Tor_and_The_Dark_Net_Remain_Anonymous_and_Evade_NSA_Spying_by_James

Recommendations

Info

In this article we are focusing on just the concept of DDR, DDR2 and DDR3.These are newer versions of DRAM that keep getting better, and I believe we are currentlyup to DDR4. But most computers circulating around today have DDR2 and DDR3 in themunless they are older computers, this includes laptops. DRAM is known as a type ofvolatile memory; it is computer memory that requires power to maintain the storedinformation. It retains its contents while powered, but when power is interrupted, storeddata is quickly lost. But how quickly is it lost?In 2008, a group of researchers wanted to see the practicality of extracting unencrypteddata from the RAM in your computer. They argued that DRAMs used in most moderncomputers retain their contents for seconds to minutes after power is lost, even atoperating temperatures and even if removed from a motherboard. And by using ananalysis tool they were able to search for key files (such as PGP keys) held in the RAMthat could be used to decrypt encrypted volumes (drives) on your computer. Theysuccessfully were able to decrypt volumes using BitLocker, FileVault, dm-crypt, andTrueCrypt. Below is the abstract of their research.“Lest We Remember: Cold Boot Attacks on Encryption KeysAbstract Contrary to popular assumption, DRAMs used in most modern computersretain their contents for seconds to minutes after power is lost, even at operatingtemperatures and even if removed from a motherboard. Although DRAMs becomeless reliable when they are not refreshed, they are not immediately erased, and theircontents persist sufficiently for malicious (or forensic) acquisition of usable fullsystemmemory images. We show that this phenomenon limits the ability of anoperating system to protect cryptographic key material from an attacker withphysical access. We use cold reboots to mount attacks on popular disk encryptionsystems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no specialdevices or materials. We experimentally characterize the extent and predictabilityof memory remanence and report that remanence times can be increaseddramatically with simple techniques. We offer new algorithms for findingcryptographic keys in memory images and for correcting errors caused by bitdecay. Though we discuss several strategies for partially mitigating these risks, weknow of no simple remedy that would eliminate them.”https://citp.princeton.edu/research/memory/ [Abstract] http://citpsite.s3-websiteus-east-1.amazonaws.com/oldsite-htdocs/pub/coldboot.pdf[Full Text]This was very troubling to most people, and had many people freaking out when theresearch paper was released back in 2008 because even tough encryption tools likeTrueCrypt could be rendered useless with an attack like this. Upon further analysis of thepaper, I wanted to note that they used SDRAM, DDR and DDR2, and not DDR3 becauseit was not available at that time. This prompted TrueCrypt to release the followingstatement on their website.“Unencrypted Data in RAMIt is important to note that TrueCrypt is disk encryption software, which encrypts
only disks, not RAM (memory).Keep in mind that most programs do not clear the memory area (buffers) in whichthey store unencrypted (portions of) files they load from a TrueCrypt volume. Thismeans that after you exit such a program, unencrypted data it worked with mayremain in memory (RAM) until the computer is turned off (and, according to someresearchers, even for some time after the power is turned off*). Also note that if youopen a file stored on a TrueCrypt volume, for example, in a text editor and thenforce dismount on the TrueCrypt volume, then the file will remain unencrypted inthe area of memory (RAM) used by (allocated to) the text editor. This applies toforced auto-dismount too.Inherently, unencrypted master keys have to be stored in RAM too. When a nonsystemTrueCrypt volume is dismounted, TrueCrypt erases its master keys (storedin RAM). When the computer is cleanly restarted (or cleanly shut down), all nonsystemTrueCrypt volumes are automatically dismounted and, thus, all master keysstored in RAM are erased by the TrueCrypt driver (except master keys for systempartitions/drives — see below). However, when power supply is abruptlyinterrupted, when the computer is reset (not cleanly restarted), or when the systemcrashes, TrueCrypt naturally stops running and therefore cannot erase any keys orany other sensitive data. Furthermore, as Microsoft does not provide anyappropriate API for handling hibernation and shutdown, master keys used forsystem encryption cannot be reliably (and are not) erased from RAM when thecomputer hibernates, is shut down or restarted.