The goal here is simple: do an awareness campaign for How-to-hide-ip readers when it comes to their privacy on the $10 billion social network called facebook.

The tool we’re going to cover here is FBpwn . If you want to know more about the tool, its development as well as ways to contact the developers, then you’re free to check their website.

So what is Facebook Profile?

In fact, it’s a Java-based program that claims itself as a social engineering platform. It can be used on different platforms, and is released under GPL v3 license. Simply said, everyone can copy, modify and distribute it: so expect a lot of your friends using this application so as to make some jokes, or so as to pick some of your photos.

How does it work?

Once installed on the “hacker’s” computer, FBpwn would send some friend request to a list of FB friends. The same program then checks for those who have accepted the friend requests. Once someone accept the friend request, then FBpwn pumps all the datas it can from each of those friend’s profile: all their information,photos and friend list to a local folder

Quoting the official page of FBpwn, this is how the system works:

Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the clonning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victim’s account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, …etc) for offline examining.

After a a few minutes, probably the victim will unfriend the fake account after he/she figures out it’s a fake, but probably it’s too late! 

Caveats

As a facebook user, you may wonder how you can be protected from such private data pumping? In fact, most facebook users have adopted an approach where they don’t accept friend requests from people they don’t know. Well, it may help on some situations, but if one of those accounts is using FBPwn, then that precaution doesn’t help.

And as you would have noticed, FBpwn even goes further by friending some of your friends so that when you receive a friend request, facebook would show you the common friends you have – this gives you some ” confidence” that this may be a ” good” connection: which is totally a scam, but you’ll only discover it later on – if you’ll ever discover it.

Keep in mind: the purpose of this program is to do a proof of concept. How would you fight against it? That’s another story that probably need some help from Facebook. Anyway, as I always said: never trust that things you post/share on Facebook are private.

Post from: How to hide ip

How to Dump Your Friend’s Facebook Profile and “private” Data?

Related Posts

1. Facebook Privacy Settings: Are They Doing Enough to Protect Your Data?
2. Facebook+Skype+Microsoft: The Triumvirat?
3. Why Commenting With Your Facebook ID Is a Bad Idea?

Let’s suppose that you are a Windows user (you can choose any other operating system – the following usually stands true). Most of the times, you have a workstation/computer that automatically mounts all your local hard disks. But for the purpose of easing things to the user, your computer also setup some mechanisms to make it easier to the user to connect to some network resources. So if we go back to the Windows user, it’s more than likely that this computer has a mechanism that allows easy connecting to network shares. This is very practical if you are working on your company’s network, or if you have a home network. What it actually does is the following: once you’ve connected to those network resources, your computer tries to cache the credentials for accessing them, then from time to time, those cached credentials are checked again so as to verify if you are allowed to access the resources.

Now, let’s say that, for once, you are not working from home, nor from your company’s network. Let’s say that you are travelling and for once, you went to a public cybercafé for checking your mails via a wi-fi network (or even an Ethernet/cable network). You know, we often think that we’re only going to check our e-mail and that it doesn’t come up with serious security issues. Well, think again. This is where the packet sniffing thing comes up.

Let’s say that I’m the bad guy in the cybercafé that is using that packet sniffing software on my routers. My intent are clear: I want to “listen” to all the packets that are going on my network so as to “collect” some credentials (username and passwords for example) that I can eventually use later on.

So I give you the credentials for using my WI-FI connection, then your computer got automatically setup for accessing the internet. Now you’re set to check your e-mails. But the thing is, your computer is doing more than checking your e-mails. From time to time, your computer will try to reestablish the network connections that are already configured on your computer: remember the ones that you ad at home or at your office. IT will then broadcast some data for checking it and chances are that it will provide the credentials over the network. Depending on your configurations, chances are that those credentials would be resent over the network – my Wi-Fi network: by using a packet sniffing on my network, I can collect all your network packet, the reconstitute them so that I can “read” what you’ve done, and eventually have copies of the credentials that your computer have issued.

