# Cyber Security Myths and Tips



## New_2_Chronic (Sep 21, 2008)

I am an IT professional with over 15 years of Technology experince. I build and secure networks wordwide. I also conduct e-discovery and forensic data retrieval and wanted just to throw out some info on the myths I have been seeing here.

First of all do not get paranoid.  The NCSD ( National Cyber Security Division) is about the only agency worldwide with the resources and abilities to track you down in cyber space. They however spend most of thier time combating virus outbreaks and attacks that threaten the stability of the Internet and worldwide communications. And of course tracking down terrorists!:ignore: 

Local and federal agencies do not have the equipment or resources to pinpoint your location via the internet. Let me quantify that,,,,,

The most common way for people to get busted on the internet is to reveal thier true identity or identifying information somewhere and it is found by a local agency and they come a knockin,,,most likely with warrant in hand for your computers and stroage media. This is how they get the rest of the information to carry a case. (The odds of this happening are highly unlikely)

The second most common way for people to get busted or identified is to be investigated for other charges, they come get your computer, and boom your busted for something totally unrelated. (This is more common)

Internet Browsing:

First and foremost your internet browser habits are pretty safely confined within your computer. You can be hacked and monitored, but this is highly unlikely as in todays Hacking Trends Hackers are targeting businesses and corporations rather than individual homes. Again it will be a hacker that gets you, not the LEO....

If your browsing is a concern to you and you really want to take another measure then use a PROXY SERVER - Proxys mask your IP (internet protocol) address and lets you surf the net worry free. If anyone tries to track you IP they just go back to the free proxy server.

If you want to see if anyone is connected to your computer you could do this:

click start button
click run
type "cmd" (little black box appears)
in the box type netstat -n

this will output all currently connected IP addresses. If you see a wierd one that doesnt go with the rest of them (youll be able to tell) then there is something outside connected to you.

Spyware and viruses can make some connections as well so it may not be someone connected to you, but it might be something on your computer such as a virus or a spyware making an outgoing connection.

The fact that most people are on broadband connections makes tracking someone down via IP harder as well. With connections such as cable or dsl there is two things happening.

1. There is a lease on your IP address defined by your Internet Service Provider, for example 3 days is mine. That means every 3 days the IP address I have expires and I am issued a new one.

2. Your IP address is actually Natted through your ISP. 
This means that the IP address you are getting is on thier local network and outside thier network your IP actually is represented as an public IP address. This complicates things more.

LEOS GOT YOUR COMPUTER>>>>>>NOW WHAT?

This is what happens when they come get your computer. They have a warrant to search the contents of the computer for anything "incriminating". They will do a basic search opening files and looking at historys and pictures. They will not be doing any "Forensic" looking at this point.

9 times out of 10 if they find nothing in this "look see" that will be the end of it and it will go no further. WHY?

Well because local law enforcement does not have the equipment to do a "bit level" investigation of the drive contents, They have to send it to a company to look at the drive at the "bit level". These companies charge very heavily for these investigations. The kicker is that they get paid wether they uncover 1000MB or none at all. Thats why the LEO agency has to weigh the importance of it. (Example: The last drive i sent to a forensic data recovery company cost me 9,000.00. and I got 1 file recovered)

If anything is found on the "look see" there is a high probability of them incurring the cost to dig deeper. The weight of the case also has alot to do with it... If there is no sales or distribution, or conspiricy involved then the cost would not be worth it to the state,,,,

The whole point of this is calm down, have fun, grow and POST. Dont worry about LEO's monitoring the site because thats about all they can do. Do not give out any personal information or identify yourself in any way and you can pretty much say anything you want safely.

I would keep a good regimen of computer housekeeping as well. Regualarly clean out your temporary internet files. Take pictures off your computers (the ones that could be damaging to you) and keep them on CD somewhere, instead of your computer.

If anyone has any tech related questions please feel free to ask me. 

Hope this helps......


----------



## CubeCap (Sep 21, 2008)

New_2_Chronic said:
			
		

> I am an IT professional with over 15 years of Technology experince. I build and secure networks wordwide. I also conduct e-discovery and forensic data retrieval and wanted just to throw out some info on the myths I have been seeing here.
> 
> First of all do not get paranoid. The NCSD ( National Cyber Security Division) is about the only agency worldwide with the resources and abilities to track you down in cyber space. They however spend most of thier time combating virus outbreaks and attacks that threaten the stability of the Internet and worldwide communications. And of course tracking down terrorists!:ignore:
> 
> ...


 
Thanks for the information, very informative, way to much info for one read through...I am going to have to re read that post a few times......good on ya...

Peace


----------



## Dexter (Sep 21, 2008)

Great post _New 2 Chronic_, I'm very much handicapped when it comes to computer stuff. You have answered a lot off questions for me,  thank you.
Dexter


----------



## papabeach1 (Sep 21, 2008)

are ya saying my hacking tools is way powerful than police stations have? 
if so I can hack them?


----------



## Tater (Sep 21, 2008)

Nice read it will definetly help clear up many misconceptions for the technically less inclined.  Good post.  Also another way to decrease the chances of leaving incriminating traces on your computer are to us a browser like firefox with the stumbler addon installed.  With it your browser can easily be swtiched between normal and a safe mode where no cache pictures or history of your browsing habits is stored.  You could also install one of the TOR plugins and use the tor onion network which lets you browse in the most anonymous way possible.


----------



## KaliKitsune (Sep 21, 2008)

Glad to hear another voice of logic and reason in the forums.


----------



## KaliKitsune (Sep 21, 2008)

papabeach1 said:
			
		

> are ya saying my hacking tools is way powerful than police stations have?
> if so I can hack them?



Your standard Linux distribution comes with more hacking tools than regular LEO has. 

BSD's even better. BeOS reigns supreme (too bad it's old and outdated.) If you are the cutting edge geek type and can code x86 assembler, you should check out MinuetOS, which fits on a floppy and is so well-made it's virtually bulletproof.


----------



## New_2_Chronic (Sep 21, 2008)

Further Information

Q: Can what is said on the internet be used against me in any way?

