Category Archives: Security
Nuke support in UK hits record high
via The Register – Nuke support in UK hits record high.
If only we had such sense here in Ireland, we can’t meet our commitments and it will hurt the economy in the long run not to go nuclear. The ESB has said “sometime in the 2030′s we will need to look at it” – why not look at it now? These projects take 10-15 years at least to implement properly.
My Top Chrome Extensions
Below I present some very useful extensions I use while using Google Chrome, in no particular order.
Adblock – Blocks ads just like Firefox extension and makes the web less junky to look at. You can whitelist good ads, and an argument could be had your harming websites revenue stream, but a lot of nasty tricks such as spyware, malware have used ads as a vector to spread. Not least the dishonesty some sites use in splitting up articles in to 10 pages to pump ad revenue.
KB SSL Enforcer – If you don’t know what https or ssl means don’t worry. All it is encrypted webpages which protect your information between you and that website. Commonly used in banking online, it is now spreading to sites like Facebook, Gmail, Twitter and the like as a more secure way to protect your information. This extension turns it on without you even noticing!
Vanilla – not that nice flavour of ice-cream! - A Cookie Whitelist Manager that helps protect your privacy. Automatically removes unwanted cookies.What are cookies? Little text files that website use to remember who you are. It’s okay if you have an account and log in, but the trouble arises when nefarious people use it to track which sites you visit.
Bookmark Sentry - A bookmark scanner that checks for duplicate and bad links. I imported 100′s of bookmarks from firefox collected over about 4/5 years at least. Websites change, move content, you can accidentally bookmark a website twice. This helps get your bookmarks working for you and being useful again!
Site to Phone - sends links from your browser to your phone or tablet – be it Android, Nokia, or Apple iOS device. You bookmark a page on your mobile device and install this nifty extension in Chrome, when you click the button, next time you open that page on your mobile deivce, it will open it automatically.
Webpage Screenshot – does what it says on the tin, but can take a screenshot of the whole page of a website, no nasty scrolling and trying to stitch to halves of a screenshot together, works like magic!
Google SSL Web Search – protects your web searches from prying eyes. Can use an option in Chrome or be set as the main search engine.
About:Flags (Chrome Beta only for now
Most people won’t know about Chrome’s about:flags (open a new tab, enter about:flags, hit enter), similiar to Firefox’s about:config and possibly just as dangerous, it presents “under the hood” options normal users wouldn’t need to touch. Some of them are very cool to use and will no doubt cement Chrome’s market share gains. Here’s my favourites:
Tab Overview: Enables Expose like Mac OS X interfaces for swapping between tabs, very cool1
Disable outdated plug-ins: Disables plugins if Chrome knows about security problems with your old version of the plugin. Not only that but offers to update.
XSS Auditor: Adds protection from Webkit to prevent sites trying to steal information you have on the other (crazy non-real-world example would be Yahoo! trying to get Google login info) Replace Google with any site and Yahoo! with a nefarious one.
Instant: Like Google instant web search like I do? You’ll love this that loads webpages as you type. Example is www.google.com, then erase com and put in ie and you never had to press enter once to visit Google.ie, like magic!
SSH Guide
Note: This Guide was written for use by my Computer Science class on Linux (and Mac OS X where noted). I haven’t used SSH on Windows; but hopefully someone can make sure this guide works also on Windows by noting differences). SSH comes with nearly all Linux distros and all Mac OS X releases.
OS Specific Colours: Linux – Mac OS X – Windows
Download SSH For Windows
Windows: You need to follow README located in Start > All Programs > OpenSSH > README to set up password directories and files. After that is done; just do Start > Run; type cmd and hit enter to get Windows command line. All commands beginning with SSH should run unmodified.
By default it allows access to your username and password; which is okay but not totally secure! If you are logging on from a machine which has the same username as one you are trying to access you can drop ‘myusername@’ bit. mylaptop represents the IP address of the machine you are trying to contact!
