Fieldcraft, Survival, and Security: June 2017

Friday, June 30, 2017

Password Managers (Password Safes)

Many computer users today have to keep track of dozens of passwords: for network accounts, online services, premium web sites. Some write their passwords on a piece of paper, leaving their accounts vulnerable to thieves or in-house snoops. Others choose the same password for different applications, which makes life easy for intruders of all kinds.

By using a password manager, users can keep their passwords securely encrypted on their computers.

A password manager assists in generating, storing, and retrieving complex passwords from an encrypted database. Types of password managers include locally-installed software applications, online services that are accessed through website portals, and locally-accessed hardware devices that serve as keys. Depending on the type of password manager being used and the functionality offered by its developers, the encrypted database is either stored locally on the user's device or stored remotely through an online file hosting service. Password managers typically require its user to create and remember one "master" password to unlock and access to any information stored in its database.

Using a password manager (password safe) allows you to use long, complex, and unique passwords for each of your sites and applications. This makes it much more difficult for someone to crack your passwords by guessing, by dictionary attacks, or by brute force. My preferred password manager is the KeePass Password Safe (although there are other quality password managers that you might like as well).

KeePass Password Safe

KeePass (http://keepass.info/) is a free and open source password manager. Your passwords in KeePass are stored inside an encrypted database that you control, on your own system, and are never synced or uploaded anywhere unless you want to take them from machine to machine. KeePass can also be run as a protable app, allowing you to take your passwords with you from one computer to the next by running KeePass from a USB drive. KeePass has its own password generator to help you create strong and uniques passwords for each of your accounts and applications. KeePass runs off-line (no Internet connection required).

KeePass can be run in Russian and many other languages as well.

I also like Password Safe (https://www.schneier.com/academic/passsafe/), developed by Bruce Schneier. Mr. Schneier's application has many of the same features as KeePass, and is an excellent choice to manage your passwords if you choose not to use KeePass.

Other top quality Password Managers include:

Using a password manager inproves the security of your on-line accounts. Using a password manager, combined with Two-Factor Authentication further enhances that security. I previously wrote about Two-Factor Authentication here on Wudewasa Blog.

The EFF has an Animated Overview: Using Password Managers to Stay Safe Online.

Research password managers a bit, and choose the one that best fills your needs. Regardless of which password manager you choose; a properly implemented password manager will enhance your overall security on-line.

Thursday, June 29, 2017

miniLock

In 2015, Amnesty International recommended the program MiniLock to encrypt files and protect your privacy on-line. MiniLock uses your e-mail address and a long passphrase to generate a key (MiniLock ID) that is used to encrypt files. You provide your MiniLock ID to others so that they can encrypt to you, and you use their MiniLock ID to encrypt messages to them. A MiniLock ID is a 44-character alpha-numeric string that works as a public key for encryption. Using the same e-mail address and the exact same pass-phrase will generate the same MiniLock ID (key pair) each time. Note however that including even an extra space (say at the beginning or end of your e-mail address or passphrase) will generate a completely different MiniLockID. We like MiniLock, but note that it is only available as an add on for the Chrome Browser, which limits its usefulness as a general encryption program. Still the need for the Chrome browser isn’t an overwhelming problem since it is freely available world-wide.

miniLock lets you encrypt any file quickly and easily, and share it securely with any friend that has a miniLock ID.

Open miniLock and enter your email and passphrase. miniLock uses your passphrase to generate a miniLock ID. You can then send your miniLock ID to friends and they will be able to encrypt files and send them to you. You can send files to your friends once you have their miniLock IDs.

miniLock IDs are very small and easy to communicate. They fit inside a tweet, business card or text message. Entering your passphrase on any computer with miniLock installed will immediately give you the same miniLock ID.

miniLock allows you to also encrypt files for yourself to decrypt later. It can encrypt files to multiple recipients, and has other features such as anonymizing both the sender and recipients of an encrypted file.

The idea behind miniLock's design is that passphrase memorized by the user, along with their email address, can act as a complete, portable basis for a persistent public key identity and provide a full substitute for other key pair models, such as having the key pair stored on disk media (the PGP approach).

miniLock is audited, peer-reviewed software. It's developed using proven cryptographic standards and under the scrutiny of the open source cryptography community.

miniLock is available from the Chrome Web Store

MiniLock was designed by Nadim Kobeissi, the creator of Cryptocat, a chat program that we also like.

Wednesday, June 28, 2017

Neti Pot

Although several methods of nasal irrigation exist, one of the most popular is the Neti pot. Nasal irrigation, or nasal lavage is a personal hygiene practice in which the nasal cavity is washed to flush out mucus and debris from the nose and sinuses. The Neti Pot naturally cleanses, refreshes, and protects the nasal passages, one of our body’s first lines of defense against illness. Recommended today by doctors and pharmacists worldwide, the Neti Pot has been used for thousands of years in ayurvedic medicine to alleviate sinus and allergy problems.

