• Welcome to BellGab.com Archive.
 

FUNCTION RANDOM - All Things Technological On Your Mind

Started by Camazotz Automat, August 17, 2012, 04:04:35 AM

zeebo

Quote from: Juan on August 26, 2016, 04:48:26 PM
Trey Gowdy says Hillary's team used an open source program called BleachBit to wipe her servers.  Anybody here using it?

What I don't get is I heard they recovered some emails, but also that they were shredded this way.  Did the Feds actually reconstruct emails from a wiped drive?  I know supposedly they've got ways of doing it by detecting minute electromagnetic imprints but it just seems impossible if you did like a random-number fill multiple times.  Anyway I've never used that one, I've used both Eraser (for single files) and DBAN (for whole disks).  I think they all work mostly the same way although there are different algorithms to choose from. 

Btw anyone know whatever happened to TruCrypt?  Back in the day it was claimed the encryption was so solid that if you got rid of an encrypted drive you needn't even bother erasing it.  :-\  Was it replaced by something else?

GravitySucks

Quote from: zeebo on August 28, 2016, 03:47:43 PM
What I don't get is I heard they recovered some emails, but also that they were shredded this way.  Did the Feds actually reconstruct emails from a wiped drive?  I know supposedly they've got ways of doing it by detecting minute electromagnetic imprints but it just seems impossible if you did like a random-number fill multiple times.  Anyway I've never used that one, I've used both Eraser (for single files) and DBAN (for whole disks).  I think they all work mostly the same way although there are different algorithms to choose from. 

Btw anyone know whatever happened to TruCrypt?  Back in the day it was claimed the encryption was so solid that if you got rid of an encrypted drive you needn't even bother erasing it.  :-\  Was it replaced by something else?

I think the emails they got were ones that had been sent to other people or from other people. Then they went to those computers and retrieved copies. i.e They looked at Huma's account and found emails that were either to: cc: or from: HRC. Hence the ones to and from "Diane Reynolds" the alias HRC used for Chelsea.

If people were using an email program like Outlook on their PC, wiping the server or deleting emails on the server, would not have deleted copies stored locally on a PC.

zeebo

Ah thanks, Grav.  I can rest assured then that my shredded plans for world domination are unrecoverable.

Juan

TruCrypt decided it had a security incompatibility with some Microsoft upgrade, I think 8, and shut down.

albrecht

http://www.wsj.com/articles/an-internet-giveaway-to-the-u-n-1472421165
I don't understand the technology but in terms of policy would this open up things like banning free speech or sites that criticize the UN or whatever (no more Bellgab etc?)

albrecht

Quote from: zeebo on August 28, 2016, 03:47:43 PM
What I don't get is I heard they recovered some emails, but also that they were shredded this way.  Did the Feds actually reconstruct emails from a wiped drive?  I know supposedly they've got ways of doing it by detecting minute electromagnetic imprints but it just seems impossible if you did like a random-number fill multiple times.  Anyway I've never used that one, I've used both Eraser (for single files) and DBAN (for whole disks).  I think they all work mostly the same way although there are different algorithms to choose from. 

Btw anyone know whatever happened to TruCrypt?  Back in the day it was claimed the encryption was so solid that if you got rid of an encrypted drive you needn't even bother erasing it.  :-\  Was it replaced by something else?
In theory, I guess, with unlimited computing and lots of power some agency could reverse CCleaner, BleachBit etc because of some vunerablities in the algorithm used in the 'random' number generators? But I would think hard to do. Also with the size of harddrives and servers and clouds I would think to really 'erase' something one would need to wipe ALL the drives and several times with the 'random' numbers which, in some cases now, would take a long time. Not sure how physical destruction (magnets, fire, acids, etc could be recovered but apparently there are companies/agencies who can recover stuff that a layman would think 'no way.' Having said that I would've thought, at this point, that once the packets are sent 'out there' through the interwebs that some agency has recorded them so that even if you bleach your personal PC they would still have a record of the traffic?

