scale makes the differences between the original and the recompressed image bigger. Magnifier Enhancement offers three different enhancements: Histogram Equalization, Auto Contrast and Auto Contrast by Channel. Auto Contrast mostly keeps the colors intact, the others can cause color shifts. Histogram Equalization is the most robust option. You can also set this to none. Opacity displays the opacity of the differences layer. If you lower it you will see more of the original image. Below is the result.

screen-shot-2016-12-21-at-1-53-53-pm

Noise Analysis is basically a reverse de-noising algorithm. Rather than removing the noise it removes the rest of the image. It is using a super simple separable median filter to isolate the noise. It can be useful for identifying manipulations to the image like airbrushing, deformations, warping and perspective corrected cloning. It works best on high quality images. Smaller images tend to contain to little information for this to work. Noise Amplitude makes the noise brighter. Equalize Histogram applies histogram equalization to the noise. This can reveal things but it can also hide them. You should try both histogram equalization and scale to analyze to noise. Magnifier Enhancement offers three different enhancements: Histogram Equalization, Auto Contrast and Auto Contrast by Channel. Auto Contrast mostly keeps the colors intact, the others can cause color shifts. Histogram Equalization is the most robust option. You can also set this to none. Opacity is the opacity of the noise layer. If you lower it you will see more of the original image. The result is below.

screen-shot-2016-12-21-at-1-56-33-pm

Level Sweep allows you to quickly sweep through the histogram of an image. It magnifies the contrast of certain brightness levels. To use this tool simple move your mouse over the image and scroll with your mouse wheel. Look for interesting discontinuities in the image. Sweep is the position in the histogram to be inspected. You can quickly change this parameter by using the mouse wheel while hovering over the image, this allows you to sweep through the histogram. Width is the amount of values (or width of the slice of the histogram) to be inspected. The default should be fine. Opacity is the opacity of the sweep layer. If you lower it you will see more of the original image. The result is below.

screen-shot-2016-12-21-at-1-58-53-pm

Luminance Gradient analyses the changes in brightness along the x and y axis of the image. It’s obvious use is to look at how different parts of the image are illuminated in order to find anomalies. Parts of the image which are at a similar angle (to the light source) and under similar illumination should have a similar color. Another use is to check edges. Similar edges should have similar gradients. If the gradients at one edge are significantly sharpe than the rest it’s a sign that the image could have been copy pasted. It does also reveal noise and compression artifacts quite well.

screen-shot-2016-12-21-at-2-00-03-pm

PCA performs principal component analysis on the image. This provides a different angle to view the image data which makes discovering certain manipulations & details easier. This tool is currently single threaded and quite slow when running on big images. Choose a Mode (Projection of the value in the image onto the principal component, Difference between the input and the closest point on the selected principal component, Distance between the input and the closest point on the selected principal component, or the closest point on the selected principal Component. There are three different enhancements available: Histogram Equalization, Auto Contrast and Auto Contrast by Channel. Auto Contrast mostly keeps the colors intact, the others can cause color shifts. Histogram Equalization is the most robust option. You can also set this to none. Opacity is the opacity of the sweep layer. If you lower it you will see more of the original image. Below is the result.

screen-shot-2016-12-21-at-2-04-07-pm

MetaData displays the hidden exif meta data in the image, if there is any. Below is the result.

screen-shot-2016-12-21-at-2-05-12-pm

Geo Tags shows the GPS location where the image was taken, if it is stored in the image. Below is the result.

screen-shot-2016-12-21-at-2-06-22-pm

Thumbnail Analysis shows the hidden preview image inside of the original image if there is one. The preview can reveal details of the original image or the camera it was taken with. Below is the result.

screen-shot-2016-12-21-at-2-07-20-pm

The next time you identify a digital image as part of your online investigation, these tools will peek behind the scenes and may display evidence of tampering.

Filed under Law Enforcement, OSINT | Comments Off on Internet Search Resource: Forensically

Internet Search Resource: Many Contacts

Posted on December 21st, 2016

Many Contacts is a web-based email search site that leverages unknown API’s in order to deliver social networks associated with an email address. It appears similar to services such as Full Contact, but works within a website and does not require a user account. The result includes direct interactive links to each social network profile. This will usually include Facebook, Twitter and other networks.

screen-shot-2016-12-21-at-1-30-42-pm

Filed under Facebook, OSINT, Twitter | Comments Off on Internet Search Resource: Many Contacts

The Complete Privacy & Security Podcast-Episode 010

Posted on December 20th, 2016

Episode 010: Your Questions – Part One

This week’s episode of The Complete Privacy & Security Podcast is now available. In this episode, we tackle the questions that you have recently sent in.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