**”To summarize, TrueCrypt cannot and does not ensure that RAM contains nosensitive data (e.g. passwords, master keys, or decrypted data). Therefore, aftereach session in which you work with a TrueCrypt volume or in which an encryptedoperating system is running, you must shut down (or, if the hibernation file isencrypted, hibernate) the computer and then leave it powered off for at leastseveral minutes (the longer, the better) before turning it on again. This is requiredto clear the RAM.* Allegedly, for 1.5-35 seconds under normal operating temperatures (26-44 °C)and up to several hours when the memory modules are cooled (when the computeris running) to very low temperatures (e.g. -50 °C). New types of memory modulesallegedly exhibit a much shorter decay time (e.g. 1.5-2.5 seconds) than older types(as of 2008).** Before a key can be erased from RAM, the corresponding TrueCrypt volumemust be dismounted. For non-system volumes, this does not cause any problems.However, as Microsoft currently does not provide any appropriate API for handlingthe final phase of the system shutdown process, paging files located on encryptedsystem volumes that are dismounted during the system shutdown process may stillcontain valid swapped-out memory pages (including portions of Windows systemfiles). This could cause ‘blue screen’ errors. Therefore, to prevent ‘blue screen’errors, TrueCrypt does not dismount encrypted system volumes and consequently
Page 2 and 3:
Tor and The Dark NetRemain Anonymou
Page 4 and 5:
A FEW RECOMMENDATIONSCOLD BOOT ATTA
Page 7 and 8:
INTRODUCTION TO TOR, HTTPS,AND SSLF
Page 10 and 11:
PGP, TAILS, VIRTUAL BOXSo keep in m
Page 13 and 14:
PGP Continued..Ok, so by now I am a
Page 15:
and save it on your SD card or USB
Page 18:
The reasoning behind this is that s
Page 21:
Please get a clearer idea of how th
Page 25:
EXIF DATAI forgot to mention above
Page 28:
Third, drop the attitude. Do not ar
Page 31 and 32:
subscriber. No matter how tough the
Page 34 and 35:
THE ADVANTAGES ANDDISADVANTAGES OF
Page 37 and 38:
CONNECTING TOR -> VPN FORWINDOWS US
Page 40:
TRACKING COOKIESNext time I want to
Page 43 and 44: And in this particular case, the fe
Page 46 and 47: LEARNING FROM OTHERS’MISTAKES. HO
Page 48: So when you are doing your freedom
Page 51 and 52: user sup_g to his real identity.“
Page 54 and 55: WHERE YOU MIGHT CONSIDERRUNNING TO,
Page 57: SECURING YOUR ACCOUNTS FROMFBI MONI
Page 60: encryption keys and SSL keys that p
Page 63: TOR. And since Tails establishes it
Page 66 and 67: where it says verify the integrity
Page 68: Manager. We are going to import the
Page 71: same good practices you are used to
Page 74 and 75: transportation, wear a hat, and all
Page 76: creating a wallet and logging in to
Page 79 and 80: you are using it. There is no reaso
Page 82 and 83: MONITORING YOU WITH ANANTENNAFirst
Page 85 and 86: COOKIES & JAVASCRIPT REVISITED,PLUS
Page 87: whole, it can make it easier to ide
Page 91: COLD BOOT ATTACKS,UNENCRYPTED RAM E
Page 95: with DDR1, DDR2 and DDR3 and their
Page 98: defeated CryptoLocker, and this is
Page 102 and 103: “5.20.130.121:9001 63dd98cd106a95
Page 104 and 105: enforcement or the NSA would do. So
Page 106 and 107: relay broker the connection between
Page 108: Currently there are other pluggable
Page 112 and 113: BITCOIN CLIENTS IN TAILS -BLOCKCHAI
Page 115: ConclusionI hope this book was able
show all

Tor_and_The_Dark_Net_Remain_Anonymous_and_Evade_NSA_Spying_by_James

Create successful ePaper yourself

Delete template?

Save as template?