Showing posts with the label security

How to protect your Google account

Choose better passwords or "GPU Password Cracking"

GPU Password Cracking on your graphics card it mind-bogglingly easy. Your average ATI Radeon card can accomplish brute-force cracks of most common password in minutes, hours of your get "crazy" and add in symbols (such as &,#,%, etc.) If you don't do that, please change your passwords now!

Also, try not to use things such as "Freddy1946Mercury" and think it's safe. Nor "FreddyMercury1946" or similar. They know that too and checking for it first, to see if you can skip brute-force attack is easily done. Instead consider "Fr3dd7M3rcur71946$". Almost the same, but (almost) infinitely harder to crack and still easy to remember. Even better, if you start with a symbol or put it in the middle of the name or date. But they're still names and variations thereof. Best is to use something like the Mozilla Secure Password guide. You can also solely use generated passwords in combination with a tool such as LastPass or KeyPass.

O2Micro Smartcardbus driver for Linux 2.6

Just because it took a really long time to find it and because previous links in forums didn't seem to work, there is an O2Micro Smartcardbus driver for Linux 2.6 kernels available through the MUSCLE project. Other hits I found used a usr:pwd combination in the URL and that didn't work for me. Hope this helps.

Trying to install opensc and openct to get the built-in smart card reader in the Fu(s)jitsu Lifebook e8110 to work with the VPN solution from work. KPN is starting to promote working from home in order to reduce the housing needs for all its employees. 5 years too late if you ask me, but better late than never! ;) But you'll need to use your company (smart)card, if a reader is available, to identify yourself with a VPN client.

Testing it on Ubuntu 9.04 (LiveCDs RULE!) Get opensc through the Universe repository; you may need to edit your apt sources to activate it. And you need pcsclite, also from MUSCLE.
There is also a tool called o2scr that may work. Untested yet. An…

IMAP Email on the Nokia 6230

Having spent an hour trying to get Gmail access working on my old Nokia 6230, I gave up an reverted to using XS4ALL, my ISP. I know that used work. Using their excellent online helpdesk I quickly retrieved the settings and verified once more IMAP access to my Email is working.
I think the trick is the Nokia doesn't support SSL. So configuring IMAP using SSL ports 993 and 465 for secure, private and encrypted Emails to and from their server, didn't work. However, using TLS (ports 143 and 587 resp.) worked fine! Now that I know that, I may switch over the Gmail if needed. For now it's nice to know I can send/receive Emails on my phone should I need it.

Update: I think Gmail will never work on the 6230. Gmail requires the use of SSL over port 993 for incoming IMAP mails. The phone only supports TLS (port 143). Bummer.

Installing Firefox Portable in an Internet Center

Having spent 1 day in Schiphol, waiting for my flight, I've been to the KPN Internet Cafe a few times. While you can access KPN hotspots using various accounts from third-parties, if you don't have a laptop, your only way to read Email is to use the terminals from KPN. And you can only pay for access: €3 for 15 minutes. Thieves, that 's what they are. ;)
To make matters worse, these terminals run an outdated Windows version with most certainly not the latest security fixes for IE and... the dreaded IE6. (When I'm back in the office, I'm going to write somebody about fixing it!). Problem with IE6 is that it's a terrible browser, no standards support, very leaky and brain-dead. Gmail, Facebook, Twitter... they all warned me I was using a bad browser. Sadly, most of these terminals are protected against updating configuration and installation of software. But wait, there is more...
I went to, downloaded FF 3.5.3 (9 MB), installed it in My Documents …

The Pirate Bay fights back with anonymous internet

PirateBay, world's largest Torrent tracker, is fighting back legislation with an anonymous internet service. WTG PB!

The beta VPN services makes users very hard to track by opponents of the Torrent system. 113,000 people have already signed up for IPREDator, 80% from Sweden. 3000 are currently in the beta test program.

Of course, you could also utilize the Tor anonymous proxy system with your browser.

Yubikey One-Time Password Authentication

Linux Journal: "A number of factors inspired me to take a closer look at the Yubikey. For starters, it is such a simple and elegant solution to two of the major problems the security industry is facing these days: authentication and identity management. Furthermore, I really like how Yubico, the manufacturer of Yubikey, is trying to integrate the Open Source movement into its business strategy. In this article, I cover three topics related to this little device. First, I explain what the Yubikey does and how to use it. Second, I examine how it works. Third, I show how to integrate the Yubikey authentication service into your own infrastructure without too much trouble."

It got my full attention! :nerd:
Update: an alternative to yubikey is swekey, which supports any OpenID service. Also good.

T-Mobile G1 handset gets unlocked

Already... the Android phone has just gone on sale in the UK and already the T-Mobile G1 is unlocked.

Ubuntu 8.10 Server Edition arrives tomorrow

Ubuntu 8.10 Server Edition arrives tomorrow and introduced a load of new features for Ubuntu servers. Virtualization, a complete Java stack including OpenJDK, better mail capabilities including anti-virus and anti-spam measures, default encrypted home directories if you so choose, hardening of packages and easier firewalling. Last but not least: integrated system management using Landscape.