Show Notes:

Disconnect: https://addons.mozilla.org/en-US/firefox/addon/disconnect/

Self Destructing Cookies: https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/

HTTPS Everywhere: https://www.eff.org/https-everywhere

No Script: https://addons.mozilla.org/en-US/firefox/addon/noscript/

Fastmail: https://fastmail.com

Protonmail: https://protonmail.com

Faraday Bags:

Edec

https://www.edecdf.com/

https://www.edecdf.com/product-category/faraday-bags/

Disklabs

http://www.disklabs.com/faraday-bags/

Banktivity: https://www.iggsoftware.com/blog/2016/01/banktivity-is-the-new-ibank/

Turtl: https://turtlapp.com/

Note: Justin mentioned that Turtl shares only text notes. This was in error; Turtl can be used to share files.

Yubikey: https://www.yubico.com/start/

SnowHaze: https://www.snowhaze.com/en/


OSINT Segment

ScreenShots: https://www.screenshots.com/


The Complete Privacy and Security Desk Reference

Michael’s Website

Justin’s Website


Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 010

How to Completely Leave Evernote

Posted on December 19th, 2016

I have been watching the drama unfold for Evernote. This extremely popular note-taking application is used by millions of people to organize their lives and thoughts. I used Evernote for many years. I had the app installed on all of my computers and devices. My notes synced perfectly everywhere, and I could add text from anywhere and know my thoughts would be available to me later. I planned several several books with full outlines on Evernote. For a while, my travel itineraries were stored on Evernote. It was convenient and reliable. I no longer use Evernote.

Earlier in 2016, Evernote announced some changes that would impact many users. First, they limited the number of devices that a free user could connect to an account. This decision limited my access to only my laptop and one mobile device. This was fair. I was not paying them, and they had the right to encourage users to purchase their services. This is when I started relying much less on Evernote, and began seeking other solutions. I tried SimpleNote for a while, but it just did not replace Evernote completely. I still desired some of the more robust features. This month, Evernote announced that employees would start reading user’s content, and there was no way to opt-out. The change was proposed as a push towards machine learning to “help you get the most out of your Evernote experience.” It allowed Evernote employees to read through users’ notes in order to ensure that the machine learning technology was working as promised. Users could opt out of machine learning, but there was no way to get out of having notes made available for potentially being read by staff. This seemed very invasive.

The public responded harshly, and Evernote retracted. Evernote CEO Chris O’Neill stated “After receiving a lot of customer feedback expressing concerns about our upcoming Privacy Policy changes over the past few days, Evernote is reaffirming its commitment to keep privacy at the center of what we do. As a result, we will not implement the previously announced Privacy Policy changes that were scheduled to go into effect January 23, 2017.” So, all is good, right? I don’t think so.

I believe that this type of activity will be repeated. Evernote is not upset that they tried to compromise your privacy, they are upset that they were caught. If the public had not noticed this change in the privacy policy, they would not have voluntarily backed down. Further, any content that you store in Evernote is still not secure. It is not encrypted internally, and employees can still access your data. I have seen law enforcement personnel document criminal case activity in Evernote. I also know people that store other sensitive data within the application. This is not appropriate. In today’s climate of data breaches occurring daily, you should not store your life or work in any cloud-based environment without encryption. The following is what I did.

First, I wanted to collect my data from Evernote and populate it into another system. Temporarily, I copied and pasted every note into the default Mac Notes on my laptop. This took some time, but it was nice having my data in a local app that did not connect to the cloud (I do not use iCloud). I then used Evernote’s export option to have the entire notes content in one file that I could always import back into Evernote if desperate.

Next, I wanted to erase all of my content from Evernote. I deleted each note from within the application on my laptop, allowed it to sync, and confirmed that the data was gone from my mobile device. I then properly uninstalled both applications. After, I logged into the Evernote account through a web browser and confirmed my data was gone. Surprisingly, I saw that the content was still present in the “Trash”. We know that services such as email do not permanently delete your content when you click the trash icon, and that you must also remove the data from the trash folder. This applies to Evernote as well. Shockingly, I observed hundreds of deleted notes and revisions dating back to 2010. This content was visible to any Evernote employee that chose to look. I emptied the trash, and clicked on the accounts options. In small text at the bottom of this page is a link to “Deactivate Account”. I pressed this and confirmed my actions. I was notified that I was now logged out of my account, and that it was deactivated. Enough? No.

