Lazybit

Sometimes we ignore little details, which is a bad thing - because others can use our negligence against us.Most routers and ADSL modems come with a web interface that is used to control and configure the device. The administration panel is accessed with a web-browser, and it provides access to data such as:

• your user name and password
• a log that shows which sites are visited, which network hosts are connected to the router
• port forwarding rules
• etc

There are two things that have to be done if such a device is used in your household:

Read more »

I used Private Disk light to send a file attached to e-mail through AOL. I created the file with Private Disk Light and added JPEG (*.jpg). It attached to the e-mail and I sent it to myself through Comcast no problem. How can I get it to go through AOL? The disk size was 6 MB.

The problem is at the level of the mail server, some servers are configured to restrict attachments that:

• are too large,
• have a double extension (like .dpd.jpg),
• that contain password protected archives,
• that contain executable files (.exe, .com, various scripts, or screensavers),
• etc

It is quite difficult to guess what kind of restrictions you will be dealing with, as each administrator prefers different methods to reject potentially harmful attachments.

The most common way to get past these restrictions is to archive the file and password protect it, or to change its extension. However, this still won't get you past a clever filter. So, how to exchange files over the Internet if I don't have a FTP server or something similar?

Solution
I suggest you to use a file exchange service instead of email, try yousendit or rapidshare, these services will help you solve the problem at no cost, allowing you to upload files of any type with size restrictions that are quite relaxed.

In the recent past we have been working on a plugin that extends the functionality of Winamp, now it can play media files stored on encrypted containers created by Private Disk.

The key advantages are obvious:

• Nothing needs to be changed in your habits, since the plugin seamlessly integrates itself into Winamp's Media Library;
• The files are handled by the audio player as if they were stored on non-protected media. You can store files in any format, be it MP3, OGG, FLAC, or an exotic video format;
• The media archive is encrypted with AES 256, therefore nobody can access it unless the password is known;
• The files can be organized in different ways, since the plugin can mount multiple encrypted images at the same time.

In other words, now you can protect your music archive from unwanted eyes, with a minimal effort. The files are secured with the strongest encryption algorithm available today; your privacy is guaranteed, no three-letter or four-letter agency can challenge that!

The plugin mounts encrypted images created by Private Disk, this means that the same encrypted image can also be used for conventional file storage.

Private Disk plugin for Winamp will be followed by the release of Private Disk FileMove, a tool that finds, organizes and securely stores files on your system - a great addition to Private Disk and the plugin for Winamp.

The plugin is free of charge, and it will soon be made public in Dekart's main site.

Some might be interested in the history of data encryption programs developed by Dekart. The chronology is a bit different from what one expects, so here are some facts about what happened, as well as some ideas about what might happen in the future.

The first program in the line is Private Disk Multifactor, which was released somewhere in 1999; at that time it was called "Private Disk". This is a smart-card/token -oriented encryption tool that appeared as a "side effect" of Dekart's initial exposure to smart-card payment systems. It makes possible the use of three factors of authentication, adding a BioAPI or HA-API compliant scanner to the authentication procedure.

Some of Multifactor's core components are:

• The Smartkey library - it acts as an abstraction layer, providing a unified interface to a broad range of key storage devices such as smart cards, tokens. The list was further extended, encompassing floppy disks and CDs. Support for flash memory storage is now there as well (ex: SD or MMC cards, or digital mp3 players that are detected as mass storage class devices)
• Dekart BIOAPI - this library allows BioAPI and HA-API biometric scanners to be used in the same way, hiding the low-level details from the coder.

Other important components, such as the on-the-fly encryption, and the virtual drive mechanisms were tightly coupled to the program's source code. Later they were moved to a different module, to make maintainence easier. This is how Private Disk API was created.

Private Disk Light was released in 2001, being a "Hello world" application that demonstrates how the Private Disk API works. Eventually the program became more than just a simple demo.

In 2003 it was decided that Private Disk Light would evolve as Private Disk, a commercial product; the Light version continues to be a free encryption program. This is when the original "Private Disk" became "Private Disk Multifactor". It was expected that such a change would cause a confusion among end-users, but the transition went surprisingly smooth.

Throughout this time, Private Disk API was only used internally by Dekart developers. It was decided that the API would become a product on its own, which would encourage others to build their own encryption software with minimal time investments. The API was documented, and along with several sample projects, it is distributed as Private Disk SDK, the first date of release is August the 5th, 2005. The SDK is a very easy way to build a robust encryption solution, not only that it was tested by time (since Private Disk relies on the exact same API), but it also relies on NIST-certified cryptographic modules for encryption and hashing. Certification is handled by Dekart, so the coder who uses the SDK can have this at no additional cost. Other things that are there - support for 64-bit platforms (AMD64 and IA-64), as well as Windows Vista compatibility.

2006 is an important point on the timeline, Dekart has released Private Disk Multifactor 2.0, it was shown to the public during the Systems 2006 expo in Munich. This is a special release, the most important detail about it is that it relies on Private Disk API, rather than its old codebase.