A: Absolutely. It is called Public Information and can be obtained without a warrant. It can also be used to further any investigation into any illegal operations. Anything you post on a forum is fair game. 

That being said here is the catch-all.... they have to prove it was you on the other end of the computer posting the information.... This would be near impossible for them to do. If they spent a small fortune they might be able to prove the connection came from your house but that is not enough. A good explanation for that would be " I have a wireless network that is wide open at  my house someone else could of got on it and did that"

I hear lots of stories of people that were busted and thier computers sealed thier fate...Buit it wasnt there computers that got them there,,,, It was something else...

Your computer can be a dagger in any investigation. Lets take for instance your growing and you get caught with 4 plants.... They want to prove you are growing for sale, the prosecution is just not worth it otherwise,,,If they look at your computer, get some cached pages from your history and see where you mentioned you sold a quarter to your friend....ooops:holysheep: ....doesnt matter its the only time youve done it...they got the cherry they were looking for. Your computer has just escalated your pain immensly......

Myth:

I keep hearing where people are saying this is safe forumn because the server is in holland.

That is true....to an extent.... The server that hosts this forumn is in another country where they may have different or more aggressive privacy laws but that doesnt make it immune.

The simple fact that is resides in another country and is not subject to the Patriot Act makes things much harder for any US prosecutions to gain any information from the company hosting the server. They have to have proof already, basicly a case, to support subpoena of any information from the server. This is not the case in the US where they can go on a "fishing expedition" and get any informatiuon they need without proof, although they still need a warrant, a federal warrant....

Another point to make is that this also means they will be limited to the user in question and not "carte blanche" to all users records. 

So the basic point is " Can the US or any other country for that matter gain access to the information on this server?"

the answer is basicly YES they can, will they? not unless your Don Corleone or something.......

As an IT professional I can tell you I feel better knowing the server is in another country......YOU SHOULD TOO....


----------



## New_2_Chronic (Sep 21, 2008)

> Your standard Linux distribution comes with more hacking tools than regular LEO has.
> 
> BSD's even better. BeOS reigns supreme (too bad it's old and outdated.) If you are the cutting edge geek type and can code x86 assembler, you should check out MinuetOS, which fits on a floppy and is so well-made it's virtually bulletproof.


 
You are correct Linux\UNIXis a powerful tool and used greatly amoung the hacking community as standard. But having the software is not enough. You have to know HOW to use them. You need to be able to know how to use packet sniffers, and Brute Force attack tools.

They simply do not have the expertise for cyber investigations.... Anyone can download Linux or Unix flavors, the key is knowing what to do with them once you get them. 

This is my main point..... The cost of Cyber investigations far exceeds the retun on the investment for LEO agencies.


----------



## KaliKitsune (Sep 21, 2008)

New_2_Chronic said:
			
		

> You are correct Linux\UNIXis a powerful tool and used greatly amoung the hacking community as standard. But having the software is not enough. You have to know HOW to use them. You need to be able to know how to use packet sniffers, and Brute Force attack tools.
> 
> They simply do not have the expertise for cyber investigations.... Anyone can download Linux or Unix flavors, the key is knowing what to do with them once you get them.
> 
> This is my main point..... The cost of Cyber investigations far exceeds the retun on the investment for LEO agencies.



Most tools come with plain-english instructions on how to use them, nowdays. Aircrack? Netstumbler? Samspade? All have directions that takes about 10 minutes to read and understand. 

Nowdays, you don't need to know how to use the tools - there's scripts out there that will do the work for you.

That'd be absolutely hilarious, LEO turns into a bunch of script kiddies. Real hackers would chew them up!


----------



## New_2_Chronic (Sep 21, 2008)

Yeah thats funny..... I went to a class called Ethical Hacking and Countermeasures. This class basicly tought you hacking so that as a security engineer you would know the tactics and how to protect against them. 

There is alot more to it than just "reading the instructions" or everyone with a internet connection would be hacking. You have to understand networks/security and how they work, otherwise it would be a lesson in futility.....

*This thread is more of an informative thread on how computer investigations are conducted, how to protect yourself, and to put peoples mind at ease about enjoying the experince of this forumn.*


----------



## New_2_Chronic (Sep 21, 2008)

Spyware, ADware and Virus threats

Id like to give you all some pointers and tips to protecting yourself against different threats and cleaning them once you get them. First are the necessities.

1. Firewall - It is my reccomendation that everyone with a internet connection has a firewall. First let me describe a firewall:

A firewall is basicly a GATE for your internet connection. You control when and how the gate is open. The firewall also makes your connection transparent on the internet. Basicly noone will know you are there..

Hackers use all sorts of tools to hack but first they have to find you. The way they do this is basicly scanning IP addresses on the internet. If they get an answer they will investigate further and you could be hacked. without a firewall its almost certain if they find you they will.

A firewall will not answer any requests and therefore basicly wont answer the phone when it rings.

Firewalls can be hardware or software, for home I would reccomend a hardware Router/Firewall combo or a software firewall which can be downloaded. I would goto somewhere that sells computer software and actually purchase one with a subscription. They arent expensive 20.00-40.00

2. Antivirus Protection - This goes without saying and most already know this. Get virus protection and keep it current,

Getting these two things can drasticly reduce the amount of viruses or spyware/adware that infects your computer. 

3. Adware/Spyware protection - This is becoming a necessity as the internet and advertising mechanisims evolve. ADware/Spyware infects your computer from a internet site that is infected or a crazy link you clicked on. Some typical behavior may include

1. your computer runs slower than normal. This can be caused by many things but thesedays spyware infections are more common cause.

2. You get popups constantly while surfing the internet. this could be an indication of an adware infection.

Spyware can be a program that is remotely executed on your computer and runs in the background. This can cause a variety of issues including disabling your antivirus or firewalls, slowness, blue screen errors, programs not working right.

To clean this use a spyware/adware remover. There are alot of free ones out ther but I would highly reccomend LavaSoft Ad Aware. its a free download, has real time updates, and very effective. 

