This Secure Shell server/client Windows program provides secure encrypted communications in between two hosts, the custom installation allows you to choose an exclusive install of an SSH/SFTP server and/or included management tools. SilverShieldD implements a server side technology called SafeUP to protect file uploads when the client doesn’t protect them. Secure SFTP clients like WinSCP upload files with a fake name and renames them in the server after successfully upload, this system stops accidental overwriting of the server file if the connection breaks before the upload is finished,  SilverShielD SafeUp technology does exactly the same thing but on the server side. The software comes with an easy to understand help manual full of screenshots, and a command line version called SilverCLI that can be integrated in third party management tools.

Each SilverShielD user has its own set of public encryption keys to connect to the server, a keyring with multiple keys can be used too, there is a public key management window where to add, generate or remove encryption keys setting parameters like key length and key description, the latter will be kept in logs when a user connects to the server, you can also use PuTTYGen to create your own SSH keys and import them into SilverShielD. Server administrators can apply individual user and folder permissions, ticking a simple checkbox a user ability to upload, download, delete, list files and much more can be managed and decide what kind of authentication mechanism can be accepted, public encryption key based, only password or both, while restricting connections to a single IP or network. An event handler can execute scrips for a specific user, when there are multiple scripts the initiation order can be established by order. File uploading can be set with Z compression on, a  a lossless compression scheme called zlib that works across platforms and saves bandwidth and increases transfer rates during file uploading.

Free Windows SSH/SFTP server SilverShielD

SilverShielD is easy to use with options containing all you need divided into tabs , from choosing what encryption algorithms are allowed, inside the “Expert Settings” tab, up to entering an SMTP server for when a script needs to call SendMail or Postfix. The “Security Settings” tab lets you customize tarpit timeouts to stop port scanning, a very common occurrence carried out by bots trying to find an open port in a server before a malicious hacking attack takes place, tarpit can ban attackers IP addresses if they keep sending unasked server probes.

This is a highly customizable SSH/SFTP server that advanced IT users should like, the free edition can be deployed for non commercial purposes, allowing for up to 3 concurrent connections at a time, businesses need to purchase a license.SilverShielD is fitting for people who are not comfortable with the command line and need an advanced SSH/SFTP server that can be set up at home in a matter of minutes in any old spare computer.

Visit SilverShielD homepage

OnlineVNC is a service that allows you to remotely control a computer using a web browser running on any operating sytem, wherever you are, work, hotels, etc. The service can also be used tor provide online IT support, the only thing needed for it to work is installing the Windows only software on the server side and that Adobe Flash is present on the client side. The application can also grant access to your home computer to friends or work colleages to share huge files with the built-in FTP client or show presentations.

The server control panel allows you to see who is connected and what they are doing in real time, being able to restrict or give viewing, keyboard or mouse access. There is no limit to the number of people who can connect to the computer, communication takes place using the Remote Framebuffer (RFB)  protocol, compatible with offline Virtual Network Computing viewers like TightVNC, RealVNC and UltraVNC, you can log off or lock the remote computer without breaking the connection, the remote desktop picture can be scaled, with a fit to screen mode and the network speed can be changed to slow, reducing the quality of graphics optimizing bandwidth in slow networks.

Remote desktop access OnlineVPN

The connection port number can be configured, this should help getting around firewalls and making your server harder to spot on the Internet by adopting a non usual port, if you notice anyone scanning your computer adding their IP to the Host Filter will blacklist it.

There are trust based downsides to this uncomplicated solution for remote computer access, if you are not using your own computer it would be a security risk accessing OnlineVNC because you have no guarantee against keyloggers in an Internet cafe, but with your own tablet or laptop it is not a problem. Another downside is that the RFB protocol is not very secure and it is possible to crack the password if someone on the network captures the encryption key, but you can tunnel OnlineVNC over a VPN adding an extra security layer with strong encryption, a third downside is that you have to trust the company managing the service to respect your privacy and be responsable, beyond that, OnlineVNC is acceptable for those looking for an effortless way to remotely access computer files.

Visit OnlineVNC homepage

TeamDrive is a cross platform (Windows, Mac, Linux) cloud storage service with uncrackable encryption, using AES256bit and RSA-2048 public/private key, data is encrypted in your computer before it reaches their cloud servers, Teamdrive has no way to access the files, limiting their legal liabilities since you can’t be compelled to decrypt something that you don’t have the key for, the encryption key remains in the user computer at all times.

To set up a Teamdrive account you are only required a valid email address, I liked that they have a portable version that can be carried in a USB thumbdrive or kept inside an encrypted virtual container (e.g. Truecrypt), but you will need to configure the default settings to make sure that there is no data leakage in the host computer, luckily Teamdrive software settings display the file path for data back ups and cache, a quick look will tell you where in the drive it is kept.