The same applies if you aren’t using HTTPS for reading your e-mail. HTTPS encrypts your web connection. If, for some reasons, you still access your e-mail through HTTP, then don’t be surprised if I’d be smiling a lot on my corner since I would clearly see your username and password while you type them by using a packet sniffing software.

Post from: How to hide ip

Do You Know What Packet Sniffing Is? If Not, Then You Should.

Related Posts

1. New method to hide secret messages in internet traffic
2. What Kind of Informations Are Available to Other Users Over a WI-FI connection?
3. Connecting Over a Public WI-FI: Consider Using a VPN

This truly is a legitimate question. If we think about it, by using a VPN solution, we are redirecting all our traffic into one gateway (the VPN server) so that it manipulates our IP packets, the replaces some headers so that our traffic are seen as originating from the VPN server instead of our actual computer. Well this is an over-simplified explanation of how a VPN works, but it gives a simple picture of the whole system.

So the concern of our reader is justified. By sending all our traffic to a VPN provider, we are empowering them to screen every bit of our traffic. This means that we now have two gateways:

• First, all the internet traffic that we have goes through our ISP: we can’t overcome it. We always need to have an ISP or gateway that will connect us to the rest of the world,
• Second, we are adding a second layer that also acts as a gateway if we chose to work with a VPN provider.

By using only the ISP, we know that the ISP administrators can screen all your traffic. In order to prevent that, we can use a VPN provider that will encrypt all traffic between you and the VPN provider, thereby preventing the “screening” at the ISP side. But then, how do we make sure that our data aren’t screened at the VPN server-side?

This whole thing doesn’t build trust, does it?

In fact, what we really want to know is the logging that is made at the VPN server side. At the client side, we can eventually see some information when the VPN client is connecting (it shows for example the reasons if you can’t connect), but once you are connected, you usually don’t see anything really interesting, even though you enable the verbose mode which should show you more information. I, for example, checked the log on my VPN client, and found out that the log is reporting a lot when initiating the connection (DHCP configuration, handshaking process, …), but since the connection is established, it goes on mute mode. And most of the times, the log format is unreadable for the non-techie person.

The only thing that we can be sure is: at the VPN server side, the service provider can run a packet-sniffer that will log all the traffic – coupled with the VPN logs, they have all the ability to reconstitute your traffic. So back to the initial question: how do we check how our VPN log is traced, I think it all comes down to the same answer: as client, we can’t. It all depends on how the VPN provider has configured his logging feature on his own servers.  But the same applies to the logs at our ISP: they can trace it all, but as clients, we just can’t have access to those logs (unless you have a federal court adjunction).

Post from: How to hide ip

What Is Logged Into a VPN Connection?

Related Posts

1. What Kind of Informations Are Available to Other Users Over a WI-FI connection?
2. 5 Things That May Impact Your VPN Connection
3. Is a Free VPN Safe?

We all have heard countries who ban access to different services: from China to some countries during the “printemps arabe” where major revolutions happened in most of arabic countries . It all started with blocking access to major user-generated-content platforms (twitter, youtube, facebook, …). In fact, governments can do so by imposing some kind of control on all international internet gateways in their countries – every internet going through those gateways, they can filter out every traffic based on website address, IP address, protocols, type of content, …

In fact, the number of internet gateway for one country is limited, the main challenge for an entity who wants to filter is to take control (or at least be able to monitor) those gateways. Internet technology has it that everything is following standards and protocols, though easing the filtering process. While some protocols can use different ports randomly, the main challenge for the censor is to filter the initiating connection.

