Search

WEB&MOB SECURITY

Please note that these are not my words, and I am using the collected information to provide education to those who are uninformed. I do not own or claim to have written this information.





What is Tor?



Tor is an acronym of The Onion Router, a data encryption method that was created by the US Navy. It is a layered encryption, meaning that the data has been re-encrypted multiple times for each instance the data passes through randomly chosen nodes.

This network provides software that allows you to anonymously access the internet. Unlike a VPN, Tor routes your signal through various nodes which can only see the IP addresses in front of and behind the node, so no one can see the entire path from the website you are connecting to your device, protecting your privacy.

Tor is regarded as a very safe and secure means of access the internet while remaining anonymous. It has been endorsed by various civil liberty groups, as many journalists and human rights workers can do their work online without being blocked, especially as much of their work requires access to banned sites. Unfortunately this does also allow criminals to act with anonymity. But for the most part, Tor allows access to those looking to simply sidestep bans in their region.

How Tor works

As mentioned above, when using Tor, data is passed between various randomly chosen nodes that encrypt the data with each pass. The nodes know where the signal has come from and where it is going, but it can’t see the entire route the data is taking.

The relay circuits are reset every 10 minutes in a random manner so your actions can’t be linked together. Every node has a volunteer that runs it, so the more volunteers a network has, the more secure and efficient the system is.



What is a VPN?

A Virtual Private Network, or VPN, is a private, simulated local area network (LAN) that extends across the internet so you can anonymously visit any site, regardless of your geolocation or blocks. The information that leaves your computer gets encrypted so your browsing data is kept anonymous and secure.

VPNs offer huge advantages as it limits the chance that your online activity will be traced, your sensitive information is protected from hackers, and other threats to your security. There are corporate and consumer VPNs available, but we are dealing with readily available consumer VPNs.

How a VPN works

A VPN connects you to a remote server that encrypts the connection to your computer. Basically, it acts in lieu of your device when you are online. It is more secure than Tor as the encryption is very secure, often AES 256-bit, and your browsing history is not logged or stored when using good VPNs. As you can use IP addresses from anywhere in the world through the VPN server, you can access content that has been geo-blocked, and it can also mask your location.

Tor vs. VPN

It is plain to see that Tor and VPNs have the same primary purpose to protect your anonymity when you are on the internet and to sidestep firewalls. Tor can also be used to evade geolocation restrictions by reconnecting until the exit node is located in an unblocked country.

For the ultimate in privacy you can use them together with a VPN that allows for a Tor over VPN connection. This way you’ll enjoy the benefits of each program.

But, what you will also notice is that the technology is quite different and the way you use them is also dissimilar. Each has advantages and disadvantages to be considered.

Advantages of Tor

  • You can access region restricted content and websites

  • Your external IPs can’t be traced

  • As the network is distributed, it is near impossible to shut it down

  • It is free to use the network and software

  • Your IP address is kept anonymous

Disadvantages of Tor

  • As your data is bouncing between nodes, using Tor can be very slow

  • Tor is an inefficient method for location spoofing

  • Anyone can become a volunteer and can spy on your activity

  • The Tor network can only be accessed from browsers or apps that have Tor access installed

  • As Tor nodes are free and privately run by volunteers, there is no maintenance or accountability

  • Frequently using Tor can identify you as someone to be watched

Advantages of a VPN

  • Very fast, with very little lag on your bandwidth

  • Spoofing your location is very simple

  • Great for P2P file sharing

  • Free, safe VPNs can be found (although are not recommended)

  • Paid VPNs ensure that the network is maintained, providing you with great security, functionality, and availability

  • VPNs protect every internet connection you have on your device

  • The kill switch on a VPN protects you from data leaks

Disadvantages of a VPN

  • VPN providers can see your online activity

  • Not free (at least not the good ones)

  • Some VPN providers store your logs



HTTP is an client-server protocol that allows clients to request web pages from web servers. It is an application level protocol widely used on the Internet. Clients are usually web browsers. When a user wants to access a web page, a browser sends an HTTP Request message to the web server. The server responds with the requested web page. By default, web servers use the TCP port 80.