Evernote still has your account on file. It is still associated with (and searchable by) your email address or user name. There is no online option to completely remove your account. To do this, you must submit a support ticket from the main support page. I chose the drop-down options of “Account”, and then “Deactivated Account”. I submitted the following message:


Hello. I have deactivated my account, and I would like to permanently delete it. I have already emptied the content. Please advise when this is complete.


Within 24 hours, I received the following message:

Thank you for contacting Evernote Support.

We take your privacy seriously. That’s why, when submitting a ticket as a guest, we need to verify who we’re communicating with. Before we can share any potentially private information concerning your Evernote account, please reply to this message to verify that you have access to the email address on file. If you didn’t submit a ticket with Evernote Support, please let us know. If you don’t reply, this ticket will be closed automatically.


I replied to the email confirming my access to the email address on file. Within 12 hours, I received the following message from Evernote:

Hello there, thank you for contacting Evernote Support. My name is Haas and I will be happy to help you sort through this issue.

I’ve verified your account has been deactivated, however, we need to clarify you have removed your account data as we do not provide anyone on our Customer Support team the right to delete your content.

After removing your account data, please reply to this email from the email address on file with the account requesting that we remove your username, name, and email address from our system. If the account has been reactivated in order to delete the content, please ensure the account is deactivated prior to sending the confirmation.


I immediately responded with:

Yes, I have removed my account data. Please remove my username, name, and email address from your system.


Within 24 hours, I received the following from Evernote:

 

Thank you for sending the confirmation. Your Evernote account linked to the email address REDACTED is now closed and your credentials have been removed.


I still have a need for a note-capturing system that syncs to other devices. There are many popular alternatives to Evernote, but none of them encrypt the content that you store on their servers. The only free solution that I found was Turtl. This Open-Source Evernote-like application encrypts your content from end-to-end. This means that no one, even employees of Turtl, can see your content. It is only visible on your devices when you supply the decryption password. Currently, Justin Carroll and I use it for our weekly podcast notes. I can share notes with others, and they can modify in real-time. My only concern is that Turtl is new to the game, and people are flocking to them. This will cause expenses to rise, and I worry about the longevity of the service. They advertise an upcoming premium business plan, which will hopefully remedy any concerns. It is not without bugs. I have had the app crash on me a few times, but data loss was minimal. The flow of creating and accessing notes takes a bit of time to adjust. There is also no way of sorting alphabetically within a “board”, which is similar to a “workbook”. I still recommend it highly. I keep everything sensitive in it, such as my travel details and upcoming book notes. If you use it, please consider a donation to them.

I hope that you consider encrypting anything that you store in the cloud.

Filed under Privacy | Comments Off on How to Completely Leave Evernote

Create Nine New Lives with Sudo

Posted on December 17th, 2016

A few weeks ago, one of my forum users posted about the privacy app Sudo. I had never heard of it, and he swore that it was an amazing new product. It appeared too good to be true. Sudo is a free app that gives you up to nine aliases (or Sudo’s), each with their own email address, username, and phone number. The phone numbers support incoming and outgoing calls and SMS messages. Further, it provides credit card masking for private purchases. It turns out, this app (limited to iOS only) is outstanding. I wanted to know more about the business model, privacy policies, and security practices of the company and app, so Justin Carrol and I interviewed Steve Shillingford (CEO of Sudo parent company Anonyome Labs) for our podcast, which will be released on December 27, 2016. Until then, here is a quick review of the app. A much more detailed explanation will be created for my online Privacy Video Training (January 2017).

Installing the app is automated from the App Store. Creating a new Sudo is painless. Supply any name and create an email address based on the name. Select an area code and be issued a phone number that is attached to the Sudo. Further customization such as photos and colors are also allowed. You can now make calls from this number within the app. Incoming calls will ring through the app if you enable notifications.

screen-shot-2016-12-17-at-8-44-18-am

You can now create up to nine Sudo’s. The lower left image displays the view within the app. Notice the message notifications and icons to access the chat, phone, and email of each Sudo. Communications are encrypted end-to-end. Sudo does not know who you are. The lower right image displays an outgoing call and the Sudo that is making the call. This is very helpful to remind users of the identity being used. This also appears on incoming calls to remind you of how to answer.

1

Finally, SudoPay can be used to make more private purchases. Similar to Blur, add a real credit card as the confirmed payment within Sudo, and SudoPay will create masked card numbers that you can use for purchases associated with any name desired. There are fees associated with each purchase based on the dollar amount of the balance. The image below left displays card number ready for use while the below right displays a SudoPay card associated with a Sudo. This allows you to tie one private card number to a specific name under Sudo to isolate purchases to one alias.

