Anthony Vance

I have recently discovered TrueCrypt, a great open source data encryption tool that has recently gained the attention of security experts Bruce Schneier and Steve Gibson. TrueCrypt is cross-platform, meaning it runs on various versions of Linux and Windows (an OS X version is in the works). With TrueCrypt, you can create a folder or volume that encrypts/decrypts data on the fly in a seamless way. Further, TrueCrypt volumes are platform independent, so you can encrypt a volume in Linux and then decrypt it in Windows.

Data encryption is useful for many situations. I use it to encrypt my research data and documents on my laptop. As a researcher, I am required to keep confidential any personal data I may collect in my studies. With TrueCrypt, I can store potentially sensitive data on my laptop without fear of data theft. There are many other practical reasons why someone may wish encrypt his/her documents.

The fact that TrueCrypt is open source is a strong benefit. One advantage TrueCrypt has over Microsoft’s optional encryption scheme for Windows and other commercial solutions is the peer review of source code. The security and encryption communities have full access to the TrueCrypt source code, making any vulnerabilities or errors in the implementation of encryption algorithms plainly visible and more readily remedied.

For information about TrueCrypt, check out Steve Gibson’s “Security Now” podcast (or read the transcript). You can download TrueCrypt here.

I have a relatively new computer after my old Dell laptop failed while under warranty. Before returning my old laptop to Dell I decided to securely delete my hard drive to make my personal information unrecoverable.Secure file deletion is important because data can be recovered from even reformatted hard drives using tools like the Forensics Toolkit (FTK). However, most people don’t even bother reformatting their hard drive before donating their computer or throwing it away.

At any rate, I found a great secure deletion tool: Darik’s Boot and Nuke?or DBAN. DBAN is Linux boot disk that writes random zeros and ones over the entire hard disk according to secure deletion algorithms published by the US Department of Defense and Canada’s RCMP. DBAN also supports the Gutmann algorithm even though it is considered overkill by most experts.

If you want to securely delete a single file rather than an entire hard drive or partition, try GNU’s shred

One of my favorite Unix programs is SSH (Secure SHell), a secure way to ’shell’ into a server over the Internet. Unlike telnet and rsync, SSH uses strong encryption which ensures that sensitive information (e.g. passwords, etc.) is not displayed in plain view during transmission over the Internet.

But what if you are using a public computer-like a kiosk that doesn’t have SSH installed? Enter Mindterm, a 100% Java implementation of OpenSSH. Just load a webpage that contains the Mindterm applet and a SSH terminal window pops up, just like a normal terminal. With Mindterm, I could administer my server from an Internet Cafe in Bangledesh if I wanted to, all via strong encryption. I’m including a link to Mindterm on my website in case anyone would like to use it.

This is one of the best uses for a Java applet I have seen. Typically I would prefer to have special web functionality like this provided via Javascript (because it’s faster to load, requires less overhead), but Javascript doesn’t have the necessary programming primitives to make socket connections.

Mindterm just came out with a beta of a new version they are working on. Besides the new Swing interface, Mindterm now has some pretty sophisticated features like SSH port-forwarding. Mindterm is open source but is not free of charge for businesses with over 25 users. An earlier version is published under the GPL, though.

I’ve recently discovered TOR (The Onion Router), an anonymous Internet communication system. The name references an onion’s multiple peel layers. In a TOR network, data sent from one router to the next is encrypted with an added layer of encryption. Using TOR, data sent or retrieved is untraceable. While this offers a substantial measure of anonymity to those who wish to communicate freely, it also posses several security concerns (this technology seems tailor made for terrorism).

For an example of the power of TOR, install TOR and check out the Hidden Wiki. This web server resides in an unknown site and is nearly impossible to locate. At this site, TOR users can post information and files without fear of being sued. For example, someone posted Mike Lynn’s recent Cisco router vulnerability presentation and pictures. Other sites have been forced by Cisco legal to remove the information, but because the Hidden Wiki is untraceable, Cisco lawyers have no one to sue. Definitely a two-edged sword.