WiFi monitor arrives on Linux desktops

A really nice WiFi monitoring, debugging and securing tool for WiFi networks, which has been freely available for Windows and OS X for some time now, has arrived for Linux too!

The Xirrus WiFi software let you:

Details on available WiFi networks, including SSID, signal strength, channel, and security
Current WiFi connection signal strength with five-minute history
Display of WiFi adapter IP and MAC addresses

Applications for the utility include, searching for WiFi networks, verifying WiFi coverage, locating WiFi devices, detecting rogue APs, aiming WiFi antennas.

Protect your data with self-correcting code

This guy is a my kind of hero. Smart, savvy, open and helpful. He is the guy who downloaded the entire wikipedia, so he could browse it offline too. :) And he surprised everyone with the facts that wikipedia is only 2-3 GB in size and can be imported in minutes in your local copy for personal pleasure (vs. day-long imports in MySQL)...
But he also devised a way to protect his imported data from data corruption. Despite ubiquitous storage in the form of CDs, DVDs, Blu-ray, USB keys, USB disks and RAID arrays, one single bad block or magnetic pulse or scratch can still cause read errors in your precious backup and make you loose that one important file just when it need it badly (Murphy's Law).
Thanassis used a very common error-correcting Reed-Solomon code to add 32 bytes of redundancy to every 233 bytes of data, resulting in 255 bytes shielded against 16 failures! His code works on most Intel x86 operating systems (Linux, Free/Net/OpenBSD, Windows(Cygwin/MinGW) and is easy to use. …

Blurred Out: 51 Things You Aren't Allowed to See on Google Maps

Blurred Out: 51 Things You Aren't Allowed to See on Google Maps. A surprising number of which are in the Netherlands...! Lots of NATO things, airfields, Royal real estate and EU research labs... interesting!

Dutch government gags Oyster researchers

The Dutch public transport MIFARE chip card, that was supposed to be launched next year, is on hold due to researchers at the Radboud University of Nijmegen. Now, our secretary of state Tineke Huizinga, has explicitly asked them to be silent about any details on or information about security flaws in order to make abuse more difficult. As if shooting the messenger will change the news! Read Dutch government gags Oyster researcherson The Register.
/me shakes his head in distaste

Safegarding your data with Parchive

Here is an interesting read for making your DVD backups more reliable and protected from some corruption or aging...
In Safegarding your data with Parchive, Mike West, describes a similar approach to providing some self-repair capabilities to your backups as newsgroups users have been doing for years. He uses parchive to create a redundant CRC .par file of his (backuped files and directories on) DVD, so that - in case of read errors or lost information - he can repair the damaged files. You can use isobuster to read damaged CDs/DVDs and then recover the lost data using the .par files you have for each directory or file. Cool!

Canon’s Iris Registration Mode

Canon has filed a patent application for digitally watermarking photos taken with the camera. Canon’s Iris Registration Mode describes a way for the photographer/owner to register his iris biometrics when he unpacks the digicam. Later, not during his work, the camera can embed the biometric watermark in the images... interesting!

Yahoo CAPTCHA Hacked

CAPTCHA is a way to try and prevent automated robot attempts at posting news, messages, articles or comments online, or create new accounts with a service. It provides the form with an image that is hard to read for machines but relatively easy for humans.
Now it seem that Yahoo CAPTCHA is Hacked! A Russian team has achieved 35% accuracy, high enough when you can do 100000 attempts per day easily... This is a bit nerving news, as almost all blogs are susceptible to these types of automated abuse.

Steal This Wi-Fi

Wired has an interesting article about Bruce Schneier, a security expert, who does not protect his home WiFi network. Mainly because there is nothing to get, his computers are all secure and travel outside his home too. So what is the point in protecting nothing? Criminals who use your network to do bad things...? The article lists his talks to several lawyers on the subject and his bottom-line: why bother? You may need someone else's open WiFi when your provider stalls and leaves you offline for several days! Then we'll talk again!
Good point! Read the aricle Steal This Wi-Fi.

Mozy Online Backup: Simple, Automatic, Secure

Read a rumor on TheRegister that EMC was buying online backup start-up Mozy. They seem to have a pretty nice offering! Free 2 GB online backup or $4.95/mo for a better, unlimited service. And Pro for even bigger accounts... ;)

Bastille Linux: A Walk-through

You use a "hardening program" to try to make your system as secure as possible, from the ground up. Generally, you deactivate unnecessary services and better the configurations of the ones you leave enabled. This is wildly effective, as it can eliminate many of the vulnerabilities that are common on Linux/Unix platforms.

read more | digg story

Mac Systems Management

Having become a bit of an OSX fan lately, this thread on Slashdot caught my eye: Mac Systems Management. Good to know. Petra has also bought a MacBook Pro, so I need to know more about keeping Macs secure... just in case someone wreaks havoc with a BSD worm. :)