(A silent photo of the Dekart-Ritlabs stand in Munich, click to enlarge)

At that point Multifactor became a super-set of Private Disk, if compared by the available features. This brought tools such as Disk Firewall, Autorun, Autofinish to the community of Private Disk Multifactor users. All of this happened without hindering the mobility of the program - Multifactor is fully self-contained, thus it can be used directly from a removable drive on another computer. Of course it is a bit different, because if multiple factors of authentication are used, drivers for the additional hardware are needed. However, if a USB drive (or a smart card reader for which Windows will automatically find a driver) is used as a key - two-factors of authentication can be applied.

The 2.0 release had a significant impact on the speed of development, because any change made in the underlying API would automatically become a part of Private Disk and Private Disk Multifactor.

It is now being discussed whether PD and PDMF should be merged into a single product, but a decision was not made yet.

Since several APIs were mentioned, it should be noted that Smartkey is also going to be available as a separate SDK. This makes the development of smart-card based solutions incredibly simple. Ease of use is not the only advantage; besides the fact that the API was thoroughly tested and used for many years, it provides compatibility with a lot of smart cards, tokens, and other types of storage devices.

Another important detail is that Smartkey interacts with the smart cards and tokens via APDU commands. As a result, the library is very light, and there is no need to install additional modules that came from the card or token manufacturer. A positive side-effect is that Smartkey can be used to build portable programs (i.e. programs that do not require a local installation).

Dekart also plans to release an API for SIM card management, as well as the biometric API which is used internally; it is not certain when they will become available to the public, but it is going to happen after Smartkey SDK is officially released. At that time it will probably be known as "Dekart Smart Card SDK".

Password Carrier is a tool that automatically fills web-forms that were previously filled, sparing you from the task of doing it again next time you visit the page. However, in some cases you may notice that the program does not handle a page correctly, either by filling the field with an incorrect value, or by not filling it at all.

We have anticipated such cases, which is why the tool was designed to be extendable, this guide will explain how to tweak Password Carrier in such a way that it will be able to handle the pages that don’t work in the ‘out of the box’ configuration.

How does it work?
Fine tuning works by letting Password Carrier know which forms of the web-page need to be processed in a special way. This is necessary because not all webmasters use meaningful names for their forms, making it impossible for a program to ‘understand’ that the field called ‘ABC123’ stands for ‘Password’, and so on.

Case#1 – A field is not filled
It is likely that the page uses a non-standard name for that field, we’ll have to determine the name of the field by studying the code of the page and configure Password Carrier respectively.

1. Load the page
2. View its source code (Ctrl+U in Firefox; View\Source in Internet Explorer)
3. Search for input (if you use Firefox, you can enable the highlighter, so that all the found words are shown with a different color, as in the screenshot)
   Notice that there are several occurrences of input, but not all of them are needed:
   
   • if the type of the form is hidden, it can be ignored (underlined with red)
   • if the type of the form is password, it can be ignored only if the field you are looking for is not a password field (underlined with blue)
   
   
4. Find the name of the field; in this case it is ‘memnumber’ (highlighted with green)
5. This is what we were looking for. Note that down and proceed to the tweaking section, use the ExactNameField mode

Case#2 – A field is not filled, but I can’t find the name of the field
Sometimes the name of the field is generated when the page loads, so it is different when you reload the page.

1. Load the page
2. Analyze the text near the field (either its title, or a special word from its description)
3. Note that word down and proceed to the tweaking section, use the Possible mode.

As an example, take a look at this picture, which illustrates the login page of a fictive company named ACME; if you examine the code of the page, the names of the fields are not defined with meaningful words, each time the page loads the field is given a name like ‘37379351906’ or ‘f01asd’, and so on. However, regardless of the actual name of the field, the label ‘ACMEid’ is always nearby, so we can use it as a reference.

Case#3 – The program fills a field I don’t need
To handle this issue, follow the instructions given in the first use case in order to determine the name of the problematic field, afterwards use the Wrong mode.

Tweaking
There is a file called DPCarrier.ini in Password Carrier’s folder, editing it allows you to extend the functionality of the application. The file consists of sections, keys and values.


[FillTokens]
UserName_Exact=memnumber


In the above example:

• [FillTokens] is a section;
• UserName_ExactNameField is a key;
• memnumber is a value.

The line UserName_ExactNameField=memnumber is the instruction that tells Password Carrier that if a field is called ‘memnumber’, it should be processed, and interpreted as a UserName field (this applies to Case#1). If you’ve had the same problem with other sites, and discovered that other fields you need are ‘serialUserID’, and ‘socialNumber’, then these values can be added to the key: UserName_ExactNameField=memnumber,serialUserID,socialNumber. As you can see, multiple values are comma-separated.

Take a look at UserName_ExactNameField, it consists of two parts:

• UserName – the name of the field
• ExactNameField – the handling mode (tells Password Carrier what to do with the field)

Valid field names are:

• Password
• UserName
• AddressLine1
• AddressLine2
• City
• Company
• Country
• Email
• Fax
• FirstName
• LastName
• FullName
• JobTitle
• Phone
• State
• TaxIDNumber
• ZipCode

The valid handling modes are:

• ExactNameField – the field will be filled if its name matches the specified word
• Possible – the field is filled if the specified word is found nearby and if it is not included in Wrong
• Super – the field is filled if the specified word is found nearby
• Wrong – the field is not filled if the specified word is found nearby

You can combine these field names and modes by yourself, adapting Password Carrier to your needs. Here is an example of a customized DPCarrier.ini

Future versions of the program will provide an easier way to perform these customizations.