triola

Quote from: zeebo on August 28, 2016, 03:47:43 PM
Btw anyone know whatever happened to TruCrypt?  Back in the day it was claimed the encryption was so solid that if you got rid of an encrypted drive you needn't even bother erasing it.  :-\  Was it replaced by something else?

https://veracrypt.codeplex.com/

VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt. The following post describes some of the enhancements and corrections done: https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325

VeraCrypt version 1.18a
Rating:        Based on 8 ratings
Reviewed:  7 reviews
Downloads: 44454
Change Set: 33185bf2fff2
   
Released: Aug 17, 2016
Updated: Aug 19, 2016 by idrassi
Dev status: Stable Help Icon

    All OSs:
        Support Japanese encryption standard Camellia, including for Windows system encryption (MBR & EFI).
        Support Russian encryption and hash standards Kuznyechik, Magma and Streebog, including for Windows EFI system encryption.

    Windows:
        Support EFI Windows system encryption (limitations: no hidden os, no boot custom message)
        Fix TrueCrypt vulnerability allowing detection of hidden volumes presence (reported by Ivanov Aleksey Mikhailovich, alekc96 (at) mail dot ru)
        Enhanced protection against dll hijacking attacks.
        Fix boot issues on some machines by increasing required memory by 1 KiB
        Add benchmarking of hash algorithms and PRF with PIM (including for pre-boot).
        Move build system to Visual C++ 2010 for better stability.
        Workaround for AES-NI support under Hyper-V on Windows Server 2008 R2.
        Correctly remove driver file veracrypt.sys during uninstall on Windows 64-bit.
        Implement passing smart card PIN as command line argument (/tokenpin) when explicitly mounting a volume.
        When no drive letter specified, choose A: or B: only when no other free drive letter is available.
        Reduce CPU usage caused by the option to disable use of disconnected network drives.
        Add new volume ID mechanism to be used to identify disks/partitions instead of their device name.
        Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR.
        Add option and command line switch to hide waiting dialog when performing operations.
        Add checkbox in "VeraCrypt Format" wizard GUI to skip Rescue Disk verification during system encryption procedure.
        Allow files drag-n-drop when VeraCrypt is running as elevated process.
        Minor GUI and translations fixes.

    Linux:
        Fix mount issue on Fedora 23.
        Fix mount failure when compiling source code using gcc 5.x.
        Adhere to XDG Desktop Specification by using XDGCONFIGHOME to determine location of configuration files.

    MacOSX:
        Solve compatibility issue with newer versions of OSXFuse.


zeebo

Quote from: triola on August 28, 2016, 09:58:42 PM
https://veracrypt.codeplex.com/

VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt. The following post describes some of the enhancements and corrections done: https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325

Thanks triola ... looks good ... I'll check into that. 

Quote from: Juan on August 26, 2016, 04:48:26 PM
Trey Gowdy says Hillary's team used an open source program called BleachBit to wipe her servers.  Anybody here using it?
All the time.
Think of it as CCleaner++  for linux.

Just how much of her server did she wipe ?  I was under the impression the entire disk was wiped. BleachBit won't wipe your hard drive like DBAN does. It's a cleaning utility.

Hang on...

K

Just pulled it up and here's your options for cleaning:

APT
          autoclean
          autoremove
          clean
          Package lists

BASH
          History

Deep scan
          .DS_Store
          Backup files
          Temporary files
          Thumbs.db

System
          Broken desktop files
          Cache
          Clipboard
          Custom             <---    She may have used this - you can delete any file(s) or folder(s) w/ this option.
          Free disk space
          Localizations
          Memory
          Recent documents list
          Rotated logs
          Temporary files
          Trash

Thumbnails
           Cache


So, if she kept her (30,000) emails in a special folder on her server then yes, she could have wiped them w/ BleachBit. As far as recovery goes, if she wiped the free space also, magnetic resonance recovery (expensive) would have to be used to get those emails back, and it would be iffy if you could even recover them. BleachBit is kind of like the dd command, recovery is not guaranteed, or in some cases, even possible.   


