ZERO-DAY A Future Threat, And How To Protect Your Data
ABSTRACTIt is known that practically all software has security flaws (programming problems that give individuals opportunities to explore previously nonexistent), many of these vulnerabilities not yet discovered, and hundreds are corrected every month through the packages available organizations affected, sometimes new versions and updates.
The term "zero day" (zero hour or 0day ) refers to the unknown nature of security breaches for companies , this attack tries to exploit computer application vulnerabilities that are unknown yet even by software manufacturers . Explaining in a simple and generally, there are two types of "exploit", or flaws / vulnerabilities that can be used in attacks. Those found by security companies and found by hackers whose purpose is exploration.
The issue is that some hackers choose to disclose newly discovered failures to apply the necessary corrections are sometimes rewarded for it with prizes. The "black hats" prefer to save for their own benefit ne a future attack or to share with attackers before the developer of software knows about the vulnerability.
HISTORY ALGORITHM AESRegarding PRIVACY is important to know how to control the availability and exposure of your data , the AES algorithm was proposed to replace DES, NIST ("National Institute of Standards and Technology U.S.") held a competition (The selection process began in 1997 and ended in 2000 with the victory of the Rijndael algorithm written by Joan Daemen and Vincent Rijmen) for it to be made an algorithm that would be called "Advanced Encryption Standard " that meets the following specifications: algorithm publicly defined;
Being a symmetric cipher block; Designed for the key size can be increased; Deployable in both hardware and software; Powered freely, this algorithm Encrypt and Decrypt using an encrypted key and blocks, both sizes of 128,192 or 256 bits.
I will cite and explain how an open source tool very important: TrueCrypt (encryption on-the-fly OTFE) to confidential files , folders and entire drives on your PC , encryption, it can create a virtual encrypted disk or encrypt a partition , individual algorithms supported by TrueCrypt are AES, Serpent and Twofish, additionally , five different combinations of cascaded algorithms are available : AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. Uses RIPEMD-160, SHA-512 and Whirlpool as hashing functions.
SOLUTIONDue to the increasing amount of 0day discovered, I will present one of the safest techniques to protect the security of your data, first we store our data in a nonvolatile memory device (eg USB stick or external HD, is the storage, where once recorded, the data are not lost when you remove the power source), we will also create a volume HIDDEN, at worst it can happen that you are forced by somebody to reveal the password to an encrypted volume . There are situations where you cannot refuse to reveal the password, for example, due to extortion. The method is to use a volume "HIDDEN" that allows you to solve such situations without revealing the password to your volume true, we actually create two passwords, a password can be used for volume "False" and one for the volume "True".
In case of any extortion can provide the password "Fake" where the attacker will have access, and the information contained in this folder will be irrelevant.
STEP BY STEPChoose the "Create Volume".
Select "Create an encrypted file container" then click "Next".
Select "Hidden TrueCrypt volume" and click "Next".
Then we select this option, the wizard will first help you create a normal volume and then a TrueCrypt hidden volume within it.
Select “Normal mode” and click “Next”.
Choose a name for the file and click "Save".
Select the location of the outer volume to be created (within this volume will be a hidden, that will be created later).Go straight on "Next”.
Again click "Next".
Select the type of encryption algorithm you want to use:
Enter the volume size and click "Next".
Choose a password, the more characters better, example: p@ssword.
Select the "Format" and click.
Now wait for the formatting, you can move the mouse quickly to generate a better randomness.
Let's create the next volume, click "Next".
We will continue to do our hidden volume, again click "Next".
Select the encryption mode you want to apply to your new volume.
Enter the size of another volume.
Choose a secure password and different from the first, with many characters and click "Next".
Ready! Now the volumes are made, and beyond the expected, you have a hidden volume and secret to save your important data.
Just click on "Exit".
So let's understand how the volume created within the other, known as External.
Let's open Truecrypt and then first open the main volume, choose FILE SELECT, and we select the volume created.
Click to open.
Click on "Mount".
This screen will ask for the password, remember that you have two, the volume for false and one for true.
Choose which put password.
Pay attention to the volume that opened was the "normal".
You can use social engineering if you need some day.
Click on “Dismount”.
We will select the same item again, now to test with another password.
Enter the password for the hidden volume.
Note that our hidden volume appears, note the size and type.
This article shows a technique for case one day you will be forced to disclose information, learn how to get out of this trap.
It's also a great way to protect your company's data and a security strategy that should apply to stay quiet with your important data.
About the Author
This is a guest post written by , RAFAEL FONTES SOUZA.He is the maintainer of the “Project Backtrack Team Brazilian”, He is also a member of the "French Backtrack Team" and made partnerships with groups from Indonesia and Algeria, was prepared a collection of video lessons and made available on the website.
He am Founder of the "Wikileaks and Intelligence, Cypherpunks". Good communication in groups and the general public, attended college projects with a focus on business organization, he currently seeks work experience outside of brazil”.