The Complete Privacy & Security Podcast-Episode 037

Posted on July 18th, 2017

EPISODE 037: The Forensic Evidence on Our Phones

This week, Josh Huff stops in to talk about the data left behind on our phones.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

KeePassXC 2.22 Released
https://keepassxc.org/

SHOW:

Josh Huff: https://twitter.com/baywolf88

LISTENER QUESTIONS:

Suppose you already own a phone which you bought on your own bank card and you have postpaid SIM service in your own name and have registered it to a Google Account or Apple ID in your own name already.  Is there any advantage to reformatting the phone, registering a new Google or Apple ID to it and switching to a cash prepaid plan with a new sim card?  Obviously a totally new phone and new accounts, etc… would be better but is there any benefit to parts of that until a new phone can be bought?

I recently bought a new burner Android phone through eBay, and the phone is supplied by a Chinese seller and paid via PayPal through my real CC.  The phone is brand-less and it’s one of those typical Chinese products that are manufactured by the millions in Chinese sweatshops. What’s you take on this?  Am I assuming that tracking to me is much more difficult than what really is?

OSINT SEGMENT:

Foxified
https://addons.mozilla.org/en-US/firefox/addon/chrome-store-foxified/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 037

The Complete Privacy & Security Podcast-Episode 036

Posted on July 11th, 2017

EPISODE 036: Andy Yen is back to discuss ProtonVPN

This week Andy Yen stops by to talk about the new release of ProtonVPN.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Issues with daily VPN usage.

SHOW:

Andy Yen: https://protonmail.com/blog/author/andy/
ProtonVPN: https://protonvpn.com/
ProtonMail: https://protonmail.com/

LISTENER QUESTIONS:

I’ve started to notice that Twitter always displays advertisements that related to my real location, never related to the VPN server location. Why?
Any opinions on https://www.sync.com/features/?

OSINT SEGMENT:

Web Recorder
https://webrecorder.io/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 036

The Complete Privacy & Security Podcast-Episode 035

Posted on July 4th, 2017

EPISODE 035: WIRE CEO ALAN DURIC

This week we talk with Alan Duric, CEO of the encrypted communications app Wire.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Encrypted Communications App Fatigue

SHOW:

Wire
https://wire.com/

LISTENER QUESTIONS:

I’m a bit confused about what the recommended method is for secondary level encryption – is it veracrypt or filevault? and is it a secondary level whole disk encryption or just a container for all sensitive files?

In a prior episode, Michael says we should get rid of Mint. According to their TOS, they only provide anonymized data to third parties. Is that true, and should we really give up the benefits over data that cannot be tracked back to us?
Banktivity – https://www.iggsoftware.com/banktivity/

OSINT SEGMENT:

Signal App Emulator
GenyMotion – https://www.genymotion.com/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 035

The Complete Privacy & Security Podcast-Episode 034

Posted on June 28th, 2017

EPISODE 034: OUR SUDO STRATEGIES

This week we explain in detail how we use Sudo as part of our daily privacy strategies.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

GMail Scanning:
https://www.theguardian.com/technology/2017/jun/26/google-will-stop-scanning-content-of-personal-emails

SUDO:

Sudo
https://sudoapp.com/

SudoPay
https://sudopay.com/


LISTENER QUESTIONS:

If I move from Gmail, Hotmail, Yahoo, etc… to another provider, set up forwarding to a new address and have it POPed over, would Google or Yahoo still have access to the content during the time it had the messages to forward?

What do you think about the risks associated with posting things on online forums?


OSINT SEGMENT:

TweetBeaver
https://tweetbeaver.com


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 034

Twitter Investigations with TweetBeaver

Posted on June 26th, 2017

I have incorporated the Twitter API into my Live and Online training classes for several years. This always required a collection of programming scripts or configured applications that must be present on your system in order to be used. Today, I find myself relying on the website TweetBeaver as a replacement. The home page of this site offers ten unique Twitter search options, which I outline below, including direct URL’s for bookmarking.

Convert Name to ID: https://tweetbeaver.com/getid.php: This translates a username, such as IntelTechniques, to a user number, such as 257644794. This is useful for documenting the ID numbers assigned to Twitter handles.

Convert ID to Name: https://tweetbeaver.com/getscreenname.php: This does the opposite of the above. This is useful for identifying accounts after the Twitter handle has been changed.