Encrypted cloud storage TeamDrive

The program is divided intro three tabs, “Spaces“, where you can create folders, organise your files and set access permissions for other members and with a right click send an invitation via email revealing the URL for the data you would like to share with others, optionally, spaces can be password protected. Another tab called “Members” lets you see who has access to a particular space and a third tab called “Activity” contains a very detailed log of file movements, like uploads and downloads with timestamps. To add files, manually select them or drag and drop inside the window, everything is quickly sync when there are changes, a trash can will save erased files that can be restored if you change your mind.

Inside settings you can configure a proxy if you are using it to access Teamdrive cloud storage space, the paid for version allows you to assign roles to other people, setting up administration rights, like being able to publish and delete files or remove other members from a shared space. There is support for smartphones, you can run the application in  Android or iPhone  The free version has limited storage space and bandwidth, indicated inside the application with a graph bar, enough for light file sharing.

Teamdrive is a decent alternative to SpiderOak and definitely better than Dropbox, where the company can decrypt your data, if you care about privacy drop Dropbox now.

Visit TeamDrive homepage

Facebook Privacy Watcher is a Firefox addon to help you manage Facebook privacy settings using colour codes. Instead of having to pay attention to checkboxes and tiny text in Account Settings> Security hoping that you got everything right, Facebook Privacy Watcher will visualize public posts in green, friends only posts in orange, red posts only visible to you and blue coloured posts only visible to a subset of friends.

You can change any post privacy setting with a couple of clicks, colouring also works in your profile and photo albums. The addon runs in your browser no data is sent to the developer.

Facebook Privacy Watcher

This addon is not yet available in the official Mozilla addons repository but it is partly developed by the Technical Univeristy of Darmstadt which should give some peace of mind about malware.

Other security measures you might want to take to secure your Facebook account are linking it to a mobile device, enabling always on secure HTTPS browsing, choose a strong password and set up login notifications where Facebook warns you when your account is accessed from a device not previously used.

Visit Facebook Privacy Watcher homepage

Cryptonite is an Android app that brings the FUSE based cryptographic filesystem EncFS and TrueCrypt to Android, you can link it to your Dropbox account with a single tap, after that you will be able to read and write on Dropbox EncFS volumes, exporting, viewing or uploading new files. Dropbox claims to keep data already encrypted in their servers but if anyone finds out your password account they will be able to read the files, encrypting them with Cryptonite you are placing a second security layer on top and block Dropbox built-in backdoor to your data.

To access your files offline sync them to a local folder with an app providing online storage synchronization, e.g. FolderSync. EncFS has a front end interface but Truecrypt is only available as a command line version, rooted phones that support the FUSE kernel, e.g. CyanogenMod, can mount an EncFS or Truecrypt volume, there is a Truecrypt work around to avoid having to use a rooted file browser, by typing “truecrypt –fs-options=”uid=1000,gid=1000,umask=0002″ volume.tc /sdcard/tc“. EncFS will use the encryption ciphers found in the system encryption libraries, Cryptonite allows you to select the encryption method, from a “Quick” Blowfish 128bit up to a “Paranoia” AES256bit with filename block encoding, other preferences include saving temporary files on an external SD card, setting up the mount storage point, clearing the cache and the “Chuck Norris mode” for experienced users that do not want to receive any security warning from the app.

Android Truecrypt compatible encryption Cryptonite

You can browse, export and open encrypted EncFS directories and files on your Dropbox and to your phone, when you open a file from a decrypted EncFS volume Cryptonite will produce a temporary copy in “/data/data/csh.cryptonite/app_open/path_to_your_file”, anyone with access to your phone could recover those files, the app includes a text viewer that works in memory and does not save any temporary copy, there are plans to add an image viewer in the future but right now there isn’t one and if you open an image a temporary copy could be made on the phone outside the encrypted container.

Note: App still in development and intended for advanced users.

Visit Cryptonite Android in Google Play

CryptSync is a free open source utility that synchronizes multiple files in between a pair of folders and encrypts the content of one of them with the aim to upload the encrypted data to the cloud keeping the original unencrypted files locally, synchronization works both ways, whenever there is a change in one of the folders it replicates into the other, the utility also encrypts file names as they sometimes reveal details, the files are all separately encrypted and have the extension .cryptsync. You could also store data inside an encrypted Truecrypt container and upload it to the cloud but you will have to update everything manually while CryptSync automates the process, the idea is to use this program to store encrypted data online with minimum effort, and it does a good job at that.

CryptSync encrypted folders

Encryption is implemented with 7-Zip, an open source archiving software that highly compresses files, saving space, if you need to open an individual encrypted file in the cloud you can save it to your hard drive and open it with 7-Zip together with your CryptSync password. Software features are minimal, a “Start with Windows” option, “Run in the background” and “Create a New Pair“, you have to be careful when you erase a folder pair because no confirmation is asked for, but no data will be lost even if you erase the pair by mistake, only the settings are erased, you can use this application from the command line too.

