Insights For Success

Strategy, Innovation, Leadership and Security

Internet

Did hackers hijack your home network DNS service?

GeneralEdward Kiledjian
book-1659717.jpg

Hackers are crafty and will use any means at their disposal to trick you or steal from you. One such technique is called DNS hijacking. 

DNS is the internet's phonebook. Your browser automatically converts a URL into a numerical address that can then be routed through the internet. 

They can redirect you anywhere they want by changing the server that resolves your DNS queries (aka your phonebook). They can inject advertisements into your browsing or trick you into installing their TLS certificate so that they can intercept traffic you think is secure (think banking, healthcare, e-commerce, etc.).

Rather than provide a technical roadmap on how they could accomplish this, this article aims to provide an easy way for you to check right now.

Checking your DNS

The Internet provides a lot of websites for checking DNS settings and finding out which DNS server is in use. If you do not recognize it, then you probably need to dig in a little more and figure out why.

In most cases, if you haven't changed the default settings, your DNS service will be provided by your ISP. 

Who is my DNS, is a simple service you can use.

Screen Shot 2021-08-08 at 9.44.18 PM.png

F-secure is another simple option you can check out.

Screen Shot 2021-08-08 at 9.45.44 PM.png

You will then get a summarized result./ If you want more details, click on “View results in detail.”

Screen Shot 2021-08-08 at 9.48.26 PM.png

You then get a results page.

I have cropped the right side to protect my information.

Screen Shot 2021-08-08 at 9.49.07 PM.png

If you live in the USA, your info is probably on this site and how to delete it

GeneralEdward Kiledjian
Untitled.png

There are lots of “less than reputable” websites that scrape the web for your information and then make it cheaply available to anyone willing to spend money.

I recently found a website that has a ton of information about many Americans including address, telephone number and even some relationship information.

Once you enter your name and state, it will show you a list of possible “victims”. You choose your listing and prepare to be astounded by the amount of information they have about you.

Now that your are properly terrorized, here is how to remove your information from Cyber BackGRound Check

  1. Go here: https://www.cyberbackgroundchecks.com/removal

  2. Agree to the conditions and enter his email address

  3. Complete the CAPTCHA and then click “Start Removal Process.”

  4. Find your records and click the Remove My Record button at the top of the page (must be on the details page of your profile to do this)

  5. Check your email for the removal confirmation note and click the enclosed link

  6. 48-72 hours later, your information should be removed from the site

A Canadian company breaking Internet censorship 

GeneralEdward Kiledjian
china-3303411.jpg

Controlling the flow of information is a critical tool in the arsenal of despots, dictators and authoritarian regimes. Some countries want to block a handful of internet sites (Facebook, Instagram, Twitter, etc.) while others exert an almost inconceivable stranglehold on the internet (think Iran). 

When we think of censorship, the typical list that comes to mind is North Korea, Iran, China and Cuba. The list is much more worrisome than that and includes countries such as Bahrain, Ethiopia, India, Pakistan, Russia, Saudi Arabia, Sudan, Syria, United Arab Emirates and more. Other countries typically offer an open internet to their population except during major events like Egypt during the spring uprising. 

Enter Psiphon

Psiphon is a Canadian company that started at the Citizen Lab intending to design censorship busting technology. It is an open-source tool designed to allow citizens living in restrictive regimes to access "forbidden content easily." The basic version of Psiphon that is free for everyone forever without requiring is account is speed limited to 2Mb/s. You can earn (by watching promo advertising videos) or buy PsiCash, which allows you to unlock faster speeds for a certain amount of time (up to 5Mb/s).

Earning PsiCash

As an example, watching a 30-second video ad earns you 35 PsiCash. You can watch about 5 in a row (earning you 150 PsiCash). You can exchange 100 PsiCash for 1 hour of "speed boost."

This is likely how citizens of repressive regimes would use the tool. If you are willing to spend cash via the Google Play store, you can buy 1000 PsiCash for $0.99CAD (10 hours of "speed boost"), 5000 PsiCash for $4,99CAD (50 hours of "speed boost"), etc. Every chuck of "speed boost" you buy starts counting down once you activate it.

Screenshot_20200628-150726.jpg


If you want a more traditional monthly subscription with unlimited use, you can opt for a recurring subscription.

Screenshot_20200628-152114.jpg

Or you can opt for an onetime pass unlimited use pass (if you are travelling to one of the regions that censors the internet)

07-01-2020_Image3.jpg

Who are these monthly recurring subscriptions for? They are for regions where the population is much better off (think Saudi Arabia) or for users that work in environments where undesirable internet sites are blocked (e.g. corporations, universities, etc).

DNS Leak Tests

I conducted a bunch of DNS Leak tests on Windows & Android and didn't detect any leaks. On some tests, Google DNS servers did show up but these were proxies by Psiphon so your confidentiality is protected. 

Different App Versions

You can download Psiphon from the Google Play Store, from the Apple AppStore, from their website (for Android or Windows).
 
If you send an empty email to [email protected], they will respond with an automated response listing different AWS URLs you can download the client from. The purpose of this option is to make the download available from cloud providers that are typically allowed. 

07-01-2020_Image5.jpg

Some news-oriented newspapers blocked in certain regions recommend you use Psiphon to access them (BBC, The Intercept, etc.). These sites even set up the same type of email download link response service, to help you find Psiphon easier (e.g. The Intercept set up [email protected]).

Most platforms offer 2 versions of the Psiphon app (basic and Pro). The basic version is the all free version, capped at 2Mb/s and it comes with small ads.

The Pro version seems to have more prominent ads but offers the option to have them removed if you buy a monthly subscription. 

