OPSEC Covert Communications
Results 1 to 10 of 10

Thread: OPSEC Covert Communications

Hybrid View

  1. #1
    Junior Member
    Join Date
    Apr 2011
    Location
    Longview, TX
    Posts
    3

    Smile OPSEC Covert Communications

    Hi,
    I'm not trying to sell anything here... I'm looking for beta testers for a new concept in secure communications. PCWorld and PCMag picked up on it and is listing it now, so that's a good compliment. Here's the PCWorld link:

    http://www.pcworld.com/downloads/fil...scription.html

    I just released version 2.2 and could use your input, because downloaders never give feedback, lol

    In return, I will give you a License Key for free and my undying gratitude. You can download the 14-day trial from PCWorld and kick the tires. The most helpful testers will get the License Keys.

    My Site: http://opsec.zymichost.com
    My Email: opsec.office@gmail.com

    Thanks in Advance!
    I know you're the best qualified to test this.

    Michael Vaughn
    Developer
    OPSEC

  2. #2
    Member
    Join Date
    Jul 2009
    Posts
    45
    When You Need To Work in a Secure Environment, OPSEC Covert Comm Delivers!
    so long as you don't mind OPSEC being the man in the middle?

  3. #3
    Junior Member
    Join Date
    Apr 2011
    Location
    Longview, TX
    Posts
    3
    TG2, that was a stupid reply. I'm surprised you would even say that. I worked very hard on this program for a number of months and am very proud of my accomplishment. OPSEC is a trusted network client/server platform built around the AES 256bit engine. Perhaps you should test a program before making a fool of yourself.

    Regards,
    Michael Vaughn
    Developer

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hmmm,

    Man in the middle?......................well people have been trusting third party mail providers for years over here. Mainly to filter spam and malware rather than from any content security viewpoint, so the focus would be incoming rather than outgoing or two way.

    I really don't see much difference between this concept and that of cloud computing? If you are going to use the internet then sooner or later your traffic is going to leave your control.

    I am curious as to what market this is aimed at....who would be typical users, and in what circumstances or scenarios?

    Incidentally, the download site isn't working, and WOT give it the worst trust rating I have ever seen I am afraid that doesn't create a good first impression for a security product.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Member
    Join Date
    Jul 2009
    Posts
    45
    Quote Originally Posted by OPSEC View Post
    TG2, that was a stupid reply. I'm surprised you would even say that. I worked very hard on this program for a number of months and am very proud of my accomplishment. OPSEC is a trusted network client/server platform built around the AES 256bit engine. Perhaps you should test a program before making a fool of yourself.

    Regards,
    Michael Vaughn
    Developer
    First, Michael dont get bent outta shape ...

    Second.. maybe if you were talking a suite of protocols that installed on top of commonly available programs.. secure IM, encrypted PST, etc.. that's something..

    Third.. Who Is OPSEC? And let me be bluntly clear... YOU'RE ON A FREE F**KING WEBHOST SITE? And that wasn't hard to find/see since all I had to do was drop the "opsec" off your URL ... So you've not even (as of yet) paid 35 bucks to NSI for a domain, or 10 dollars to Godaddy and then used free URL redirection from DYNDNS?

    Blackberry, AOL, Yahoo, Microsoft ... these are names people know.. these are products people already have.. make them more secure rather than installing yet another access client, or changing things employees have to do ??

    Otherwise.. the bigboys already require VPN's back to home ... and those of us out here... often you'll find us using PGP, OTR, & Secure IM for much of what we do, if not running our own VPN's so that we're more secure when we need to have end point to end point trust..

    @Nihil ... sure.. even in some locations phone home to Michael for updates is too insecure... let alone does this screen shot showing ports 57/58 not raise eyebrows? Lower ports out of an office network for 80, 53, and *maybe* to some trusted sites for 25 ... but 57/58? that's a little out there.. such an obscure port, with lots of traffic in a low range like that? more likely to draw suspicion..

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    @TG2,

    Otherwise.. the bigboys already require VPN's back to home ... and those of us out here... often you'll find us using PGP, OTR, & Secure IM for much of what we do, if not running our own VPN's so that we're more secure when we need to have end point to end point trust..
    Yeah, I think that is along the lines of my question as to what market niche etc. this product is aimed at?