To use the Neti pot or other nasal irrigation device you would mix about 480 ml (16 ounces / 1 pint) of lukewarm water (distilled, sterile, or previously boiled) with 1 teaspoon of salt. Some people add 1/2 teaspoon of baking soda to buffer the solution and make it gentler on the nose, but there isn't any real proof that this improves the experience. Premixed sinus rinse solutions are also a good choice. Be sure to use distilled, sterile, or previously boiled water to make up the irrigation solution. Tap water is not safe for irrigating your nose.

Once you've filled the Neti pot, tilt your head over the sink at about a 45-degree angle. Place the spout into your top nostril, and gently pour the saline solution into that nostril. The fluid will flow through your nasal cavity and out the other nostril. It may also run into your throat. If this occurs, just spit it out. Blow your nose to get rid of any remaining liquid, then refill the Neti pot and repeat the process on the other side. It's important to rinse the irrigation device after each use and leave open to air dry.

Research has found that the Neti pot is generally safe. About 10% of regular users experience mild side effects, such as nasal irritation and stinging. Nosebleeds can also occur, but they are rare. Reducing the amount of salt in the solution, adjusting the frequency of Neti pot use, and changing the temperature of the water appear to reduce side effects.

To prevent infection, always use distilled, sterile, or previously boiled water. Also, it's important to properly care for your nasal irrigation device. Either wash the device thoroughly by hand, or put it in the dishwasher if it's dishwasher-safe. Follow by drying the device completely after each use.

You can order Neti Pots and Sinus Rinse from the links below (Amazon.Com)

Ceramic Neti Pot

Plastic Neti Pot

NeilMed Sinus Rinse Premixed Refill Packets

Tuesday, June 27, 2017

Super Tonic

To make 'Super Tonic' take equal parts by volume of the following ingrediants:

fresh grated Ginger Root
fresh chopped organic Garlic Cloves
fresh chopped Habenero Peppers
fresh chopped White Onion
fresh grated Horseradish Root

Use a Blender to chop up each of these Ingredients VERY FINE!

Place the finely chopped ingredients in a glass jar, until the jar is 3/4 full.

Fill the Glass Jar to the top with raw Organic Apple Cider Vinegar with the "mother" (Bragg's or Spectrum Naturals).

Let this mixture stand for one month, shaking and turning the jar every day.

Top off the jar with more vinegar as needed.

After a month strain the mixture through cheese cloth saving the liquid in a clean jar.

Some discard the remaining solids, but you may wish to save and dry the solids to use as a seasoning.

Take at least 1 oz. of the liquid Super Tonic, 3 times per day (drink, gargle and swallow), when you have a Cold or Flu.

A YouTube video showing how to make Homemade Super Tonic "Cure-all"

If you wanted to try Super Tonic before making it yourself, you can order it on-line from places like Amazon.com. This might be a good idea if you have never tried Super Tonic since you can get a small bottle for just a few rubles. This costs less than all of the ingredients needed to make a large batch of Super Tonic as described above. Still, if you decide that Super Tonic is something that you will use regularly it is always best to make your own.

Monday, June 26, 2017

Survival in the Desert

When you mention the word "hot land, - what is the first thing that comes to mind? More than likely, your response centered on a desert. Though it is true that a desert is a "hot land," any region has the potential for becoming a "hot land." Temperatures can rise quickly and without warning. For this post, we are going to concentrate on the desert, but the survival techniques described here can be used in any "hot land."

Deserts cover nearly 20% of the world's landmass. They are found on most continents, and usually have inhabitants that live and thrive in this hostile environment. These inhabitants have learned to live with the desert, and not to fight it.

In Russia there is very little desert land. The Ryn-Peski Desert (Kazakh: Нарын-Құм Naryn-Qum), is a desert in western Kazakhstan and south-western Russia, north of the Caspian Sea and southeast of the Volga Upland. The borders of the desert are very loosely defined. Some maps show the desert almost entirely within the Caspian Depression, stretching almost to the coast of the Caspian Sea, while others show it north of the depression. It lies west of the Ural River between 46° N and 49° N latitude, and 47° E to 52° E longitude. Temperatures can reach extreme highs of 45 to 48 °C (113 to 118 °F) during summer and in winter it can drop to a low of −28 to −36 °C (−18 to −33 °F). This is the only true desert region in Russia, however we must not completely overlook the Charsky Sands.

The Charsky Sands (also known as the Charsky desert) are located north of the Trans-Baikal region in the Kalarsky District. Charsky sands is the most northern desert in the world. The width of sand masses is 5 km and the length is 15 km. Charsky sands are a unique combination of sandy desert with dunes and the surrounding east-siberian pine-larch taiga with mountains which are covered with snow even in summer. Despite the small area of the desert its landscape is very diverse. In the central part are mostly small dunes with wind-deposited sand on the outskirts of the ridges and covered with sand. The highest dunes are located in the southwestern part of the array. The most powerful dunes in the center of the array look like frozen waves.