2

There are many possible scenarios for using Sudo. Uber, dating, and online shopping are only the obvious scenarios. I will be expanding much more on this app in the future. Android and Desktop use is in the works, but only iOS for now.

Filed under Podcast, Privacy, Security | Comments Off on Create Nine New Lives with Sudo

ProtonMail adds Two-Factor and Single-Login

Posted on December 17th, 2016

Like many readers, I have migrated the majority of my personal email over to ProtonMail, a free email service with end-to-end encryption. No one, including employees of ProtonMail, can see or give out your content, besides you. When potential privacy consultation clients first contact me, I insist that we only communicate through secure channels, such as ProtonMail.

ProtonMail two-factor is extremely easy to setup, and requires one of the following software tokens: Authy, Google Authenticator, FreeOTP, or Toopher (I prefer Authy). ProtonMail also offers backup codes for emergency use. When you setup two-factor authentication, 16 backup codes are created. These are eight-characters long and alphanumeric (rather than simple numeric codes). With backup tokens you know that loss or destruction of a phone won’t result in a total loss of an email account.

Another interesting feature offered in ProtonMail v3.6 is the ability to use a single password to login and access your mailbox. I only recommend this option if you have implemented the two-factor authentication to your account. Previously, an account password AND a decryption password were required at login.

If you do not use ProtonMail, please create a free account and consider using it for anything sensitive. If you already have an account, please implement two-factor authentication (Instructions HERE). Finally, Andy Yen, the CEO of ProtonMail will be on our podcast in January for an interview.

pm

Filed under Privacy, Security | Comments Off on ProtonMail adds Two-Factor and Single-Login

The Complete Privacy & Security Podcast-Episode 009

Posted on December 13th, 2016

Episode 009: That One Privacy Guy

This week’s episode of The Complete Privacy & Security Podcast is now available. In this episode, we “talk” with VPN expert That One Privacy Guy.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


Show Notes


ProtonMail 2FA

https://protonmail.com

Protonmail blog post by Bart
https://protonmail.com/blog/encrypted_email_authentication/

Authy
https://www.authy.com

Google Authenticator
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

FreeOTP
https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en
https://itunes.apple.com/us/app/freeotp-authenticator/id872559395?mt=8

Toopher
https://www.toopher.com/
https://play.google.com/store/apps/details?id=com.toopher.android&hl=en
https://itunes.apple.com/us/app/toopher/id562592093?mt=8


That One Privacy Guy
https://thatoneprivacysite.net

https://prism-break.org/
http://privacytools.io
https://reddit.com/r/privacy


OSINT SEGMENT

birthdatabase.com
Opt out email: remove@birthdatabase.com

Wayback Machine blog post
https://inteltechniques.com/wp/2016/11/22/discovering-deleted-content-on-the-wayback-machine/


The Complete Privacy and Security Desk Reference

Michael’s Website

Justin’s Website


Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 009

The Complete Privacy & Security Podcast-Episode 008

Posted on December 6th, 2016

Episode 008: Backup Strategies

Our eighth episode of The Complete Privacy & Security Podcast is now available. In this episode, we discuss our recommended Backup strategies for Privacy & Security.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


Show Notes


Backup Prep
– Clean Up MAC: CCleaner/CleanMyMac
– Clean Up PC: CCleaner/BleachBit
– Scan Mac: Malware Bytes/Avast
– Scan PC: Malware Bytes/Avast

Specific Data Backup
Veracrypt

 

Storage
CryptSync (Win)
Cryptomator (Mac)
Tresorit
SpiderOak
iCloud

 

Cloning Programs (Mac)
– Native Command
FreeFileSync
CCCloner

Cloning Programs (Win)
FreeFileSync
CloneZilla


OSINT SEGMENT


Facebook Events

https://www.facebook.com/search/4/events

https://www.facebook.com/search/str/4/events/2010/date/events/intersect/

Facebook Search Tool


The Complete Privacy and Security Desk Reference

Michael’s Website

Justin’s Website

 


Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 008

The Complete Privacy & Security Podcast-Episode 007

Posted on November 28th, 2016

Episode 007: Email Strategies

Our seventh episode of The Complete Privacy & Security Podcast is now available. In this episode, we discuss our recommended Email strategies for Privacy & Security.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


Show Notes

 

Intro:

UMatrix

UMatrix Extension

 

Email Strategies:

ProtonMail

Kolab

Fastmail

Blur

33Mail

NSMI

MailFence

 

Q & A:

BleachBit

Lastpass

YubiKey

Authy Desktop


Please submit your listener questions to us at https://privacy-training.com/podcast.html

podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 007

Discovering Deleted Posts on the Wayback Machine

Posted on November 22nd, 2016

During a recent Live OSINT Course, I demonstrated the new beta search feature of the Wayback Machine. One attendee asked about the benefits of using Wayback on social networks. This has always been a crapshoot, but a controlled demo may spark some ideas about this technique.