Clients and web servers use request-response method to communicate with each other, with clients sending the HTTP Requests and servers responding with the HTTP Responses. Clients usually send their requests using GET or POST methods, for example GET /homepage.html. Web servers responds with a status message (200 if the request was successful) and sends the requested resource.

An example will clarify this process:


The client wants to access http://google.com and points his browser to the URLhttp://google.com (this is an example of an HTTP Request message). The web server hosting http://google.com receives the request and responds with the content of the web page (the HTTP response message).

NOTE

The version of HTTP most commonly used today is HTTP/1.1. A newer version, HTTP/2, is available and supported by most browser.

HTTPS (Hypertext Transfer Protocol Secure)

Hypertext Transfer Protocol Secure is a secure version of HTTP. This protocol enables secure communication between a client (e.g. web browser) and a server (e.g. web server) by using encryption. HTTPS uses Transport Layer Security (TLS) protocol or its predecessor Secure Sockets Layer (SSL) for encryption.

HTTPS is commonly used to create a secure channel over some insecure network, e.g. Internet. A lot of traffic on the Internet is unencryped and susceptible to sniffing attacks. HTTPS encrypts sensitive information, which makes a connection secure.

HTTPS URLs begin with https instead of http. In Internet Explorer, you can immediately recognize that a web site is using HTTPS because a lock appears to the right of the address bar:





Signal looks and works a lot like other basic messaging apps, so it's easy to get started. It's especially convenient if you have friends and family overseas because, like iMessage and WhatsApp, Signal lets you sidestep expensive international SMS fees. It also supports voice and video calls, so you can cut out Skype and FaceTime. Sure, you don't get fancy stickers or games like some of the competition, but you can still send pictures, videos, and documents. It's available on iOS, Android, and desktop.

But plenty of apps have all that stuff. The thing that actually makes Signal superior is that it's easy to ensure that the contents of every chat remain private and unable to be read by anyone else. As long as both parties are using the app to message each other, every single message sent with Signal is encrypted. Also, the encryption Signal uses is available under an open-source license, so experts have had the chance to test and poke the app to make sure it stays as secure as what's intended.

If you're super concerned about messages being read by the wrong eyes, Signal lets you force individual conversations to delete themselves after a designated amount of time. Signal's security doesn't stop at texts. All of your calls are encrypted, so nobody can listen in. Even if you have nothing to hide, it's nice to know that your private life is kept, you know, private

This happened As a result of not using secure messaging:


https://decrypt.co/34381/mass-arrests-follow-police-penetration-of-encrypted-messaging-app

EMAIL

Email security describes various techniques for keeping sensitive information in email communication and accounts secure against unauthorized access, loss, or compromise. Email is a popular medium for the spread of malware, spam, and phishing attacks, using deceptive messages to entice recipients to divulge sensitive information, open attachments or click on hyperlinks that install malware on the victim’s device. Email is also a common entry vector for attackers looking to gain a foothold in an enterprise network and breach valuable company data.

Email security is necessary for both individual and business email accounts, and there are multiple measures organizations should take to enhance email security.


End-to-End Encryption

Messages are encrypted at all times

Messages are stored on ProtonMail servers in encrypted format. They are also transmitted in encrypted format between our servers and user devices. Messages between ProtonMail users are also transmitted in encrypted form within our secure server network. Because data is encrypted at all steps, the risk of message interception is largely eliminated.

Zero Access to User Data

Your encrypted data is not accessible to us

ProtonMail's zero access architecture means that your data is encrypted in a way that makes it inaccessible to us. Data is encrypted on the client side using an encryption key that we do not have access to. This means we don't have the technical ability to decrypt your messages, and as a result, we are unable to hand your data over to third parties. With ProtonMail, privacy isn't just a promise, it is mathematically ensured. For this reason, we are also unable to do data recovery. If you forget your password, we cannot recover your data.


