Re: IP / Proxy / Anonymous Browsing Question...

From: Unregistered (Guest.uk0o3_at_time.usenet.com)
Date: 09/30/03


Date: Tue, 30 Sep 2003 02:06:19 +0400


It is up to the individual if they want to hide their tracks on the net
- it is not our place to judge people.
outlaw freedom and pretty soon only the outlaws will have freedom.

darkstar

Surf Safe Basics

1. Introduction
2. Browser Security
3. Browser Check
4. NetBios
5. Cookies
6. WebBugs
7. Good Housekeeping
8. Firewalls
10. Resources

1. Introduction:
Safe Surfing consists in minimizing your profile and identity trail as
you surf on the internet. Every site
you visit will record your machines unique internet protocol number or
ip address. Cookies can act as
remote identifiers, and the values can be returned from within html web
pages using email or post
commands. Any of the web pages that you download may contain either
Active-x or Java applets both
of which can be programed to access the Windows System or your
registry. Embedded Gifs or
Web-Bugs can record your presence and 'phone home' style components can
talk to some database.

As well as providing servers with another way to get Referer and other
information. Disabling Java also
stops many pop-up ads and interstitials. All the scripting languages
like Javascript, Visual Basic
Script (VBS) etc can execute system calls from inside the web page,
query your registry and post
back to the server sensitive data. In the case of a hacker, invisible
frames can be loaded containing
scripting to execute DOS commands such as "del C:\*.*"; "del
Windows\*.*" ie wipe your hard disk
away!

Other means of gaining referer information are for the server to ask
you to connect either on shttp or
https which is SSL, both are secure protocols that can override
ordinary proxies and nullify them. Thus
allowing the server to read your true ip address and in some cases this
is their purpose not secure
messaging!

Coming up in the rear is SOAP (Simple Object Access Protocol). This is
a lightweight, XML-based
protocol for exchanging information in a decentralized, and distributed
environment. This is a
messaging protocol, unlike Active-x, which uses remote procedure calls
(RPC). It does not require
synchronous execution or request/resonse interaction, and SOAP messages
can have multiple parts
addressed to different parties. Furthermore SOAP is progmatically
extensible. In laymans speak this
protocol allows web page to speak to web page, remotely and on a queued
basis ie allowing for time
lapses. SOAP boasts A Proxy and Wire Transfer Service. This protocol
has been submitted to W3C
for consideration, and is along with XML the basis for Microsofts
latest web gambit .NET. SOAP is
extremely unsafe since it has access to the dns and the underlying
windows system. It can totally
bypass any firewall since messaging is web page to web page. COM
controls can be written to phone
home via SOAP just as in HTTP.

Last but not least is NetBios and File and Print Sharing which is auto
enabled on installation on some
old operating systems, leaving your hard disk open for the world. So
disabling all these options within
your browser and in conjuction with using a proxy, preferably one from
country outwith your own, you
can leverage some form of control over information leakage whilst you
surf. Being aware of how and
where ip leakage can occur allows you to Surf Safe!

2. Browser Security
To cover your tracks and prevent others from finding out your ip
address you have to use a proxy and
disable certain browser functions, proxies are covered in more detail
in Proxy Basics. These functions
are as follows:

Internet Explorer: Tools Menu ... Select Internet Options... Security
tab... Custom Level

Disable all Active-x Options
Disable all Cookie Options
Disable Java
Disable all Scripting Options
Logon Option: Check the "Prompt for user name and password" radio
button

For netscape users, to turn off java ans also ...
Edit -> Preferences -> advanced -> uncheck "enable java" and "enable
javascript" and check
"disable
cookies"

To use software based proxy:
Edit -> Preferences -> advanced+ -> proxies -> check "manual
configuration" -> view -> fill
in the
needed fields.

To enable a proxy server in IE, go to Tools > Internet Options >
Connections. If you use a dialup
connection, click the "Settings" button next to the dialup properties
box. If you have a broadband
connection, click the "LAN Settings" button instead. Check the "Use a
proxy" option, then enter
the
proxy's hostname and port number in the fields.

To enable a proxy server in Netscape, go to Edit > Preferences >
Advanced > Proxies. Choose
"Manual Proxy Configuration," then click the View button and enter the
proxy's hostname and port
number in the WWW field.

