Since now I have an Ubuntu Server setup at home, I feel the need to use a client from my Ubuntu 13.04 VM. In order to do that I followed this great concise guide I found from ubuntulinuxhelp.com (from garymacritchie)
---
The SSH Client
The SSH Client is the piece of software that you have on the computer you are sitting in front of and typing on. It sends messages to the SSH server which is on the remote computer (such as the webserver). We’ll assume that there is already a valid SSH server up and running that you are trying to connect to.
In Ubuntu, there is a SSH client installed as standard and it is called Open SSH.
To use it, you simply open a terminal and proceed any command with “ssh”.
For example, if you would like to log in to your remote server, just use the command…
ssh username@mysite.myserver.org
However, as this is a blog that likes to keep things simple (and annoy a lot of the die-hard Linux geeks), I’m going to suggest a different tool… PuTTY.
PuTTY is a client program for SSH (among other things) and gives a neat little interface for making SSH connections. It is also in my opinion one of the best pieces of software ever written. It has been around for ever and can also be used on Windows without installation (just runs as a .exe). Learn this little guy and you will never look for another SSH client.
Install PuTTY by typing the following into a terminal…
sudo apt-get install putty
You will then find the PuTTY program among your other internet applications.
(When you start it up, you will be able to enter the ip address or name of the remote computer you wish to contact and click connect. You will then be asked for password etc. If you are going to be using SSH regular, you can save that connection as a profile which makes things easier).
Showing posts with label NetSec. Show all posts
Showing posts with label NetSec. Show all posts
Tuesday, June 11, 2013
Friday, May 31, 2013
Linux distro sampling - Ubuntu GNOME and Kali Linux
I decided to try a few new distros this week after realizing that my current Ubuntu 12.04 install is wrecked. Before picking what to install next on my dual boot machine I decided to try out a couple of things in a VM form. So I downloaded VirtualBox, installed that, changed my BIOS to be able to run a virtual machine and off I went installing Ubuntu Gnome.
I had seen a few videos of the distro and read some reviews of Gnome 3 and thought this looks quite nice, looked nicer than KDE and it seemed a bit more practical and fast than Unity. Well after installing it I'm not nearly as impressed as I thought I would be. I don't like a lot of aspect of this version of gnome. I thought I would like the idea of a desktop environment that's simple, clean and minimalist, but I don't. I like the search function of the DE but it's not even as good as Unity at that. Not having minimize and maximize buttons is annoying even if they are not essential. The color scheme is annoying and I can't find a quick way to remediate that without downloading something. I know this is probably not related to my desktop environment, but the software center in this distro has no search function, and that's just abnoxious. I ended up downloading synaptic which I do like but seriously. I'm also not a big fan of the file manager that comes with this distro, Nautilus in my opinion is superior. All in all I think I would go back to the regular Ubuntu as soons as I can unless I do find something better before I make the jump back.
After trying to get my old copy of Backtrack 5 running on my newer laptop and having a lot of issues to fix I decided to go ahead and download a more recent version of BT which would be BT5R3. Well I discovered in this process that there is a whole new distro that is the next BT called Kali Linux. I did a bit of reading and despite my natural propensity to avoid change I went ahead and downloaded Kali. First thing I noticed was how much smaller the ISO file is compared to BT5. The OS uses KDE and it isn't nearly as sleek looking as BT5 was, but obviously aesthetics of a distro with this kind of purposes is kind of a silly thing to worry about. The bottom line is that I'm extremely impressed with this distro. I don't think I will ever touch BackTrack again after experiencing Kali. It's faster, lighter, does the job with minimal problems. It also took a lot less configuring to get things I needed working to work such as the network adapter. I would strongly recommend anyone using BT to try Kali next chance they have, it's a wonderful change from BT in the sense that it does what you need it to with minimal to no headache. Great move by the developers.