Be careful about downloading just any spyware remover, spyware and adware infections can be delivered in this fashion. Use an industry standard version to avoid this.


----------



## PUFF MONKEY (Sep 21, 2008)

you rule dude.....spread the power..and pot


----------



## Dozingoffaroundthecorner (Sep 22, 2008)

Most people use their home computers to talk to their families and friends. I would guess that 80% of people have an e-mail address with their name on it. Well as you may experience from SPAM some websites can pick up your IP address and send you crap. Sometimes they even know your name! How do they know your name? Because of your IP address! Because the info is free!! They can get your info for free. The internet is also regulated by the government. Proxy servers work against spammers!! Well most of them anyways. There is a way to completely mask your IP. If you log into an open band or wifi connection that does not necessarily belong to you then it is not really your IP except those are usually within a few blocks of your surrounding area.

I'm sorry after rereading this post I can see why it is a little confusing. There are third parties that will give your information out for free with collaboration of other business. If you use your e-mail with your name on it then that is one way they can get your name but if you login to a site sometimes they can scan your IP and send you crap directly to your e-mail. That one is tricky because I really don't know how they do it but a lot of nasty sites like porno and really just iffy bad crap have extensive scanners to make sure that the people who log into their sites are not suspicious to them. If you give out your information on the internet anyways for catalogs or free stuff then they will give your info to third parties. So Sorry if that post was weird but I hope that was some clarification of what I wrote. The IP address is what they will trace and most internet providers will collaborate with the the government because if they don't they risk their business. It makes sense to me.


----------



## New_2_Chronic (Sep 22, 2008)

Allow me to disspell the myths.....



> Most people use their home computers to talk to their families and friends. I would guess that 80% of people have an e-mail address with their name on it. Well as you may experience from SPAM some websites can pick up your IP address and send you crap. Sometimes they even know your name!


The IP address is in the header information embedded in the email, well actually its not YOUR IP it is the IP of the sending mail servers for instance if i send an email through yahoo the header would have the yahoo mail servers IP address.



> How do they know your name? Because of your IP address! Because the info is free!! They can get your info for free.


Spammers dont get your IP and send you crap. They get you *email address*. Since most people have thier names in thier email addresses they can get your name as well. The ads are basicly form ads that they just fill in your name and send to your address in thier database.



> The internet is also regulated by the government.


 
This is a common misconception....It is monitored by thousands of agencies but not regulated. You are free to post whatever you want whenever you want...You can also be held accountable for your actions.... 



> Proxy servers work against spammers!!


Proxys have nothing to do with spammers.... Again spammers use email addresses.



> There is a way to completely mask your IP.


 
This is the function of Proxy's



> If you log into an open bad or wifi connection that does not necessarily belong to you then it is not really your IP except those are usually within a few blocks of your surrounding area.


 
this was suggested in my earlier post to use as an excuse.


----------



## papabeach1 (Sep 22, 2008)

KaliKitsune said:
			
		

> Your standard Linux distribution comes with more hacking tools than regular LEO has.
> 
> BSD's even better. BeOS reigns supreme (too bad it's old and outdated.) If you are the cutting edge geek type and can code x86 assembler, you should check out MinuetOS, which fits on a floppy and is so well-made it's virtually bulletproof.


 
I use fedora 9, and even the MP does use fedora 9, how did I know that??
they uses aphce something

thank you, I feel lot better knowing leos cant mess with me..
of course I have lot of live distro cds, and they serves their own purposes for my needs...nice distro cds on the big shelf I have..


----------



## jollygreengiant (Sep 22, 2008)

Thank you so much for this post it answered many many questions I had and alleviated some of my paranoid concerns. 

Thank you!


----------



## ArtVandolay (Sep 22, 2008)

Although I have a hardware firewall (wireless router with encryption enabled) I've long been a fan of ZoneAlarm, a free software firewall.  

Everyone might not like ZoneAlarm, though, because it tells you about each and every incoming and outgoing internet traffic, so it takes awhile to "teach" zonealarm what's ok and what isn't.

Because of my router, I never see any incoming alerts, but I do see a lot outgoing ones!  You would be surprised how much stuff on your computer accesses the internet that you didn't know about.  Things like spyware calling home, a few standard microsoft processes.... In any event, ZA will let you know and you can decide.

New_2_Chronic said it well and one thing bears repeating clearly IMO:  anyone with a computer plugged into a broadband connection without a router or good firewall (or both) is going to get hacked.


----------



## ugmjfarmer (Sep 22, 2008)

WONDERFUL INFORMATION! saved me time explaining it all.

<-- IT guy.


----------



## HMAN (Sep 22, 2008)

ArtVandolay said:
			
		

> Although I have a hardware firewall (wireless router with encryption enabled) I've long been a fan of ZoneAlarm, a free software firewall.
> 
> Everyone might not like ZoneAlarm, though, because it tells you about each and every incoming and outgoing internet traffic, so it takes awhile to "teach" zonealarm what's ok and what isn't.
> 
> ...



Good call Art. I use the Z/A Security Suite. It has a firewall, antivirus, and antispyware in an easy AIO package... A quick google should find an easy torrent.


----------



## Tater (Sep 22, 2008)

Proxies only protect your ip if they don't use the xforwarded tag in the header.  Here's a good place to get a list of current free proxies you may have to search around to find one that is truly anonymous.  There are proxy checker apps available on the interweb search google to find one.


----------



## ugmjfarmer (Sep 22, 2008)

I use a hardware firewall. Its annoying from the outside because I VNC alot but dont want to open up remote config. But its nice and secure.


----------



## New_2_Chronic (Sep 22, 2008)

ugmjfarmer

Hardware firewalls IMO are better. The Hardware Firewall acts on a different layer of the OSI Networking model. The software firewalls are more easily manipulated.

VNC can be secured pretty good through your firewall. I wouldnt reccomend the Free version though. Purchase the Enterprise Edition License and use "Secured Control" then youd be pretty covered.