Account Follows: https://tweetbeaver.com/mutualfollow.php: This identifies whether two accounts follow each other. This is useful when two targets have many followers.

Download Favorites: https://tweetbeaver.com/getfavorites.php: This saves a spreadsheet of all favorites by the target. The file includes the date of the post, the author of the post, the text of the Tweet, and the URL.

Search Within Favorites: https://tweetbeaver.com/index.php: This allows filtering by keyword, but the previous technique is a more complete option.

Download Timeline: https://tweetbeaver.com/gettweets.php: This will download the previous 3200 Tweets of a target to a spreadsheet. This includes URL, Date & Time, Content, and Activity. Below displays the Tweets with online activity.

Search Within Timeline: https://tweetbeaver.com/searchtweets.php: A filter for the previous utility.

Account Data: https://tweetbeaver.com/getdata.php: This provides a summary of account data from the Twitter API.

Download Friends: https://tweetbeaver.com/getfriends.php: This will download a spreadsheet that contains the people that your target is following on Twitter. Date includes Name, Screen Name, Twitter ID, Location, Bio, Account Creation Date, Followers, Following, Tweets, Favorites, Website, Time Zone, and Language.

Download Followers: https://tweetbeaver.com/getfollowers.php: Similar to above, but for the people following your target. These two options are the most thorough I have found online.

There are a ton of Twitter tools out there. This is one of the most impressive I have found, and is completely free.

Filed under OSINT, Search, Twitter | Comments Off on Twitter Investigations with TweetBeaver

The Complete Privacy & Security Podcast-Episode 033

Posted on June 20th, 2017

EPISODE 033: ANONYMOUS PURCHASE STRATEGIES

This week we discuss our strategies for making anonymous purchases online and in person.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

Privacy.com
https://privacy.com/

SudoPay
https://sudopay.com/

Blur
https://dnt.abine.com/

Vanilla Prepaids
https://www.onevanilla.com
https://www.vanillaprepaid.com

Chase
https://creditcards.chase.com/credit-cards/home/


LISTENER QUESTIONS:

I have a dead SSD hard drive that held some personal info. What is the safest way to dispose of it to make sure someone can’t recover any data. I thought soaking it in water might do the trick, but results from online searches claim it isn’t enough.

What are some safe rules when it comes to using an alias without getting in trouble. I always get a bit nervous when filling something out because I’m not always sure if I can provide disinformation on a particular form without it being illegal. Outside of the obvious stuff like govt forms where you sign that everything above is true or simple stuff like a grocery store reward cards, which are straight forward.

OSINT SEGMENT:

IntelTechniques Voicemail Tool
https://inteltechniques.com/osint/telephone.html


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 033

Buscador 1.1 OSINT Virtual Machine Released

Posted on June 19th, 2017

The Buscador 1.1 Beta release is finished. Buscador is a Linux Virtual Machine that is pre-configured for online investigators. DWestcott added a ton of new features to this version, including:

Added InstaLooter
Added EmailHarvester
Added SpiderFoot
Added Google Earth Pro
Added RipGrep
Added Tor/Privoxy
Updated Operating System
Updated Firefox and Extensions
Updated Chrome and Extensions
Updated Tor Browser
Updated Video Download
Updated Recon-NG
Repaired Video Utilities Script
Repaired Metagoofil Script
Updated all script dialogues

This is a substantial update, and I encourage any Buscador users to grab a new version. Link is live on:

https://inteltechniques.com/buscador/index.html

We are still using Google to host, so verify those checksums. If anyone wants to offer free hosting that can handle the size, speed, and bandwidth needed, we are open to moving it.

