Jun 22, 2011

SSL Analyzer: Scan SSL Of Website.

 Comodo announced the Beta release of its SSL Analyzer, a free web site scanning tool which provides an instant summary of web server security levels.

After typing a domain name into the search box, the SSL Analyzer will visit the specified domain and present fast, comprehensive information about the SSL Certificate and web server software.

This includes the validation level of the certificate, the strength of the digital signature and the number and type of enabled security protocols/cipher suites supported by the web server.

SSL Analyzer highlights insecure elements that need immediate remediation in red. Green represents an adequate level of security and an amber color means there is a potential issue that should be evaluated by the web server administrator. 


Source:  http://www.net-security.org/secworld.php?id=11207

Do you want to be Anonymous? Try this

I have receive this tweet and I think it's so cool for who want to be anonymous. Try it, I think you will like it.!! (If you want to read all detail or for OSX or another technique for hidden your footstep, please go to the Source.)

Setting up Tor

Preface: Due to abuse in the past, users trying to connect to the AnonOps IRC servers using Tor will not be able to connect. This is nothing personal, there have just been problems with abuse of the program in the past on the IRC server. Therefore, we do not recommend using this for IRC connection, but merely as an easy to use tool for browsing the internet anonymously. Keep it in, for most users it's a relatively slow connection.

Go download Tor here: https://www.torproject.org/dist/torbrowser/tor-browser-1.3.18_en-US.exe

After downloading Tor:
1) Run the .exe
2) Extract to your PC.
3) You will now have extracted TOR into the selected folder. You should have a button called "Start Tor" with an onion on it, click this to start (if you want you can make a shortcut by right-clicking create shortcut and drag it to your desktop, make sure the original stays in the same folder though).
4) You are good to go, if your ISP blocks connections to TOR and you need help setting up a bridge feel free to ask about it in the #OpNewblood channel, which again you can access through your web browser at this link: http://goo.gl/8zxwO

1) Download Tor here: https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-1.1.4-dev-en-US.tar.gz
2) Extract to destination of your choice
3) You should now be able to just click your start tor button to start.
4) For additional ease of use, try Tor Button for Firefox.
5) Once again for help with making a bridge if your ISP blocks Tor please ask for help in #OpNewblood via your web browser here: http://goo.gl/8zxwO

Check TOR Using.
1) To check anytime if TOR is working, you can go here: https://check.torproject.org/ and it will tell you if your TOR is working.
2) Highly reccomended is the TOR button for firefox: https://addons.mozilla.org/en-us/firefox/addon/torbutton/ which will allow you to turn tor on/off as well see if it's disabled in your browser.

Anonymous Browsing Using Tor Button for Firefox
Start by install Tor on your computer and configuring it to your liking. Then, download the Tor Button add-on for Firefox, and use the options to configure the add-on the way you want it. Then, press the "Tor Button" and go to a test website to ensure you've done it correctly. If the website returns properly anonymous results, then you've correctly set up Firefox for anonymous browsing through Tor. Also worth doing: hit Tools>Start Private Browsing whenever you are browsing with Tor. It stops logging your web history, caching files, passwords, cookies, and download history, so you don't have to clear the history everytime you're finished

Firefox recommended Add-ons

Adblock Plus: This plugin blocks around 90% of internet services that attempt to track your web activity and then send you targetted ads. It's crucial to use while browsing any aon websites or sites that have anon news articles, etc. http://goo.gl/fPmjm

NoScript: A very useful plugin that will disable javascript on sites to protect your privacy and stop malicious activity. Can set rules for individual sites or deny globally. http://noscript.net/

BetterPrivacy: This plugin is a tool to identify and remove cookies. It will also act as an "optout" from advertisement and other forms of web tracking. http://goo.gl/TL79Z

FoxyProxy: An Addon to the default way to handle connecting to proxies, the FoxyProxy addon will allow you to have easier access to enabling your proxy tunnels, also has advanced features, such as setting up a list of domains that you will always want to use a proxy to connect to, and to do so automatically, while still using another connection for non-listed sites. http://goo.gl/VRiHT

Ghostery: Another tool to help manage and mitigate tracking cookies, Ghostery features tools that will alert you when there are tracking cookies on the websites you visit. You can also view information about each tracker that is trying to harvest your browsing data, and even view the source code of said tracker and see exactly how the cookie is tracking you. Make sure you get Fanboy list and Easy list to stay updated (these can be selected during setup or in the options of the addon itself ) http://goo.gl/GoKQ1

Greasemonkey (GM): A great addon that allows you to edit the way websites show information to you, using bits of javascript code. This is more of an addon "engine" or development platform, allowing you to write and download scripts to do many different things using their addon. http://goo.gl/atGk7

HTTPS Everywhere: A Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. http://goo.gl/fsKV

I2p Installation: Windows
1) Download:
You can download the latest version of the i2p software here:
2) Installing:
In windows, the installation, as with any other windows software, is relatively
straightforward. Double click on i2pinstall_(version).exe that you downloaded from the above website and follow the instructions.
3) Launching the router:
After the install has completed, you can access your router console (control panel for i2p software, in the form of a website) even when you're not actively using the i2p proxy by doubleclicking the "Start I2p" icon or by following For those not versed in how the internet works, is an IP address that always leads to Localhost, or webservices that are running on your machine. As long as you are connecting to that address, no other anonymizing software is needed, since you are only talking to your own machine.
4) Browsing I2p:
In order to access .i2p websites, or eepsites, you'll have to set up i2p as a PROXY on your web browser of choice, instructions for this on Firefox are in section 4.2

I2p Installation: Linux
1) Easy way: Ubuntu.