    As you suggest, the bigboys have it sorted already. My customers (SOHO, small hotels, guesthouses, 2 trawlers, private individuals & local govt.) have no real need for it. Hell, World + dog could read my e-mails and they wouldn't hear anything good about themselves, but I would not be worried.

    So, I guess the people who might have a use for it are going to be small scale specialists?

    1. Lawyers
    2. Medicare/dentistry practices
    3. Care homes (old folks, invalids etc)
    4. Schools
    5. Financial Advisors
    6. Brokers/dealers
    7. Hospitals
    8. Security Companies (patrols, watchmen etc)
    9. Accountants
    10. Tax Advisors
    11. Insurance Brokers
    12. Bookmakers (the gambling & gaming ones)

    I guess the small guy with regulatory compliance issues is going to be the most likely customer. After all, they are the ones who might have to demonstrate "due diligence"?

    Obviously, I haven't mentioned any (other than morally) illegal activities.

    Ports 57 & 58?..............sorry,you have lost me there, if it is your equipment then does it matter, so what suspicion would it draw...........???????????? Also, is this supposed to be used all the time; or just for confidential stuff? in which case the traffic volumes would probably be quite low.


    EDIT:

    Link seems to be working now.
    Last edited by nihil; April 9th, 2011 at 10:39 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Member
    Join Date
    Jul 2009
    Posts
    45
    Quote Originally Posted by nihil View Post
    Ports 57 & 58?..............sorry,you have lost me there, if it is your equipment then does it matter, so what suspicion would it draw...........???????????? Also, is this supposed to be used all the time; or just for confidential stuff? in which case the traffic volumes would probably be quite low.
    Sorry .. meant to say his screen shot .. when you go to download out on PCWorld, it shows a screen shot, with ports 57 ("any" secure console) and port 58 (old Xerox Networking port) as whats' used for this product ...

    in the sniffing world.. you come across something using lowball ports (below 1024) you'd be suspicious of them if they weren't to/from well known port numbers. ie.. 25, 53, 80, 443 .. even 135/137~139

    In a secured network.. thinking that part of this suite is for use "on the go" you're given access to internet through a DMZ of a company, that doesn't mean you're not going to be watched.. and a lot of times.. when you secure a network you may allow outbound port 80 and port 53 ... and 25 from a mail server, but in most other cases, you don't allow in or out low numbered ports because they usually are server services.. and especially in a company I'd block port 25 in a heartbeat even for the DMZ .. what's the number one thing spammers want to do? .. send spam on port 25 ...

    anyway.. loball ports are commonly associated with server ports.. (which is why 25, 53, 80 are hwere they are.. under the 1024 "line") and a number one curiousity if doing penetration testing..
    Last edited by TG2; April 10th, 2011 at 08:43 PM.

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    @ TG2,

    Thanks for the reply, I see that we have been looking at it from quite different viewpoints.

    I was looking at testing it on a subsection of my home network,and the only thing that sniffs that is my tomcat

    There are two executable files that decompress from the download. One for the client and one for the server. It would seem that the default is for the server to listen on ports 57 & 58. I believe that you can change this, but having messed around for 3 hours or more, and still not been able to get it to work, I cannot really comment.

    My initial impressions:

    1. The documentation is woefully inadequate. You need a schematic and explanation of how the thing fits together and works.

    2. You need detailed instructions of exactly what to do, and the order in which to do them.

    3. The login screens need to be more clearly identified. they are all identical and leave you wondering which userid and password you should enter.

    4. When you enter a wrong user ID you should get a popup error message, and some advice as to which one it should be. The system should not just revert to "sulking mode".

    So far I cannot get past a "cannot connect to server" message........but I can make it crash well before then
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. The Culture of Unified Communications
    By tonybradley in forum General Computer Discussions
    Replies: 0
    Last Post: March 15th, 2009, 07:31 PM
  2. Covert Channels
    By hatebreed2000 in forum The Security Tutorials Forum
    Replies: 1
    Last Post: March 22nd, 2005, 08:31 AM
  3. ports
    By hatebreed2000 in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: March 14th, 2003, 05:36 AM
  4. Establishing an Operations Security Program (OPSEC)
    By imported_Tek Weasel in forum The Security Tutorials Forum
    Replies: 2
    Last Post: September 25th, 2002, 12:19 AM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides