Computers – The Order of the White Rose

TOWR Security Brief: 15 August 2016

[et_pb_section admin_label=”section” transparent_background=”off” background_color=”#ffffff” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”||0px|”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”off” custom_padding=”||0px|” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#bcbcbc” use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_letter_spacing=”2px” custom_margin=”||0px|” custom_padding=”||0px|”]

TOWR TECH & SECURITY

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” max_width=”660px” text_font=”PT Sans||||” text_font_size=”72″ text_text_color=”#1d1d1d” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”18px||80px|” text_line_height=”1.1em” text_font_size_last_edited=”on|desktop” text_font_size_tablet=”52″]

TOWR Security Brief: 15 August 2016

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section admin_label=”Section” fullwidth=”off” specialty=”off” transparent_background=”off” background_color=”#f7f7f4″ allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”0px|||”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/kit.jpeg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”off” sticky=”on” align=”center” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”-48px|||”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans||||” text_font_size=”18″ text_text_color=”#323232″ text_line_height=”1.4em” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”14px||0px|”]

Kit Perez

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”0px|||”]

15 August 2016

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”24″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”40px||0px|” text_line_height=”1.4em” text_font_size_last_edited=”on|tablet”]

The privacy/tech world is constantly changing, and it’s important that you stay informed because any one of those changes may affect how you need to conduct yourself on the internet. Our briefs are designed to give you a short overview of the pertinent news items over the last week, and let you know what you need to do about them.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

In this week’s brief:

Democrat data got leaked by the infamous “Guccifer” over the weekend. Hypocrisy alert: They’re mad. Have fun with it.
The White House is considering sanctions against Russia for the DNC hacks. God forbid they deal with what was IN the hack.
Ever heard of video jacking? We hadn’t either, but here’s why you need to know about it.
For those of you with air-gapped machines that don’t connect to the internet…you’re still not totally safe.
Microsoft accidentally leaked the key to its Secure Boot for Windows. This is why mandating back doors is a bad idea.
The researchers doing a security audit on Veracrypt are seeing evidence that their audit is being spied on.
If you still think no one cares about your passwords…there’s a whole market on the darknet just for them.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”3_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/w704.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][et_pb_column type=”1_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off” custom_css_main_element=”width:130px;”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|” max_width=”130px”]

I’m sure you can think of a use for this data, right?

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||” max_width=”130px”]

Photograph by Shutterstock

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”46px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

The big story over the weekend was that the hacker Guccifer released a whole list of Democratic Congressional Campaign Committee member personal information.

The notorious hacker published several documents that include cell phone numbers, home addresses, official and personal e-mail addresses, names of staffers, and other personal information for the entire roster of Democratic representatives. The data dump also includes several memos from House Minority Leader Nancy Pelosi’s personal computer, detailing fundraisers and campaign overviews.

With absolutely no sense of irony, Representative of the House Permanent Select Committee on Intelligence Adam Schiff had this to say:

“The unauthorized disclosure of people’s personally identifiable information is never acceptable, and we can fully expect the authorities will be investigating the posting of this information.”

Really, Adam? Never? I remember when the names and addresses of gun owners got published and no one did a thing about it. At any rate, certainly we shouldn’t let a crisis go to waste (to take another point out of the Democrat playbook). Certainly there are those among us who could think of a use for this windfall of information.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_font=”PT Serif||||” text_font_size=”32″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”16px||30px|” text_line_height=”1.3em” text_font_size_last_edited=”on|tablet” max_width=”900px”]

“Who cares what evidence of criminal activity was in the DNC leaks? What matters is WHO DID IT.” — Democrats

[/et_pb_text][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Russians” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Speaking of leaks, the DNC leak–in which we all got vindicated for believing that the election machine is as corrupt as ever–was done by the Russians. That’s what the Dems want you to think, at least. The White House is “considering sanctions” for it. Maybe the administration will send some really pointed tweets.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/vidjackback-580×468.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|”]

Some of the equipment used in the “video jacking” demonstration at the DEF CON security conference last week in Las Vegas.