I Logged into my Twitter profile at twitter.com/inteltechniques. I grabbed a screen capture of the following tweet which included a photo.

screen-shot-2016-11-22-at-1-42-28-pm

After deleting this entire post, I waited a few hours. I then conducted a search on the Wayback Machine of twitter.com/inteltechniques. The result offered six captures over the past two years. When conducting this search on a more popular profile (ambermac), the result included 138 captures. I navigated to a capture of my Twitter profile on September 8, 2016. Scrolling through the result displayed the following deleted tweet as seen through the Wayback viewer.

screen-shot-2016-11-22-at-1-43-42-pm

This proof of concept is exciting for internet search professionals. The unknown factor is the length of time that this capture will be available. Archiving sites are required to remove any Twitter content that was deleted from the source by the author. The following link displayed the deleted content at the time of writing:

http://web.archive.org/web/20160908084619/https:/twitter.com/IntelTechniques

Similar searches can be conducted on Facebook profiles, but success was rare on Instagram profiles.

Filed under Facebook, Instagram, OSINT, Search, Twitter | Comments Off on Discovering Deleted Posts on the Wayback Machine

The Complete Privacy & Security Podcast-Episode 006

Posted on November 22nd, 2016

Episode 006: The Cost of Privacy

Our latest episode of The Complete Privacy & Security Podcast is now available. In this episode, we discuss the extra costs often related to living a private and secure life. Sometimes, free options come at an unknown cost.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


Show Notes

Complete List of Privacy Links: https://privacy-training.com/links.html

 


Please submit your listener questions to us at https://privacy-training.com/podcast.html

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 006

Internet Search Resource: RootAround

Posted on November 21st, 2016

Reverse image searching is nothing new. My Custom Reverse Image Search Tool currently looks for supplied images across Google, Bing, TinEye, Yandex, and Baidu. A new service called RootAround should now also be considered. This niche product will search any supplied image across a large portion of content on the Internet Archive. You can submit a URL or upload a local image. While the results are minimal, this is the only tool I know that will sift through archives from deleted websites attempting to match an image.

screen-shot-2016-11-21-at-10-22-18-am

Filed under OSINT, Search | Comments Off on Internet Search Resource: RootAround

Internet Search Resource: ScopeDown

Posted on November 21st, 2016

Periscope videos are becoming an increasing target when collecting online information. While I prefer to use a combination of FFMPEG’s software and various batch files to collect live streams in real-time, we also need tools to download previously recorded Periscope videos that are online. I have found ScopeDown to be the last surviving online Periscope downloader. Be sure to enter an entire Periscope URL, but no trailing information that may cause an error. As an example, the following URL will often not work:

https://www.periscope.tv/ambermac/1mrGmAYkvlNGy?t=2

However, cleaning this up as the following will download the video file on ScopeDown:

https://www.periscope.tv/ambermac/1mrGmAYkvlNGy

You should only see the domain (periscope.tv), the user name (ambermac), and the unique video ID (1mrGmAYkvlNGy). Note that this tool will save your video as a .ts file. VLC Media Player will play these, but I always recommend a conversion to MP4 as a supplement to the original .ts file. The following tools both will convert online:

https://convertio.co/ts-mp4/
http://www.zamzar.com/convert/ts-to-mp4/

screen-shot-2016-11-21-at-9-15-55-am

Filed under OSINT, Search, Video | Comments Off on Internet Search Resource: ScopeDown

Internet Search Resource: TerraServer

Posted on November 21st, 2016

Attendees of my Live OSINT Training Course know that I embrace the many resources available to display various satellite views of a target location. This goes way beyond a typical Google Map view. This month, I have added a couple of new options to my All-In-One Satellite View Tool. The first is the TerraServer service. It allows you to specify a location of interest and provides multiple satellite views which have been collected over several years. This helps identify changes at a target location such as vehicles and buildings. The second is GeoSearchTool with Geo-locating abilities for YouTube videos. The results now include uploads to YouTube which have been geo-tagged near your target location. You can find the entire collection at THIS LINK.

screen-shot-2016-11-21-at-8-52-03-am

Filed under Law Enforcement, OSINT, Search | Comments Off on Internet Search Resource: TerraServer

Previous Posts