$ ssh myusername@mylaptop
To forward X server (use the flag -Y on Mac OS X) :
$ ssh -X myusername@mylaptop
To use a different port (where port is WXYZ) also: (use the flag -Y on Mac OS X):
$ ssh -X myusername@mylaptop -p WXYZ
How to get it more secure:
Generate your own key (this will ask for a password; can be left blank but not recommended):
$ ssh-keygen
Copy your key to machine you want to login to:
$ scp ~/.ssh/id_dsa.pub mylaptop:~/.ssh/authorized_
keys2
(This command uses SCP (Secure Copy) to copy your key into a list of keys allowed on remote machine. You also have an authorized_keys2 on your computer)
(This command uses SCP (Secure Copy) to copy your key into a list of keys allowed on remote machine. You also have an authorized_keys2 on your computer)
Edit Configuration File:
Finally edit configuration to make it more secure (nano is a lightweight text editor – this command will be very different on Windows; since it won’t have sudo command, nano editor or the SSH configuration file in the same place; I currently have no clue what it would be on Windows):
$ sudo nano /etc/sshd_config
Options I recommend changing (hash at the start means it is commented out; so remove to take effect) :
#Port 22 - change to whatever; recommended between 2000-65000
Enable these three:
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
Set to ‘yes’ and uncomment to allow forwarding of visuals:
#X11Forwarding no
Set to ‘yes’ and uncomment if you want to use your machine as a proxy:
#AllowTcpForwarding yes
#PermitTunnel no
Now save the file with you changes ( CTRL and X; it will ask to save; enter Y and enter key). These will not come in to effect until to stop and start the SSH server!
Stop/Start on Linux
To stop SSH server, enter:
$
To start SSH server, enter:
$
To restart ssh server, enter:
$
$
sudo /etc/init.d/ssh stopTo start SSH server, enter:
$
sudo /etc/init.d/ssh startTo restart ssh server, enter:
$
sudo /etc/init.d/ssh restartStop/Start OS X
To stop SSH Server, enter:
$ sudo /sbin/service ssh stop
To Start SSH server, enter:
$ sudo /sbin/service ssh start
That is it!
Most of the options you can skip based on preference. I recommend not allowing password only login and setting up keys. It is much harder to break; and there is no ‘known’ way to break it….
Windows Vista Security: Better than Linux?
After reading a nice article written by Jeff Jones, a security researcher for Microsoft. He says he isn’t biased, saying he worked over 75% of his career outside Microsoft, using Slackware Linux, Unix, HP Unix etc. He claims Windows Vista has less security holes than popular versions of Linux, such as Ubuntu (he also compares Red Hat, Novell, Mac OS X). First let me say why his facts are distorted, and why he knows his facts are distorted. His facts do raise an issue of slow patching of vulnerabilities across the software Industry, but Linux performs the best consistently because anyone can audit the code. Here’s why his comparisons are uneven:
- Linux is open source, so various tools can be used to find vulnerabilities. We don’t have this luxury with Windows, any holes found are needles in a haystack, but the target of the Windows monopoly allows greater incentive to find these needles
- Linux has used SUDO and ROOT users properly since its inception (Think of Administrator in Windows). Anyone who is not a root user on Linux cannot install programs, make system wide changes, and you can even stop them from using USB keys, CD Drives etc if you are paranoid. Now this has received much attention, Vista has retroactively inserted this kind of security, but by my experience, it is very obtrusive, and can be switched off. Root in Linux is alot harder to stop, and theres no graphical way to do it, so the average user won’t.
- A link to my second point above, Programs in Linux can only access what they need to, the home folder of the user that is running it and very little else. I don’t know what the case is in Vista, but in Windows XP, almost any program could destroy your system, by picking at the much famed registry.
He provides pretty graphs, let me provide my own:
(click on Graphs to Enlarge)
As you can see, Ubuntu Linux 7.04 (released April) compares comparatively better to Vista, available since January. The Graphs are provided by Secunia, an independent security research firm. Microsoft often downplays vulnerabilities other companies like Secunia find, which is also a factor that Jeff Jones did not mention (maybe he forgot?). I forget where this famous quote comes from but I have paraphrased: “You cannot depend on a man understanding a problem if his salary depends on him not understanding it”, which I think affects Mr. Jeff Jones.