There is no help manual included but the author has a very complete explanation on how CryptSync works on his website. I would not use this tool if you already have an account with a specialist privacy focused cloud company like SpiderOak or Teamdrive since their software already encrypts your data locally before reaching their servers and they have no access to the encryption keys or backdoor. CrypSync will be useful in shady cloud storage services that have minimum security or built-in backdoors, like for example DropBox, where the company employees can access the encrypted servers where your data is stored, you could also use this utility in a network, securely storing backup files inside a NAS (Network Attached Storage) and keeping the original ones inside your fully encrypted computer.

Visit CryptSync homepage

Globaleaks is an open source framework allowing any activist group to set up their own anonymous whistle-blowing platform, using Globaleaks software the whistle blower will be kept anonymous by default. The tool conceives a javascript HTML Globaleaks client that can be provided as a browser addon or invoked through a content delivery network. On the server side tor hidden services give protection against legal liabilities, not only for the sender but also the receiver who will not be able to find out who sent the documents.

You should not confuse this software platform with Wikileaks, Globaleaks does not provide a service, only the necessary software. When you set up a Globaleaks node you don’t become a part of any network, you own the node, with the responsibility of managing submitted leaked information falling on your side.

Globaleaks whistleblowing platform

Activists on the field can use a mobile phone to instantly submit photos, audio and video using GLDroid, a GlobaLeaks submission client for Android integrated with a tor proxy tool called Orbot.For those who can not use tor, Globaleaks allows Internet users to publish information via tor2web, a proxy service that can access hidden .onion sites through a web browser and does not require installing any extra software in the computer. Communication with the server is always encrypted end-to-end, a configurable time delay is introduced to stop a submission events being linked with an instant post on the website, document metadata clean up is optional and it will be up to each node administrator to turn it on.

A nifty feature I liked is the coloured badge that sites running Globaleaks display to the user, pointing out anonymity, encryption and browser security level. A downside to the high security tor layered proxy approach is that the server will manifest high latency issues and it will take several seconds or minutes for the site to respond, during that waiting period Globaleaks will provide information to the user about safe whistleblowing procedures, reassuring the submitter that everything is working.

Visit Globaleaks homepage

VSEncryptor is a free file encryption tool to secure messages and files, it comes with customization options allowing you to choose the cipher, AES128/192/256bit, RC2/RC4 stream encryption algorithm and DES or 3DES. During installation pay attention to avoid an adware toolbar from being introduced in your computer, you will also be asked if you would like to integrate VSEncryptor with Windows shell menu to quickly encrypt single files right clicking on them, this can be changed later on in options.

The software interface is very easy to understand, with just four buttons “Encrypt“, “Decrypt“, “Settings” and “Edit Data“, if you use it often you can manage all of the options with the shortcuts that come predefined in settings, the interface skin can be changed. After encrypting a file it will be recreated with the extension .encrypted but you can change the default extension to anything you want, optionally use the command line to manage VSEncryptor.

Free file encryption VSEncryptor

For high security encryption you should stick to the tried and tested AES256 cipher and set it as default in settings, the RC4 algorithm is normally utilized to encrypt streaming data in SSL and WPA, it can be vulnerable to attack when not used with a strong message authentication code (MAC). I was a little surprised that the developer referred to the RC4 algorithm by its original name, since it is trademarked by RSA Security and the encryption community often refers to it as ARCFOUR or ARC4 to avoid copyright problems. The DES algorithm is crackable using a brute force attack due to its poor 56bit keylength, TripleDES as the name suggests, triples DES keylength and there is no known way to crack it but AES has been much more widely analized by cryptographers and it is a US Department of Defence standard, it should be your first cipher choice.

If you need simple encryption and trust closed source software or have low security needs, VSEncryptor should do the job, just remember that people receiving your encrypted text of files will need to own the same software to decrypt the data.

Visit VSEncryptor homepage

SSH Server is a complete Secure Shell daemon, Secure FTP,  Secure Copy and Telnet server Android app that doesn’t need rooting the device. After installing the app you will be able to enter an SSH server hostname and port, with optional public key encryption authentication instead of password and allowing X11 forwarding, a way to grant graphical information to pass through firewalls, giving you a graphical interface if the Unix server you are connecting to supports it.

Logging is very detailed, in verbose mode it includes filters and email logs, to save space it can be set to only record errors leaving connection logs out, the server is accessible from the Internet and you can whitelist IP addresses blocking everyone else.

Android SSH server app

The free version of SSH Server only allows for one server, it should be enough for most people, to connect to the server just use SSH command line from shell like you would do in Linux, in the form of:

ssh -v -l USERNAME ADDRESS -p PORT

With -v being for verbose -l for login and -p indicating the port, the server address should be the IP, the app supports dynamic DNS setting a permanent custom hostname that you can access, remaining always the same even if your device IP changes, companies like DynDNS can provide this service. There are other Android apps like Dropbear providing SSH capabilities to your phone but it requires root, and there is the connectbot app too but this SSH Server from Icecoldapps is the most complete, it comes with SFTP combined with SSH.