_Opening Ports_ - If you are using a secure version of VNC, such as VNC Enterprise Edition, you can simply configure your firewall to permit traffic on the port(s) used by the server. If your VNC server is configured to accept connections on VNC Display Number _N_ (equivalent to Port Number 5900+_N_), then port 5900+_N_ must be configured to be allowed through the firewall. To allow the Java VNC Viewer to be served through the firewall, port 5800+<N> must _also_ be allowed through, or you must configure your VNC server to use the same port for both the VNC and Java Viewer connections

VNC uses HIGH Ports that are less likely to be scanned.... Hackers tend to target port 1024 and below.


----------



## New_2_Chronic (Sep 22, 2008)

ZONE Alarm Suite:

ZA IMO is an very good security suite. I have used ZA in the past for personal and client uses and it definately does the job. It is not expensive and the protection you get with ZA is wort it.

Those with Router\Firewall combinations can use IP masking to mask your external IP address. If your firewall does not have this option and you would like to upgrade I would reccomend choosing one with this option. This will mask your outside identity by not returning requests on your IP. The cisco firewall I have allows me to show the wrong IP....1.1.1.1 so my firewall does answer,,,, it just answers on a spoofed IP.

On most firewalls my guess would be you can find that in the advanced options.


----------



## Dozingoffaroundthecorner (Sep 22, 2008)

They can get your IP from your e-mail. Just like you have proxy servers there are some people who have IP scanners. 

All computer programming in the United States is regulated by the U.S. government. There is a whole section of laws dedicated to the internet and computer systems hence the huge lawsuit against Bill Gates for alleged "monopoly". Anyways the internet is not as anonymous as people like to think. Just because you cannot be seen or heard does not mean your information is not available. Just like if I call the operator and ask her about a phone number she can tell me who you are or if I have your address then it is even easier to find out. You could be unlisted but then if somebody wanted to know more they could look through your mailbox or P.O. box. Some people are just messed up like that. The best thing you can do is be aware and do whatever you can to protect yourself from low life predators.


----------



## Dozingoffaroundthecorner (Sep 22, 2008)

The proxy server programs are good against the average joe hacker. The average joe hacker is much more of a concern than the feds because they will mess with your credit card and bank accounts, Paypal, etc. and anything they can get into. I worry more about the average slimeball than the big brother bully because the average joe could be anyone.


----------



## Tater (Sep 22, 2008)

Dozing I think you might be confused about the topic at hand its easy to become so with all of the misinformation floating around.  proxy server's != proxy server program's and if the proxy is truly anonymous then it is next to impossible to track the connection back to you.  This would mean that your ip and referer information isn't being forwarded by the proxy and that the proxy also does not keep connection logs.  The internet is NOT regulated by anyone.  Net Neutrality (if you are really interested in it you can look it up on google) is such a big issue among the tech scene right now.  And because the internet is world wide and decentralized it would be impossible to regulate it unless you had total global collaboration and if that happened you would always be free to set up your own internet if you really choose to and had the resources.  Governments have the power to black out certain sites and what not if they are in control of ALL of the countries back bones (do some reading about the great firewall of china) but for those in the know these measures are easily circumvented through the use of proxies and projects like the tor network.  Please unless you truly understand what you are talking about all you are doing is further clouding the issue.  Lets try to keep this as factual as possible.


----------



## New_2_Chronic (Sep 22, 2008)

Thanks Tater....

Im am here to disspell all of the rumors out there with factual IT industry standards.

There are many different ways to secure yourself on the Net. Each way has at least 10 different solutions. To go into pros and cons about every product out there would distract from the focus of this thread.

You just have to find the solution that achieves your desired results. You budget has alot to do with your design. Just remember cheaper *doesnt* mean worse! 

There are many FREE ways to secure yourself using Open Source Applications, ie..Linux, Unix, FreeBSD, Freeware applications. All of these are available for free downlods on the internet. There is a learning curve to these though that may not work for everyone.

Best Buy, Office Depot, Wal mart, Target, all have computer software ranging from cheap to more expensive solutions. Just compare a few different products, features, price, subscription costs....ect,,,

Compare it to buying a car...... You have a choice for your solution.

1. The Prius (cheapest) - this solution is a firewall, antivirus and spyware protection software using Price only as a determining factor for your purchase. This works, however you wont have the safety rating of your next choice

2. The SUV (middle ground) - this solutin can cost a little more... You compare several different products side by side so you can compare the bells and whistles. This is your "middle of the road option"....Better safety, will do what you want and give you peace of mind. 

3. The Ferrarri (most costly)- This is the "TOP OF THE LINE" option for your solution. You do not consider price at all in this solution. You know what you want and whatever it costs that what you will pay. You choose your products based on features, benifits, and ease of use....This solution is for the ULTRA paranoid..... 

Think of your purchase in this way. What will you get in return? this is commonly referred to as ROI (Return on Investment). Sometimes this can be measured in how much  actual money it will save you over a given period of time, say 3 years. Other times it is measured in Non Tangible items. These can be such thing as, cost savings of not having to go through an identity Theft scenerio if your information is comprimised. It can also be "Peace of mind". 

How much is that worth to you? Getting on your computer without even a thought of someone getting your valuable information....banking, Investments, Logins and passwords to all your account.....Or you may be someone that this is not an issue because there is nothing on your computer that you would not want someone to have.

All things to consider when developing your security solution. 

More to follow.....Chronic Out!


----------



## Dozingoffaroundthecorner (Sep 23, 2008)

Tater said:
			
		

> Dozing I think you might be confused about the topic at hand its easy to become so with all of the misinformation floating around.  proxy server's != proxy server program's and if the proxy is truly anonymous then it is next to impossible to track the connection back to you.  This would mean that your ip and referer information isn't being forwarded by the proxy and that the proxy also does not keep connection logs.  The internet is NOT regulated by anyone.  Net Neutrality (if you are really interested in it you can look it up on google) is such a big issue among the tech scene right now.  And because the internet is world wide and decentralized it would be impossible to regulate it unless you had total global collaboration and if that happened you would always be free to set up your own internet if you really choose to and had the resources.  Governments have the power to black out certain sites and what not if they are in control of ALL of the countries back bones (do some reading about the great firewall of china) but for those in the know these measures are easily circumvented through the use of proxies and projects like the tor network.  Please unless you truly understand what you are talking about all you are doing is further clouding the issue.  Lets try to keep this as factual as possible.