So how does it work from your user point of view: initialy, you want to use the regular applications (skype, instant messaging, …) or go to regular websites  (online mail laike gmail, yahoo, hotmail, …) or social media platforms (facebook, youtube, twitter, …) then try to use them as you normally do. You either see an error message stating that the access to the site has been blocked (well, at least if they are kind enough to inform you), or you see nothing happening on your computer …

While there is no one-size-fits-all solution for each problem you may be facing, it’s always good to take the following precautions:

- setup your workaround measures while it’s working. I can’t stress it enough. Figure out how can censorship come to you (based on the articles I just wrote or based on other online ressources), and set and test the appropriate workarounds,

- Test either of the following workaround:

• using some web proxy and endure the ads served by those web proxy service providers. Be careful though as some websites aren’t compatible with these implementations,

• use some VPN services so as to send your traffic through a secure and encrypted connection when going out of your country. However, as the China experience pointed out the Chinese Government has also begun blocking some VPN implementations (PPTP and L2TP based). Any way, SSTP and OpenVPN implementations seem to be working yet (until the port used will be blocked too)

Moreover, with the convergence of ICT technologies, it is now possible to use SMS for example to update twitter, thereby not using the internet-way, other solutions are expected to go mainstream.

So how can you overcome such censorship? Tor can eventually be you savior.

Post from: How to hide ip

Simplified View of Internet Censorship – Part II

Related Posts

1. Simplified View of Internet Censorship – Part I
2. Why Internet Users Must Use VPN? – Part I
3. Internet Censorship Around The World

This actually is a simple explanation geared toward those who want a better understanding of how things work. So let’s say you are based in China. You know that whatever device you are plugging to the internet has a unique IP address attached to it. Every communication you make on the internet is “tagged” with this IP address. On the other side, any server or peer you are talking to on the internet also has an IP address. Just think of it as your postal address so that the factor knows which route to send your letter through.

The first censorship can be done on your computer. Let’s say for example that you are working within an organization that has some policies with regard to using the internet (you are probably facing it: major sites like facebook and youtube are not allowed to be browsed from your company’s network). In fact, some companies set some specific proxy configuration on your browser and do not allow you to change it. In fact, the IT administrator is forcing you to go through a proxy server by setting it on your browser. If you are falling into that specific scenario, you can be sure that the IT administrator has setup other ways to blocking you from accessing those websites. In fact, you usually are not allowed to change any settings on your browser. The only solution that comes to my mind for overcoming those kind of censorship is to use some web-based proxy servers. Although it’s not really convenient (most web proxy serve you a lot of ads), at least you can end up accessing some blocked websites.

Why does this solution work most of the times? It works since more often than not, when blocking websites, IT administrators limit it on a per-destination basis: which means that they centrally maintain a list of websites that their users are not allowed to browse instead of a deny-all and only authorize approved website policy. This actually means that there is a very high probability that the web proxy that you’ll be using won’t be included into the list of website that you are not allowed to browse.

On the part 1 of this serie about “simplified view of internet censorship”, we discussed about how this censorship can be performed on your corporate computer. Now let’s go a bit higher on the connection path and discuss about what can be done on the corporate firewall or proxy side of things.

Most of the times, corporates have one or two internet connections: this connection being a limited ressource, IT administrators tend to limit its usage. The censorship at this stage can take the form of bandwidth limitation (which is still fine since you can still browse most websites although it can be slow), or denial of access to some websites. This is usually done at the firewall side of the company’s router. Simply side, the filtering is done at the router that is acting as a gateway to the internet.

The filtering can be implementing via different solutions:

- either by checking against regular expressions (or regex) the URL of the destination website the user is trying to see. It is then common that IT administrators limit any file download that has the .mp3 extension (or .torrent, .mp4, …)

- or filtering by protocols and ports: this is what is actuallydone when the IT administrator denies applications like peer-to-peer since those applications actually need to initiate a communication via a specified port. This can be done at the corporate side or at the ISP side

- or by using some publicly maintained database of “blacklisted sites”. Most proxy servers nowadays can use those public database of blacklisted sites

- or by limiting by the originating IP address: as I told earlier, IT administrator has a clear map of IP address-computer database, because of that, they can say that for your particular IP address, some websites are not allowed to be reached. The only solution for you, for such case, is to use another computer that has eventually less restriction …

Those are simple explanations on what can be done at the corporate or ISP side when it comes to “censorship”, on the next article, we will address it on the country-level.