Visit SSH server in Google Play

Encrypted Data Store Lite is an Android app that allows you to save files inside an encrypted container using AES256bit, it can also mount any Truecrypt compatible container from your phone, but to do that you will have to make sure that Truecrypt settings when creating a container are set to Encryption algorithm: AES256, Hash algorithm:SHA-512 and File system:FAT, these are not Truecrypt default settings which are set to Hash algorithm RIPEMD-160, if you use a different algorithms to create a Truecrypt container then EDS Lite will not be able to mount it.

The app comes with a simple built-in image viewer  that can show pictures and thumbnails, files with the extension .edc, EDS own format, and .tc, Truecrypt file extension, can be associated with the app for easy opening, other options allow the app to prevent your phone or tablet from going into sleep mode to make sure that an encrypted container will not be left open unattended by mistake, EDS Lite can write to an external Secure Digital storage card modifying and deleting files stored inside.

Android Encrypted Data Storage Lite

A “send to” link can quickly encrypt photos or videos from the gallery, but remember that anything you leave behind if it has not been securely wiped it could still be recovered, while the encryption can not be cracked, when you view a document stored inside the container there will be temporary traces left in the external reader you used, a compromising file name and perhaps a full copy of the confidential document might have been created outside the container by a third party viewer. A full paid for version of the EDS app allows you to play media files inside the container, not leaving temporary data behind, it comes with a search index to find files inside the encrypted container, it can synchronize data with Dropbox and allows for container security using a hand-drawn pattern in succession with a password.

It is refreshing to see attempts to port Truecrypt compatible encryption to mobile devices, having a standard is very important for long term storage and data transmission, there is nothing more annoying than being forced to download multiple programs to do the same thing and not knowing if it will work in a different platform, I hope other developers come up with similar programs.

Visit EDS Lite in Google Play

One Time Pad encryption, also known as the Vernam or perfect cipher, is the holy grail of encryption security, when used correctly it makes cryptanalysis nearly impossible because it is not possible to compare old messages. As long as the one time pad is perfectly random all the clues on what coding was used for encryption remain in a single message, it is not easy to accomplish because high quality random numbers are difficult to generate.

This type of encryption was widely used by spy agencies during World War  II and the Cold War period, protecting diplomatic and military communications, the advantadge of one time pad encryption is that it can done by hand with pencil and paper, without the need to carry any special device compromising undercover operations. A downside for this type of encryption is that the password is made up of as many characters as the text you encrypt, resulting in extremely long passphrases difficult to disseminate. When all rules are followed this one time encryption method remains secure and unbreakable but in order to solve the key transmission problem one time pads have been replaced by symmetric block ciphers and public key encryption.

I have only managed to find old one time pad encryption tools, most of them developed by a single hobbyist and could be listed as abandonware, you should not assume developer’s claims are truth just because he says so, without truly random numbers one time pad security will be compromised and reusing any part of the pad makes the cipher vulnerable to attack, there is no way to know for sure how secure these programs are but some of them provide the source code for you to look at it.

CT-46 One Time Pad: An encryption tool that converts text into digits using a conversion table and completing the final group with zeros, the software is meant to be used to learn working with one-time pads and as a training resource, it comes with a complete help manual that tells you how to perform one time pad encryption with pencil and paper.

CT-46 One Time Pad encryption

OneTimePadJava: Written entirely in Java, it comes with the source code but no help manual although it appears to be easy to operate, the tool doesn’t need installation and works across platforms.

Pidgin Paranoia: A Linux plug in for the Pidgin messenger, providing secure IM conversations using one time pad encryption, the secret message has the same length as the key and it is only used once.

Solid Encryption($$): A commercial program claiming to be able to perform one time pad encryption, you can try it free for 30 days before being required to buy it. I found the interface to be outdated and not very easy to work with but it comes with a help page.

One Time Pad Solid Encryption

Cryptomni: A program to encrypt files using the one time pad cipher, a key file is created using the random generator SecureRandom, the source code is open, this program has not been updated for many years.

Cryptomni One Time Pad

OneTimePad Net: A one time pad encryption implementation using Visual Basic, an object-oriented computer programming language that needs Microsoft .NET to work, I had to right click and run this program as administrator for it to work, there is no help file but the interface is pretty straight forward.

One Time Pad .NET encryption

Perfenc: A Unix program to perform one time pad encryption, documentation is included with the software typing man perfenc, you can install it from source with the usual build tools like cmake.

Emus encryption tool: It uses polyalphabetic methods from the middle ages, texts are encrypted with random codes and fixed passwords but can also be used as one time pad with extreme long random passwords and codes.