Your IP address is still the same. The proxy server scrambles scanners so that it appears you have another IP address. The fact is you still have your original IP address and the proxy only covers it or masks it to make it look like you have another. It's like going to a costume ball of masks but somebody will always know who you really are because you never know the man you bought the mask from may be there and remember which one he sold you.

The government has an entire section of people that specialize in the internet and they have specific laws and guidelines regarding the internet. If the internet was completely neutral there would not be arrests of child predators and obvious law breaking individuals. You are right though they would need absolute collaboration which they do have for the most part. There are some people who know how to get by that but some of them are the good guys and some are the bad.

They have to be able to implicate you in the act of breaking the law. They have to have evidence and witnesses. Anyone can go online and say that they will kill somebody or that they will steal. Until they are caught with the goods or standing above the body full of wounds then they are not guilty. Anyone can go online and say they grow pot but until they can link the two together and see the garden or catch you in the act then it is all up in the air. There has to be a trail that leads to the X that marks the spot or there is no bounty.


----------



## New_2_Chronic (Sep 23, 2008)

> The government has an entire section of people that specialize in the internet and they have specific laws and guidelines regarding the internet. If the internet was completely neutral there would not be arrests of child predators and obvious law breaking individuals. You are right though they would need absolute collaboration which they do have for the most part. There are some people who know how to get by that but some of them are the good guys and some are the bad.


 
You are misinformed although it looks like you have the right idea.

The arrests are the result of people freely using the internet for criminal intents. The point is that you totally free to go wherever you want, post whatever you want, and do whatever you want. As I pointed out earlier YOU ARE STILL ACCOUNTABLE FOR YOUR ACTIONS. Simply using the internet and it being free does not make you immune from state and federal laws.

The fact that they use internet records for prosecutions only echos the fact that you are free to do what you want on the internet, but still accountable.

IMO if the Internet were regulated by a global body it would be a mess of epic proportions,,,, IMO everyone would want to be "Big Chief"....Look at the UN....Same principle.


----------



## Dozingoffaroundthecorner (Sep 23, 2008)

The law extends to every activity in a nation. There are no exceptions and there will always be a sector for each outlet of activity. Hence the DEA or Special Task Force, SWAT, etc. and there are attorneys for business, criminal defense, etc. There are many branches on a tree but one trunk.


----------



## Tater (Sep 23, 2008)

> Your IP address is still the same. The proxy server scrambles scanners so that it appears you have another IP address. The fact is you still have your original IP address and the proxy only covers it or masks it to make it look like you have another. It's like going to a costume ball of masks but somebody will always know who you really are because you never know the man you bought the mask from may be there and remember which one he sold you.



Proxy servers do not scramble scanners they simply forward packets.  I already explained about the xforwarded header and what not.  Trust me I have a very good understanding of proxy servers, socks servers, etc etc etc.



> The government has an entire section of people that specialize in the internet and they have specific laws and guidelines regarding the internet. If the internet was completely neutral there would not be arrests of child predators and obvious law breaking individuals. You are right though they would need absolute collaboration which they do have for the most part. There are some people who know how to get by that but some of them are the good guys and some are the bad.



That is not the same as regulating the internet.  They simply scan the internet for illegal activities that are taking place in THEIR country.  



> They have to be able to implicate you in the act of breaking the law. They have to have evidence and witnesses. Anyone can go online and say that they will kill somebody or that they will steal. Until they are caught with the goods or standing above the body full of wounds then they are not guilty. Anyone can go online and say they grow pot but until they can link the two together and see the garden or catch you in the act then it is all up in the air. There has to be a trail that leads to the X that marks the spot or there is no bounty.



This has nothing to do with the conversation.

I will gladly hand out my ip to you.  It wouldn't do you any good.  You couldn't ping my machine and if I ran my connection through an ANONYMOUS proxy or the OnionTor network it would become even more useless as my IP would never even be seen by the outside world.

Anywho not trying to threadjack here.  Thanks for the post New_2_Chronic I'm sure it helped a  few folks here on the forums.  And you are right the depth of the subject and the different options available way outside the scope of your original post.  Thanks for keeping us all on topic.  Nice thread.


----------



## Dozingoffaroundthecorner (Sep 23, 2008)

When you pull up your proxy server it says;

Actual IP - (which is your IP address)
IP that everyone else sees - (the IP that is masking yours)

It may look different or you may have some extravagant program but that is basically the layout. Because they are truthful for the most part and they tell you that they make it appear that you have another IP but in fact you still have your IP address.

They regulate all of the computer programming in the nation. Every computer program has to be licensed and copyrighted if you want to go through mass sales. In other words if you are a part of capitalism then you must agree to the terms. There are laws for every business and every network and the law is not exempt from any person even if somebody tries to convince you otherwise it is not logical for someone to think that if they are a citizen of a nation that they are not to abide to the guidelines of the place they have decided to contribute their existence. 

I just told you what has been known to get a lot of people in trouble so if that is not part of the conversation you seek then whatever.....not my problem! You can think whatever you want to but in the famous words of the Butthole Surfers "You never know just how you look through other people's eyes". This is going nowhere and I wish you all the best with your cyber adventures and purchases.


----------



## Tater (Sep 23, 2008)

If you didn't still have your IP address the proxy server would have any idea of where to forward the packets.  Why are you arguing this, have you ever studied network topology?  I have.  Have you ever worked in the IT field?  I have.  Do you have any published security vulnerabilities?  I do.  Man seriously if you want to sit here and argue the finer points of Cyber Law, packet injection, sql injection, privilege escalation, vulnerability discovery, packet phuzzing or any of the like then please start the conversation with something that is A) factual and B) well informed and I will gladly debate with you.