The subscription and "speed boost" pricing is only available in the app, and pricing is region-specific (The high-speed monthly subscription seems to be $9.99USD/$14.99CAD/£9.99.) 

Last year Psiphon offered a 30 day trial for the subscription but has now lowered the trial to 7 days. 

Ease of use

Once you install the app, you can immediately start the speed-limited service. It does not require any type of registration. This lack of red tape speeds up the process but also means any PsiCash you buy is bound to that device and that particular installation. If you clear the app cache or reinstall the app (even on the same device), you PsiCash is gone.

During my initial test, I sideloaded the app on Android and wasn’t shown ads during use. That behaviour may change, so your mileage may vary. The Google Play versions I installed did show me ads.

07-01-2020_Image6.jpg

You will notice a **Stats** menu option in the previous image; this shows you how much data you have uploaded and downloaded. This is less of a concern in industrialized regions, but many developing countries have expensive data plans. This **stats** option aims to help users make smarter data usage choices.


How secure is Psiphon?

This article will not be a technical evaluation discussion about their security; however, you should read this section to ensure you understand what it does and what it does not. Psiphon is, first and foremost, a censorship busting tool. It uses a variety of technologies to ensure they can bust through most of the time. They combine different technologies like always changing server IPs, a series of cascading protocols (SSH, VPN, handshake obfuscation, etc.) and other anti fingerprinting techniques.

These work excessively well. A buddy in China installed the Android version and freely accessed restricted sites (consistently over a test period of a week). All traffic from your device to the Psiphon servers is always encrypted, and they don't log any personally identifiable information. The last piece is that the software is open-source and can be inspected by anyone.

This service is NOT a replacement for other more common western VPNs like ExpressVPN, NordVPN, ProtonVPN, etc. Psiphon does a much better job of breaking through censorship controls. Still, it does not offer all of the privacy-protecting tools that traditional VPNs do (CyberSec DNS from Nord or the ability to control where you exit the network).

Psiphon does not claim to increase your privacy because they don't protect you from website fingerprinting, beacons on the web or other privacy destroying techniques.

Psiphon shares aggregated information with its commercial partners.

Use Psiphon is you need to break censorship controls.

If you need strong privacy, go TOR (TOR does not work in most censoring regions).

Conclusion

I read a ton of discussions about Psiphon on different social media sites from people claiming to in repressive regimes. Even with the fact it is slow, clunky and not the most beautiful app, it provides a critical service that nothing else seems to offer.

Most users benefit from the free version, and Psiphon doesn't have an army of support people waiting to chat with you or respond to your emails.

If you are in a country that controls the internet, try TOR first. If it doesn't work, then jump to Psiphon.

If you live in one of the western countries where we enjoy relatively unfettered access to the internet, you would be better served by a traditional VPN service.

Mozilla Firefox 67 will allow letterboxing to protect your online identity

GeneralEdward Kiledjian

September 2016 I wrote an article entitles “Your browser will betray your identity” that discussed the various techniques legitimate (marketers) and illegitimate (threat actors) use to keep track of your identity even if you aren’t logged into any of their sites.

The purpose-built TOR version of the Mozilla Firefox browser has (for a while) implemented a technique called letterboxing to protect users from this type of nefarious identification through browser fingerprinting.

Most browsers allow a site to send client-side javascript code that detects the display size of the browser. This technique is used to create dynamically generated webpages that are optimized for the device size you are using. This is why modern well-designed websites render correctly on large 24" desktop screens and 6" smartphones.

Would you be surprised to learn that this can be one dimension threat actors or marketers can use to start deanonymizing you?

The privacy team behind the TOR project goes to great lengths to maximize your privacy while using their anonymizing network by minimizing your data exhaust while browsing the web. We have seen the Firefox team backport some of these privacy enhancements back into the mainstream Firefox. This backport initiative is called TOR Uplift and started in 2016.

In release 67, expected in May, Firefox will bring letterboxing into the mainstream version (from the TOR one). Letterboxing is a technique of rounding the actual size of the browser window (height and width) down to a multiple of 200 pixels for width and 100 pixels for height. This means more users will have the same window size value making deanonymizing more complicated. Firefox will add grey bars on a side that needs to be padded if the rendered page isn't a perfect fit. If you are more concerned about looks, you will be able to turn off this additional protection technique using a Firefox flag.

In the Bugzilla tracker, Mozilla wrote "Window dimensions are a big source of fingerprintable entropy on the web" & "Maximized windows reveal available screen width and height, excluding toolbars; and full-screen windows reveal screen width and height. Non-maximized windows can allow a strong correlation between two tabs".

Here is a demo of letterboxing while resizing the browser window. Notice the grey added around the rendered page.

The letterboxing feature won’t be turned on by default. Users wanting this extra layer of protection will have to open about:config and enter “privacy.resistFingerprinting” in the config search box and change the setting to “true”.

Google Chrome's Spectre Mitigation is consuming 10% more RAM

GeneralEdward Kiledjian

Google Chrome has always been a resource hog, but you may have noticed it's been consuming just a little bit more RAM lately (on your desktop).

This new more demanding Chrome is because of the Google's Spectre mitigation efforts.
The Google Chrome security team has enabled site isolation as a default (in Chrome v67 for desktops). Justin Schuh, head of Google Chrome Security, explained that site isolation separates each website process thereby preventing a malicious tab from stealing data from another.

When Site Isolation is enabled, each renderer process contains documents from at most one site. This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using “out-of-process iframes.”

Don't expect to see this update on the Android version anytime soon, the resource consumption requirements are too high (for now).

Chrome is obviously my browser of choice but I have been concerned at the amount of resources it requires and this move (although right from a security perspective) further pushes Chrome in the wrong direction. 

Additional reading: