Internet Storm Center Infocon Status

Category Archives: Communication

Blackberry DTEK50 – Deciding to Go Back to a Smartphone After 100+ Days Without One

Since moving to a dumbphone over 100 days ago, there have been few times that I have really missed having access to a smartphone.  The Nokia X3-02 has awesome sound quality, holds a great charge, and is so small that you hardly know you have it in your pocket.  However, there are some times when having a smartphone is critical to my job and the Nokia has to take a back seat when I am required to remotely reboot a system or solve some problem that falls outside of the boundaries of making a simple phone call or texting.

So, about three weeks ago I restarted my smartphone research.  Immediately in my research I was faced with a significant dilemma.  On one hand, there’s the iPhone.  Being somewhat secure (or at least some secure apps available) and receiving regular updates is highly desirable for anyone that works with technology and security.  Even though Apple seems to have stood up to the FBI with regard to unlocking an iPhone this past year, Apple has fallen incredibly short with its newest hardware and software releases.  In speaking directly with an Apple rep, it appears that I am not alone in my hardware and software concerns (comment if you want to know more).  Compounding Apple’s issues is a closed ecosystem, slow patches, and a high price point.  It looks more and more like the Apple I once loved has established its path in releasing sleek devices that are both underpowered and costly.

On the other hand, you have Android which represents a terribly splintered market.  Some devices on the cheap side hardly ever see updates.  Then you have “middle of the road” devices like the Moto G series, which may actually receive updates, but not necessarily in a timely manner.  Then you have higher end devices which will likely cost $600+ which will likely receive updates, but still not in as timely a manner as a security professional would prefer.

The top end of Android devices, like the Pixel, are sure to receive timely updates, but at a price point which rivals the cost of a decent laptop.  Personally, I can’t imagine dropping over $600 for a cell phone.

A Windows phone would be pretty inexpensive, would see timely updates, and includes a solid foundation for security (yes, I’m as surprised as you are that I am writing this… but research shows that the current Windows mobile platform is actually pretty good).  However, I was not going to go with a phone that has less compatibility.  The simple fact is that Windows phones have far fewer apps.

Blackberry… oh, how I long for the platform that brought me my first smartphone.  I once had an 8830 “world phone” by Blackberry and loved it.  It was so solid.  Then I think, “Oh, how RIM betrayed it’s users by using the same key on all consumer devices.”  Additionally, Blackberry’s BB10 OS is probably five years behind when it comes to available and compatible apps.

Yet, something striking now stands out from the company that betrayed its consumers.  Blackberry is realizing that they can offer multiple things that the splintered Android market cannot.  Security, timely updates, and a competitive price point.

With regard to security, I initially worried that the updates wouldn’t come as fast and often as the Google Pixel and other Android flagships, but a little research put my worries to reset.  I read over and over that Blackberry’s updates for their Android line of phones (including DTEK50/60, and Priv) often come faster than Google’s own updates for Nexus devices.  That is comforting news.

The most informative review I found was from Crackberry.com.  See here: http://crackberry.com/blackberry-dtek50-review.  That review has great pictures and really cuts to the heart of what Blackberry is trying to achieve with the release of this device.

Two weeks ago, I received a DTEK50 at just $229 (yes, that’s new) from B&H Photo.  I also ordered the smart cover.  Reviews were hard on the DTEK50 with regard to battery life.  I put that concern aside as I really couldn’t find any other viable options (sub $300).

In the last two weeks, I must say that I am quite impressed.  Battery life wasn’t nearly as bad as I worried.  Especially since I am a light user, I can get over a day out of the device no problem.  If you bury your head in your phone for hours on end, you will most likely have different results.

I’ll get to some of my thoughts in a follow up.  But for now, just know that I am very pleased with my decision to give Blackberry another shot.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Could This Be The World’s BEST CODEBOOK?

pocketnewtestamentOver a year ago I was asked by PrepperRecon to join in on an interview regarding secure email systems.  In the interview I gave an overview of email servers in Israel, Switzerland, and Norway.  One of my recent favorites is ProtonMail (Switzerland).  I love that you can send a secure email message and password that message so that the recipient must know the password in order to see the contents.  Of course, this raises the question, “How do I come up with a password method that I can share?”

This is a problem as old as espionage.  Even Israelites used a password in the Old Testament, when a word was used which was difficult for Israel’s enemies to pronounce.  The word was Shibboleth (see Judges 12 and wikipedia:https://en.wikipedia.org/wiki/Shibboleth).