True deserts are found in three forms:

Rock Desert
Sand Desert
Salt Desert

Each of these desert types is very different from the other. Sometimes a desert can start out as a sand desert, then turn into a mountainous rock desert. Although no two deserts are alike, they do share one common bond:

They are hot! In 1972 - 1974 the American National Park Service conducted surface temperature readings in Death Valley, California. These tests were conducted in July and August during the hottest part of the day. The average surface temperature was 182 degrees (F), but at times (1972) it hit as high as 201 degrees (F). It goes without saying temperatures as high as these would cause life threatening medical problems.

As the temperature outside increases, the inner core temperature of an unprotected person will also increase. To combat this heat build-up, the body produces sweat. Sweat is simply water, taken from the body's internal supply, and sent to the surface of the skin to promote evaporation. As the water evaporates, the skin and blood will cool. This system works very efficiently, as long as there is a sufficient water supply in the body. The average person looses 2 - 4 quarts of water through everyday activity. Any activity above the normal amount will cause a person to loose water faster and in greater quantity.

This water must be replaced or the body will be in a state of dehydration. When dehydrated, the sweating process will slow and eventually stop, and this will cause body heat to rise. As the heat in body rises, it will cause physiological stresses to the body. Immediate treatment should consist of cooling the body and consuming enough water to promote the sweating process.

Finding water in the desert will be a challenge. The water you have in the body system before a survival episode may be the only source. Don't waste it. A good rule of thumb to adhere to is to "ration your sweat, not your water." Here are a few techniques that may help you to conserve your internal water (hydration):

Stay out of direct sunlight (The shade can be 40 degrees cooler)
Stay off the desert floor (12" above or 12" below may be 40 degrees cooler)
No activity during the daylight (All work done at night)
Proper clothing (Light colors reflect sunlight, keep clothing baggy and layered)
No smoking (Smoking hastens dehydration)
No alcohol (Alcohol promotes dehydration)

When the thirst mechanism sends a signal to the brain, it’s saying the body is low on water. Keep your system filled with water before you become a survivor.

If the time comes when water needs to be found, all work should be done in the cool of the night. Finding water in the desert may be difficult, but it is not impossible. An important question to ask is "Should I go out and look for water or stay put and conserve what is in my system?" An alternative may be to dig a solar still. A solar still brings moisture from the ground and air and puts it in a container for your consumption. To construct a solar still, first dig a hole, find a container, and have a clear piece of plastic available.

Crushed green vegetation placed along the sides of the hole will speed up the moisturizing process. Additionally, if you dig your hole in a natural moisture collector (see diagram) it will help. One solar still may produce as much as 2 pints of water a day, but the quantity is usually far less. So, should you dig a solar still (which will cause you to loose water through sweating) or stay in the shade and conserve? It will be a judgment call.

Heat Injuries:

- Sunburn: Sunburn is a result of unprotected skin absorbing too much of the ultra-violet rays from the sun. Sunburn is not a life-threatening injury. It is considered to be a first-degree burn, and should be treated as such. The real problem with sunburn stems from two complications. First, in an attempt to cool the injury, mild sunburn will cause the body to produce more sweat than normal. Secondly, more severe sunburn will cause an impairment of sweat glands on the affected area. This will cause your body to build up heat faster than normal, which can bring on a more serious heat injury.

- Sun blindness: This is brought on by the over-exposure of the eyes to sunlight. Though common in desert areas, it can be prevented. When you are out and about on bright sunny days, wear sunglasses. Even prescription glasses will give some protection. Wearing a hat will also help. Some of the common symptoms are an itch, a reddish appearance, a burning sensation and possible swelling. If this happens to you, it’s going to take time for it to heal. Cover both eyes for at least 18 hours and take aspirin (take aspirin only if you have drinking water) to combat the pain. Failing to treat for this condition can lead to a worsening of the problem, or even permanent damage.

- Heat cramps: When a body sweats profusely, not only is it losing water, it is also losing salt. When this happens, it can upset the electrolyte balance of your cells. The body will send signals that this is happening in the form of cramps. Heat cramps can affect any of the muscles, but will usually only affect the legs and the abdominal region. If suffering from heat cramps, you must get into the shade, slow the sweating, and drink water. Massage the legs to alleviate the cramps.

- Heat exhaustion: When the body is under the stress of heat, the blood near the surface of the skin has a tendency to pool. This pooling will deprive the vital organs and muscle of a good blood supply, and heat exhaustion can result. Symptoms often include heat cramps, a general weakness, moist skin (as opposed to dry skin with heat stroke), and a paleness of the skin (as opposed to a redness as with heat stroke). The skin doesn't feel hot to the touch; body temperature is near normal. Heat exhaustion can be serious. Get the victim to a cool shaded location and give him/her water. Fan the victim if necessary to keep him/her cool until help arrives.

- Heat stroke: While all heat related problems are serious, heat stroke has a high death rate and is considered the most serious. With heat stroke, all sweating ceases and the body rapidly builds up heat. The skin is red, hot, and dry to the touch. Sometimes the victim will be unconscious. Get the victim out of direct sunlight, and provide him/her with water. Administer salt-water solution (unless unconscious) and cool the victim rapidly. If a stream or pool is nearby, get victim in it. It is imperative that a physician or medical technician be sought as soon as rescue arrives.

For those who want to learn more about desert survival I recommend the book: Desert Survival Skills, by David Alloway.

Sunday, June 25, 2017

Lee Classic Loader

The ability to reload your rifle and pistol cartridges, and shotgun shells in the field is an essential tool for long term self-reliance and sustainability. While large and fairly expensive reloading sets will allow you to quickly reload a number of rounds; the Lee Classic Loader allows you to reload in the field using this easily packable kit. The following couple of videos show how simple it is to reload using the Lee Classic Loader.

Reloading with a Lee Loader

Инструкция к молотковому набору Lee Loader

Each Lee Classic Loader is set up for a specific caliber. In this example here, the 7.62x54R Russian.

Regardless of the caliber you are reloading, the procedure remains the same. This simple and effective reloading system should be in everyone's preparedness supplies.

Saturday, June 24, 2017

Power for Your Bug-Out Camp

When you are living in a remote location - perhaps having evacuated to your bug-out camp - you need not give up all of the convenience and technology of modern society. Portable power banks and solar chargers allow you to have a source of power that you can carry with you to almost any location.

Packable power generally comes in the form of standard batteries or power banks (which are just big batteries). The greater the milli-amp hours (mAh) of your power bank, the longer it will last. So, carry the power bank with the greatest number of mAh, balanced against the weight of the device itself since you will have to carry it. I like the RAVPower 26800 mAh Portable Charger, but any power bank with 20000 mAh or more should work out well for field use.

While most power banks can be charged by plugging them into your home’s electric power, this will not be an option for extended stays in remote areas. This is where solar panels come into play. Solar panels convert direct sunlight to energy which can then be stored in your power bank. Remember that a solar panel alone does not store power. You can run a device directly from a solar panel, as long as the solar panel remains in direct sunlight, but when the sun goes away, so too does your power. Connect your solar panel to your power bank, thereby keeping your power bank charged, and use the power bank to provide power for any devices you want to run.

I recommend carrying at least a 20-watt solar panel, although lower wattage panels will also work. Lower watt panels just provide a lower level of charging power for your batteries and power banks. A few solar panels to consider are:

RAVPower 24W Solar Charger
SunJack 20W Solar Charger
Anker 21W Solar Charger
Nekteck 20W Solar Charger
BigBlue 28W Solar Charger

With your solar panel and power bank you can provide power for devices in your camp almost indefinitely. As long as you have direct sunlight to keep your power banks charged, and of course don’t use more power than you can replenish, you can use your electronic devices in the field.

Power banks are often used to recharge cellular devices such as your smartphone or tablet. Other devices you might want to have in your camp are use powered LED light bulbs, such as the SunJack CampLight, the SunJack LightStick, or USB rechargeable Solar Camping Lantern.

Solar panels and power banks are not just for emergency, bug-out type, use. A week-long camping trip, or a weekend fishing at a mountain lake, hiking along a forest trail, or a cross-country road trip may all be places where you want to have portable power for some device. Even in your home, having a source of back-up power can be useful when there is a power outage, or just to make you less dependent on the local infrastructure.

Friday, June 23, 2017

Clarified Butter (Ghee) - Топлёное масло

Clarified butter and, the closely related, ghee are simply butter that has been cooked to remove any water and solids. Turning butter to clarified butter also gives the fat a higher smoke point (which means you can cook with it a high temperatures) and lengthens the shelf life of the resulting fat.

Clarified Butter
Melt a pound of unsalted butter in a heavy saucepan over low heat and slowly cook until the bubbling ceases and the liquid turns clear, 30 to 40 minutes. Strain and cool, being sure to leave any solids in the bottom of the pan. Store in an airtight container in the refrigerator.

Ghee
Melt a pound of unsalted butter in a heavy saucepan over low heat. As soon as it liquefies, turn the heat up to medium. When it finishes foaming, turn up the heat a little bit more and wait for it to foam a second time. Ghee is done when a second foam forms on top of butter, and the butter turns golden, approximately 7 to 8 minutes. Brown milk solids will be in bottom of pan. Gently pour into heatproof container through fine mesh strainer or cheesecloth. Store in an airtight container, being sure to keep free from moisture. Ghee does not need refrigeration and will keep well in an airtight container.

How to Make Clarified Butter Video

Ghee has a much higher smoke point than non-clarified butter, so you can cook it a high temps or mix it with lower-smoke point oils such as olive oil. To be technical, the smoke-point of ghee is 250 °C (482 °F), which is well above typical cooking temperatures of around 200 °C (392 °F) and above that of most vegetable oils. So it makes an excellent cooking oil.

Ghee has a shelf life of about six months when stored at room temperature. If kept in a cool area and clean of any food bits or other adulterations, it has been reported to last almost indefinitely. Some sources claim their canned ghee has kept for up to ten years. Use your own judgment and of course refrain from eating anything that appears, smells, or tastes off.

Trusted End Node Security - Encryption Wizard

Encryption Wizard (EW) https://www.spi.dod.mil/ewizard.htm is simple, strong, Java-based file and folder encryption software, developed by the American military, for protection of sensitive information. EW encrypts all file types for data-in-transit protection, and supplements data-at-rest protection. Without requiring a formal installation or elevated privileges, EW runs on Microsoft Windows, Mac OS X, Linux, Solaris, and many other operating systems. Behind its simple drag-and-drop interface, EW offers 128- or 256-bit AES encryption, several secure hashing algorithms, searchable metadata, encrypted archives with compression, secure file deletion (often called "scrubbing" or "shredding"), and PKI/CAC/PIV support.

EW Public Edition may be downloaded and used by anybody at no charge. It uses the cryptography support already present in Java. It contains all the important features of EW and serves as a good introduction to the software. (EW Government Edition is FIPS 140-2 validated. It uses a third-party cryptography module licensed for use by Federal employees and contractors only.) The two editions (Public and Govt) are interoperable.

EW Public Edition doesn't provide its own implementation of AES, it just uses whatever is supplied by your Java Runtime Environment. The AES algorithms and their underlying Rijndael ciphers are well known, publicly available, and extensively analyzed. No feasible attacks against AES have yet been demonstrated.

Is there a backdoor in EW? The software authors say no, explaining that a backdoor to a system needs a key. If the key to a backdoor were to get out (whether by accident, malfeasance, or disgruntled employees is irrelevant), then whatever is protected by that system becomes vulnerable. Given that the primary use of Encryption Wizard is to protect sensitive information relevant to the US DoD, inserting a master backdoor would be dangerously risky and profoundly shortsighted.

Can the TENS Encryption Wizard be trusted? Yes probably, as much as any encryption software can be trusted. It provides strong encryption that is more than sufficient for most personal or business use.

Thursday, June 22, 2017

Survival Training Videos (on YouTube)

Alone In The Canadian Wilderness (Survival Lilly)
https://youtu.be/WASK7oF9dog

SHTF Bug Out Bag (Survival Lilly)
https://youtu.be/UjoogtASNRM

Planting A Survival Cache - Bug Out Survival (Survival Lilly)
https://youtu.be/gy_el36iOIM

A-Z of Bushcraft - Survival and Wilderness Skills
https://youtu.be/nBJOg-uKE6c

The More You Know, The Less You Carry (Mors Kochanski)
https://youtu.be/XxIUI401zuU

SAS Survival (Lofty Wiseman)
https://youtu.be/iNdXy1JwsHc

SAS Survival Guide Escape and Evasion Part 1
https://youtu.be/DRdFeLSLaus

SAS Survival Guide Escape and Evasion Part 2
https://youtu.be/d5H_sDsonYk

Survival Basics Part 1 (Pathfinder School)
https://youtu.be/B1KnQp7D8sw

Survival Basics Part 2 (Pathfinder School)
https://youtu.be/VaLYfXiTfFI

Survival Basics Part 3 (Pathfinder School)
https://youtu.be/hbpkW28swT8

Survival Basics Part 4 (Pathfinder School)
https://youtu.be/oTHiRXQwH7k

Survival Basics Part 5 (Pathfinder School)
https://youtu.be/t84xGjdGPYg

Wilderness Survival - Part 1 (Ron Hood)
https://youtu.be/yOpLVQJWXR0

Wilderness Survival - Part 2 (Ron Hood)
https://youtu.be/Nw2iagS5ymQ

Wednesday, June 21, 2017

OpenPuff Steganography & Watermarking Tool

The word "steganography" comes from the Greek words steganos, meaning hidden or covered, and graphia, meaning to write. Thus, steganography refers to hidden writing or to methods for concealing messages. The advantage of steganography is that it allows sensitive information to be hidden in mundane and innocuous carrier files. Steganography is not new. It has been used at least since the time of ancient Greece. Today with modern computers and the rapid exchange of information across the Internet, steganography allows information to be shared with individuals in areas and in situations where their communications are monitored and their freedom of expression and association is repressed. This paper discusses the OpenPuff - Steganography & Watermarking Tool.

