GUIDE: Secure Erase your Solid State Drive (SSD) with Parted Magic

First off:
Don’t do this unless you NEED to. You don’t even need to secure erase your SSD when you reinstall. The only reasons to secure erase is if there is a drastic speed decrease from either a hard workload or a TRIMless environment which you need fix quickly or if your SSD is acting up. Otherwise TRIM and garbage collection will take care of everything automatically.

Erasing all the data on the SSD:
It is not safe to use DBAN Nuke or similar on SSDs. First, it’s not good for the drive, and second, it wouldn’t work properly anyway. Not good for the drive because it writes to the drive too many times. Wouldn’t work properly because just like the OS, DBAN and similar cannot control where it writes to on the drive. The SSD’s controller is responsible for that, and due to wear leveling algorithms, wouldn’t get you the intended results. DBAN in its current state, is not designed for SSDs. It is used for magnetic drives that have a tendency to retain “images” of previously stored magnetic data. It writes (and sometimes overwrites again) data to the drive, and what is called “secure erase” in DBAN, is different than a “secure erase” command issued by a program designed for SSDs. The secure erase command for an SSD is a command that tells the SSD’s controller to “flush” all of its stored electrons, that it has trapped, from the individual storage cells. It does not write to the drive in any fashion, like a DBAN secure erase does.With an SSD, all you need is to perform a “secure erase” with the proper software.

Secure Erase and NAND:
To learn about how NAND works at a technical level read this: (link)

Tunneling is used to alter the placement of electrons in the floating gate. An electrical charge is applied to the floating gate. The charge enters the floating gate and drains to a ground. This charge causes the floating-gate transistor to act like an electron gun. The excited electrons are pushed through and trapped on other side of the thin oxide layer, giving it a negative charge. These negatively charged electrons act as a barrier between the control gate and the floating gate. A special device called a cell sensor monitors the level of the charge passing through the floating gate.

NAND flash memory uses floating gate MOSFET transistors. Their default state is when the charge is over the 50%. If the flow through the gate is above the 50% threshold, it has a value of 1. When the charge passing through drops below the 50% threshold, the value changes to 0.

0’s are data, 1’s is erase….the fundamental laws of MLC NAND dictate this. You only write the 0’s when you write data to NAND.

So in an erased state the NAND has to report a 1.

Continue reading “GUIDE: Secure Erase your Solid State Drive (SSD) with Parted Magic”

ATTN: Do not download #CryptoCoin Trader from #Sourceforge. Those who have ran the program on your PC, please format ASAP!

I spotted few mins ago that there is link to download a open source trading program call Cryptocoin trader.

One anonymous user claimed that the source code is safe but i decided to run the precompiled exe on my VM to be sure.
The program extracts qtbitcoin trader client and some suspicious executables (bridgemigplugin.exe, vbc.exe).
brigemiplugin.exe description on task manager is open broadcaster software.

After some googling, it is obvious that the program is doing a live/recording video stream through a open source program from open broadcaster software http://obsproject.com/

Here are the screenshots

Even though the post has been deleted, there are 46 people indicated on sourceforge who have downloaded the program, please reformat your pc to prevent any potential wallet hacks.

Update: I’ve ran wireshark to sniff the network traffic produce by the malware, the malware connection is initiated from 185.17.1.222, Russian. ISP, Longbow Electric Llc. screenshot here

Update 2 I’ve did a search of the IP address. I believe it doesn’t belongs to any tor node, proxy or VPN. Hence it is very likely that 185.17.1.222 is either a dynamic or static IP from Longbow Electric Llc.

Update 3 I’m a undergraduate in NUS majoring in computer science security. I hope that this post will act as a warning for all potential future hackers who attempts to perform similar attacks (The community is watching you). Thanks everyone for the tips as well, it sure helps a little with my high tuition debt. 🙂 This is so much I can do for now, as I’m having papers from tomorrow onwards. Stay safe fellow bitcoiners!