> They regulate all of the computer programming in the nation. Every computer program has to be licensed and copyrighted if you want to go through mass sales. In other words if you are a part of capitalism then you must agree to the terms. There are laws for every business and every network and the law is not exempt from any person even if somebody tries to convince you otherwise it is not logical for someone to think that if they are a citizen of a nation that they are not to abide to the guidelines of the place they have decided to contribute their existence.



Uhhhh what?  Ever hear of linux, bsd, the GPL, GNU LGPL, BSDL,  and its many variants?  What are you talking about?  And as far as the laws of your country it has nothing to do with the internet being regulated and you being regulated.  You are reiterating what New_2_Chronic has said twice.  YOU ARE RESPONSIBLE FOR YOUR ACTIONS!!!!  That means if beastiality is illegal where you live don't download the video named FarmerScrewsChickenWhileWifeWatch's.avi   or you could get into trouble with YOUR government.  But if its legal where I am I'm free to download and fap away with no ill consequences.  The same information is available to both of us BUT you could face legal ramifications for accessing it.  Do you see the difference.  If the internet was regulated you would not be able, to see, access, modify, or download that data.  To you it wouldn't exist.  But because the internet is NOT regulated you can access that data and it is you who will face the legal ramifications if caught.

I'm not trying to berate you but you are forcing the issue even after being presented with facts.  Not hearsay or opinions.  What you posted was nonfactual and incorrect, this thread is about dispelling myths not propagating them.


----------



## New_2_Chronic (Sep 24, 2008)

First off.......Tater......



> FarmerScrewsChickenWhileWifeWatch's.avi


 
:rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :holysheep: 

thats freakin funny man........you wouldnt by any chance have a download of that? Im well prepared to accept the consequences,,,,,:hubba: 

Second Off
Gotta love IT Guys.....

Dozing, your both right and wrong....Let me explain....

A Proxy server is not a false sence of security IMO because the Proxy serves its clients requests ON BEHALF of the client. The destination does not know about the client. It thinks that the proxy IS the client. 

There is however one achiles tendon of the Proxy, that is the traffic between the client and the Proxy itself. That traffic is sent freely and unencrypted. It is therefore possible, as has been demonstrated, for a malicious proxy server to record everything sent to the proxy: including unencrypted logins and passwords. 

The odds of this happening is slim to none, and to the normal joe I would say its safe to use. 

In corporate environments it is common practice to block traffic coming from anonymizing Proxy Servers. 

And for the record, I do not use proxys myself. I have a firewall, and intrusion detection tools. I am not that paranoid about the sites im surfing (Tater should be but im not)...even without the IDS i would still be confident that yes my IP may be out there but it wont do an average joe, or LEO any good..... and if a Black Hat Hacker wants to get me then there is really nothing I can do about it anyway so let em have it.....


----------



## New_2_Chronic (Sep 24, 2008)

I am going to give you an overview of Metadata, and how it applies to security. Put simply Metadata is Data within Data. Every form of digital data has MetaData associated with it. 

Microsoft Office files for instance include metadata beyond their printable content, such as the original author's name, the creation date of the document, and the amount of time spent editing it. 

Unintentional disclosure can be awkward or even, in professional practices requiring confidentiality, raise malpractice concerns. For instance emailing a file that has Metadata associated with it will give the reviever more information than is actually visible to you.

Some of Microsoft Office document's metadata can be seen by clicking _*File*_ then _*Properties*_ from the program's menu. Other metadata is not visible except through external analysis of a file, such as is done in forensics. 

The author of the Microsoft Word-based Melissa computer virus in 1999 was caught due to Word metadata that uniquely identified the computer used to create the original infected document.

*Examples of Metadata*
http://www.marijuanapassion.com/forum/
*Camera*

In the context of a camera, where the data is the photographic image, metadata would typically include the date the photo was taken and details of the camera settings (lens, focal length, aperture, shutter timing, white balance, etc.).
http://www.marijuanapassion.com/forum/
*Digital Music Player*

On a digital portable music player, the album names, song titles and album art embedded in the music files are used to generate the artist and song listings, and are considered the metadata.
http://www.marijuanapassion.com/forum/
*Information system (Computer)*

In the context of an computer, where the data is the content of the computer files, metadata about an individual data item would typically include the name of the field and its length. Metadata about a collection of data items, a computer file, might typically include the name of the file, the type of file and the name of the data administrator.

If you would like to add another security level and strip Metadata from your files that you share and email with others or post to the internet then get a metadata scrubber. This tool will remove all MetaData from any files prior to leaving your computer. This one is an example for scrubbing all microsoft office files.

http://www.microsoft.com/downloads/details.aspx?FamilyID=144e54ed-d43e-42ca-bc7b-5446d34e5360&displaylang=en

More to Follow.....Chronic Out!


http://www.marijuanapassion.com/forum/


----------



## Dozingoffaroundthecorner (Sep 24, 2008)

Okay this has already been discussed in detail. Here is the thread and you can see that everything I wrote was repetitive anyways which I found out about twenty seconds ago;

hxxp://www.marijuanapassion.com/forum/showthread.php?t=23690&page=2

I'm not arguing about this. It's not going to go anywhere. I just told you what other people know and write about all over the internet.

If you are responsible for your actions then what makes you think you are exempt from the law? It's almost as if you are trying to convince yourself otherwise to feel secure but that really has nothing to do with me. You can think whatever you want to because it really does not concern me. I am responsible for my actions LOL!

There is a fine line between the act and hearsay. You can kid around and say "I am going to screw that chicken" but until you do then it is not the act which is illegal because what you say is hearsay. That's why dirty crap can float around the internet. I mean I already wrote that. 

This is really stupid! I'm out!


----------



## Il Stugots (Sep 27, 2008)

thanks for the info.. i did that stat -n thing in the command window and found like 4 ip addresses.  i have 2 computers so the other 2 must be someone else


----------



## New_2_Chronic (Sep 27, 2008)

I would run a spyware/adware program and clean all that stuff off. then Virus Scan until clean. Then do it again. If you still have some wierd IP's then do this.

start
run
cmd

black box appears
Inside of Black Box type 

tracert (ip Address) without the brackets

this will trace the hops to the IP address in question. If there is only one hop its something local on your computer or network inside your house, if you see additional hops then its someone else connected to you....