Emus encryption One Time Pad

OpenPuff is a portable steganography tool supporting images, audio, video and Flash Adobe animation carrier files, it can conceal up to 256MB of data splitting files in between multiple carriers. Before hiding data everything is securely encrypted with AES, scrambled, whitened and encoded, this reduces the chances of anything hidden being detected by specialist tools, you must always remember to erase the original carrier files. If a computer forensics expert has access to both files and can compare them he should be able to prove that one of them contains hidden data even if it can not extracted because everything inside the has been encrypted. OpenPuff has sixteen different encryption algorithms you can use, this makes extracting data even more difficult as only the creator will know what cipher has been used, the tool supports well known secure algorithms like AES, Serpent and Twofish and more obscure ones, like Mars, Anubis or Clefia, a high speed block cipher developed by Sony Corporation intended for use in Digital Rights Management.

To stop steganalysis, the detection of hidden data, encrypted files are scrambled with a second layer using a pseudo random number generator (CSPRNG) seeded with a user chosen password with data shuffled using random indexes, a third security layer whitens scrambled data adding a high amount of ramdom noise with hardware entropy and the final fourth security layer encodes whitened data using a non-linear function. Very paranoid types can add a decoy file for deniable steganography, just like Truecrypt hidden container works, in OpenPuff you can reveal a password to an innocuous text and keep the real  hidden message from view with a second password. Another feature is the ability to hide a mark inside a video, audio or photograph, useful for when you privately distribute a confidential file to a selected group of people, if the file is later on found leaked on the internet you can check the mark and track down the leak source.

OpenPuff steganography freeware

The software interface is a little overwhelming for the steganography novice and drag and drop doesn’t work, you have to select everything manually, but security experts should appreciate things like a window with bit selection options showing a huge list of supported carrier files and the ideal data percentage that can be hidden in each different extension to avoid detection, with a third optional password seeding the scrambling CSPRNG, you can use up to three passwords to hide data inside a file, the other end will have to know all of them to decrypt it.

Thanks to the support for a wide range of carrier files (.bmp, .jpg, .png, .mp3, .vob, .mp4, .3gp, .flv, .swf, .pdf, etc) the program makes it easy to embed hidden data anywhere on the Internet, from a blog to a photo sharing site like Flickr, saving you from having to personally contact a source, which could compromise his identity, but if you are hiding data in multiple files to decrypt them the other end will have to order the files in the right sequence. OpenPuff needs a little practise to get everything right but it is one of the most complete steganography tools I have seen and it has some unique features.

Visit OpenPuff homepage

The Global Islamic Media Front, an underground propaganda division for Alqeda and other violent jihadist groups, has released what they call “The First Islamic Program for Encrypted Instant Messaging“, an instant messenger plugin  working alongside another jihadist encryption tool called Asrar al-Mujahideen, already reviewed in my Mojaheeden Secrets review post, consisting of nothing else than a PGP like public/private key encryption tool. This new plugin works with Pidgin an open source instant messenger compatible with all major IM networks like Yahoo Messenger, Google Talk, Jabber, ICQ and others.

The announcement includes a ten minutes video tutorial subtitled in English and hosted in Youtube, not containing any Alqeda branding to stop Youtube taking it down I presume. After watching the tutorial I can attest that the instructions were very accurate, whoever produced it was highly experienced in computer privacy tools and demonstrated how to use tor proxy to download Pidgin with Startpage set as their main search engine, which, unlike Google, does not keep IP records, other sophisticated anonymity technologies included configuring a Socks5 proxy so that not only the chat will be encrypted but the computer IP will be hidden from the other part.

Asrar-Al-Dardashah encryption plugin Alqeda

The tutorial advised jihadists to only download the plugin from a trusted source and  compare the public encryption key ID from the the person they are chatting with the key they have stored in Mojaheeden Secrets 2 to make sure nobody is stealing that person’s identity and replacing the encryption key with their own.

At first glance it might seem impressive that Alqeda supporters have their own high quality branded encryption software, it must work great for propaganda purposes and reaffirmation, however, they are not reinventing the wheel, OpenPGP is open source, it can be checked for backdoors and it has around for a long time, the plugin they are releasing closely resembles the OTR (Off-The-Record) anonymity Pidgin plugin that has been around for years, this is not a new security tool and the only concerning part is that Alqeda supporters are learning how the technology works, but they are also drawing attention to themselves by using a tool that only jihad extremists have access to, the CiA just has to love how Asrar al-Mujahideen is introducing its own “#—Begin Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit—” tag in every single encrypted message it sends. American secret services packet sniffers must be busy tracking down where in cyberspace is people sending messages with those tags.

Global Islamic Media Front encryption tools only work in Windows, until jihadist discover the power of Linux or BSD they won’t do much damage in cyberwar since most companies and government servers normally run Linux, encryption will be also of little help to them if informers can be found inside the group.