Quote from: zeebo on August 28, 2016, 03:47:43 PM

...
Btw anyone know whatever happened to TruCrypt?  Back in the day it was claimed the encryption was so solid that if you got rid of an encrypted drive you needn't even bother erasing it.  :-\  Was it replaced by something else?
Truecrypt got shut down by constant litigation I think. (Guess who.) To answer your question, yes, by Vericrypt. There is some speculation about vericrypt being backdoored and a lot of peeps are still running the last version (7.1 I think) of truecrypt because of that.


starrmtn001

Quote from: (Sandman) Logan-5 on September 02, 2016, 04:24:22 AM
All the time.
Think of it as CCleaner++  for linux.

Just how much of her server did she wipe ?  I was under the impression the entire disk was wiped. BleachBit won't wipe your hard drive like DBAN does. It's a cleaning utility.

Hang on...

K

Just pulled it up and here's your options for cleaning:

APT
          autoclean
          autoremove
          clean
          Package lists

BASH
          History

Deep scan
          .DS_Store
          Backup files
          Temporary files
          Thumbs.db

System
          Broken desktop files
          Cache
          Clipboard
          Custom             <---    She may have used this - you can delete any file(s) or folder(s) w/ this option.
          Free disk space
          Localizations
          Memory
          Recent documents list
          Rotated logs
          Temporary files
          Trash

Thumbnails
           Cache


So, if she kept her (30,000) emails in a special folder on her server then yes, she could have wiped them w/ BleachBit. As far as recovery goes, if she wiped the free space also, magnetic resonance recovery (expensive) would have to be used to get those emails back, and it would be iffy if you could even recover them. BleachBit is kind of like the dd command, recovery is not guaranteed, or in some cases, even possible.   


But, I can still call her Bleach Bit (ch).  Right? ::) ;D


triola

Quote from: (Sandman) Logan-5 on September 02, 2016, 04:29:10 AM
There is some speculation about vericrypt being backdoored and a lot of peeps are still running the last version (7.1 I think) of truecrypt because of that.

Possible, but it would seem unlikely as it's open source. Of course, that only applies if you compile it yourself instead of running a binary distribution.  Then, of course, you need to be able to recognize it when you see it: https://www.rawhex.com/2016/03/a-guide-to-recognising-backdoors-using-metasploitable-2/

I guess the final verdict will come in when the below mentioned independent audit is performed, insofar as we can trust any third party determination.

To decrease the possibility of any meddling and only after the audit, it would be best to compile the source yourself rather than download the binary. No real way to do a dependable 'diff' on the compiled code, given the makefile options, different OS platform dependencies and various compilers that can be used (the shared .so and .dll files alone will vary appreciably between versions of even the same OS).

"An independent code audit of VeraCrypt is currently in the initial planning stage.[27]

VeraCrypt is based on the source code of TrueCrypt, which passed an independent security audit. Phase I of the audit was successfully completed on 14 April 2014, finding "no evidence of backdoors or malicious code."[28] Phase II of the audit was successfully completed on 2 April 2015, finding "no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances."[29][30]"

https://en.wikipedia.org/wiki/VeraCrypt

Quote from: triola on September 07, 2016, 10:40:09 PM
Possible, but it would seem unlikely as it's open source.  ...
True.
I haven't checked into it for a while either. Thanks for the update.  :)

Excellent rawhex article BTW.


Any active Application Developers here ?
I just came across a nice little 'ware that bakes multi-factor authentication into your application or program. Free for up to 100 users. Perfect if you're on Dev team and want to test drive it.
Limitations:
"Basically you start free and you can test the application with up to 100 of your users. Once you pass that mark, use custom notifications or you want to generate users' encryption keys, we'll ask you to upgrade. If you need more users, you can purchase later in batches of 100. Custom mobile apps however are not free. "   <-- My Bold.