Photo by Brian Markus

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”videojacking” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Ever heard of “video jacking?” It’s yet another way someone can take control of your device. Here’s how it works:

Dubbed “video jacking” by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine splits the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos.

Is your phone on the vulnerable list? You can find out here and here.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/diskfiltration-640×358.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|”]

“DiskFiltration” siphons data even when computers are disconnected from the Internet.

Photo from Cyber Security Labs.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

One of the things that we have advised people to do if they’re working with highly secure or sensitive information is to use an “airgapped” machine in addition to your regular computer. This means not only do you not ever connect it to your home or work wi-fi, you’ve actually removed all possibility of it ever connecting to any wi-fi or internet connection because you’ve physically removed the capability. (For info on how to actually create that machine, check out our Paranoid PC series.)

In another episode of “mouse vs. mousetrap,” researchers have figured out a way to breach an airgapped machine. This isn’t news in and of itself, since it’s already been done. This is just the latest way to do it.

The method has been dubbed “DiskFiltration” by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive’s actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone.

Now, before you throw out your computers, or worse yet, give up on privacy and security because you think there’s no point and no hope, consider this:

This technique has a range of six feet. That’s it. This means, as long as you continue to be aware of your surroundings, and use best practices with ALL of your devices, you’re fine.
In order for this technique (and others like it) to work, the computer in question has to be infected with malware. Since an airgapped machine by default isn’t connected to the internet to get malware, it’d have to be infected in person by someone with access–another point in your favor.

Simply keep your airgapped machine away from devices with a microphone (including your own smartphone!) and you should be just fine.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Security experts have constantly warned about the government’s desire to have backdoors built into everything “just in case” they “need it.” Having the backdoor automatically means the encryption or security is pointless. as Microsoft just illustrated to everyone. They accidentally leaked the key protecting their UEFI Secure boot feature. So much for ‘secure boot’ and all.

(Keep in mind that the situation is more complex than just leaking a key, as you’ll see in the comments on the Schneier article. There are techie explanations for those wanting to understand the full extent. For the rest of us, however, it’s close enough.)

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Speaking of encryption and whatnot, researchers who are doing an independent audit of VeraCrypt are finding that someone (or someones, plural) are interested enough in their work that they’re spying on it. Graham Cluley writes:

Now, the bad news… OSTIF says that its confidential PGP-encrypted communications with QuarkLabs about the VeraCrypt security audit may be being mysteriously intercepted:

We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders. Not only have the emails not arrived, but there is no trace of the emails in our “sent” folders. In the case of OSTIF, this is the Google Apps business version of Gmail where these sent emails have disappeared.

This suggests that outside actors are attempting to listen in on and/or interfere with the audit process.

We are setting up alternate means of encrypted communications in order to move forward with the audit project.

If nation-states are interested in what we are doing we must be doing something right. Right?

Our last item for today is this. No matter how much people get harped on about using secure passwords and not reusing the same ones on multiple sites, people still do it. Who could possibly want your Netflix password, right? Actually, you’d be surprised. There’s an entire market for logins on the dark net, where your logins for everything from Netflix to Paypal to Gmail are being bought and sold at a blinding rate.

The adversaries we have to worry about when we’re choosing our Twitter or eBay passwords are in it for the money and their approach isn’t so much cyber-fencing as carpet bombing – it’s untargeted and it doesn’t matter who gets hit because it’s “how many?” that matters.

Our accounts aren’t compromised one by one, they’re cracked en masse or exfiltrated in the millions and then bought and sold online.

[…]

While Paypal has, and still dominates … it is now possible to find Amazon, Uber, eBay, Netflix, Twitter, Dell and many more … Any account that can generate fraudsters money, or even help them receive a service for free, has a demand in the cyber underground.

…Uber, for example, are sought after by fraudsters simply because they provide “free taxi rides”. Demand for adult entertainment accounts is high due to interest for self consumption.

…eBay and Amazon are sought after … to steal money or credits from these accounts … Compromised dating site accounts are also often exploited for romance scams.

How much is your account worth?