Filed under OSINT, Search | Comments Off on Buscador 1.1 OSINT Virtual Machine Released

The Complete Privacy & Security Podcast-Episode 032

Posted on June 13th, 2017

EPISODE 032: CATCHING UP IN MANILA

This week we meet up in person to discuss the past three weeks of Privacy and Security issues.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

SHOW:

Sudo Call Kit
https://sudoapp.com/

PIA Changes:
https://tinyurl.com/ycd89m2t

Wire Plain-text Logs:
https://tinyurl.com/kkrvgsh

iOS 11 Location Changes:
https://tinyurl.com/yah72o7s

Apple Employees Stealing Personal Data:
https://tinyurl.com/yckzbzgw

iCloud Aliases:
https://support.apple.com/kb/ph2622?locale=en_US

GRC SSL Cert Fingerprints:
https://www.grc.com/fingerprints.htm

Explanation of how password hashing with salt works:
https://crackstation.net/hashing-security.htm

Authy Concerns:
http://bitsonline.com/authy-coinbase-multi-device-2fa/

Facebook Timeline Cleaner (Firefox):
https://tinyurl.com/y8mf23dx

LISTENER QUESTIONS:

What is you knowledge of paying bills with a Postal Money Order. Does the PO keep files of the transactions?

Have you found a website creation service that does not track users data? For example, if I use a WordPress/WIX, or other drag and drop website, will that track my visitors data?

OSINT SEGMENT:

Sync Me:
https://sync.me/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 032

New Internet Search (OSINT) Resources

Posted on June 5th, 2017

Below are multiple new resources that have been added to my OSINT Links Page and my Online Video Training:

IntelTechniques Facebook Tool Updates:
Added “Common Friends” option
Added “Video Download” option
Added “Video API” option

IntelTechniques Twitter Tool Updates:
Added “Yearly Tweets To…” option
Added option to isolate Tweets only from one user to another

IntelTechniques YouTube Tool Updates:
Added new “Country Restriction Bypass” option

IntelTechniques Telephone Tool Updates:
Added Sync.me option
Added Cellular Voicemail ID options

IntelTechniques Email Tool Updates:
Added Hacked Email option
Added Google Calendar option
Added Gravatar option

IntelTechniques Documents Tool Updates:
Added Cloudfront option
Added individual search options

OpenCNAM: This tool allows free search of the public Caller ID Database.

Facebook Messenger: This tool allows search of cellular numbers in order to identify owners based on Facebook profiles. Requires Facebook account, and can be used in place of the “Forgot Password” option, which can compromise an investigation.

Filed under Facebook, OSINT, Search, Twitter | Comments Off on New Internet Search (OSINT) Resources

Compromised Accounts for OSINT and Digital Security

Posted on June 5th, 2017

I have always encouraged people to check their email addresses on sites such as HaveIBeenPwned. If present, your account is included in a known breach, and you should change your passwords immediately. This site has been the standard as far as reported breaches, and the owner stays on top of the latest threats. I recently found Hacked Emails, which offers a very similar service. However, there are two key advantages with this newer service.

First, Hacked Emails constantly scans paste sites and other release resources, and immediately updates its database. This may be redundant information, but the constant update could reveal a compromised account that may not be present on other similar sites. Overall, I now check both of these services monthly for any of my email addresses that may have been compromised.

Second, Hacked Emails offers an API service, with a call from a URL. This means that unlike HaveIBeenPwned, you could submit a search request directly through the address bar of your browser. If your email address is john@gmail.com, the following address would retrieve your results:

https://hacked-emails.com/api?q=john@gmail.com

The results may appear like awkward text, but the JSONViewer plugin to your browser would fix that. The main benefit of this type of search versus a standard search through their home page is that you could bookmark this page and always be a click away from the results. I have a handful of these bookmarked, one for each important email account, that I can quickly check for any new compromises. This is great for “Defense” when watching out for your personal accounts, but I also use this as “Offense”.

I often need to verify if an email address is real or fake. The various email verification services no longer work well on most domains, and are extremely unreliable under perfect conditions. Therefore, I use these services to check a target email address. If it appears in a breach, I feel confident it is a real address. If the breach was from 2015 or earlier, I know the account was not a “burner” created last week. Overall, I find these types of checks much more reliable than a traditional email validator. Below is an example of an actual email address search. It identifies the services used, which tells me more about the email address owner. Further, clicking on these links tells me the date of the breach and the types of information stolen and released publicly.