This is only the part one of this serie, on part two, we’ll be discussing about how censorship can be done at the country level. Stay tuned.

Post from: How to hide ip

Simplified View of Internet Censorship – Part I

Related Posts

1. Simplified View of Internet Censorship – Part II
2. Internet Censorship Around The World
3. The Chinese Dragon: Censorship of the Internet

So let’s consider a VPN service. How does it actually work? Let’s just take a simplified vision:

- You chose a VPN provider – let’s say xxVPN.com,

- You are then usually given credentials and a software for connecting through the VPN. On a basic package, your operating systems already comes with a VPN client software – you only have to configure it properly provided that you have all the needed information (the protocols used, the encryption supported, …). I’m not going to get into the details of the protocols for encrypting whether it is for the header or for the body of the IP packet,

- On some more elaborate VPN packages, the provider will give you an additional software that eases the installation and configuration process. This usually is a proprietary software,

- Then you use your credentials to setup the VPN connection. This VPN  actually is a kind of tunnel where all your traffic goes through before reaching the internet/intranet. On the same time, it “impersonates” you by giving you a temporary IP address that will be visible by the whole internet – though “hiding” your actual IP address

- All your internet traffic then goes through this one single tunnel.

Now let’s see this whole process from a safety point of view and bring some elements of answers to the question raised on the title of this article. I’m going to ask you to answer the following questions first:

- To what degree would you trust a third-party provider that you barely know who promises you some kind of security by asking you to route all your traffic through their unknown tunnel?

- How do you actually check if all your traffic are actually encrypted?

- How do you ensure that your traffic are actualy strongly encrypted so that no man-in-the-middle would be able to sniff it and decrypt it easily?

- Would you conduct a private transaction (let’s say bank-related transaction for example) by going through a third party provider that you haven’t done any business before and that still needs to earn your trust?

Check your answers, and if you are hesitating for any of those questions, then I’d recommend you not use those services for any privacy-concern-related activities you’d do on the internet.

Post from: How to hide ip

Is a Free VPN Safe?

Related Posts

1. Free Internet For Your Mobile Phone via Opera Mini Handler: How Safe Is It?
2. HideIpVPN – Free UK and US VPN Service
3. AirVPN.org – Free and Paid OpenVPN Service with French IP

Step 1.  Open Network and Sharing Center from Control Panel

Step 2. Choose Set up a new connection or network.

Step 3. In the next window, choose Use my Internet Connection (VPN)

Step 4. Type in the address in either domain name or IP address (you should receive these information from the VPN service provider), and name the connection in the destination name box. Then click Next.

Step 5. In the next window, enter your username and password for the VPN access. And click Create. You’re all set if you see the next window as below.

Step 6. To launch it, simply click the small network icon on the system tray at the bottom right corner, and pick the connection we just created from the popup list, and Connect.

[Via Windows7Hacker.com]

Post from: How to hide ip

How to setup a VPN connection in Windows 7

Related Posts

1. How to set up VPN connections in Windows XP
2. How to Set Up an IPSec VPN Connection
3. How To Configure A VPN Connection On Your Google Nexus One

Every email received contains the routing of the email and the originating IP of the email sender. Not all emails can be traced back to the originating point but most of them can.