One of the most popular steganography programs is the OpenPuff Steganography & Watermarking Tool. OpenPuff is freeware and provides the user with the ability to encrypt and hide data in audio (wav), image (bmp, jpg, png), and stream (Mp3, Mp4, Vob) carrier files, as well as in pdf files and a few other file types as well. OpenPuff focuses on the security of your hidden information, and is highly recommended for anyone who needs to exchange information securely and covertly.

OpenPuff safeguards hidden information by encrypting the data and protecting it with up to three different passwords. At least one password of eight characters is required to hide data with OpenPuff. Additional passwords increase the security of the hidden data. Hidden data can also be split across multiple carrier files, allowing large amounts of sensitive information to be concealed. OpenPuff further protects hidden information by adding a large amount of random data (noise) to the information before it is encrypted and hidden.

A special feature of OpenPuff is ‘Deniable Steganography’ which allows two separate sets of data to be concealed in a carrier file. This allows someone to hide both sensitive information and decoy information. If forced to disclose the passwords protecting the hidden data, a user can give up the decoy passwords, revealing non-incriminating information, while sensitive information still remains hidden and protected by a separate set of secret passwords.

OpenPuff also allows one to insert a hidden string of up to 32 characters into a carrier file. This is a type of digital watermark. This digital watermark can be revealed, without the need for a password, using the CheckMark function in OpenPuff. This digital watermarking function can be used to identify and track files posted to public forms or shared with selected groups of people.

OpenPuff is fairly easy to use, but there is a little bit of a learning curve for people unfamiliar with the software. For example, because OpenPuff saves a carrier file (with hidden data) as the same name as the file used to create that carrier file, these files must be saved to separate locations / folders. Trying to create a carrier file from a photo on your desktop and then save the photo with hidden data back to the desktop generates an error but does not identify what caused the error. The error message just states: "Couldn’t create target: [Filename]." Other errors can be generated when a user tries to hide too much data in a small carrier file, or when OpenPuff password strength requirements are not met when hiding data in a carrier file. In general, however, with several minutes of practice any person with basic computer skills will be able to easily use OpenPuff to conceal sensitive information.

Using Steganography

A primary purpose of steganography is to hide sensitive information from censors, abusive regimes, spies, and thieves. Information that appears to be mundane, innocuous, and perhaps even a little bit boring will attract little attention. Information that is encrypted, using PGP for example, may not be able to be decrypted and read by an adversary, but the use of encryption may cause an adversary to believe that the message contains sensitive or illicit information, whether it does or not. In some places the use of strong encryption may be restricted or prohibited. Steganography allows encrypted information to be hidden from prying eyes.

When using steganography to transmit information there should be a plausible reason for sending a file to someone in the first place. Just sending attached photos or files without any associated comments or context can appear suspicious. Instead of sending a file to someone directly, an innocuous photo might be posted to a web-page or on-line forum. Anyone that wanted to do so could copy the photo, but only someone with OpenPuff and knowledge of the correct passwords could recover any hidden information that the photo might contain.

It should be noted that because of the way some social media sites, like Facebook, process posted photos, information hidden using OpenPuff, and other steganography programs, may be corrupted or destroyed in photos uploaded to these sites. If using a social media site to exchange information using steganography it is important to conduct tests to ensure that data integrity is maintain in uploaded files.

Steganography works well to hide small amounts of sensitive data in otherwise innocuous information. The greatest limitation of steganography is that carrier files must be significantly larger than the data being hidden. You can’t hide the text of a large book in a small image file. Large amounts of data are best hidden in audio (wav) or stream files (Mp4), and OpenPuff does this quite well. With OpenPuff you can also split large amount of data over multiple carrier files.

As with all security tools, it is important to practice using OpenPuff to become proficient, and to be able to take full advantage of the capabilities of the software. OpenPuff is an important tool for security researchers and for anyone who needs to share sensitive information.

OpenPuff is certainly not the only steganography tool available. There are several other steganography tools available (some of which are quite good), but in the opinion of the author OpenPuff is the best steganography tool currently available. OpenPuff’s ability to encrypt data, conceal that data in several different types of carrier files, split data over multiple carrier files, and provide for the hiding of decoy data to help guard against coercion - forcing someone to disclose passwords used to protect hidden information - makes OpenPuff must have security software.

Visit the OpenPuff Steganography & Watermarking Tool web-site

Watch Keith Barker's instructional video on using OpenPuff

Tuesday, June 20, 2017

TOR - The Onion Router

TOR is free software for enabling anonymous communication. TOR enables its users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both licit and illicit purposes. The name is derived from an acronym for the original software project name "The Onion Router".

TOR software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

TOR won't encrypt your data - for that, you'll need a Virtual Private Network (VPN). Instead, TOR routes your Internet traffic through a series of intermediary nodes. This makes it very difficult for government snoops or aggressive advertisers to track you online. Using TOR affords far more privacy than other browsers' private (or Incognito) modes, since it obscures your IP address so that you can't be tracked with it.

TOR does not prevent an online service from determining when it is being accessed though TOR. TOR protects a user's privacy, but does not hide the fact that TOR is being used.

You can access the TOR web-site at https://www.torproject.org/ and download the latest version of TOR for your particular operating system. I strongly recommend that you download and use a copy of the TOR browser to help protect your on-line privacy. If you have the computer resources and a bit of technical skill, run a TOR node. If you don't have the technical savvy to personally run a TOR node, you can still help expand the TOR network by encouraging your public library or local college to run a TOR node on their network.

As you will see as you begin to use TOR and learn more about the TOR network, the system is not perfect. While TOR greatly improves your on-line privacy, you must practice good cyber-security to make TOR work most efficiently. Think of TOR as just one more important tool in your cyber-security toolbox.

TOR Security Tips from the TOR Web-site:

Use the TOR Browser - Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.

Don't torrent over TOR - Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that's how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else.

Don't enable or install browser plugins - Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy.

Use HTTPS versions of websites - Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website. Also see EFF's interactive page explaining how Tor and HTTPS relate.

Don't open documents downloaded through TOR while online - Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files, unless you use the PDF viewer that's built into Tor Browser) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.

Use bridges and/or find company - Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!

To learn more about TOR, see the official TOR website (https://www.torproject.org/), particularly the following pages:

Monday, June 19, 2017

Knots

Sunday, June 18, 2017

Solar Ovens

Solar ovens (solar cookers) use the reflected and concentrated rays of the sun to cook food. In arears with clear, warm, and sunny days solar cookers are an excellent method of cooking food and purifying water.

Commercial solar ovens are available from a number of companies, such as the:

Solavore Sport Solar Oven - Portable Solar Cooking Package Complete with All Season Solar Reflectors, 2 Granite Ware Pots, Oven Thermometer, and Water Pasteurization Tool

and the ...

Sunflair Portable Solar Oven Deluxe with Complete Cookware, Dehydrating Racks and Thermometer

Both of these solar ovens are excellent products, but tend to be a bit on the expensive side. You can build a solar oven yourself, for just a few rubles, that will be almost as effective as these commercial models. The WikiHow site has simple instructions on How to Make and Use a Solar Oven. There are even instructions on-line that show how to make a solar oven from a pizza box.

Dr. Mary Keith has published an excellent video on YouTube: "How to Make a Solar Cooker" that I recommend for anyone interested in making a solar oven. There are several other YouTube videos that demonstrate the construction and use of solar ovens. Watch a few of these videos to see various solar oven designs, but most importantly make a solar oven yourself as a practical fieldcraft and survival project.

The difference between cooking in a solar oven and cooking in a conventional oven or over an open flame is that solar ovens cook at a lower temperature over a longer period of time. Solar ovens work much like a ‘slow cooker’. The Solar Cooking Wikia offers guidelines for cooking with a solar oven.

To use a solar oven, you will need dark colored (i.e. black) cooking dishes. Darker colors absorb and hold heat better than lighter colors. The Granite Ware 4-Quart Bean Pot and the Granite Ware 3-Quart Covered Casserole Dish are both good choices for use in a solar oven. You should avoid using shiny pots and pans as they reflect the solar rays and thus retain less heat in the solar oven.

An important use of your solar oven is to use it to make water safe to drink by pasteurization. Contrary to common belief, biologically-contaminated water does not need to be boiled to make it safe to drink; it only needs to be brought to a temperature that is sufficient to kill all disease-causing organisms. This is known as water pasteurization. Because the pasteurization temperature is much lower than the boiling temperature, pasteurization results in great fuel savings when compared to boiling.

Pasteurization is a gentle heating process designed to reduce the number of viable microorganisms in a liquid to the point where they are rendered harmless. It is a technique that has been used for decades to lengthen the shelf life of milk and more recently is used to treat a wide variety of liquids - including juices.

The technique is really simple. All you do is gently heat the liquid (in this case water) to just over 65 degrees Celsius (149 degrees Fahrenheit) and then maintain that temperature for at least one minute. If you do that, the water is considered pasteurized and has been rendered safe from any microorganisms that may be lurking in the unpasteurized water.

So if it only takes 65 degrees to make the water potable, why does everyone say to boil the water?

When water boils, we get a visual indicator that it is at a certain temperature, 100 degrees Celsius (212 degrees Fahrenheit.) Unless you have a temperature measurement device - a thermometer or a water pasteurization indicator (WAPI) - the bubbles generated by boiling water are the only visual indicator.

Solar ovens are easy and inexpensive to build. They allow you to cook food and purify water anytime that you have a warm and sunny day. Solar ovens require no additional fuel, and they can operate unattended throughout the day. Of course, solar ovens are not the perfect solution to all of your cooking problems in the field – they don’t work at night, and on cold, cloudy, and rainy days they are much less efficient. Still, I believe that knowing how to build and use a solar oven to prepare food and purify water is a useful skill to have.