Visit Global Islamic Media Front homepage

DeepSound is a steganography tool to hide any kind of data, from text to photos, inside sound files, for extra security everything can be encrypted using AES256-bit and only available with the correct password, the modified audio file will play as normal and nobody should notice it contains hidden data inside. The program interface is very simple, it comes with a file browser to manually peruse the directory where a suitable carrier sound file can be found, when password protecting the data you will not be asked to confirm the black dot covered password twice, if you make a typo you will not notice it until it is too late, it will be best if you test the file after creating it to make sure everything works as expected.

Encoding or extracting data can be quickly executed using shortcuts, the program settings allow you to graduate output quality ratio from low to high. If you are going to create an audio CD with hidden data the developer advises to disable volume normalization in the CD burning software to prevent data corruption that would stop hidden files recovery, a one page help manual with screenshots is included, you are not likely to have to read it.

DeepSound hides data inside audio files

This tool can only hide data inside Waveform Audio File Format .wav and Free Lossless Audio Codec .flac sound files, these are not very common files, .wav is normally uncompressed, perfect to hide files inside, but the files are very large and not usually used for music, only small sounds.

FLAC is a royalty free open source alternative to proprietary .mp3, .flac files are compressed and suitable for music albums, supporting metadata and album covert art, if you are going to hide data it will probably look less suspicious inside a .flac than the inadequate .wav file format, and it will be easier to distribute a .flac file given its smaller size. This application could also be used to watermark copyrighted music and track down the source if it is later found leaked in file sharing networks, but converting the file audio format to something else would get rid of the hidden watermark.

Visit DeepSound homepage

Ipredia OS is a Fedora based Linux operating system for anonymous web browsing, email, chat and file sharing, unlike similar projects like Tails and Liberte Linux based on tor, Ipredia anonymity takes root around the I2P anonymous network, with websites and services only accessible through an i2p proxy tunnel. The distribution can be downloaded with the Gnome or LXDE desktop, I tested the LXDE version because it is best for a live CD since it is lightweight and it should load quicker, there is the option to install Ipredia OS in your hard drive and some people might prefer the Gnome desktop for that.

The operating system includes all of the basic applications an average computer user needs. In the LXDE menu you can find a text editor, Abiword, a PDF viewer, image viewer, Gnumeric, the Osmo calendar, the Robert bit torrent client configured to anonymously share files through the i2p network, Sylpheed email client, a packet sniffer called Wireshark, eekboard virtual keyboard and SE Linux Alert browser, a Linux security enhanced version enforcing file permissions. The desktop contains shortcuts to XChat to anonymously connect to IRC channels through i2p, I could see a few dozen users in the most popular channels, with names like “anonops“, “bitcoin” and “tahoe-lafs“, related to privacy and i2p development, Firefox proxy settings come already preconfigured to use the i2P network.

Anonymous operating system Ipredia OS

To debate about privacy you could find useful the i2p forums at the internal URL forum.i2p where highly technical computer privacy discussions take place and new .i2p sites can be announced, Ipredia has its own .i2p site (ipredia.i2p), other useful addresses are planet.i2p and echelon.i2p with software addons, but the best way to find new eepsites is using the uncensored eepsites.i2p search engine. In the desktop you will also find a direct shortcut to the I2P Router Console, it will be overwhelming seeing so many configuration options in a single place, it’s best to leave the defaults on and not to touch anything unless you know what you are doing.

The I2P software comes with a volunteer run anonymous email service called Susimail, accessible through webmail on the i2p network or with POP3 and SMTP, you can get a free username@mail.i2p address for internal communications or a username@i2pmail.org to communicate with the external world outside the I2P network. Susimail administrator makes it clear that abusers using the email account for illegal activities, such as selling illegal substances or spamming, will be immediately terminated. I also found a The Pirate Bay site on the URL tpb.i2p where you can share files without worrying about abusive copyright take down notices, you can add new sites to your personal address book in the I2P Router Console using Susidns to regularly update host.txt from distributed sources. To publish information on I2P network there is support for Syndie, a Java run application to distribute content in multiple forums, accessible with tor and the unencrypted web.

After booting the operating system and the first time you start I2P it will take a few minutes to integrate your I2P router into the network to find additional peers, you will not be able to surf the Internet during that time, you will have to be patient, it took me in between 5 or 10 minutes to be able access the first I2P website, after that, browsing was reasonably quick.

Anonymous live CD Ipredia OS

Another thing that makes Ipredia operating system different from Tails is that it allows for torrents and I2P sites access, these two distributions are not competing against each other, their security and service model is different, both anonymous operating systems are complementary.

In comparison with tor, the I2P network appears to be equitable allocating bandwidth, while tor relies on volunteers to run servers bouncing traffic around, I2P tunnels encrypted traffic P2P style in between all network users with multiple jumps to make traceability difficult, I2P user IPs are not used for exit nodes to the Internet, only a few people installing separate applications relay I2P traffic to the regular Internet. Another main difference with tor is that while tor uses the onion routing layer model to guarantee anonymity, I2P uses what they call the garlic routing, encrypting multiple messages together to stop traffic analysis.