  • Open a Terminal and enter:
sudo apt-get install sun-java6-jdk
  • Get the latest install package (yes, the .exe file, don't ask, it's java.) from http://www.i2p2.de/download. In the terminal window, navigate to the folder where you downloaded the .exe file and enter:

    java -jar i2pinstall-*.exe

  • Follow the prompts
2) Other distributions:
Google instructions for installing the java JRE software on your distribution, typically it's not much more difficult than with Ubuntu, but different distros have their own package management systems, and the commands might be slightly different.
Once Java is installed, it's the same command as Ubuntu:

java -jar i2pinstall-*.exe

Firefox Configuration

1) Verify it's running:
Once the i2p client is installed, you can verify it's running an http:// tunnel by
going to Under the "I2p Client Tunnels" section, the first entry should be "I2p HTTP Proxy". On the right, under the "Status" column, there are three little stars, one red, one yellow, and one green. If red is lit up, hit the "start" button to the right of it, If it's yellow, you don't have enough peer connectionsyet, and you should let it establish a presence on the network. Leave it alone and grab a sandwich, it should be ok in an hour or two.
2) Set up localhost as a proxy
Goto Edit>Preferences
Goto the Advanced section
Under Connections click the Settings button
Select "Manual Proxy Configuration"
Enter the following:

  • HTTP Proxy: Port: 8118
  • SSL Proxy: Port: 8118
  • SOCKS Host: Port: 9050
  • SOCKS V5 checked
  • No Proxy for:

Various IRC Client configuration
IRC Clients need no special setup or proxies. Just visit your and make sure IRC Proxy is running. If it is, justconnect to on port 6668 like it's a normal IRC server. Your client will sendall data to the proxy that's running on your machine on port 6668, which will then send it, via I2p, anonymously and securely to the i2p IRC servers. You may enter additional .i2p irc servers by clicking on
IRC Proxy on the Tunnel manager page and pasting the addresses in the "Tunnel Destination" field (comma seperated).Take a look at this list of clients and choose the one that sounds right for you:
Windows: http://www.ircreviews.org/clients/platforms-windows.html
Linux: http://www.ircreviews.org/clients/platforms-unix-x.html

Advanced Defense Techniques

USING Virtual Machines

It is strongly recommend you consider making a Virtual Machine (VM) to seperate your personal OS instance with you anon activity OS instance. This ensures that personal data does not leak while viewing anon related social media on such sites as Twitter or Facebook.

It has several other advantages such as allowing you to quickly delete all anon activity off your computer by simply deleting the VM itself.

Virtual Machine Software
VirtualBox - x86 and x64
VMWare Workstation 7 - x86 and x64
Windows Virtual PC - x86
etc. (do a google search for "virtual machine)


Disk encryption is another way to protect yourself. Disk encryption software will make it pretty much impossible for any one but yourself to access the data on any physical disk.

Disk Encryption Software
TrueCrypt - http://www.truecrypt.org/
Bitlocker - (Win 7 Ultimate only)

File and Email encryption and validation (added by cred)
Using the openPGP standard, the following software creates a "Keyring" for you, bound to your name and email address (neither of which needs to be real, I have two, one for my real life identity and another as cred) The private key is a password protected key you keep on any system on which you will be DECRYPTING information; your home computer, and if you're brave, your Android phone. The public key is used to ENCRYPT information or files, and is available to anyone. So if you wanted to encrypt information to send to me, you'd have to search from my public key, (cred@mail.i2p will find it for you) encrypt the data with it, and send it to me. The only thing that can now recover that data is my private key and password. PGP is the industry standard for high level encrypted email.

PGP (Windows) http://gpg4win.org/download.html
PGP (Linux) http://www.gnupg.org/
APG (Android) https://market.android.com/details?id=org.thialfihar.android.apg

- http://www.freeproxies.org
- http://www.socks24.org
- http://www.samair.ru/proxy


It's possible to use Tor as a VPN using some prepackaged linux VM's. Once these VM's are started it's possible to create a VPN connection to the Tor VM. These VM include additional privacy goodies such as Squid and Privoxy.

Linux Tor Software

JanusVM - http://janusvm.com/
TAILS - https://amnesia.boum.org/

Source: http://pastehtml.com/view/1dzvxhl.html