----------



## Fadeux (Sep 27, 2008)

New 2 Chronic,

I can't thank you enough for the great info you've posted. As your IT expertise is invaluable to those of us "in the dark." However, I dont know what stock I put in your legal advice, so you should get a law degree and then fill us in on that. lol! Have a spare 8 years and $500 grand to help out you fellow MP fans?

Regardless, you do help prove a theory I have had for quite some time. The internet will be the last salvation of mankind. The government simply moves too slow to keep up with it, and when they shut one thing down, a dozen more pop up. I can log on, and see a REAL youtube video from an iraqi citizen. I can find out what its like to live in fiji, from a real perspective. 

Of course, the flip side of this, there is a lot of crap on the net, and you have to be willing to be skeptical of most of the info you find on here. But its a true form of pure global communication. There's a lot of bad stuff on here, but thats what you get with freedom. Great info in some places and jaggoffs trying to sell you cheap viagra in others. 

Keep the great info coming! Not just you but everyone. The internet is filled with falsehoods, but as long as we keep seeking the truth, this place will be our greatest asset!


----------



## NorCalHal (Sep 27, 2008)

Thanks New 2 Chronic! Great post!

Over the years, I too have been "paranoid' about posting and forums. It all started with the demise of a little site called "Overgrow". I am sure alot of you know what I am talking about. LEO seized thier servers, with EVERYONES posts/info. 
PANIC spread thru the community. Panic like no other. I cannot describe to you the ripple effect that had. And when they arrested folks who were running the site, SHEER PANIC. I, myself, had not posted, or EVEN looked at a MJ site for a few years after that. We were ALL waiting for LEO to come bangin' down doors.
It NEVER happened. There were folks with posts of HUGE operations and pics and all kinds of "incriminating" things. Not ONE "poster" even received a letter or anything from LEO. Just the owners of the site. Mind you, they also ran a seed company, which is the main reason they went down.

But I agree with New 2 Chronic. There simply is not enough resorces to go after folks who post on the internet. The feds just can't do it. And the way I look at it, why would they spend time and effort tracking down small growers, when they can go to Cali and find 100's of storefronts that openly sell weed and clones. That is an eaiser bust and makes National headlines.


----------



## New_2_Chronic (Sep 27, 2008)

Yeah Im not a lawyer but believe me ive done about as much research on the legalitiy stuff as I have on growing. Do not by any means consider my advice on legal issues rock solid....only suggestions... Research your areas and learn about the law so your prepared as can be.


----------



## elmira (Oct 2, 2008)

I have seen my friends using their debit card and account details from an internet cafe. Can anyone let me know as to how far this is secured? I feel that this is a breach in security? Please give your inputs on this.


----------



## New_2_Chronic (Oct 10, 2008)

Your friends are very foolish. While the sites that they visit might be a secured and certified site they are on a public computer system. There are a few ways thier information can be comprimised.

The most common way is for someone to come in, access the computer, drop a Data Miner program onto the computer and leave....

Come back a few days later and collect the information that has been typed at that station. Internet Cafe's are a favorite amoung the hacker community because of the anomosity they have while doing thier deeds from these places. 

I would NEVER use my credit card information, online banking, or any of my financial information at an public terminal. Those places are for surfing the net, downloading files, chat, forums, and maybe checking email.....but thats about it...

Hope this helps.


----------



## ugmjfarmer (Oct 10, 2008)

I've found that I cant anonymously browse the intenet at work. So I've brought out a small program that lets me use my home computer from my workplace workstation, VNC.

I use VNC so that all the history of what websites i visit are where it belongs, private and at home. Its handy.


----------



## New_2_Chronic (Oct 10, 2008)

I have also used VNC in the past, but that unfortunately opens more ports than I would like at my house.

I use Gotomypc now and can hit my computer at home through a webbrowser....this is my preferred method now. 

and you could browse anomomysly at work if you used a free proxy... the only histroy they would see at work is the proxy server web address....but then they would know you are trying to hide something....


----------



## tesla (Nov 14, 2008)

I just wanted to throw my 2ct in. New_2_Chronic I can't argue with anything you said, good job. I am a Security Admin and umm.. whitehat hacker. I wanted to clarify one thing md.apothecary said in another post "_Regardless of the SERVER location, the ISPs record ALL information sent through them in log files, including each of your posts you've ever made through your internet. It's like a huge keystroke recorder. "_ thats it totally not true, I used to own a isp there is no possible way to collect and store all that info from every isp worldwide. My only concern is with e-mail sent to you from MP with a program that is being used by the feds "'Carnivore". But IMO you don't need to worry about the feds they have bigger fish to fry. 

I would suggest everyone to have a updated virus scanner. Becareful downloading illegal software(warez) alot of the botnets today are being installed this way and virus scanner think its a program that you wanted to install. Rumours in the underground believe the feds have their own botnets and capable of sniffing and sending data back to their servers for parsing.
Anonymous proxies are not 100% they can be traced back to you as in the palin email hack. Plus some of the free anonymous proxy servers are really servers that some intelligence agency have out there to collect info.
With this said, with a little precautions everythings cool Grow On!


----------



## Hick (May 18, 2009)

http://www.marijuanapassion.com/forum/showthread.php?p=460091#post460091

I think I'm closing this one, in favor of the identical post in the announcements area...


----------



## Hick (May 18, 2009)

...rather,.. I'll leave this one open for further updates, and leave the other closed as a sticky. I can move relevant, worthy posts into i.


----------



## dopestats (May 19, 2009)

Very informative! Tracking someone down by their IP address is a very time involving task. Furthermore, the fact that you managed to track a ping or some other signal back to a computer doesn't prove that there was an actual person using the computer. It could just be automated software talking to each other..


----------



## Tweek (Jun 21, 2009)

Thank you so much for the valuable advice and taking the time to give it to us. Glad your on our side dude!