Visit Ipredia OS homepage

The Onion Browser is an iPhone only browser for anonymous Internet browsing using your smartphone relying on  the untraceable tor proxy network to hide your real IP from websites you visit. The tor network can be slow at times due to the number of nodes relaying traffic and overall network load, for browsing without file downloads or video streaming speed should be sufficient, the Onion Browser also gets around firewalls if you are using a public Wifi access point that filters traffic and blocks websites and since communications in tor are encrypted with SSL any packet sniffers deployed by the Wifi network administrator will not be able to see what websites you visit, only that you are connected to tor.

The app options include “Enable UA Spoofing” to fake the HTTP User Agent header sent to the websites you visit, it can be changed to iOS Safari to improve mobile website compatibility, or to a Windows 7 and Firefox string so that it will look like you are browsing using a desktop computer, “Cookies” can be set to Allow All / Block Third Party / Block All, a “New Identity” button will clears all cookies, history and cache requesting a new IP with a single tap, there is a way to set up bridges, unpublished tor proxy relays for those living in countries like China where tor is blocked by the ISP, setting up a bridge on this app takes some work, best if you can avoid having to apply them.

iPhone Onion Broswer tor proxy

I found the app lacked bookmarking but the startup page contains a list of well-known .onion sites that will take you where you want to go. For anyone concerned about built-in backdoors the Onion Browser source code can be downloaded from the open source platform GitHub along with technical details, the app will work in the iPad too.

Note: The iPhone Onion Browser costs $1.

Visit iPhone Onion browser in iTunes

Bitmessage is an open source P2P program utilizing a Bitcoin like protocol that instead of sending money sends anonymous encrypted messages to one or multiple people at once, the application has a portable mode that does not need installation, it uses 2048-bit RSA encryption keys stored inside a keys.dat file which can be opened with any text editor and OpenSSL for cryptographic functions. Bitmessage cryptic addresses closely resemble a Bitcoin address, the best part is that both keys are compatible, Bitmessage uses the other part public key to print their Bitcoin address in the console which can be used to send them money.

Bitmessage sends data over its own P2P network, the nodes store messages for two days before erasing them, new nodes joining the network will download and broadcast the pool messages from the last two days. To stop spam the sender is required to spend computational processing power for each message he sends, modelled like the Hashash antispam scheme and the Bitcoin mining system, the protocol has been designed to be scalable as needed. I sent a small text message to a friend and it only took a few seconds of wait for it to be processed,  a “Doing work necessary to send message” warning will be displayed while you wait and your computer CPU works, I also subscribed to an open Bitmessage mailing list using the subscription tab by simply adding the address “BM-BbkPSZbzPwpVcYZpU4yHwf9ZPEapN5Zx”

Bitmessage anonymous encrypted messages

Other tabs in the program allow you to blacklist and whitelist addresses, add contacts to your address book broadcasting to everyone listed there or selecting just one contact, the tabbed system makes Bitmessage usage spontaneously easy, you can also change the default listening port “8444″ and network settings entering a Socks proxy, only the key management was very primitive, it opened up Bitmessage keys using Notepad.

You can create as many Bitmessage addresses as you like, creating and abandoning them is encouraged, there is an “Identity” tab from where to manage your addresses, they can be labelled. Addresses can be generated using random numbers or a passphrase, called “deterministic address“, you can recreate this address on any computer from memory without having to back up your keys.dat file as long as you remember your passphrase but you will need to know the passphrase to recreate the keys if you lose them, you will also need to remember the address version and stream number, choosing a weak passphrase could result in a brute force attack and your identity stolen, deterministic addresses can be made one or two characters shorter spending a few extra minutes of computational processing power, these addresses are optional, I believe the random cryptic addresses to be more secure for those paranoid.

Bitmessage encrypted mailing list

Bitmesssages are first encrypted and then sent to a common message pool shared by all users to hide sender and receiver, only those listed in the receiving address will be able to decrypt and read them, the program has been designed to only send text without any attachments, I did not test it but theoretically it should be possible to send a jpeg photograph. After erasing a message there is no trash can to retrieve it but it will still be present in your hard drive to manually view it with a bit of work.

I used Bitmessage with a VPN and I did not experience any problem besides a coloured network status code that turned yellow  indicating that my firewall or router couldn’t forward TCP connections, this is not a big problem, it only meant that my node was not relying messages to other nodes for other people but I could still receive and send them, as long as someone in the network has the green network status messages can be passed on in between peers.

Note: The sofware is currently a beta release in testing.

Visit Bitmessage homepage

Fotoforensics is a website for advance photo analysis, you can check whether a photo has been modified or not and see embedded metadata that could contain private details, the photos can be uploaded from your PC or directly linked from a URL, there is an optional Firefox browser plugin to make image forensic analysis easier, any image that can be displayed on your browser can be analysed, the plugin gets around sites like Facebook requiring login to view a photograph.