Filed under General, Hacking, OSINT, Search | Comments Off on Compromised Accounts for OSINT and Digital Security

Internet Search (OSINT) Resource: Mapping

Posted on June 2nd, 2017

I recently applied a drastic update to my Online Mapping Tool. After adding several new services, I included an option to execute each process individually, or all at once. This tool will allow you to enter a physical address and check it through multiple home sale sites, search it through Google, and generate the rooftop GPS coordinates. With the GPS coordinates, you can execute a search that will open the following services with data from the location searched:

Google Satellite View
Google Satellite 3D (N)
Google Satellite 3D (E)
Google Satellite 3D (S)
Google Satellite 3D (W)
Bing Satellite View
Bing Satellite 3D (N)
Bing Satellite 3D (E)
Bing Satellite 3D (S)
Bing Satellite 3D (W)
Google Street View
Bing Street View
TerraServer Satellite Views
LandViewer Satellite Views
Here Satellite View
Wikimapia Satellite View
Zoome Earth Satellite View
Yandex Satellite View
Map Box Satellite View
YouTube Videos
Facebook Live Video Streams
Periscope Live Video Streams
Descartes Satellite Views
Mapillary Crowd-Sourced Street Views
Open Street Cams Crowd-Sourced Street Views

This allows you to immediately obtain relevant images related to you target destination. Access the tool HERE.

Filed under Search | Comments Off on Internet Search (OSINT) Resource: Mapping

The Complete Privacy & Security Podcast-Episode 031

Posted on May 24th, 2017

EPISODE 031: JUST 30 QUICK THINGS…

This week we try to clear out our inbox of your listener questions, complaints, and ideas.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

NONE


OUR INBOX:

(JC) Could you recommend some calendar services, and are any of them fully encrypted?
(MB)

(MB) I am hearing a lot about Keybase.io, can you explain how this would be used as part of a privacy strategy?
(JC)

(JC) Have you ever considered the US Passport card for domestic identification since it lacks a postal address and is smaller than the standard passport?
(MB)

(MB) If you have an older Android phone would you believe it is better to keep on Android Lollipop with more recent security updates or flash an upgrade to Marshmallow which is not supported for security updates by the carrier?
(JC)

(JC) For Protonmail, when you sign up for a paid account with the 5 aliases. Do they have separate mailboxes or are the alises just like Blur addresses and all forward to the same mailbox?
(MB)

(MB) If you have more than one email address is it better to use a paid Blur account which allows forwarding to multiple addresses or a separate Blur free account for each address?
(JC)

(JC) Is there anything bad about using your own credit card to purchase an unlocked phone and use a prepaid sim bought with cash?
(MB)

(MB) You two seem to be big fans of Fastmail even though it is not end to end encrypted or zero knowledge. Is this because you are not using the online storage aspect and poping it locally?
(JC)

(JC) Are you a user of ApplePay or AndroidPay or similar services? Can Apple or Google keep a log of your purchases made this way?
(MB)

(MB) Would you suggest tagging other names to photos of yourself or yourself to other people in Facebook for disinformation purposes in order to confuse applications?
(JC)

(JC) What is the exact reasoning as to why you don’t want your phone receiving signals?(Are we avoiding our cell phone carrier from knowing where we live, or do we just want complete control of the signals reaching our phone?)
(MB)

(MB) Is there a reason to use Keepass over Password Safe or vice versa (Password Safe was mentioned in your Windows 7 book)?
(JC)

(JC) What strategy would you employ to maintain privacy for the registration of a student in college?
(MB)

(MB) Before I knew better, I set up my computer without a dedicated admin account (one user has all admin privileges). Is there a way to reverse this set up?
(JC)

(JC) Due to the OPM breach, have you heard of anyone that has been able to gain a new Social Security number as a result of their data being involved in the incident? It seems like this would be a wise precaution that I would like to pursue, just wondering if anyone else has tried already.
(MB)

(MB) I hear you mention many browsers, but I have not heard you mention Opera. Why no love for Opera?
(JC)

(JC) A new USPS service lets you to sign up for a mail cover on yourself. This should make it easier for you to detect mail theft, but, if info gets hacked, or someone signs up using your identity, etc., they can see where you bank, which doctor is sending you bills, etc. Is it worth it?
(MB)

(MB) How do you guys go about renting cars and staying private?
(JC)

(JC) How can I keep my Wireless Router off of sites like Wigle.net?
(MB)

(MB) I signed up for ProtonMail Plus using a burner card on privacy.com. I really wanted to use my Vanilla Visa but their system didn’t accept that card type. Do you think privacy.com is a secure enough payment method for services like this? Should I use privacy.com to pay for my VPN?
(JC)