Since I'm at it and this was something I did recently I figured I'd post it here too... I mentioned in earlier posts that I'm also working with a server distro on my old laptop. I'm using it headless with Putty on my desktop machine. Right now I have it running a samba server which shares any HD attached to my dock, and this week I installed miniDLNA on it to share media over my network to other machines as well as my PS3 (mainly to my PS3 really).
My experience so far with this distro has been very positive. It's so fast even on my old shitty laptop. Working on it through a command line and no GUI has actually been quite an interesting experience. I'm not going to say it's not a bit more challenging to work on it this way (at least for a noob like me), but I feel like I'm learning quite a bit and it just makes the whole experience "cleaner" if you understand what I mean. It's nice having such a minimalist OS running in my server.
Ubuntu GNOME 13.04 - I want my unity back, sorry Gnome 3 but it's just not going to work out.
Ubuntu Server 12.04 - Fast and reliable, what else do you need from a server?
Kali Linux 1.0.3 - An upgrade from BT5, I didn't think it was possible. It was love at first ARP spoof.
Ubuntu GNOME
Kali Linux
After trying to get my old copy of Backtrack 5 running on my newer laptop and having a lot of issues to fix I decided to go ahead and download a more recent version of BT which would be BT5R3. Well I discovered in this process that there is a whole new distro that is the next BT called Kali Linux. I did a bit of reading and despite my natural propensity to avoid change I went ahead and downloaded Kali. First thing I noticed was how much smaller the ISO file is compared to BT5. The OS uses KDE and it isn't nearly as sleek looking as BT5 was, but obviously aesthetics of a distro with this kind of purposes is kind of a silly thing to worry about. The bottom line is that I'm extremely impressed with this distro. I don't think I will ever touch BackTrack again after experiencing Kali. It's faster, lighter, does the job with minimal problems. It also took a lot less configuring to get things I needed working to work such as the network adapter. I would strongly recommend anyone using BT to try Kali next chance they have, it's a wonderful change from BT in the sense that it does what you need it to with minimal to no headache. Great move by the developers.Ubuntu Server 12.04
Since I'm at it and this was something I did recently I figured I'd post it here too... I mentioned in earlier posts that I'm also working with a server distro on my old laptop. I'm using it headless with Putty on my desktop machine. Right now I have it running a samba server which shares any HD attached to my dock, and this week I installed miniDLNA on it to share media over my network to other machines as well as my PS3 (mainly to my PS3 really).
My experience so far with this distro has been very positive. It's so fast even on my old shitty laptop. Working on it through a command line and no GUI has actually been quite an interesting experience. I'm not going to say it's not a bit more challenging to work on it this way (at least for a noob like me), but I feel like I'm learning quite a bit and it just makes the whole experience "cleaner" if you understand what I mean. It's nice having such a minimalist OS running in my server.
Overall (tl:dr)
Ubuntu GNOME 13.04 - I want my unity back, sorry Gnome 3 but it's just not going to work out.
Ubuntu Server 12.04 - Fast and reliable, what else do you need from a server?
Kali Linux 1.0.3 - An upgrade from BT5, I didn't think it was possible. It was love at first ARP spoof.
Monday, April 8, 2013
You are a pirate
Recently it dawned on me that my needs for pirating have changed greatly since I started doing it, back in the Napster years. Pirating was something that began as a bit of a desire to have digital content such as music, videos, games and general software. As a teenager and eventually a university student, I just wouldn't be able to afford all these things. Once I got a job, and began my career I started to be able to afford things and I also started to feel the need to support things I cared about. I had heard the opinions of some many publishers and musicians that despite losing money from this practice, still supported it.
The first one I can remember, actually came from Fred Durst who always supported music sharing because it is how a lot of his music and the music of his peers even began to gain popularity. At the time I was a musician myself, and I voluntarily placed my music on Napster and similar services, in the hopes that if my music was linked to other popular artists I would be able to get it out. Obviously that didn't work for me in the end. The industry's attitude towards piracy has always been negative, of course because they make less money, however this is clearly an attitude of self interest, and of capitalist greed rather than a true desire to expand the reaches of the art. Also, what's even the point of trying to fight a war that has already been lost. All this pointless effort does is cost millions of dollars, affects greatly the few that actually get sued by these companies and in the end gets them nowhere.
