Archive for October, 2008

Other uses for a yEnc decoder proxy

Wednesday, October 29th, 2008

A properly written yEnc decoder proxy should be a true, unblocking TCP proxy underneath.  What this means is that even if the proxy is waiting for a response from a server, you can continue to send it data.  In addition, if it is waiting for the user to send it data, it will still receive data from the server.

This allows you to use the proxy as a raw TCP proxy to route other TCP traffic.  yProxy can be used as a raw TCP proxy in such a manner simply by disabling the “yEnc Decode” feature, which turns it into a pure TCP proxy.

yProxy as a web proxy

For example, try the following setup in yProxy:

Be sure to set the port numbers also, and click the Start button to start the proxy server.  Then try entering this URL in your browser address bar:

http://localhost

You’ll see Google’s homepage show up.  What you’ve done is load Google’s homepage through the proxy.  Actually, you’ve got a little bit more work to do if you want to keep going through the proxy at this point because anything you click on goes to a google.com address instead of “localhost”, but you’ve gotten the point that yProxy can be a down and dirty proxy for redirecting TCP traffic.

yProxy’s TCP proxy options would be best used for other types of TCP traffic like email or FTP, where the client doesn’t try to make connections to other domains.

yProxy as a remote web proxy and port obfuscator

The above example doesn’t really make much practical sense, but imagine that your school or work attempts to blocks all web traffic by blocking all traffic on outgoing port 80, but they do allow SSH traffic over port 22.  Leave yProxy running at your home with the following configuration:

Disable yProxy’s ”Run Locally Only” option and, as before, click Start to start yProxy.

Then from your school or work computer enter the following URL into your browser’s address bar:

http://10.2.0.96:22

You’ve just loaded Google from your home over port 22.

Note: I cheated in my example.  10.2.0.96 is actually a private IP address.  You’ll need type your public IP address into your web browser.  If you’re behind a NAT router at home, you’ll have to find out what your public IP address is and enable port forwarding or plug your computer into the DMZ port.  To find your public IP address, go to http://ifirefly.com.

yProxy as a remote FTP proxy

What if your friend is running an FTP server, but for security purposes, he only allows you to connect from your home IP address.  You’re going to be on the road though, and you still need to access the FTP server, but you don’t want to bother your friend to change his server’s configuration.

Use the following configuration for yProxy:

Well, FTP uses a second port for data, so you’ll need another instance of yProxy running to actually download anything:

Again, you need to turn off the “Run Locally Only” option for yProxy and press the Start button to start the proxy servers.

Now, you can enter this address into your FTP client or web browser:

ftp://10.2.0.96

Your computer at home is connecting to your friend’s FTP server, and you’re connecting to your computer at home, so as far as your friend’s server is concerned, you’re still at home.

yProxy is more than just a yEnc decoder

There are other legitimate uses for a TCP proxy.  Please let me know what you come up with.

yProxy stands apart from other yEnc decoders.  yProxy is a true TCP proxy underneath.  Have fun.

On The Fly Encryption (OTFE)

Tuesday, October 28th, 2008

If you are not encrypting your hard disk contents, your files have NO protection outside of the operating system.  It’s as easy as booting from a CD and copying your files directly from the hard drive to steal your personal data.  Your files are NOT secure.

If you are ecrypting files on your Windows NTFS partition using the built-in encrypted file system (EFS), your files are NOT secure.

If you are on a network domain at work, do you know that by default your system administrator can decrypt your EFS encryped files?  The administrator has a shared key.  In fact, your administrator can even disable the feature, not allowing you to encrypt files at all.

EFS is only as secure as your login password.  If someone finds out what your login password is, they can login as you and access your encrypted files.

If you leave your computer turned on and logged in, there is software that can steal your session key and decrypt your files.

Basically, EFS is very breakable.  Do not rely on EFS for security.

Instead, you should use a robust On The Fly Encryption (OTFE) system that includes session timeouts.

On The Fly Encryption works similar to EFS, except that you can mount OTFE file systems as partitions (the partitions appear as drive letters on your system).  When you want to access files stored on the OTFE mount, you simply start a session by entering your secure password.

The files are decrypted and encrypted in real time.  State of the art OTFE systems will automatically expire your session after a specified time period.  The OTFE partition is stored as a single file on your hard drive and lacks any file signatures, so nothing can be guessed about the encrypted partition.

TrueCrypt

TrueCrypt is the leading open source OTFE system.  TrueCrypt allows you to set automatic session timeouts–the shorter the better, and TrueCrypt uses AES and other very strong ciphers for encryption.

TrueCrypt also blocks write access to unencrypted file systems while your session is open to avoid you accidentally writing your secure data to the unencrypted system.  TrueCrypt even includes a feature to disable Windows paging, preventing Windows from using the hard disk as virtual memory, which could lead to unencrypted data being stored in the system cache.

TrueCrypt is cross platform and available on Linux and Windows, with precompiled binaries available for Windows.

If you wish to keep your data away from pyring eyes, use OTFE for secure storage of files.