(JC) In the Android vs iOS podcast, during the Q & A section, Michael mentioned using a media center to connect to his TV. Which one does he use?
(MB)

(MB) Can you use a masked credit card, using blur/privacy.com, and Apple Pay. My thought is to plug that masked number into Apple Pay and alleviate the need to withdraw a large amount of cash for large, cash purchases
(JC)

(JC) Why would you use Google voice over a Sudo number? If I use Google Voice on my idevice, doesn’t that leave me vulnerable to Google collecting more data from me? Is there anyway Google can start harvesting data from my device just by opening the Voice product?
(MB)

(MB) I am currently using a friendly name for my ProtonMail address. Do you recommend using an unrecognizable string as the main account address and adding more realistic names for your other addresses? Is there a hypothetical email structure you would recommend?
(JC)

(JC) I’m changing my auto insurance in my real name to one that’s significantly cheaper and using my CMRA as the address for it, that is not an issue. However, I wanted to add renters insurance and realized that if I add it with the CMRA listed as the address, I may not be able to file a claim for my real physical address. Do you guys have any suggestions?
(MB)

(MB) Is there a place for an old-fashioned pager in the life of a privacy enthusiast? http://pagersdirect.net/
(JC)


OSINT SEGMENT:

Facebook Messenger for Cell Lookup:
messenger.com


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 031

The Complete Privacy & Security Podcast-Episode 030

Posted on May 9th, 2017

EPISODE 030: FAKING YOUR DEATH WITH ELIZABETH GREENWOOD

This week we talk with Elizabeth Greenwood, the author of Playing Dead: A Journey Through the World of Death Fraud, about faking your own death. We also tackle listener questions and provide a new Facebook OSINT technique.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Open Snitch
https://github.com/evilsocket/opensnitch

True People Search Optout
https://www.truepeoplesearch.com/removal


FAKING YOUR DEATH WITH ELIZABETH GREENWOOD:

Elizabeth’s website
https://elizabethgreenwood.squarespace.com/

Playing Dead: A Journey Through the World of Death Fraud (Book)
http://amzn.to/2q1aIuW


LISTENER QUESTIONS:

The new ProtonMail VPN does not have a Mac client (only Windows). I have had issues getting the VPN to work reliably on Mac. Any ideas? Viscosity https://www.sparklabs.com/viscosity/

When using an email client or webmail, is there anything to be cautious of when using reading panes? To be more to the point, can there be security issues with this as opposed to only seeing a list of messages which need to be clicked on to be opened in a new window in order to prevent opening possibly malicious code in unrecognized messages?

In the previous podcast, Michael mentions using a Linux VM within Windows or Mac. What do you think of dual booting a Windows machine running Windows 7 on one partition, with a Linux distribution on the other partition. Would this still provide sand boxing capabilities?

When using Firefox or chrome for daily browsing, what do you recommend for bookmarking interesting urls? Do you sync?


OSINT SEGMENT:

Facebook Common Friends:
Facebook Tool
facebook.com/browse/mutual_friends/?uid=xxxxxxx&node=xxxxxxx


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 030

Another People Search Site with Impressive Records

Posted on May 5th, 2017

Many months ago, the OSINT and Privacy communities were buzzing about FamilyTreeNow. This site possessed highly accurate details about most Americans, including home address, telephone numbers, and family members. It allowed an opt-out process for removal of personal data, but most people did not make the effort. Recently, a site that appears to offer a clone of that data has emerged at TruePeopleSearch.com. Even more interesting, the data that was removed from FamilyTreeNow is still present in TruePeopleSearch. I had already removed my personal details from a previous home address from FamilyTreeNow several months ago. The first search for my name on TruePeopleSearch a week ago revealed the same two previously removed records live on this site. This was quite surprising, and it appears extremely likely that the data source for these two sites is the same. I am now curious of how many more sites like these will continue to appear online.

If you would like to search for personal records, navigate to https://www.truepeoplesearch.com

If you would like to remove your records, navigate to https://www.truepeoplesearch.com/removal

Filed under General, ID Theft, Privacy | Comments Off on Another People Search Site with Impressive Records

The Complete Privacy & Security Podcast-Episode 029

Posted on April 25th, 2017

EPISODE 029: ANDROID SECURITY WITH CUSTOM ROMS

This week we learn about custom Android roms from Andy Higginbotham, reveal our results of the Faraday bag challenge, answer listener questions, and discuss a new mapping OSINT resource.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Silent Pocket
https://silent-pocket.com/

Purchase Link
15% Discount Code: CPSPOD15

Objective-See
https://objective-see.com/

ANDROID CUSTOM ROMS WITH ANDY HIGGINBOTHAM:

Andy’s website
http://peopleforprivacy.com

Download APKs
http://www.apkmirror.com/

Guardian Project
https://guardianproject.info/

F-Droid Repository (open source Apps)
https://f-droid.org/

Copperhead
https://copperhead.co

Replicant
Open Source and Privacy focused, only supports older devices.
http://www.replicant.us/

Secure Spaces
Same Rom that the Blackphone uses, but without Silent Circle and hardware upgrades.
https://www.securespaces.com/

LineageOS
CyanogenMod’s successor. No actual stable builds yet
https://lineageos.org

Paranoid Android
Not actually private, but respected and been around for a long time
http://aospa.co

Carbon Rom
Another not particularly private, but long term Rom. Appears to have been recently rebooted
https://carbonrom.org/

ViperS
HTC sense based Rom
http://venomroms.com/

Fair Phone Social enterprise phone
https://www.fairphone.com/


LISTENER QUESTIONS:

You have mentioned before about using Rufus on Windows to create bootable USB drives. The method in the book for Mac users is complicated. Any Mac apps that could be used easier?

Mac Linux USB Loader

You guys have mentioned several times that Microsoft Office not only sends back data to Microsoft, but also that it monetizes that data. Where is the evidence for this?


OSINT SEGMENT:

Mapillary:
https://www.mapillary.com/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 029

Internet Search (OSINT) Resource: Mapillary

Posted on April 21st, 2017

Satellite and Street View maps from services such as Google and Bing are nothing new. Most of you can view the top and front of your home from multiple online websites. With street view options, these services are fairly responsible and block most faces and license plates. This makes it difficult for investigators trying to identify a suspect vehicle parked at a home or present at a crime scene months prior to the incident. We now have a new service that may remove these limitations. Mapillary appears similar to other mapping websites when first loading. You see a typical map view identifying streets, landmarks, and buildings. Enabling the satellite view layer displays images from the Open Street Map project. The real power is within the crowd-sourced street view images. While in any map view, green and blue highlighted lines indicate that an individual has provided street-level images to Mapillary, usually from a GPS-enabled smart phone. This is actually quite common, as many people record video of their driving trips that could be used in case of an accident. The Mapillary service makes it easy and automated to upload these images. Mapillary then embeds these images within their own mapping layers for the public to see.

Clicking these blue and green lines reveals the street view images in the lower left corner of the screen, as seen below. Expanding these images allows you to navigate through that individual’s images similar to the Google Street View experience. Below the provided street view is the user name of the Mapillary member and date of image capture.

In some of these images, Maillary appears to be redacting license plates with a typical “Blur Box” as seen below in the image to the left. A few feet later, the box disappears and a partially legible license plate is revealed i the image to the right. It seems like Mapillary is attempting to determine when a license plate is legible, and then blurring it. When the plate is further away and more difficult to read, ignoring it. This can work in our favor.

In the next example, we can use selective cropping and photo manipulation to obtain the registration. The below left image appears unaltered as it is difficult to read. The image on the below right was cropped, inverted with Photoshop, brightness turned down to 0%, and contrast heightened to 100%. the result is a legible license plate.

The site allows you to identify the up-loader’s username, mapping history, number of posted images, and profile image. You can also select to watch all of the captured images from a specific user as he or she travels daily. I can’t begin to imagine the amount information available about a user’s travel habits if he or she were to become a target of an investigation. While there is not coverage of every area like we see with Google Maps, the database is growing rapidly, and should be included when using other mapping tools. I have also added this resource to my Custom Mapping Tool, which will automate the collection of all available open source imagery associated with your investigation.