Over the course of history, various methods have been developed to share passwords.  The most secure method of encryption is OTP (or One Time Pad) – see this link.  Basically, two one time pads are created.  Each one time pad can be used to send or receive a message.  In order to maintain security, each one time pad must be destroyed after use.  One time pads are typically only used for very short messages.  (Note: One time pads are still in use today.  Broadcasts can be heard over various frequencies saying things like, “alpha, alpha, juliet, bravo, etc., etc.”  Agents in the field can receive the messages using receivers which are pretty much undetectable, thereby maintaining good security).

One time pads come with a slew of problems.  Creating messages can be time consuming.  If a one time pad booklet is lost, there is no way to recreate it.  Messages are short, so you are limited by what you can communicate with a limited amount of characters.  The one time pad booklets would need replacing when they run out, which means contact might need to be reestablished anyways (and that could breach security).

What if instead of a one time pad you simply used a codebook?  The codebook would need to be small.  It would need to be common enough that it can be obtained easily by all team members.  It would also need enough pages to keep passwords fresh.  I think a pocket New Testament would be ideal.  Of course, everyone in your group would need to obtain the very same version so that all the letters fall in the same place on every page.

The problem remains about developing a password method that can be shared.  So, here are some ideas.

First, identify a page.  This could be done in a multitude of ways, but basic ways include:

  • simply giving a Book, chapter, and verse.
  • use a page number
  • reference a verse that others would know where to find (this also enforces the value of knowing scripture)

Second, coordinate a pattern.  The pattern will give you the code.  There are thousands, or millions, of patterns that could be used.  Here are some ideas:

  • the letter on the top right corner of every page over the next 20 pages
  • the third line from the bottom backwards for 20 characters (be sure to confirm whether or not spaces should be used)
  • use a column of letters down or up (like the right column of characters moving up from the bottom)
  • every other character of a specified line
  • use the page number to develop a pattern (like page 143, could be the first character, then skip four characters, then skip 3 characters).
  • keep it easy enough that you can remember and use it easy!

When using a system like ProtonMail, you may just need to put a verse, or page number, in the subject line.  As long as the person you communicate with has the code book and knows the proper pattern, then they can use the password to decrypt your message.

Never ever use the same page twice unless you are using a new and unique pattern.  But, the good news is that you never need to destroy your pages like a one time pad.  You simply need to communicate a new pattern.

Besides all this stuff about codebooks, having access to God’s Word is most important.  In the pages we find strength, encouragement, and salvation.  It’s just smart to have access to the Word anywhere you go.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Baofeng DM-5R – Should You Go Digital? (Digital DM-5R Instead of Analog UV-5R)

Those of us that are lucky enough to be surrounded by HDTV stations enjoy the benefits of a beautiful and mostly uninterrupted HD picture on our televisions.  The same technology was introduced in radio form many years before we ever saw an HDTV picture.  Sending digital instead of analog has a great benefit as you either have a fantastic copy of the audio or no audio.  So, if a signal is properly received, it should not just be copyable, it should be crystal clear.

Without a doubt, the Baofeng UV-5R has been the most popular radio for preppers.  It is cheap and it is rugged.  Four UV-5R’s can be purchased at the same price as a single Yaesu or Icom.  But, all this means you use easily readable analog.  Anyone can just tap into your signal.

However, those serious about communications may want to consider a step up into digital mode.  But digital is typically more expensive.  Should you invest in more than double the cost to obtain DM-5R’s from Amazon at $79.99?  That’s for you to decide, but here is some information and comparisons.

The DM-5R is nearly identical in appearance to the UV-5R, however the DM-5R delivers crisp clean audio at 1.5 miles whereas the same audio on the UV-5R would barely be readable.  This first video is a demonstration from HamRadioConcepts on YouTube.

Going digital isn’t the only thing you need to consider.  You also have to strongly weigh in compatibility.  The second video focuses in on the digital aspects of the DM-5R and shows how it may not be compatible with “all things digital.”

Quite honestly, you shouldn’t expect the DM-5R, at its cheap price point, to satisfy compatibility requirements.  However, at just 80 bucks a radio, the DM-5R is super cheap, appears to be built with the same ruggedness of the UV-5R and can help you move into the digital realm on a budget.

ADDED NOTE:  I found this web post giving some more information about the compatibility of the DM-5R: http://www.radioddity.com/us/blog/truth-about-dm-5r/

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Is Tor Still Safe?

duckduckgo-is-tor-still-safeJust moments ago, I searched for the phrase “2016 is Tor still safe” on the anonymous search engine Duck Duck Go and I got the results in this screenshot (link to search here).  What was remarkable to me about the search is that the first 10+ links were all from articles more than a year old.  The average article was more than two years old.

So, this begs the question, “is Tor still valid in 2016?”  Additionally, this makes me question whether or not TailsOS still meets its promises of web surfing anonymity.