Another great example from the industry for me was Notch, the Swedish game developer responsible for Minecraft. He basically said that he doesn't mind pirating. He made this game that eventually became very successful and the main reason for his success was efficient sharing of his content. Notch said that he prefers that people play an enjoy his game even if it is pirated. Obviously he prefers if people pay for it, but in the end, he would prefer someone playing the game for free than not playing it at all. It obviously gives him great personal satisfaction. Now, to be completely honest, when I first heard of Minecraft I thought "I don't get why this game is good". I was still intriged by it's sudden popularity during the beta days. So I downloaded it in torrent form. I played it for a week or so and decided it was good, so I purchased a license of the beta game. That wasn't the last time I did that either.
In the end, fighting against piracy is futile. Instead intelligent folks like Gaben and the guys behind Netflix decided to use the change in the industry to make money. They have been extremely successful and I gladly pay for their services. I have no problem paying money to support services trying to improve customer experience during a time where so many others are losing money.
Another big change in my downloading practices is that I started to pay money to pirate things. I dislike the idea of anti piracy efforts so much, and the anti privacy policies involved so much, that I rather pay for a third party to provide me with annonymity, than to pay for the media I'm wanting to use, just not enough to pay for it. This has an upside and a downside. On the downside, these anti piracy moves threaten the very essence of the internet. It threatens the greatest advancement in humanity of the last century, which is now the core that moves information, disseminating it over our ever shrinking world. Which means we have to continue to fight to maintain our cybernetic freedom. On the upside, I think this fear produced causes people to be more careful and make them attempt to protect themselves as well as educated themselves. Me, I learned all about networks like Usenet, which is a history lesson as well. I learned about VPNs, and how to hide behind proxies. All very useful information in this age where we are quickly becoming more vulnerable.
++
Anyone, just to wrap this post up here is a relevant video http://www.youtube.com/watch?v=bEBbu-wkKrs
The first one I can remember, actually came from Fred Durst who always supported music sharing because it is how a lot of his music and the music of his peers even began to gain popularity. At the time I was a musician myself, and I voluntarily placed my music on Napster and similar services, in the hopes that if my music was linked to other popular artists I would be able to get it out. Obviously that didn't work for me in the end. The industry's attitude towards piracy has always been negative, of course because they make less money, however this is clearly an attitude of self interest, and of capitalist greed rather than a true desire to expand the reaches of the art. Also, what's even the point of trying to fight a war that has already been lost. All this pointless effort does is cost millions of dollars, affects greatly the few that actually get sued by these companies and in the end gets them nowhere.
Another great example from the industry for me was Notch, the Swedish game developer responsible for Minecraft. He basically said that he doesn't mind pirating. He made this game that eventually became very successful and the main reason for his success was efficient sharing of his content. Notch said that he prefers that people play an enjoy his game even if it is pirated. Obviously he prefers if people pay for it, but in the end, he would prefer someone playing the game for free than not playing it at all. It obviously gives him great personal satisfaction. Now, to be completely honest, when I first heard of Minecraft I thought "I don't get why this game is good". I was still intriged by it's sudden popularity during the beta days. So I downloaded it in torrent form. I played it for a week or so and decided it was good, so I purchased a license of the beta game. That wasn't the last time I did that either.
In the end, fighting against piracy is futile. Instead intelligent folks like Gaben and the guys behind Netflix decided to use the change in the industry to make money. They have been extremely successful and I gladly pay for their services. I have no problem paying money to support services trying to improve customer experience during a time where so many others are losing money.
Another big change in my downloading practices is that I started to pay money to pirate things. I dislike the idea of anti piracy efforts so much, and the anti privacy policies involved so much, that I rather pay for a third party to provide me with annonymity, than to pay for the media I'm wanting to use, just not enough to pay for it. This has an upside and a downside. On the downside, these anti piracy moves threaten the very essence of the internet. It threatens the greatest advancement in humanity of the last century, which is now the core that moves information, disseminating it over our ever shrinking world. Which means we have to continue to fight to maintain our cybernetic freedom. On the upside, I think this fear produced causes people to be more careful and make them attempt to protect themselves as well as educated themselves. Me, I learned all about networks like Usenet, which is a history lesson as well. I learned about VPNs, and how to hide behind proxies. All very useful information in this age where we are quickly becoming more vulnerable.
++
Anyone, just to wrap this post up here is a relevant video http://www.youtube.com/watch?v=bEBbu-wkKrs
Saturday, March 16, 2013
Anonymous exposing presidential election vulnerabilities
I just found this neat artile on Tom's Hardware and figured it was interesting enogh to share:
Earlier this month, hactivist group Anonymous announced (PDF) that it helped put President Barack Obama back into office for another 4-year term by preventing Republican activist and Fox News anchor Karl Rove from electronically stealing votes from Obama supporters. The group claims that Rove somehow laid tunnels through voter tracking software that would have switched votes from Obama over to Romney in at least three states.
"We began following the digital traffic of one Karl Rove, a
disrespecter of the Rule Of Law, knowing that he claimed to be Kingmaker
while grifting vast wealth from barons who gladly handed him gold to
anoint another King while looking the other way," the group said. "After
a rather short time, we identified the digital structure of Karl's
operation and even that of his ORCA."
Anonymous said that Rove "left the barn doors wide open", meaning the digital tunnels the Fox News anchor had supposedly established were left unsecured, granting any hacker easy access into the voter tracking system. Thus the group created what it called The Great Oz, a targeted password protected firewall to keep additional hackers, including Karl Rove, out.
"We placed this code on more than one of the digital tunnels and their destinations that Karl's not-so-smart worker bees planned to use on election night," they wrote. "We noticed that these tunnels were strategically placed to allow for tunnel rats to race to the server sewers from three different states. Ah yes, Karl tried to make it appear that there were more than three but we quickly saw the folly of his ploy."
Anonymous said that once the firewall was established, Karl's "speared ORCA whale was beached", as his team of supposed hackers, obviously hired to alter voting in Romney's favor, tried to penetrate the firewall and failed exactly 105 times.
"We have a warning for Karl," the group said. "Sail again at your peril. We may just put all the evidence into a tidy little package and give it to a painfully bored nemesis hanging out in a certain embassy in London."
The announcement claims that Rove's ORCA was discovered at 10am EST on November 6, and then speared by The Great Oz later on at 8pm EST. The group also hints to previously stolen elections which "resulted in terrible destruction across the globe", thus provoking the group into following Rove's data trail. The Examiner also points out that Ohio suffered server problems on November 6 at around 11pm, mirroring an identical situation in Ohio that took place in 2004.
While we won't jump into politics, the claim made by Anonymous poses a good question: can the system used to track votes be fully trusted in an age where servers and firewalls are breached seemingly every week, exposing sensitive data owned by companies and individuals? And if the Anonymous story is true, then how did Rove get into the system and install his pipeline? Did someone give him access or was this an actual hack?
Something tells us that we'll find out soon enough.
--
Here is the original article for anyone interested
Earlier this month, hactivist group Anonymous announced (PDF) that it helped put President Barack Obama back into office for another 4-year term by preventing Republican activist and Fox News anchor Karl Rove from electronically stealing votes from Obama supporters. The group claims that Rove somehow laid tunnels through voter tracking software that would have switched votes from Obama over to Romney in at least three states.