Saturday, June 17, 2017

What Do You Do?

The likelihood that you will survive a long-term emergency depends largely on survival planning done today. Planning and preparation will enable you to react to a developing situation quickly and safely.

If a disaster strikes in your community, you might not have access to food, water, or electricity for several days. You may think that you will have enough time to run to the grocery store, but stores quickly sell out of important supplies following emergency warnings. Preparing emergency kits for your family is an important step in keeping them safe and healthy during a disaster.

Because your family may not be together when a disaster strikes it is important to create a plan in advance. Your plan should include:

How you will get to a safe place
How you will contact each other
How you will get back together
What you will do in different situations

It’s never too early to create a survival plan for you and your entire family - but if you wait it may be too late.

Friday, June 16, 2017

Water Storage

Water is an essential element to survival and a necessary item in an emergency supplies kit. Following a disaster, clean drinking water may not be available. Your regular water source could be cut-off or compromised through contamination. Prepare yourself by building a supply of water that will meet your family’s needs during an emergency.

A common recommendation is that you should store one gallon of water per person per day, for drinking and sanitation. A medical emergency might require additional water. If you live in a warm weather climate more water may be necessary. In very hot temperatures, water needs can double. Don’t forget to include your pets and livestock when calculating how much water you will need during an emergency.

There are other things that you may need water for during an emergency. For example, it takes 1.5 to 2-gallons of water to flush a toilet. When there is no water coming into your home you can still flush your toilet by pouring water into the bowl, or by filling the tank and flushing as normal. If you plan to use your toilet during an emergency, be sure to have a water supply with which to flush it.

The most basic water storage is a 5 - 7-gallon container, such as the Aqua-Tainer 7 Gallon Rigid Water Container. Larger storage containers such as a 35-Gallon Water Tank, or the Augason Farms 55-gallon Emergency Water Storage Kit are available to increase your water storage at home. Even when storing water in larger containers, I recommend that you have at least one 5 - 7-gallon container of water per person to allow a small supply of water to be carried with you if you are forced to evacuate your home.

35-Gallon Water Tank

A US gallon of water weighs about 3.78 kilograms or 8.34 pounds at 62 °F (17 °C). A 55-gallon barrel of water weighs about 209 kilograms or 459 pounds. So, be sure that wherever you are storing your water can support the increase in weight. Even a 7-gallon container of water weighs 26 kilograms (60 pounds), so you are not going to carry this if you have to evacuate on foot, but it is reasonable to add a 7-gallon container of water to your vehicle if you are able to drive out of the evacuation area.

When storing water, it is good to use household chlorine bleach to disinfect water from any questionable source. Store a bottle of unscented liquid household chlorine bleach (label should say it contains 8.25% of sodium hypochlorite) to disinfect your water, if necessary, and to use for general cleaning and sanitizing.

Add a container of water to your preparedness supplies today. It’s simple to do, but an essential if your regular supply of water becomes unavailable or contaminated.

Augason Farms 55-gallon Emergency Water Storage Kit

Thursday, June 15, 2017

.300 AAC Blackout

The .300 AAC Blackout (also known as 7.62×35mm) is a rifle cartridge developed in the United States by Advanced Armament Corporation (AAC) for use in the M4 carbine. Its purpose is to achieve ballistics similar to the 7.62×39mm Russian cartridge in an AR-15 while using standard AR-15 magazines at their normal capacity. The .300 AAC Blackout uses the same lower receiver, magazines, and accessories as the standard AR-15 rifle; you need only swap out the barrel for one chambered in .300 AAC Blackout to convert your AR-15 from 5.56 NATO to .300 AAC Blackout.

For those who want the power of the Russian 7.62x39mm Russian (AK-47) cartridge, but like the AR-15 style rifle, the .300 AAC Blackout is the way to go. The shooting results shown here, demonstrate that there is very little difference between the 7.62x35mm cartridge and the 7.62x39mm cartridge.

So, the question comes down to whether you prefer the AR or the AK style of rifle. And, of course, whether .300 AAC Blackout ammunition is available to you.

Wednesday, June 14, 2017

Hidden and Disguised Weapons

In the Hávámal, Odin specifically instructs men never to go about unarmed, as a man will never know when he will meet danger, and have need of a weapon. However, one may not always carry a weapon openly, nor is it always desirable to do so. A hidden or disguised weapon can often give you an advantage against an attacker who makes the mistake of believing you to be unarmed and therefore an easy victim. And, in today’s world filled with hoplophobes and oppressive governments that seek to disarm their citizens, a hidden or disguised weapon may be your best option to carry with you each day.

So, here are just a few hidden and disguised weapons that you may find of interest...