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” custom_width_px=”980″ use_custom_gutter=”off” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding=”50px||0px|”][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2015/12/TOWR_LOGO_V2.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”off” sticky=”off” align=”center” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” custom_width_px=”980px” use_custom_gutter=”on” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” parallax_3=”off” parallax_method_3=”off” column_padding_mobile=”on” gutter_width=”2″ custom_padding=”30px|||” custom_padding_tablet=”6px|||” custom_padding_last_edited=”on|tablet”][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”68″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid” header_font_size=”15″ saved_tabs=”all” global_module=”26311″] [/et_pb_blog][/et_pb_column][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”87″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” header_font_size=”15″ use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_blog][/et_pb_column][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”62″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid” header_font_size=”15″] [/et_pb_blog][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][/et_pb_row][/et_pb_section]

Basic Privacy and Anonymity Part 2 Webinar, 31 August 2016

[et_pb_section admin_label=”Section” fullwidth=”off” specialty=”off”][et_pb_row admin_label=”Row” make_fullwidth=”on” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” gutter_width=”1″ padding_mobile=”off” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” padding_top_1=”8%” padding_right_1=”8%” padding_bottom_1=”10%” padding_left_1=”8%” padding_1_last_edited=”on|desktop” padding_1_tablet=”0%|5%|5%|5%”][et_pb_column type=”1_2″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#303030″ text_line_height=”1.5em” use_border_color=”off” border_color=”#ffffff” border_style=”solid” max_width_last_edited=”on|desktop” custom_margin_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” text_font=”Source Sans Pro||||” header_font_size=”15px”]

Description

This class is geared to those who either need to learn the basics of privacy and anonymity, or who would like a refresher. Everyone has the right to conduct their affairs in private, and this Basic Privacy and Anonymity webinar class will show you how to start doing that. Whether you’re a total beginner who’s never heard of any of this, or someone who’s dabbled but doesn’t feel comfortable with it, or even if you do it all the time and just want to double check and make sure you’re doing it right, this class is for you.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/063.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”off” align=”right” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”off” custom_padding=”7.5%||7%|” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” max_width=”86%” text_font_size=”48″ text_text_color=”#303030″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_css_main_element=”font-weight:900;” text_font=”Source Sans Pro||||” text_line_height=”1.2em” text_font_size_phone=”36″ text_font_size_last_edited=”on|phone”]

These skills will help you protect not only you, but the people you talk to and work with.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

This is Part 2 of a two-session class. In this first session, we’ll cover the following:

Secure messaging – which ones are best for privacy?
Virtual Private Networks (VPN) – how to connect to the internet anonymously.
Bitcoin Basics – how to buy and sell cryptocurrency for anonymous purchases.
Best practices for online activities – how to evade digital surveillance and protect your metadata.

(Check out the agenda for Part 1 here.)

Both sessions will have a question and answer period as well. Sessions are limited to 25 people so everyone gets a chance to ask questions.

We recently offered this class in-person as a one-day event, and it was a huge success. We had so many requests from outside the Pacific Northwest for this kind of training that we have broken the class up into two sessions, two hours each, and are offering them as a live webinar. (It’ll also be available later as an archive.)

This is an overview class, meant to introduce you to the concepts of privacy and why they’re so critical to Three Percenters and patriots. It’ll also set you up for more advanced classes we will be giving this fall that deal with more advanced functions and operations. If any of the following statements have ever come out of your mouth….

I’m not doing anything illegal.
There’s no point in any of this; the government can see you no matter what you do.
Go ahead and let them look!
If you try to be private you’re just making yourself more of a target.

…you need to be in this class. You will have your eyes opened.

You get access to BOTH sessions–a total of four hours of live instruction—for $25. That not only includes both webinar sessions live, but access to them later as well so you can go back over the material.

Session 2 is August 31, from 6:30-8:30PM Pacific time. You can reserve your place and get payment info by contacting us here.

Don’t miss your chance to learn how to protect yourself and your group.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Basic Privacy and Anonymity Part 1 Live Webinar, 24 August 2016

Description

These skills will help you protect not only you, but the people you talk to and work with.

This is Part 1 of a two-session class. In this first session, we’ll cover the following:

Why all of this is necessary: who wants your data, why do they want it, and what’s “data” even refer to?
How the Internet of Things (IoT) has made it possible for your electronic devices to track you, listen to you, and record you.
the Tor Browser – how to browse the clearnet and darkweb anonymously.
TAILS operating system
PGP/GPG email – the basics of sending encrypted emails and why you should “encrypt all the things!”

In the second session, here’s what we’ll be going over:

Secure messaging – which ones are best for privacy?
Virtual Private Networks (VPN) – how to connect to the internet anonymously.
Bitcoin Basics – how to buy and sell cryptocurrency for anonymous purchases.
Best practices for online activities – how to evade digital surveillance and protect your metadata.

Both sessions will have a question and answer period as well. Sessions are limited to 25 people so everyone gets a chance to ask questions.

I’m not doing anything illegal.
There’s no point in any of this; the government can see you no matter what you do.
Go ahead and let them look!
If you try to be private you’re just making yourself more of a target.

…you need to be in this class. You will have your eyes opened.

Session 1 is August 24, from 6:30-8:30PM Pacific time. You can reserve your place and get payment info by contacting us here.

Don’t miss your chance to learn how to protect yourself and your group.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Classes update 02 AUG 2016

Hello Patriots!

As our Facebook post a few days ago hinted, we are currently developing some new classes for you.

The first will be a two part webinar of the “Basic Privacy and Anonymity” class that we first ran back in June. This will be our first webinar experience and will be co-taught by Kit and Steve. Since this is our first time delivering with this method, we will only be charging $25. We’re tentatively looking at 8/24 for part 1 and 8/31 for part 2.

For the details from the last class, see: https://www.whiterose.us/privacy-anonymity-basics-class/

The second class is a new one we’re putting on, answering the call for more focused communications training to help you get comfortable around radios. We’ll be putting a heavy emphasis on listening, small group communications, and just enough theory to get you started. This is *not* a Technician or General class, although we cover a few of the same topics. The details are still being worked out, but it will be co-taught by Mike and Steve. The cost will be $50 and will be at the Kingsgate Library north of Seattle on 9/17 from 1015 to 1645. Bring your comms gear and time allowing we’ll have show-and-tell with the class.

To sign up, please contact us at TOWR@hushmail.com. We’re still working on a way to do online payments and signup without it being a burden.

Security Tips for Signal Users

If you’re a fan of the secure text messaging app Signal (and you should be), there are a few things you need to know about using it properly. From The Intercept:

Lock Down Your Phone

Common sense thing #1. There is no point to having a (more) secure texting app if your phone doesn’t even have a passcode on it. And I don’t mean a 4-digit PIN that matches your birthday or ATM pin, either. Use the full QWERY keyboard password option. Yeah, it’s less convenient. Security always is.

And for the love of all that’s holy, don’t use the Touch ID/fingerprint option. That’s just asking for trouble.

Hide Signal Messages on Your Lock Screen

If you’re worried about people seeing your private texts enough to use Signal, then it stands to reason that it’s pretty stupid to allow the content of your texts to show up on your locked phone screen. At the very least, make it so the content doesn’t show. If you’re truly security conscious, you may want to disable notifications on your lock screen completely.

Verify That You’re Talking to the Right Person

Makes sense, right? Man in the middle attacks, interceptions, taps, you name it and it’s happening. If you’re trying to talk to someone about something, somewhere, someone is trying to listen to it. Signal has identity verification for the people you’re talking to. Use it.

Archive/Delete Messages

Okay so you installed Signal, put a password on your phone, turned off notifications. You can text and text now, right? Sure…as long as you don’t leave the texts on your phone. Layered security is called that for a reason. If someone IS able to get into your phone, there should be nothing for them to find…at least in your Signal. When you’re done, archive it. Delete it. Get rid of it.

The original article has a how-to guide for all of the above. Go read it. And if you’re still using Wickr…..might want to think about that.