Ubuntu Security: The Wifi Passowords Are Stored In Clear Text, Outside The Users Home

A user has reported that the wifi passwords are not encrypted on Ubuntu systems, being stored in clear text in a folder outside the user’s home, (/etc/NetworkManager/system-connections/) making it accessible for unwanted users.

2600 - goatse logo ubuntu

After this issue has been reported, a Canonical developer has explained in the mailing lists that this is caused by the fact that the “All users may connect to this network” option is enabled by default.

This issue has an easy fix, directly from the graphical user interface. All you have to do is: Open network indicator -> Edit connections -> Select network -> Click edit -> untick “All users may connect to this network.” from the general tab.

By doing this setting, the password will be stored in the user’s home and so, it will become unavailable for unwanted users. Also, encrypt your homedir, for better security.

WARNING: A fake electrum website with malware is advertising on duckduckgo and yahoo.

If you perform a search for electrum on duckduckgo or yahoo, an ad claiming to be electrum.org will be at the top.

In reality the ad links to:
electrum-bitcoin org

The domain was created December 21.

This site is nearly identical to electrum.org except the download links give different files. All three of the files that can be download are much smaller than the real electrum and are most likely malware.
The three files are:
electrum.exe – 91136 bytes
electrum.out – 60316 bytes
electrum.zip – 32478 bytes

Continue reading “WARNING: A fake electrum website with malware is advertising on duckduckgo and yahoo.”

Ultimate n00b guide to Bitcoin client installation and security/cold storage!

I previously submitted a thread which you can find here with a video tutorial to use the very robust Armory bitcoin client.

But for this submission I will provide the instructions to use Electrum BTC client which provides “Instant on” (your client does not download the blockchain, it uses a remote server).

This will show you how to configure a “watch-only” seedless wallet so that you can receive payments and see your balance on a computer you connect to the Internet with while ensuring that a hacker cannot spend your coins without first “approving” signing the transaction using an OFFLINE computer which you can then return to your online computer and broadcast on the network. If you’re confused, don’t worry, just follow along.

Instructions:

Get an offline computer. This can be a physical device or a separate installation on your current computer. Security tip: Here’s one method on how to disable USB auto run on your offline computer, so that a malware infected USB drive cannot spread its infection.

[Offline PC] Install Electrum via a USB-Key. Here is the download link.

[Offline PC] Create a new wallet. Write down the seed and memorize it, after which you should probably destroy the seed or keep it safe in a fire/waterproof lockbox. Password encrypt your wallet using a passphrase created using diceware for upmost security.

[Offline PC] Import/Export and copy your “Master Public Key” and put it in a text file on your USB-Key.

[Online PC] Install Electrum and select Restore in the dialog box shown on the first start up, use the “Master Public Key”.

You now have an online wallet where you can check your balances and give out new addresses, but you can’t however spend the coins. So if an attacker would be able take over your online computer your coins can’t be lost.

To make a transaction (to spend your Bitcoins) do the following:

[Online PC] Go to the send tab and make a transaction. Instead of sending it, Electrum will detect a seedless wallet and query for a location to save the transaction. Select your USB-Key.

[Offline PC] Go to Settings -> Import/Export -> “Load raw transaction”. Select your transaction from the USB-Key. It will detect it’s not signed and will prompt you to do so now. Fill in your password and sign the transaction. Save the new, signed, transaction to your USB-Key.

[Online PC] Go to Settings -> Import/Export -> “Load raw transaction”. Select the signed transaction and it will ask you if you want to broadcast it.

Hope you all found this helpful 🙂 Also if you are uber n00b please take the time to check out the FAQ which is also found on the right hand side of this blog.

Protecting your data: survey indicates that with 4 exceptions major companies fail miserably

With so much recent concern about how the NSA and GCHQ (and, likely, others) basically look at unencrypted traffic as an easy way to hack into your data, it’s becoming increasingly important for the big companies which manage tremendous amounts of the public’s personal data to encrypt as much as possible. The folks over at the EFF have now put together a sort of crypto report card on which major companies are actually encrypting everything they can.

The results are a little disappointing. Only four companies. Dropbox, Google, SpiderOak and Sonic.net got a perfect score on the five categories measured. Twitter is pretty close (and the only thing it’s missing, STARTTLS, really would only matter if it were offering email, which it doesn’t, other than to employees) while the rest still have a fair bit of work to do.For the die hard Cloud users & Faacebook fanatics it involves you taking responsibility for your own security and crypto keys, which maybe is too much to ask. That’s why Encrypting Facebook as a start.or Encrypting cloud storage.. The incumbent access providers AT&T, Verizon and Comcast don’t appear to care nearly enough about security at all. And lots of free apps and cloud services started appearing, some with CIA funding (InQTel) offering storage of business data, video, IP surveillance, exactly the sort of thing the NSA wants to grab in a 5 eyes jurisdiction with a cooperative management. That’s why it’s little surprise that the NSA’s deals with at least AT&T and Verizon are a major source of information.

data

Hopefully this effort (and the ongoing concerns about the NSA, as well as outside hacking) lead more companies to upping their encryption game.

CISPA: Who’s For It And Who’s Against It And Much More…

CISPA v3 is back!

We had believed, along with a number of others, that the Snowden leaks showing how the NSA was spying on pretty much everyone would likely kill CISPA dead. After all, the key component to CISPA was basically a method for encouraging companies to have total immunity from sharing information with the NSA. And while CISPA supporters pretended this was to help protect those companies and others from online attacks, the Snowden leaks have reinforced the idea (that many of us had been pointing out from the beginning) that it was really about making it easier for the NSA to rope in companies to help them spy on people.

ku-bigpic

Also, if you don’t remember, while CISPA had passed the House, the Senate had shown little appetite for it. Last year, the Senate had approved a very different cybersecurity bill, and had expressed very little interest in taking up that fight again this year. Except now, in an unexpected move, Senate Intelligence Committee boss, and chief NSA defender because of reasons that are top secret, has now announced that she’s been writing a Senate counterpart to CISPA and is prepared to “move it forward.”

Continue reading “CISPA: Who’s For It And Who’s Against It And Much More…”

Full Disk Encryption Using Ubuntu In Most Secure Mode With AES-XTS-PLAIN64

Full Disk Encryption (FDE) is one of the best ways you can ensure all of the private information on your laptop stays private in case it’s lost, seized, stolen, or if you choose to sell or give away your computer in the future. This feature has been built-in to many GNU/Linux distributions, including Ubuntu, for many years. But until the recent release of Ubuntu 12.10, it was hidden away in the “alternate” text-mode installer of Ubuntu that many non-technical users don’t even know exists.

938430_55159550-hard-drive

Unlike passwords, full disk encryption can make the contents of a drive inaccessible to a powerful attacker who has possession of your computer. FDE provides the opportunity to protect your data with military-grade encryption that can’t be compromised on a reasonable timeframe. At least, not by any currently-known means. The only way to access the files protected by full disk encryption is to obtain the encryption key.

AES-XTS provides the most secure mode of full disk encryption. Unfortunately, it’s not available by default in many Linux installation packages. Ubuntu’s “alternate” installation image provides other implementations like AES-CBC, but not aes-xts-plain or aes-xts-plain64. If aes-cbc is good enough for you, it’s been available in the Ubuntu alternate installer for quite some time. A thorough but dated guide outlining the process is available here.

By downloading an Ubuntu desktop installation image and doing a little initial setup, you can use aes-xts-plain64 on your system. Aes-xts-plain and aes-xts-plain64 both provide the same mode of operation, but you’ll need to use aes-xts-plain64 if you want to format a partition larger than 2TB. Also, it’s important to note that using very large block sizes for XTS mode could lead to security issues. Using 512 byte block sizes mitigates this issue.

Continue reading “Full Disk Encryption Using Ubuntu In Most Secure Mode With AES-XTS-PLAIN64”