Filed under OSINT | Comments Off on Internet Search (OSINT) Resource: Mapillary

Internet Search (OSINT) Resource: SpoonBill

Posted on April 20th, 2017

We recently lost BioIsChanged as a service to view any changes within a person’s Twitter biography. This helped locate a profile that had previously displayed specific information, such as a SnapChat user name or location, after a person had deleted the data. I had many successes with that tool after people had decided to start sanitizing their online presence in order to cover-up an investigation. Today, we have SpoonBill, and it has also been highly effective. Technically, you must first connect your Twitter account to SpoonBill, and allow it to start monitoring those you follow. This will be required if your target is not already in the database. In my experience, locating profiles that are already being monitored by SpoonBill is easiest by navigating to the following URL (using AmberMac as a demo):

https://spoonbill.io/data/ambermac/

In this scenario, I am not logged into my Twitter account, and I have not connected those I am following to the service. Since someone else has already connected their Twitter account to SpoonBill, and happened to have AmberMac as a person followed, our work is already done. If you do not obtain a result when inserting a user name in this way, you will need to follow your subject from an anonymous account, and then connect to SpoonBill. The monitoring will start at that moment, and continue as changes are made. This is not optimal, but may catch something in the future. In the demo with Amber Mac, as partially seen below, we can see that she made changes to her bio on April 1, 2017, and also changed her website to point to her newsletter. This can be priceless information when a Twitter user removes additional contact information or changes their name from a real name to a moniker.

Filed under OSINT, Twitter | Comments Off on Internet Search (OSINT) Resource: SpoonBill

The Complete Privacy & Security Podcast-Episode 028

Posted on April 18th, 2017

EPISODE 028: FARADAY BAGS

This week, we talk with Aaron Zar, the founder and CEO of Silent Pocket, about everything related to Faraday bags. Plus, we whine more about Chrome, answer your listener questions, and offer a new technique in the OSINT segment.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

http://webkay.robinlinus.com/
chrome://chrome-urls/


FARADAY BAGS WITH AARON ZAR:

Silent Pocket
https://silent-pocket.com/

Purchase Link
15% Discount Code: CPSPOD15


AUDIBLE SPONSORSHIP

http://www.audibletrial.com/privacy


LISTENER QUESTIONS:

There appears to be big changes coming to FireFox over the next year. What are you hearing and how do you see FF changing as our primary browser for OSINT and Privacy/Security related use?

My students have noticed that Self Destructing Cookies does not delete everything. They also have Better Privacy installed and still get informed to delete LSO cookies and also CCleaner finds cookies afterward. Thoughts?


OSINT SEGMENT:

Buscador Video Utilities:
https://inteltechniques.com/buscador/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 028

The Complete Privacy & Security Podcast-Episode 027

Posted on April 11th, 2017

Episode 027: Social Engineering with Chris Hadnagy

This week, we talk with “HumanHacker” Chris Hadnagy about the aspects of social engineering regarding privacy and security. Plus, we answer listener questions and a present a new investigation technique in the OSINT segment.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

http://www.zdnet.com/article/millions-of-records-leaked-from-huge-corporate-database/


SOCIAL ENGINEERING FOR PRIVACY:

Chris Hadnagy
http://www.social-engineer.org/


AUDIBLE SPONSORSHIP

http://www.audibletrial.com/privacy


LISTENER QUESTIONS:

Have you heard of OneRep.com? Are they worth the money? Any way to remove or opt-out on their site?

Do email forwarding services like blur and 33 mail keep a copy of emails that go through them?


OSINT SEGMENT:

URL Biggy:
https://inteltechniques.com/buscador/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 027

The Complete Privacy & Security Podcast-Episode 026

Posted on April 4th, 2017

Episode 026: How a Cop Hides from the Internet

This week, we talk with M. A. Drew about his path to complete privacy & security. Plus, we answer listener questions and a present a new investigation technique in the OSINT segment.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

ProtonMail Bridge


HOW A COP HIDES FROM THE INTERNET:

M.A. Drew
https://hidingfromtheinternet.com


AUDIBLE SPONSORSHIP

http://www.audibletrial.com/privacy


LISTENER QUESTIONS:

How do you guys sync backups with Linux? Just physically, putting a disc in and copying the files over on a set schedule? Or is there a port of CryptSync out there/something like that?

I am hearing about ransomware now hitting Mac computers. I am new to Mac, should I be concerned? How can I protect myself?


OSINT SEGMENT:

Buscador – Metagoofil:
https://inteltechniques.com/buscador/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 026

Previous Posts