To confirm that the proxy is functioning correctly, go to the
IP-address page. You should see the
proxy's IP address instead of your own. Alternatively select one of the
url's from the Proxy Checking
Sites list in the Resources section below and check that the ip-address
you see on the page is the
same as your proxy!

Some browsers have an auto email facility find and disable this.

What does a browser record?
There are three things a browser records when you visit a web page.
Each one is stored in a different
manner, in different places. It depends on which browser and which
version you use, and even on what
Operating System platform you are running it.

The three thing a browser records are:

I The page itself in your cache
II The URL of the page in your history
III The URL's you typed in at the URL box (drop down list)

So the folowing tasks have to be undertaken.

Clearing the cache:
Clearing the History:
Clearing the URL history:

Its optional on all the main browsers ie Netscape, Internet Explorer,
Opera etc whether you choose to
do this by hand and the precise syntax and commands vary by Browser
version and Operating
System version, but the principal is constant ie find where they are
logged and delete the references!
Under Windows this is normally inside the Registry. So in Netscape
under windows 95: The URL
history is stored in the windows registry.

Example: Clearing the URL history -
Close Netscape if it is still running. Start the registry editor by
running REGEDIT.EXE. Go to
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\URL History\
(doing a search for
"URL History" will get you there immediately.) Delete the entries URL_1
through URL_10, but NOT the
Default entry. Close the registry editor.

This is repeated for the other tasks. A simpler method is to use a
program such as Window Washer or
Evidence Eliminator both will automatically clean the required areas.

Now these items ie cache, url, and url history have been deleted but
microsoft in their wisdom chose
to record the url and occassionally the url history elsewhere in areas
such as the swap file, user.dat
and system.dat and if you use microsoft office or similar softwares the
document history list may
record your url history as well. Windows Washer should be able to deal
with this. To deal with the
swap file read the Swap File Basics. Remember under some versions of
Windows such as Windows
NT and Windows 2000 each user has a unique profile and history so if
you use different accounts.
Check them all.

3. Browser Check:
Every time you DialUp or connect to surf you should firstly connect
with a proxy checking site that will
tell you what your current browser ip is and other relevant environment
variables, such as javascript
etc. It is a good idea to paste the url of the proxy checker into the
"Address" edit box situated under
the General tab of the Internet Options Properties box. This will alert
you to surfing on an unsafe ip.

4. NetBios:
NetBIOS (or Network Basic Input Output System) is a program, that is
used by Microsoft Networking.
One use of NetBIOS is to allow the sharing of files and printers
between computers on a Local Area
Network (LAN). However, if you are connected to the Internet and using
file and print sharing through
NetBIOS, you may be exposed to unnecessary security risks. Most systems
do not need NetBIOS to
connect to the Internet. However, some older cable modem systems mght
need some components of
NetBIOS. Out of the box NetBios is configured to enable about 9
separate components of your PC.
These are :

1. Client for Microsoft Networks, the networking application
2. File and Printer Sharing for Microsoft Networks
3. Microsoft Family Logon
4. TCP/IP
5. NetBEUI (NetBIOS Enhanced User Interface)
6. IPX/SPX
7. Dial-up adapter
8. Cable modem/DSL interface
9. Local area network (LAN) interface (if applicable)

The insecure components in the pre-configured NetBIOS are: Microsoft
Networks application and file
and printer sharing. Since all nine NetBIOS components--including
TCP/IP--are interconnected, your
data is vulnerable when you're online. Each time you're connected to
the Internet with the
pre-configured NetBIOS, hackers can easily access your passwords,
upload malicious code to your
computer and more. Your computer is exposed to any, and all, kinds of
security threats.

The solution is to re-configure your NetBIOS. TCP/IP will only be
connected to the dial-up adapter. The
NetBEUI transport will also be connected to the dial-up adapter and,
therefore, TCP/IP. Since NetBEUI
provides safe local file and network sharing, your files will not be
exposed in this configuration. The
Microsoft Network application, file and print sharing and Microsoft
Family Logon will all be connected
to NetBEUI. The IPX/SPX protocol should be removed from the networking
component list!

Disabling File And Printer Sharing for Your Dial-Up Adapter (Win
95/98)

1) Click Start, point to Settings, click Control Panel, and then
double-click Network.

2) Click TCP/IP->Dial-up Adapter, click Properties, and then click the
Bindings tab.

3) Click to clear the File and Printer Sharing check box, click OK, and
then click OK.

4) Restart your computer.

NOTE:
This disables the File And Printer Sharing component only for the
Dial-Up Networking adapter. Local
network file sharing or printer sharing is not affected. Windows NT
users should disable TCP/IP
Binding from NetBIOS.

Turning Off File and Print Sharing Completely
1) Click on Start then to Control Panels. Double click on the icon
Network.

2) Click on the button File and Print Sharing.

3) To disable File and Print Sharing, uncheck both boxes. To enable
File and Print Sharing, check
both boxes.

4) Click OK and then OK again. File and Print Sharing is now disabled.

5. Cookies
Recording which IP address accessed a site is a start, but it's not
enough for many places on the net.
They want to know more - such as whether you've visited before. This is
done using what are called
cookies. There are many myths about cookies, which are best dispelled
by looking at a site such as
www.cookiecentral.com. A cookie is simply a piece of information that a
website asks your browser to
store on your PC. The same site can then request the cookie next time
you visit. This allows it, for
instance, to automatically fill in your login name on the AvantGo
pages, or supply the weather reports
you asked for on the msn.com home page. What a cookie can't do is trawl
your hard drive for your
credit card number, neither can it tell a website anything it didn't
already know about you. If you tell a
site your name is Tipper instead of Albert, then that's what will be in
the cookie that's stored on your
computer. So why do so many people get worked up about cookies? Because
a few companies, most
notably DoubleClick, have found a way round the fact that a server can
only request cookies for its
own site. DoubleClick is an agency that supplies the ads that appear on
many of the net's most
popular sites. Using cookies, DoubleClick can uniquely identify you,
allowing a profile of the type of
sites you visit to be built up, and even supplying relevant adverts for
you. So how can it do this when
cookies are unique to a site? It's simple -the DoubleClick adverts
aren't on the site you visit. They're
stored on DoubleClick's own servers, and your web browser dutifully
fetches them from there. This
means it has requested information from the DoubleClick server, and can
therefore have a cookie sent,
or passed back to, that server. Solution: In your browser disable all
cookie access and clean regularly!

6. WebBugs:
WebBugs: There are about five different types of Web bugs, The simplest
bug is a small, clear GIF
with no content and its set to be tranparent so the web page background
shines through. Its included
on the web page you surf to but is downloaded from another site.
Usually some Advert based site the
download call along with the referrer information is enough to identify
your machine as visiting some
site. It normally works with cookies to send information to third
parties about a your online travels.
Other more malicious forms of Web bugs are "executable bugs," which can
install a file onto people's
hard drives to collect information whenever they are online. For
example, one such bug can scan a
person's machine to send information on every document that contains
the word "sex" .
the sneakiest bugs are "script-based executable bugs that can go out
and take any document from
your computer" without notice, there are programs that can track live,
private recordings through
Webcams or voice recorders hooked up to computers. Other script-based
bugs also execute files, but
they're not installed on a person's PC. They can simply try to control
the person's computer from its
server, as well as track the consumer's travels on the Web from behind
the scenes. An example of
this can be found on a popular entertainment site, PassThisOn.com,
which launches multiple browser
windows when a person tries to exit the site. These methods can bypass
your firewall since your
browser will have permission to fetch stuff from web-sites. This
principle can be employed in Word
documents or emails such that when you open them, some site somewhere
is notified that some pc is
opening and reading this document. Nice thought?

7. Good Housekeeping:
One consequence of surfing on the Internet is not only do other people
want to know your surfing
habits and real ip. So does your own PC! Each installed program will
invariably come with some form
of a history list. This list will be stored in the registry or less
commonly in a text file with a .ini
extension, usually found in the installation folder. In the registry
search for LastVisitedMRU. These are
used to enumerate your last five actions or so. ie Windows MediaPlayer
has a hidden history list that
contains a description of items last activated by it, be it some mp3 or
visually enticing mpg movie.
Likewise RealPlayer has a similar facility furthermore if you use it to
search online music datatbases
like DDB it will phone home to the RealPlayer web site sending your
list of preferences along with a
unique number that was written into the registry when the program was
first installed, and its usually a
mixture of your real ip and some pc generated number, ie a GUID.
Thereby identifying you regardless
of whether you employ a proxy or not!