The service supports .jpeg and .png image formats, the most common image file extensions found on the Internet, the metadata analysis can find out if a graphics editor has been used to modify the image, ACD See for example will embed the program name on the photos it saves, metadata also shows how many times the image has been edited, identity attributes and how the image was managed.

Image computer forensics Fotoforensics

To determine if a photograph has been forged Fotoforensics will use Error Level Analysis to see the image modification percentage, the image will be saved at different compression levels and then compared with a computational algorithm to see the amount of change, this is not an 100% accurate method to detect fake photos, it is possible to defeat image computer forensics algorithms looking at high frequency decomposition by reducing colour, brightness or contrast but there are other photo attributes that can be analysed.

The website has a very detailed tutorial and FAQ explaining what results you can expect and how to interpret them, you should read it to understand what you are seeing, this is not a tool that will tell you a “Yes” or “No” answer, it is up to you to interpret the results which could turn up to be inconclusive.

You could use this tool to check that your EXIF image cleaner is working properly but do not upload anything private because the results are saved in a public URL on the server, uploading pornography is not allowed,  to check if an X-rated celebrity photo is real or not you will need to find another place or they will ban your computer IP.

Visit Fotoforensics homepage

Hide it Pro is a free app for Android and iPhone to hide pictures, videos, audio files and others. The app is disguised as a functional audio manager, anyone playing with your phone will not realise you have a privacy app installed, the icon looks like a music sound logo, tapping it will launch a menu to adjust the phone ring tone volume.

When you run the app for the first time you will be asked to enter a numeric pin code or password to lock your screen, an email address can be linked to your account to reset your password if you forget it, it is not compulsory you do that. Using Hide it Pro interface you can select the files you would like to hide vanishing them from gallery view, encrypting the data with AES256-bit and password protecting everything, you can email files from inside the app or view a custom photo slideshow without having to move the photos outside the encrypted folder.

Hide it Pro hides Android&iPhone photos

Hide it Pro can set up a second escape password, leading the user to a different encrypted container that you can show to people if anyone discovers that you own encrypted data and are forced to reveal the password under threats, the escape password works like Truecrypt hidden container feature but I don’t know how safe this is from a thorough investigation, you just have to trust the developer did everything right.

If you share your mobile phone with family members or work colleagues Hide it Pro will prevent them from discovering private images stored in your mobile phone, the app is self-explanatory, it can also be used to hide and lock other apps.

Android Hide it Pro in Google Play

iPhone Hide it Pro in iTunes

Xiaopan OS is a small Tiny Core Linux based operating system specific for wireless penetration testing, it comes with the XFE desktop environment, a very lightweight graphical front end, the distribution can run as a live CD, from a USB thumbdrive with Unetbootin or used inside a virtual machine. Numerous wireless card controllers are supported, including Atheros and Broadcom, the most widely used chipsets. As a result of the distribution being based on Tiny Core Linux all of the .tcz precompiled packages available for Tiny Core can be installed in Xiopan using the TCL Appbrowser, non hacking utilities like games, media player, CD burner, VoIP software and Truecrypt can all be optionally added to Xiopan OS.

To crack WPA/WPA2 encryption keys a tool called Reaver-wps is used , the software attacks a router Wifi Protected Setup registrar PINs, this feature comes in many routers for easy set up and it has a hard coded Personal Identification Number tied to the device, by exploiting this Reaver can find out the WPA/WPA2 password, dictionary lists in multiple languages can be downloaded from Xiopan forums.

Wifi hacking Linux distribution Xiaopan

After first scanning for the target wireless access point and gathering information like SSID, encryption mode and channel you can launch Reaver brute force attack, the screen will show you real time cracking in progress, it can take up to ten hours to find out the wireless password, or much less depending on how complex encryption and password are, factors for hacking success will involve if your wireless network card supports injection and distance to the attacked Wifi access point, some routers are more vulnerable to injection than others. You can protect your network against brute force attacks with Mac filtering, however the distribution includes other hacking tools like Inflator, Mindiwep, Aircrack-ng and Feeding Bottle,  Mac spoofing is possible.

This Linux live CD is first class penetration testing tool to audit wireless access points security and replaces Beini, a very similar distribution no longer active. Xiaopan is easy to use for beginners thanks to its graphical interface, much lighter than Backtrack, the main problem you can come across with this distribution is that your wireless network card might not be recognised, if that happens it can help troubleshooting looking at what drivers are being loaded inside the tce and cde folders and knowing your network card chipset.

Xiaopan Linux WPA2 hacking

If you want to protect against Reaver attacks you should disable Wifi Protected Setup in your router, unfortunately many of them do not allow you to do this manually, the other option is to use an open source router firmware like DD-WRT, it does not support WPS and Reaver can do nothing against it.

Visit Xiaopan OS homepage