Be Aware; their API servers are in Germany and their domain is registered in the UK. Their webpage runs through the Amazon servers out of Seattle. Nothing to worry about, this is normal, just be aware.

Webpages:  https://docs.unloq.io/                https://unloq.io/features            https://unloq.io/pricing






Interesting. I wonder if they have tested any Bene Gesserit. Seriously though, it would be intriguing to see the results of a Yogi or someone else that has actively practiced calming of the mind. 
Good articles BTW. Thanks.


MV/Liberace!

Quote from: analog kid on June 23, 2016, 12:07:29 PM
I'm wondering if WinXP is still viable. My sister bought a computer that didn't come with an OEM copy of Win7, and the hard drive died. So, after getting a new HD, she has to buy Windows 10, which would cost about $100. I put Linux on it, but she wants nothing to do with it. Only thing else I can do is install XP. Anyone still running that? Is it safe?

i'm late replying to this.  i could send you a disc image of legit windows 7 which will work with the product key on the outside of the computer.  or, you could download windows 10 and install it using that same win7 product key.


MV/Liberace!

Quote from: wr250 on August 16, 2016, 02:16:23 PM
ReactOS 0.4.2 Released

Beyond the usual updates to external dependencies such as Wine and UniATA, much work has gone into refining the experience of using ReactOS, especially with respect to the graphical shell and the file explorer. Perhaps the most user visible change however is the ability now to mount and read from several Unix filesystems, namely ext family, ReiserFS, and UFS. Native built-in support for these filesystems should make for considerably easier interoperability than the current out-of-box experience provided by Windows, and there is more to come in the future.
https://reactos.org/project-news/reactos-042-released

--
there is no spoon, only bacon.

i've been paying attention to this project for a few years now.  always improving.  i hope to be able to use it as my primary OS one day.

albrecht

Quote from: mv on September 24, 2016, 07:32:11 PM
i'm late replying to this.  i could send you a disc image of legit windows 7 which will work with the product key on the outside of the computer.  or, you could download windows 10 and install it using that same win7 product key.
More to the analog kid:
I installed in a crappy laptop from what I can figure is the easiet Linux (something called Linux Mint Mate) and it works great and is pretty much like XP in terms of look and file system (but you can still do other command line stuff if you wish) but otherwise pretty much the same. And anything you want to do with Windows (Excel, Word, STFP, internet browsing) you can do and find free versions of the Microsoft stuff. Then again, I still like XP and run it on another computer but never use either for any business or banking stuff because, I'm told, "no support" but using freeware on the XP and constantly cleaning, scanning, etc I haven't seemed to have any issues? I turn off when not using and even turn off my router when not using but, who knows. Nothing to my knowledge stolen, hacked, or compromised---- except some letter I got from the US government that they were hacked. And I never worked there but since my dad did, decades ago, my stuff might have been stolen! And they want to make MORE government databases and mine us!?



wr250

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources
Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT

i would think that NSA (or whoever does this) has similar demands on all major email providers. yes microsoft, apple and google this means you.

Juan

Back when there was a BellSouth, it turned its email service over to Yahoo - even though accounts kept the bellsouth domain.  I don't know if the rest of ATT did this, but the scanning could be more widespread than just Yahoo accounts.

Quote from: GravitySucks on September 24, 2016, 07:19:53 PM
Laughed my ass off at the imbiciles that would fall for this

https://www.thesun.co.uk/news/1845589/clueless-iphone-7-owners-tricked-into-drilling-hole-in-their-phones-to-get-a-headphone-jack/
O.  M.  F.  G. 

This says more about the state of our education system,  than anything else. Thinking for yourself is actively discouraged and even punished now.  This is the result.  :(

Don't get me wrong, there are plenty of idiots out there though too.
I forget who said it, but the quote goes something like this:

"Never underestimate the power of dumb people in large groups"             ;)

It's on youtube so it's got to be true, right ?
Amirite ?          ...Amirite ?    ::)


Powered by SMFPacks Menu Editor Mod