Do Url's Go To Heaven?
Url's that you have surfed through may be stored covertly within the
Swap File, on a just in case they
are needed again basis, furthermore any of the microsoft products
might, depending on your
preference settings, choose to add one of these url's to its history
list or Most Recently Used
document list in MS Word's case. These are then stored in proprietary
files and within and any of
index.dat, system.dat, user.dat and on windows2000, Windows Millenium
in pagefile.sys. or the Swap
file. Each time you switch on your computer unknown to you these are
then loaded into the respective
program registry mappings or hidden files. Latest versions of windows
use individual profiles called
"UserData" stored within the registry. This is how Windows maintains
its appearance of being static,
looking the same, or attempting to achieve "persistance" across
multiple boot ups. So some Url's do
go to heaven and kinda live for ever ;-)

Spyware:
Some "free" software will, as it is being installed, copy a 2nd parties
programs, usually to the System
folder. These type of programs are what is known as AdWare since once
online your surfing habits are
monitored by the 2rd party and advert streams are sent to the
application based on your preferences.
The application author gets paid for allowing his program to target you
with adverts and this is the price
you pay for free software. Naturally you don't want any of these things
on your pc.

COM/SOAP These are ostensibly microsoft protocols. SOAP leaves you
insecure since it has access
to the dns (domain name calls) and the underlying windows system. So it
can request o/s serial
numbers, bad if you paid for Windows by credit card. It can totally
bypass any firewall and router
filtering, since messaging is web page to web page. COM controls can be
written to phone home via
SOAP just as in HTTP. COM is the basis for .NET and the new Windows
coming you way soon.
Windows has been re-written to use COM everwhere including the windows
controls such as edit, list
and treeview controls etc. This makes Windows a highly insecure
communications environment.
Coupled with the fact that Microsoft shares some of its source codes
with Govt Agencies and favored
Corporations under strict terms of secrecy, this should alert the
wise!

Cleaning Up:
Since each application that you have installed can store a History List
of associated files, ie Internet
Explorer will have a list of Url's your browser last surfed, for its
use in its "IntelliSense" or Smart
matching on partial Url's that you type into the browser AddressBar.
You need an application to sweep
these out and clean up each time that you either boot up or shut down.
One such application is
Window Washer it is safe and simple to use and it allows customized
items both in the registry and
any folder to be set for deletion. It comes with a default set of
Windows locations to delete ie
Documents under the Start menu is wiped clean. So for each application
you will have to work out
what it stores, where it stores it and set WindowsWasher to delete it
on a regular basis. For the more
trickier case of the Swap File, User.dat and Sytem.dat see The Swap
File and Registry Basics faqs.

There are programs available to search for and remove phone home
components, where web-bugs are
concerned the use of a Firewall, either Norton Personal Firewall or
Zonealarm are good 1st choices
here, and proxy and cookie cleaning on a regular basis will minimise
any problem here. A security site
is working on a Web-Bug filter at present.

8. Firewalls
A Firewall is a program that filters all ingoing and outgoing
connections to the internet. Anyone who is
running ADSL or Cable and other fixed ip services are more vulnerable
to security breaches. A Firewall
will allow you to set filters on which packets can enter or leave your
computer. Most Firewalls come
with standard settings enabled such as Application privileges, Internet
traffic blocking, local network
access to the systems services and shared accounts, and the blocking of
known advertising
companies. Along with the disabling of javascript this will stop all
those annoying pop up windows
appearing.
A firewall will also allow you to decide what appears in the packets
that leave your computer ie your
type of computer , operating system , timezone etc all which helps to
enforce your privacy. If your
computer is personal and for home use then find yourself a copy of
AtGuard which is an excellent
configurable Firewall, and if you cannot find a version, then Norton
Personal Firewall is a good
substitute since it purchased a licence to the AtGuard kernel.

9. Anonymity Providers
Here is a list of providers who provide reasonable privacy and security
to their users. Their numbers are
few, most of these providers use telnet, some use SSH, or S/Key to log
in for added protection.

HushMail:
---------
HushMail Is the world's first 1024 bit encrypted free mail service!

Anonymous.To:
-------------
Anonymous.To Offer Free Anonymous Email Accounts.

Freedom.net:
------------
Freedom.net Offer anonymous mail, telnet, IRC, SSH and web-surfing.

SecureNym:
----------
SecureNym Offers secure and anonymous web based E-mail by
subscription.

Pop3Now:
--------
Pop3Now Lets you access your mail from the web with SSL encryption.

Cyberpass:
--------
Cyberpass Run by Lance Cottrell, a well known cryptographer &
cypherpunk.

LOD Communications:
-------------------
LOD Communications Offers for $10 a month a shell account with WWW
page.

AnonMailNet:
------------
AnonMailNet Offers Web2Mail & Web2News interfaces with standard
Internet
services.

Data Haven Project
------------------
Data Haven Project For $10 a month shell account with full access.

Offshore Information Services:
------------------------------
Offshore Information Services Offer anonymous services from Anguilla
B.W.I.

Nymserver:
----------
Nymserver Offers anonymous e-mail and newsgroup posting, PGP, &
finger info.

Somebody.net:
------------
Somebody.net Offers anonymous surfing and anonymous email services

Resentment.org:
---------------
Resentment.org Now offers free SSL web mail accounts

Altopia Privacy:
----------------
Altopia Privacy accounts now, Anonymous accounts later...

10. Resources:
Window Washer
Evidence Eliminator
GUID Cleaner
Cache Cleaner
Spyware Faqs
Spyware Cleaner

Web_Bugs:

Cookies:
MSN Cookie Info :
Introduction to Cookies :
Web Cookie Basics :
Cookies! :
Internet Cookies :
About Cookies : ~http://tinyurl.com/p54u
What is a Cookie? :
Cookie Central :
Netscape Cookies :
Proxy Sites:

WebTV Proxy Info's

Proxy Lists:

http://tinyurl.com/p54v

Proxy Checking Sites:
http://tinyurl.com/p54w

http://tinyurl.com/p54x

http://tinyurl.com/1v1

Firewall Sites:
Firewall check :
Firewallls:
Home PC Firewall Guide :
Firewall Resource Centre :
Firewall Guide :
Firewall Q&A :

The TIS Firewall Toolkit FAQ :
Zeuros Network Solutions Firewall Resource :
Firewalls FAQ : <http://tinyurl.com/p54y>

Personal Firewalls:
ZoneAlarm: http:www.zonelabs.com/
BlackICE:
AtGuard: :- now owned by Symantec
Norton:
McAfee
SafeGuard
Sphinx

--
Unregistered - Unregistered User
------------------------------------------------------------------------
View this thread: http://www.soft-forum.com/forums/showthread.php?threadid=1035992


Relevant Pages

  • Re: browsing the web privately - how??
    ... Browser Security ... Cookies can act as ... of which can be programed to access the Windows System or your ... bypass any firewall since messaging is web page to web page. ...
    (comp.security.misc)
  • Re: Internet Browser hi-jack!
    ... > put a 3rd party browser bar under my address bar, ... my browser opens to some internet page that I have ... Windows Update ... You should at least turn on the built in firewall. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Is a Firewall Necessary with Dial-Up?
    ... > need a firewall when you are on the Internet, ... >> you're uninstalling OE from the Windows Setup tab of Add/Remove ... It's like giving webpage operators ... >> sneak past the FUDware firewalls, etc., which allow the browser access ...
    (comp.security.firewalls)
  • Re: Is a Firewall Necessary with Dial-Up?
    ... need a firewall when you are on the Internet, ... > you're uninstalling OE from the Windows Setup tab of Add/Remove ... I handle this problem by having one browser ...
    (comp.security.firewalls)
  • Re: Is a Firewall Necessary with Dial-Up?
    ... need a firewall when you are on the Internet, ... > you're uninstalling OE from the Windows Setup tab of Add/Remove ... I handle this problem by having one browser ...
    (comp.security.firewalls)