"You see, wire telegraph is a kind of a very,
very long cat. You pull his tail in New York and his head is meowing in
Los Angeles. Do you understand this? And radio operates exactly the
same way: you send signals here, they receive them there. The only
difference is that there is no cat."
-- Albert Einstein
In the movie Revolver, one of the rules is that you only improve your game by playing a smarter opponent. So I am applying that to myself as I figure out ways to get a small peg up in security.
Having the advantage of being an old geezer, I remember when the Cult of the Dead Cow was just beginning, more or less. And so it's nice to know a little bit of where to go when thinking about security. So I headed there and though about ways I could catch up to what has been going on in the hacking world since I decided to get political and de-cloak. I'm wanting to re-cloak and thinking about the best way to anonymize some of my activities. Which is to say, attempt to craft a hacking legend. This would be difficult - depending on what I want to do with this legend. What I'm thinking about is getting a bunch of hacked software.
And so I have discovered several interesting new tools. The first is the XeroBank which has a set of tools including the xB browser. This was based on Torpark which was a Firefox browser enhanced to use the Tor network. There's probably a free way to use onion routing but I haven't discovered it yet. That's next, plus I'd want a good review of Google's incognito browser. But that depends on getting somewhere people who would know would comment. And *that* depends on my reducing my reading list to fewer of my usual non-hacker suspect.
All this is interesting because I really got started just looking for a copy of VMWare Workstation 5 which I paid for three years ago and has disappeared off the face of the map. Until I went to the Pirate Bay where it was easy to find. But the Pirate Bay has its own set of temptations. So I started thinking about how I could stash purloined goods and contraband and it ran me into this larger problem which is how do you get what you want from the web without leaving a trail, and once you have it inhouse, how do you use it without showing you have it. So I have to think about concentric firewalling of behavior and hardware.
Speaking of browsers, I'm now running NoScript on my Firefox. I'm rather bored of Chrome and it's not that much faster. Plus, a guy that Johnny Long is following on Twitter recommends it.
Here's another weird thing. TrueCrypt is now running seven or eight diagnoses of insecurity - like what's unencrypted in memory when you drop programs or what goes to the Windows swap space. But these are vulnerabilities that I think are specific to one dimension of security - which is to say that they are defenses against a certain type of intrusion. Most likely those kits that are aimed at botting your machine. I just need to keep in mind all of the sorts of intrusions I'm a tasty target for. But then again, I do like the idea of having my own botnet. Which takes me back to thinking about very light hypervisor stuff at the bottom of some stack of OSes running wholly anonymized. Such a thing is possible and I'll be trying it next week.
Also I found a couple stupid music sites, just eyeballing Slashdot comments. They are free music sites with the kind of new music that appeals to folks who are actually pissed off that they have to buy music. I'm never quite sure of such peoples' taste in music considering what I've heard free. Oh. The sites are Magnatunes and Jamendo.
Meanwhile I'll be checking out this thing called VLC and seeing whether or not I can rip my own DVDs. I've wanted to do that for a long time.