Whonix : Debian GNU/Linux based Security-focused Linux distribution

1.     Even if one is not doing anything wrong, he is being watched and recorded in real time as Edward Snowden revealed few years back. Most Internet users value online anonymity, with majority saying they have taken steps to remove or mask their digital footprints, and  reporting that they have taken steps to avoid being observed by specific people, organizations, or governments.Whonix is a Debian GNU/Linux based security-focused Linux distribution which aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux. All communications are forced through the Tor network.This post gives you screen-shots of installation and execution of the virtual appliances involved.

2.    The Gateway VM is responsible for running Tor, and has two virtual network interfaces. One of these is connected to the outside Internet via NAT on the VM host, and is used to communicate with Tor relays. The other is connected to a virtual LAN that runs entirely inside the host.

3.    The Workstation VM runs user applications and is connected only to the internal virtual LAN, and can directly communicate only with the Gateway, which forces all traffic coming from the Workstation to pass through the Tor network. The Workstation VM can "see" only IP addresses on the Internal LAN, which are the same in every Whonix installation.

4.  Download the two virtual machines ie the Gateway and the workstation from https://www.whonix.org/wiki/VirtualBox

5.   Once you download the two machines as above from the link in reference,the following screen-shots will assist you in installation of the same.The two downloaded files are seen below : 

Instead of typically creating a virtual machine and then mounting a vdi,in this case more simply we have to just import the .ova appliance,rest is in auto mode.

Next

Next

Agree to the T&C

Next

Will take few minutes loading

Next

Import

Agree again

Import appliance of the workstation

So u have two machines in the virtualbox console as seen in the bottom two listing below :

Just click both with the start button...and the machine start

Next

Next

Next

Ok

Updated TOR download

Here we see the IP address relating to Budapest Hungary....and thats surely not the user....:-)

Testing UBUNTU for SHELLSHOCK vulnerability

Shellshock,the now famous vulnerability in GNU's bash shell that gives attackers access to run remote commands on a vulnerable system. If your system has not updated bash in since Tue Sep 30 2014: 1:32PM EST , you're most definitely vulnerable and have been since first boot. This security vulnerability affects versions 1.14 (released in 1994) to the most recent version 4.3.Its always good to at least close known bugs and holes since zero vulnerabilities always exist....here i bring out few ready made cut/paste terminal commands to test your UBUNTU...This simply involves running of a script shellshock_test.sh.Source code at https://github.com/wreiske/shellshocker/blob/master/shellshock_test.sh

Screen shot shown below as run from my system :  

Terminal cmd : curl https://shellshocker.net/shellshock_test.sh | bash

(Click to ENLARGE)

HACKER EDITION SPECIAL : SEDULITY Operating System

1.     How many of us and those who are live wire updated with the Cyber security have heard of ethical hacker editions of any DVD with all hackers dream collection vide one window.When we speak on such editions foremost comes like Backtrack(ethical), Backbox ,Samurai Web Security Framework, Bugtraq, Nodezero etc. In this post I am introducing you guys to a relatively unheard Operating System by the name of SEDULITY OPERATING SYSTEM. I just got a copy from the originator Dr Anup Girdhar who holds a Ph.d in Cyber Security. I have recently installed it on a Virtual Box and believe you me I am yet to install any third party tool....coz everything I need is already inside.Definetly a good distro for beginners in this field. Here I bring you the basic installation screen shots and few details of this edition of OS.

2.     Sedulity Solutions & Technologies is India’s first organization, who have developed and patented a "Flavored Operating System" in five different flavors including -

• Corporate Edition
• Developers Edition
• Ethical Hackers Edition
• Forensics Edition
• Gaming Edition

3.    Sedulity OS Ethical Hackers Edition is an exclusive creation that helps the Security Professionals to perform Penetration Testing and vulnerability Assessment in a purely dedicated environment. Sedulity OS-Ethical Hackers Edition is meant for all those Researchers, Hackers, and Security Professionals, who wanted to do hands-on, in various platforms of technologies with all the Latest tools Pre-Deployed in it.

 In the next post will bring you screen shots from inside the OS...bringing you interfaces of the tools available in the OS.

Ubuntu 12.10 @ SPYING

1.   What happens when someone you trust eyes closed,some you promote amongst ur friends is labeled a SPYWARE...or a Spying agent... that's what was felt by millions of UBUNTU followers and fans.I read about this two days back at ZDNET. The news doing the rounds goes like this :

Richard M. Stallman,creator of the Gnu General Public License (GPL) and the Free Software Foundation has announced that as far as he's concerned, Ubuntu contains spyware and that Linux supporters should shun Ubuntu for spying.

Specifically, Richard M. Stallman hates that Ubuntu 12.10 incorporated Amazon search into its default search function. So, if you searched for say "CISSP." you'd get results from both your PC and Amazon. When it was introduced, Mark Shuttleworth, founder of Ubuntu, defended this change by saying Ubuntu wasn't going to incorporate ads into the operating system, which Microsoft has done with Windows 8, and that no personalized data would be sent to Amazon.

2.   You need to re-read this yellow highlighted text above to exactly understand what goes on behind the scenes when you actually search for some string in your PC operating on UBUNTU connected to Internet.After the millions of immediate disapproves by the user community,it was announced by UBUNTU that now on Users of the upcoming Ubuntu 12.10 will be able to turn off a controversial 'shopping lens' feature that displays Amazon-stocked products when the user performs a unified local and online search....so the spying becomes optional....:-)

3.   What can be the need of a responsible OS community like UBUNTU to get into all this....if its my view it is not intentional for the purpose of spying.....but it could have been designed in the name of giving the user better results and experience!!!!!Jono Bacon, Canonical's community manager flatly states, "This is FUD" ie "Fear, Uncertainty and Doubt (FUD)...now yess!!so it seems to be....

4.   All said and done..UBUNTU is doing a wonderful job and provisioning one of the best OS free editions for users like us who wish not to pay to WINDOWS and believe in FREE SOFTWAREs :-)