End-to-end encryption means that no one but the intended recipient can read the message

Open Source Cryptography

Time-tested and trusted encryption algorithms

We use only secure implementations of AES, RSA, along with OpenPGP. Furthermore, all of the cryptographic libraries we use are open source. By using open source libraries, we can guarantee that the encryption algorithms we are using do not have clandestinely built in back doors. ProtonMail's open source software has been thoroughly vetted by security experts from around the world to ensure the highest levels of protection.

The Deep Web vs. The Dark Web: Do You Know The Difference?

Have you ever wandered the recesses of the deep web and dark web? Or have you simply wondered what these expressions mean? These two terms are just as mysterious as they sound, but they’re not synonyms, despite how similar they may seem at first glance.

There’s a lot of confusion out there about how to distinguish between these two terms, which both define hidden aspects of the Internet. So much so, that tech-savvy publications generally use a disclaimer when discussing the dark web, reminding their readers that it is not to be confused with the deep web, which is related, but not at all the same thing.

So if they’re not synonyms, what exactly are the dark web and the deep web, and why are technology reporters so wary when using either term?

What is the deep web?

Both deep web and dark web were coined recently, first appearing around 2000–05.

Dictionary.com defines deep web as “the portion of the Internet that is hidden from conventional search engines, as by encryption; the aggregate of unindexed websites.”

Deep is an old word, first recorded before the year 900. It comes from the Old English adjective dēop and is related to dip. It has various definitions, including “mysterious, obscure” and “reaching or advancing far down.” (Fun fact: the less-mysterious, searchable Internet is also known as the surface web.)

What is the dark web?

The dark web, on the other hand, is defined as “the portion of the Internet that is intentionally hidden from search engines, uses masked IP addresses, and is accessible only with a special web browser: part of the deep web.”

Dark (which can mean “hidden; secret”) is first found before the year 1000 and comes from the Middle English word derk.

When it comes to both of these terms, the word web is short for World Wide Web, a term that was first found in 1990–95.

The key takeaway here is that the dark web is part of the deep web.

What do these two terms have in common?

What the dark web and the deep web have in common is that they are both hidden from commercial search engines. You cannot access either from Google or Bing. The deep web is a general, catch-all term that includes not only the dark web, but also includes a lot of “mundanecontent,” according to Andy Greenberg at Wired. That would include “registration-required web forums and dynamically-created pages” (like Gmail).

When people discuss the seedy underbelly of the Internet where you can buy stolen data, drugs, weapons, child pornography, murders-for-hire—basically any illicit item or service you could dream up—that’s the dark web.

Greenberg notes that while the deep web is vast and accounts for 90-something percent of the Internet, the dark web likely only accounts for about .01 percent. The dark web, sometimes referred to as Darknet, is accessed by Tor (The Onion Router) or I2P (Invisible Internet Project), which use masked IP addresses to maintain anonymity for users and site owners. This way, people who use the dark web for illegal purposes can’t be traced, and it’s difficult to tell who hosts a particular site.

Who uses the dark web?

The dark web isn’t all illicit deals and seedy undertakings; it’s used for an array of purposes.

Journalists use the dark web to help protect the anonymity of their sources, and others use the dark web simply because they believe strongly in their right to privacy. The US Department of Defense developed Tor, which is now run as a nonprofit by volunteers. It is funded by the likes of the US government and the National Science Foundation.

“Government support for Tor has continued in recent years as part of the State Department’s internet freedom agenda,” explains Timothy B. Lee on Vox, “which seeks to help people in repressive regimes gain access to information censored by their governments.” For instance, Facebook launched a version of its site on the dark web to “make it easier to access the site from countries that restrict the service, such as China and Iran.”

Unfortunately, the dark web received a lot of media attention around 2014–15 when the founder of online black market Silk Road was convicted of various crimes, including several attempted murders-for-hire. Silk Road ran its operations on the dark web. Lately, hackers have been in the news due to attempts to sell stolen data on the dark web.

Learn to hack:

hackthissite.org

tryhackme.com

hackerone.com


74 views
 

©2020 by The Voice.