Simple Security

February 14, 2012

Breaking and Bending Censorship with Walid Al-Saqaf

Arseh Sevom --- Reports from the Islamic Republic of Iran about internet speeds, work to create a parallel cyber Iran, and the growing success of filtering systems paint a picture of desperate efforts to exert control over the population. Iran is not alone in its efforts. North Korea has their own "intranet" called Kwang Myong ("light" or "hope, fair, just, open"). The North Korean version duplicates external content it deems acceptable. Iran's new closed intranet is expected to do the same, in a cyber version of what the state already does in traditional media by cherry-picking content from international sources and editing or translating it in ways that often distort the original meaning.
February 13, 2012

Controlling the Internet by Creating a Parallel Cyber Iran

ARSEH SEVOM --- The anniversary of the fall of the Shah and the success of the revolution (February 11) is now marked by decreased internet connection speed, increased security, and fears of demonstrations in Iran.In addition to decreased bandwidth, the Islamic Republic is in the process of creating a parallel cyber-world. Instead of spending time and energy filtering sites using a blacklist, the regime is creating a "whitelist" of acceptable sites. Everything is blocked except sites deemed appropriate by the regime. It's a kind of "shoot first, ask questions later" policy. Instead of the "old" Orkut — an early social media site which was a hit in Iran before it was filtered — and the "new" Facebook, they offer websites such as www.cloob.com. Instead of Youtube (for video uploading) they offer www.aparat.com and instead of Google’s Blogspot they have www.Mihanblog.com. Even these sites can end up filtered at "sensitive" times, such as the days leading up to the anniversary of the revolution. In addition, content that does not meet their terms of use is quickly deleted from view.
January 5, 2012

How do you sanitize the Internet?

Board member Fred Petrossians, writing for Global Voices discusses rumors and plans for total control of the internet by the Iranian state:
Iranian authorities see the internet as a real battleground and consider citizen media and social networking as tools of “soft war”. Over several years they claim to have blocked and filtered millions of websites and blogs. Now several bloggers have reported that Iran's Corporate Computer Systems say the goal is for Iran to be entirely cut off from the World Wide Web once the country launches its own national internet network.
(More here...)
September 7, 2011

Was Your Gmail Account Safe?

More than 300,000 Iranians have had their Gmail accounts compromised. From the report by the investigative firm Fox-IT, the security firm hired to investigate the stolen DigiNotar security certificates, it is clear that as early as July 28, the company was aware that falsified security certificates were in use in Iran. This is one month earlier than the first public notice, which was made by a Google Chrome user in Iran. (Read more background information.)The report, Operation Black Tulip (pdf), states:
They used both known hacker tools as well as software and scripts developed specifically for this task. Some of the software gives an amateurish impression, while some scripts, on the other hand, are very advanced. In at least one script, fingerprints from the hacker are left on purpose, which were also found in the Comodo breach investigation of March 2011.
Read more
September 2, 2011

Man in Middle Attacks Dangerous in Iran – Part 2

به زبان فارسیUPDATE: Google and Mozilla have revoked more than 200 security certificates as a result of a hack into the accounts of certificate authority, DigiNotar.WARNING: Tor, Yahoo, and Mozilla were among the targets.WHAT THIS MEANS: If you are in using Tor software downloaded after July 9, it might be compromised. Users of confirmed versions of Tor should not have been effected. (Read more on the Tor Blog.) If you have not checked the signature of Tor to ensure that it is authentic, now is the time to do so. Instructions are here.MORE THAN 200 SECURITY CERTIFICATES STOLENA few days ago, Arseh Sevom reported on compromised security for users in Iran. It was reported that a security certificate was stolen and was in used in Iran. This certificate was used to access secure communication between users in Iran and Google.Read more...
August 30, 2011

Man in the Middle: Google Becomes Dangerous in Iran

It all began with a simple message. An Iranian internet user was trying to connect to Google using the Chrome browser. Strangely enough, his browser flashed a message telling him that the security certificate he was using to access Google was not theirs. The user went to Google’s help forums to follow up on this and an investigation followed which uncovered a secretive, but highly explosive plot: a security firm in the Netherlands, DigiNotar, had seemingly provided a certificate to “someone” in Iran that allowed access to all secure traffic over Google within Iran.Security bloggers are reporting that the site may have been hacked earlier, in 2009. Screenshots of hacked pages are being shared via the internet. The links to those pages were available as recently as the morning (in Europe) of August 30th.Read more...
August 29, 2011

You don’t have to pay for protection

This post is part of special series of articles focusing on managing your online security and privacy. The complete series can be found in Persian at this link: http://bit.ly/n19Pzk.

Easy to use software is available that will keep your computer safe, and some of it is actually! Better yet, you can download anti-virus protection from the internet and install it in minutes. The best part: these applications don’t constantly bug you about renewing that subscriptionWe’ve made a short list of the best of these programs. So get rid of those tiresome constant pop-ups! Or, in the case that you don’t have an anti-virus program installed, start protecting your computer and your personal information better! AVG (Used by writer and recommended)Link: http://free.avg.com/us-en/homepage AviraLink: http://www.avira.com/en/avira-free-antivirus AvastLink: http://www.avast.com/free-antivirus-downloadRead more...
August 25, 2011

Google+ or Minus

This post is part of special series of articles focusing on managing your online security and privacy. The complete series can be found in Persian at this link: http://bit.ly/n19Pzk. Are There Security Concerns for Google+?

Google+ is the newest effort from Google to break into the social networking sphere. Some claim as high as 20 million unique accounts have been made since its release just a few months ago. However, like any social networking website, Google+ is not without flaws. This post will try to address some of these issues to two different sets of people, those living under governments that sponsor large-scale censorship and those who live under relative internet freedom.Read more...
August 22, 2011

Two Important Facebook Issues: Privacy and Attack Rumors

This post is part of special series of articles focusing on managing your online security and privacy. The complete series can be found in Persian at this link: http://bit.ly/n19Pzk. Two Important Facebook IssuesFacebook has been in the news for two unrelated, yet disturbing issues. One concerns rumors of an attack on Facebook by the group Anonymous. The other is related to Facebook's newest privacy intrusion. People who use its mobile phone application have found that the phone numbers of their contacts are now being imported into Facebook's database.Read the complete post...