10 December 2008

IRC Trading

Many people are not aware of security problems while sending and reciving files
(usualy known as 'trading' on mIRC), and since I am reasearching many security
topics, I have decided to write this security file which could keep you of you
jail. No bullshit!


1. Introduction
===============================================================================
I hope you are at least an mIRC user so you can understand what FSERVE or DCC
send/get and FTP servers are. If you don't know, learn fast: they are the net
protocols for file transfer between two computers that are connected through
internet. But they are ALL UNSAFE. Why?

You might have feeling that you are safe on IRC and that nobody knows your real
name since you nickname is not your real name and address, but.... The problem
is your IP number that is visible to ANY user (look on /whois your_nickname).
That IP number belongs to your ISP company and they know for 100% sure, from
which phone number are you calling and which IP number are you using for IRC and
all other Internet activity. With that information they can acctualy SEE all
data that is passing to and from you.

Well, you think that they can't intercept your private messages without a
warrant. But....... if you are trading/sending some files and if your ISP
company, based on existing police warrant, is monitoring your friend that you
trade with, then they SHALL remember you TOO and you will be reported as his
'friend'. After few days, weeks or even months when police decide to get in
action against your friend they will visit YOU too (no matter if you are in
another country then your friend, you will be visited by local police). What
will happend? They will get a warrant to search your ENTIRE house and they will
take your computer(s) and everthing other that is suspicious to them no matter
are you guilty or not and then you have only to wait several months or years for
them to complete investigation so that they can return you your computer(s). The
only thing left to you is to pick a good lawyer.


2. WHAT TO DO?
======================================================================================

**************************
Solution A) OpenSSH
**************************

Use secure Internet protocols like SFTP. SFTP is implemented into OpenSSH
project which includes both secure ftp SERVER and CLIENT utility (no Win98/95
version). Your ISP and police will see scrambled data going between you are and
your 'deviant' friend, and they will know EXACT identity of both of you, but
they could NOT tell to understand what were you sending to each other!!


To download Windows2K/NT version of OpenSSH server+client go to :

http://www.networksimplicity.com/openssh/

For other OS go to (there is no Win95/98 version):

http://www.openssh.com



***************************
Solution B) PGP mirc-script
***************************

Currently there is no Win95/98 version for OpenSSH, but the only solution would
be using PGP encryption. And I hope I will find some other utilities for next
edition. Someone might write PGP on-the-fly encryption script for mIRC.......

Homesite: http://web.mit.edu/network/pgp.html

Since there are many PGP pages, and some people are thinking that the
only realy secure PGP version is v2.6.2, be carefull what you download
and from where you download. I am suggesting to download all utilities
from realy democratic countries (not from: USA, western European
countries, poor countries that are depending on those rich
countries......)


***************************
Solution C) Legal Trick
***************************

If you have Win95/98 and you haven't solved secure file transfers there is one
plain trick that you could use to fool the cops. This is just last resort idea.
First: don't run RATIO ftp or fserve. Keep it open (but set password) so that
'anybody' who knows your password can freely download anything from it. Second:
put note on your site: "entering this site is forbidden by the owner and if you
proceede it would be considering like tresspassing private property, leave now".
So, police can't sue you for trading (file swaping is considering just like a
real trade, you recive something in return for offered goods). The only thing
police can sue you against, is the POSSESION of 'stuff' and the charges for
possesing that stuff is depending on your local laws. But if you are using some
encryption utility (read bellow) on your PC, they won't be able to get it.


***************************
If you have any new solutions for secure file transfers, MSG ME on mIRC.



3. ENCRYPTION UTILITIES FOR YOUR PC DATA (this is not for internet traffic encryption)
======================================================================================

Utility No.1 : SCRAMDISK
***************************

Excellent data encryption utility. Working through big file containers.

Specialty: it can encrypt entire PARTITIONS

Homepage: http://www.scramdisk.clara.net/

NOTE: there is new product on their site: DriveCrypt. Haven't checked.
Be carefull, it is not yet checked. In any product, there could be
backdoors so it is important to wait a few time before using it.


Utility No.2 : BestCrypt
***************************
Excellent data encryption utility. Working through big file containers.

Specialty: SWAP FILE encryption

Homepage: http://www.bestcrypt.com/


Accessing files that are into those encrypted 'file containers' is achived
through new drive letter that will appear when you enter required password.
Encryption is fast and I hope unbreakable (there is always chance for breaking,
but make it minimal). Also, you can install all your software (except Windows)
into those encrypted 'file containers'. This is recommended because of possibile
logs that some programs are writing to disk (or at least install your internet
utilities into encrypted file containers). Once you install above utilities, you
will use them for ever.

Gift for you if you are still reading this: you can make 650MB 'file
containers', burn them onto CD and send it to a friend and when he recives it,
you can send him a password through some secure ways (I am recomending you to encrypt
your message with your friends PGP public key when you are sending him your password).



4. EXTRA WARNINGS
======================================================================================

NOTE for password choosing: when you are choosing password for any special
encryption utility, and you are planning to protect realy important datas, don't
use WORD, use complete SENTENCE as a password.

Be carefull with FTP utilities. There are few that only encrypts FTP COMMAND channel,
but not DATA channel, which is the most important.

Also, forget protecting behind proxies since all traffic that is passing through
your computer and proxy server is NOT secured (encrypted!) unless you are using
payed proxies (which MAY encrypt traffic).


5. The End
======================================================================================

If you have any suggestion, please be free to msg me.

I am not affiliated with any site that I mentioned, including any other that I
haven't mentioned.

**********************************************************************
Put this message to your ftp/fserver and mark it as FREE download
**********************************************************************

Keep trading......... files are not hurting anybody except to those rich idiots.



Lifehacker