Tor has not gone without significant woes in 2016.  On May 25th of this year, Jacob Applebaum quit Tor “amid ‘sex misconduct’ accusations” according to The Register (link to source here).  Though Applebaum has been a significant voice for Tor advocates, he wasn’t the only bad news for web anonymity.  Further piling on problems is the fact that Lucky Green left in July, later pulling the plugs at the end of August of this year on his Tor nodes (link to Dark Web News source here).  In their article, “Dark Web News” refers to this as “matter of great concern.”

The Dark Web News article further points a response from Tor by “Appoint[ing] a new board of directors” (link to source here).  As you think about any company that has undergone a major board changeover, you think either one of two things will happen.  Either, the new board will drive the project/company into the ground, or the change will mean positive changes will occur.  Hardly ever do things just continue at the status quo.

Have things gotten better or worse for Tor?  I would have to emphatically say that they have improved and improved greatly!  Here are some observations:

  1. The Tor Project seems to have undergone a major website revamp in recent months which now clearly shows the connections between the Tor and community projects
  2. Improvements are being made on the messaging front by way of a Tor messenger (still in Beta)
  3. Involvement in Tor projects seems to be easier than ever with an incredible list of project ideas and promoting of volunteerism (which I think is critical to keeping a project like this moving ahead)
  4. Links to Tails and Copperhead (and other open source projects) pepper the website

Of course, not all these positives can likely be attributed to the board alone, but these are welcome changes.  It is great to see up to date information on their website.

Is TailsOS moving in the right direction as well?  Though tails.boum.org hasn’t undergone any major revamp of the website, there has been significant improvements.  In particular, there is much better information about how to build your own TailsOS bootable USB.  The project also continues to take security holes very seriously and the most recent update is marked 11/15/2016.  This continues to keep me very positive.

Many of you have noticed that we have pulled our inventory of TailsOS in the past few months.  There are mixed reasons for this.  First of all, the updates for TailsOS comes fast and it is important to me to always ship the latest version.  Sometimes that is hard to do.  Second, with concerns about Tor’s sustainability, I wanted to make sure that I was shipping a product that would continue to hold value.  With the recent research regarding Tor, TailsOS, and Copperhead, I am considering re-offering TailsOS bootable USB drives.  In addition, I am currently researching whether or not I can even provide phones loaded with Copperhead OS.  Please stay tuned!

If you are one of those that have been waiting for a TailsOS to reappear in our online store, please feel free to comment below, your comments will be kept private unless you request otherwise.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Pixie CW (Morse Code) Kit – Video from Youtube

I need to pick up a couple of these kits, and found this video to be of much better quality than others I’ve seen so I thought I would pass it along.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Wireless Dead Drop Using Raspberry Pi

It is very well known that a Raspberry Pi can easily be used as a weak FM transmitter.  An Instructable has been dedicated to the topic (http://www.instructables.com/id/Raspberry-Pi-Radio-Transmitter/?ALLSTEPS).  A slew of other articles for support, troubleshooting, and improving the project can be found easily in any search engine.

I got thinking about the whole USB dead drop thing (deaddrops.com).  It is fun to do geocaching and the USB dead drop thing is really the same idea.  Unfortunately, advertising sites makes them a target for vandalism and theft.  It kinda ruins the fun for everyone else.  In my area only 1 of the 3 USB dead drops has has been recently confirmed.  This led me to think about creating a drop that could be accessed wirelessly.

Using a wifi connection would certainly be possible, but it wouldn’t be the easiest thing in the world and would easily become a target for hacking.  I also got thinking about accessing information in the event that there really was a need for security.  For me, I spend a lot of time walking and running along some trails.  It really wouldn’t be that hard to create a device that transmits a message that could be heard over FM.  It would be easy for someone to be walking along while tuning in a frequency on an FM-enabled cell phone (or FM-enabled MP3 player) at a specified location and receive a message.

The Raspberry Pi radio project has a range of roughly 40 feet.  One solution to stealing and vandalism is simply not advertising the location to the public.  A project as being described here would maybe need to be solar powered and/or possibly engineered to only turn on during certain times.  One issue might be retrieving the Pi to update the message.

But, there are lots of other ways that the Pi could be used to transmit the message.  One could have a Pi that was transmitting a particular message and do an informational drive-by while the recipient was listening to the frequency (such as performing the transmission at a parking lot).  For that matter, two people with one Pi each could transmit on 2 different frequencies.  I’m sure there is an easy modification to even take the mic input of the Pi and hook up a microphone, and with the addition of headphones on the FM radio, a pair of people could talk discreetly being in proximity in their vehicles while at the same time not observed as talking to each other.

Who knows what information one might want to transmit.  It could be anything.  It could be a code word, instructions for a discreet meeting, or whatever.

The cool thing is that the Pi, being a computer, could make it easy to perform a text-to-speech broadcast thereby maintaining some anonymity.  Of course, all this is in theory, but I know full well that the individual pieces required to make this a reality already exist.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Email Privacy and How Proton Mail Works:

Proton Mail uses an interesting method to help encrypt traffic from sender to recipient without compromising private keys.  Andy Yen explains how this works in this year-old video.  Proton Mail has a free version (no ads!).  Though I’m still playing around with Proton, it could very likely be my “go to” for email security because it is easy to use.

Email encryption can be complicated.  Sharing keys, etc, can be a nightmare and transporting keys over the web isn’t really the best way to share.  I hope that Proton’s fresh approach can make it into other venues, like social media, though I imagine there will be a lot of push back in that arena.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Has Google been suppressing providers of End-to-End email encryption?

On a recent episode of “Security Now” on Twit.tv, I heard Steve Gibson mention that Google was lowering the search rank of Proton Mail when people search for the terms “secure email providers.”  Though I have looked at Proton in the past, they have come and gone on my list of good providers as their free account system was touch and go.  However, all that has changed with Proton Mail coming out of Beta.

Apparently, Proton Mail offers end to end encryption and even offers a password option for those who are not Proton Mail users.  This is excellent.  A OTP (one time pad), keyword, or passphrase could be used to decrypt messages and give recipients a high level of security.  Nay-sayers will likely say that it is impossible and Proton can read everyone’s messages.  However, if they really are using E2E encryption (and we have no reason to believe they aren’t), then this is an exceptional service with exceptional value.  Being based in Switzerland is a huge plus for privacy advocates as well.

You can use Proton Mail for free (and receive a 500megabyte account).  I created an account today and look forward to testing it further.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

Low Power Radio Operation (QRP) a Valuable Skill in Grid Down

QRP is ham radio operation at low power.  It is my belief that low power operation is critical in an EOTWAWKI scenario.  Operating at full power is the same as throwing on the high beams and announcing to the world, “Here I am!”  Obviously, there are other good reasons to run in QRP, such reasons include being able to recharge batteries and still operate a radio.  High power modes will drain your power supply.

Also important is the ability to listen without operating a rig that sucks your battery.  Such listening could be done on a little radio like the County Comm GP-5 (there’s a gen 3 now available and the single biggest feature of the GP-5 over almost any other similar radio is that it can do upper and lower sideband and give you the ability to listen on a small battery powered radio before using your bigger batteries to fire up something larger).

Good QRP rigs that the ham community should consider are the Ten-Tec 507 (a 40/20 meter QRP rig that can do SSB/CW), the MFJ 9475x (MFJ 9440 and 9420 as well), and the KD1JV Survivor (75m).  If you want to know all the ins and outs of your QRP rig, the KD1JV would be a good choice as you actually have to build and test it.  However, that isn’t everyone’s cup of tea and being limited to a single band is probably not the best choice.  Personally, I’m strongly considering the Ten Tec as it at least gives two bands of operation.

More capable QRP rigs would include the Yaesu FT-817 (probably the single most popular rig for QRP), but you will end up shelling out over $850 for even a used one.

Antennas are an incredibly important part of your QRP investment.  An inefficient will kill your output.  My first contact on QRP was about 1000 miles on 1Watt using a off-center-fed dipole (45ft/90ft).  But, you may not have room for such a large antenna.  Antennas are another topic for another day, but searching for QRP antennas will help you find something that get your message out on low power.

Some prepper-heads out there operate under the guise that they don’t need a license.  After all, if the ‘s’ really hits the fan, then in shouldn’t matter.  Yes, there is some truth to that, but how do you learn to communicate?  Illegally?  So… yes, you really need to get a license (which isn’t hard at all, just use hamtestonline or something like that and get legal, get learning, and continue prepping).

FYI:  There are a bunch of Chinese QRP rigs out there.  Personally, my opinion is to stay clear of them.  They are made with cheaper components, are plagued with horribly written manuals, and the chances are that you would never be able to fix it when you have a problem.

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.

FREE ARTICLES FOR YOUR SURVIVAL SITE

ePrepper is looking to roll all its content into a larger prepper website.  If interested, please leave a comment and I will contact you.  No comments will be approved, it will only server as a method to start communication.  ePrepper will likely close its blog and forward traffic to another site… a site that I can both endorse and continue writing articles for.  Please let me know if you are interested!

ePrepper is going offline this month and will likely be offline before the end of January 2017, unless I can find someone to either take over the site or migrate its content to. Properly maintaining the site has been taking up too much time and cutting into my family. I would like to see the content of ePrepper get absorbed into a larger site. If you run a blog and are interested using content from ePrepper, please email dan [dot] michaels [at] eprepper [dot] net.