----------



## stephengor (Aug 4, 2009)

China has become the favorite security bad-guy country. If you believe media hype, that half of Beijing is dotted with malware manufacturing sweat shops turning out some of the most devilishly clever digital pathogens since the Black Death.
 There is no doubt that the Chinese military is experimenting with Cyberwarfare techniques and there have been several highly publicized security incidents involving Chinese citizens. But in terms of organized Cybercrime, China is not nearly as involved as the pundits say. By contrast, China has been quite cooperative in working with the international community to address security incidents. In fact, they were instrumental in identifying and shutting down the command and control servers for the Conficker worm. China has also implemented tough Cybercrime litigation and has worked with international law enforcement to apprehend and prosecute cybercriminals.


----------



## Rockster (Sep 8, 2009)

Sorry chaps,posted in totally the wrong place,soz,my bad.


----------



## knowboddy (Sep 13, 2009)

It's just the same as any other kind line in the sand.

Like if you're talking about protecting your home against thieves.


The idea isn't to make your home impregnable.  It's impossible to accomplish for starters.  And it's not to make people believe there's nothing of value.  That would require living in squalor (and some morons will still try to rob you).

The object is to make your defenses too inconvenient for the given level of loot to be had.  If the thief thinks you've got a couple hundred bucks guarded by a vicious dog, he'll look for the house that doesn't have the dog.  If he thinks there's a few thousand bucks beyond the dog they'll look for a way around the dog.


Whether it's hackers or cops, the idea is to just not look interesting enough to waste their time on.

And like he says here, the TV cop investigation stuff, rebuilding deleted files, hacking, etc... that all costs buttloads of money - money they just don't want to spend without a really good reason.


----------



## CungaBreath (Dec 7, 2009)

What do you guys think of the Tor network?  Useful?


----------



## medwinbird (Jan 19, 2011)

Security is one of the most important factors that could ensure the protection of privacy. In fact, it is the novelty of cyber crime is a problem for contemporary society. Therefore, you should know about the five myths about the security offered by the professionals.

- Having Firewall Equals Safely
-An E-mail from a friend is safe
-Links from Twitter and Facebook are safe
-Hackers target Financial Transaction
-Messages are safe, Attachments are Dangrous.


----------



## Oldtyme (Mar 31, 2011)

Cool. I thought this thread was locked last I checked : ) 

Anyways..... How safe is it too browse / post on this & other sites like it? 

Can they trace it back to me from my posts?  Pictures? General browsing? /etc. 

I only ask because this is the first time being active on this "type" of website & I'm pretty paranoid.  :O


----------



## Hick (Mar 31, 2011)

oldtyme.. I guess it's all a matter of perception.
   I think _"if"_ they want you bad enough, for what ever reason, they can get you. 
BUT.. browsing and posting "IMHO" has little threat of being the source of any problem. 
  This thread has several good suggestions for protecting yourself. As well as the "Cell phone pictures" thread in the announcements area. It contains information on ways to strip pictures of any possibly identifiable data.


----------



## DakotaS (May 11, 2011)

This all very useful. The OP has more experience as far as time goes, but I am a retired hacker and a current programmer and I would like to agree with everything he has to say. A very good tip if you are paranoid is saving your files in an artificial Win32 Folder (assuming you use Windows as most people do). Just go to C: drive, open WINDOWS then if you want you can go deeper but you really dont need to. Just create a folder titled Win32 or maybe Winsystem or Sys64... really whatever floats your boat. That most likely will never be searched.

You can even make this folder like your desktop by putting a copy of everything on your desktop there and just leaving it to remain open. That way all of your real stuff is hidden, and your have a complete costume for if it is ever searched. Good luck!


----------



## Greivel4survival (Feb 12, 2013)

Never worry, never, fear, never mind, never dread. half of your perceived time you'll be alive, and of course the other you'll be dead. Fear no man or his technologies. 

And yeah, this thread is awesome. I love it when people clarify reality for others over the optics of fear.


----------



## Greivel4survival (Feb 12, 2013)

It's almost like cannabis cultivates such behaviors or something...plants are the best teachers in the world.


----------



## johnnybigfish (Mar 1, 2013)

This place isnt too bad for people watching us...However,.....If you want a real eye opener, Google your User name!..I did, and also googled my real name! and, sometimes, I found them together at the same places!..Another note.....If the fuzz wanna check you out they generally start on Facebook! So will employers and NICS workers!...Shoot! I bet, when WE wanna find out about people, dont WE start in Facebook?


----------



## WeedHopper (Mar 1, 2013)

I dont do Facebook. Me no likey.
Im afraid to google my real name. Been in a weeee bit of trouble in my life.


----------



## johnnybigfish (Mar 1, 2013)

Me too Bro!   Tons of wee bits!   But been good( kinda) for about 19 years now!


----------



## johnnybigfish (Mar 1, 2013)

Actually, I google my real name to see if its really me making history!! Lol!


----------



## WeedHopper (Mar 2, 2013)

Yeah,,Im getten to old for that crap,,and my Wife of 28yrs, is the only reason why,, ive ALMOST  stayed out of trouble all that time.


----------



## 8planets8 (Jul 11, 2014)

NEW 2 CHONIC    I HAVE TO SAY I DID YOUR EXPERIMENT AND DIDNOT FIND ANY OTHER IP ADDRESSES SO I BELEAVE IN WHAT YOU STARTED TO SAY YOUR MESSAGE WAS OUR PROTECTION AMMOUGST OURSELFS YES? YOUR INFO OPEN MY EYES TO OUR GENERAl WELL BEING AS WE SURF THE INTERNET,LIKE YOU SAY IT IS OUR RESPONSILBILITY TO WHAT WE ULTIMETLY GET OURSELFS INTO I CANNOT STRESS THIS IMPORTANCE IT IS US WE WHOEVER THAT WE GET TO GO ON A GLOBAL SCALE AND WITH YOUR GUIDE LINES I THANK YOU , SURE OPENED MY EYES THATS FOR SURE.AND DONT GIVE UP ON US SOME OF US JUST DONT GET IT.88888888


----------