First step: get the email headers

No matter what email application you are using, the headers are usually just one right-click away. Here is how to find them for the most common email programs:

• GMail  – Open the email. In the upper right corner of the email you’ll see the word Reply with a little down arrow to the right. Click the down arrow and choose Show Original.
• Yahoo! Mail – Right click the email in the inbox and choose View Full Headers.
• Windows Live Mail – Right click the email while it’s in the inbox, choose Properties, then click the Details tab.
• Hotmail – Right click the email in the inbox and choose View Message Source.
• Outlook – Right click the email while it’s in the inbox and choose Message Options. A window will open with the headers in the bottom of the window.
  

Second step: trace the IP address

After you find the headers, copy them to clipboard (Ctrl+C). Next, go to MyIPTest.com email trace page, paste the header (Ctrl+V) and press Check it button. You will get a table containing the IP address of the sender and IP addresses of the servers that have routed the email. To find more info about the IP addresses, press Check Whois button.

Post from: How to hide ip

How To Find The Email Sender’s Original IP Address

Related Posts

1. How to find the IP address of the email sender in Microsoft Outlook
2. How to find the IP address of the email sender in Yahoo! Mail
3. How to find the IP address of the email sender in GMail

The solution for this problem is very simple. Not need to use proxies, hide IP tools, etc. All you need to do is to renew your IP address.

Step 1. Copy the following commands into Notepad

Echo ipconfig/flushdns
ipconfig/flushdns
echo ipconfig/release
ipconfig/release
echo ipconfig/renew
ipconfig/renew
exit

Step 2. Save the file to changeip.bat
Step 3. Run the file (double click on it)

If you try to run this on Vista you have to to right-click the shortcut for the file and choose ‘Run as Administrator’.

Important! This works only if you are using a dynamic allocated IP address.

Post from: How to hide ip

How to change your ip address using ipconfig command

Related Posts

1. How To Change My IP Address Permanently
2. 7 Ways To Change Your IP Address
3. The IPCONFIG Tool

Firefox has built-in feature to clear temporary files and internet history, but this might not be enough. The problem is that this info is not actually deleted from your hard disk. There are specilized tools that are able to recover this kind of info even after drive format.

Solution? Set your browser not to store any private data (history, passwords, etc.) at all. Since not data is stored you don’t need to delete it and no one will be able to ever see it.

For Firefox, the following components need reconfiguration: Privacy Settings and Saved Passwords. Let’s see how to do it.

Privacy Settings

Browsing History

In order to make the proper settings for browsing histroy go to Tools menu, then Options and Privacy tab in the open window. There, you need to uncheck all boxes that enable logging of browsing history and user entered strings. Take a look below to see how the settings should look like.

The danger of the storing browsing history is that the address of every web page you visit is recorded and stored / written on your hard drive.

Cookies

Cookies are used by websites to store little data snippets in your browser. A lot of sites (alomost all) leave such cookies in your browser. This a sign the you have visited a certain site.

Firefox has an option to remove cookies when it’s exited. There is another option as well, to not accept cookies at all, but this is not really an option as many sites need these cookies to work properly.  

In order to set up Firefox to delete your cookies when you exist you have to choose Keep until: I close Firefox option.

Private Data

Firefox can clean up any remaining traces of data. The best option is to enable it to clear data whenever you close the brower. Only problem is that if you crash or power down without proper shutdown this procedure won’t be executed, so keep that in mind.

To set up this, check the ”Always clear my private data when I close Firefox” and click on Settings.

Then,  check that all the options in the window are enabled.

Saved Passwords

You have to be extra careful with saved passwords. Imagine what could happen if someone steals your PayPal password. 

Only recently Firefox started use of encrypted saved passwords. The ramifications for the stolen saved passwords are immense. The best way to protect your passwords is not to save them in the browser.

To make sure no password is stored by Firefox, go to Security tab and uncheck Remember passwords for sites.

[Via ProxySwitcher]

Post from: How to hide ip

How to configure Firefox to increase your privacy

Related Posts

1. Hide Your Surfing Trails With Private Browsing Firefox Addon
2. How to configure Firefox 3.5 to use a proxy
3. How to configure Firefox to work with Ultrasurf