"We began following the digital traffic of one Karl Rove, a
disrespecter of the Rule Of Law, knowing that he claimed to be Kingmaker
while grifting vast wealth from barons who gladly handed him gold to
anoint another King while looking the other way," the group said. "After
a rather short time, we identified the digital structure of Karl's
operation and even that of his ORCA."Anonymous said that Rove "left the barn doors wide open", meaning the digital tunnels the Fox News anchor had supposedly established were left unsecured, granting any hacker easy access into the voter tracking system. Thus the group created what it called The Great Oz, a targeted password protected firewall to keep additional hackers, including Karl Rove, out.
"We placed this code on more than one of the digital tunnels and their destinations that Karl's not-so-smart worker bees planned to use on election night," they wrote. "We noticed that these tunnels were strategically placed to allow for tunnel rats to race to the server sewers from three different states. Ah yes, Karl tried to make it appear that there were more than three but we quickly saw the folly of his ploy."
Anonymous said that once the firewall was established, Karl's "speared ORCA whale was beached", as his team of supposed hackers, obviously hired to alter voting in Romney's favor, tried to penetrate the firewall and failed exactly 105 times.
"We have a warning for Karl," the group said. "Sail again at your peril. We may just put all the evidence into a tidy little package and give it to a painfully bored nemesis hanging out in a certain embassy in London."
The announcement claims that Rove's ORCA was discovered at 10am EST on November 6, and then speared by The Great Oz later on at 8pm EST. The group also hints to previously stolen elections which "resulted in terrible destruction across the globe", thus provoking the group into following Rove's data trail. The Examiner also points out that Ohio suffered server problems on November 6 at around 11pm, mirroring an identical situation in Ohio that took place in 2004.
While we won't jump into politics, the claim made by Anonymous poses a good question: can the system used to track votes be fully trusted in an age where servers and firewalls are breached seemingly every week, exposing sensitive data owned by companies and individuals? And if the Anonymous story is true, then how did Rove get into the system and install his pipeline? Did someone give him access or was this an actual hack?
Something tells us that we'll find out soon enough.
--
Here is the original article for anyone interested
Wednesday, August 22, 2012
Settled on Astrill as my VPN service
For a while I have been looking into different ways to gain a bit more privacy while online. I love the internet, and I do think it is the greatest invention of the 20th century, however, political parties and their archaic outlook on new technologies, slows down the natural progress of it. One of the main problems with the internet is privacy. Laws have not been evolving as quickly as the community, so a lot of them are outdated and infringe on basic freedoms already achieved in the real world. For that reason, I have decided that investing a little bit on a VPN service would be worthwhile.
I did a fair bit of research, and ended up settling on Astrill. I looked at a lot of different services, and as a package I think Astrill's service really suited my needs. One of the other contenders was "Hide my ass", which seems to be one of the most popular services out there. Indeed it was one of the ones I was most interested in. However, HMA made big news at one point when the folks from lulzSec got caught. Apparently HMA did provide authorities with logs that gave away a lot of vital information about its members. So entirely due to principles, in this case being that it makes no sense to pay a fee for privacy, if privacy is not really garanteed. It's not like LulzSec killed anyone.
The other big contender was Strong VPN, which I almost signed up with before I had done more reading. Their prices seem fair, and they do have a lot of options in terms of where their servers are, however, I really was looking for a service that included servers in different countries, freedom to switch servers frequently, the ability to connect via PPTP or OpenVPN. At Strong VPN, the ability to have all those things would cost me quite a lot, so I decided to go with Astrill. They offered pretty much all I wanted for a decent price if you do at least a 3 month contract.
The installation in Ubuntu as well as Windows 7 was easy. On Ubuntu you may need to download OpneVPN through apt-get, but after that you just click to download a small client. Windows just requires the client. I'll use it during the next few months, and I'll post if I encounter any problems.
I did a fair bit of research, and ended up settling on Astrill. I looked at a lot of different services, and as a package I think Astrill's service really suited my needs. One of the other contenders was "Hide my ass", which seems to be one of the most popular services out there. Indeed it was one of the ones I was most interested in. However, HMA made big news at one point when the folks from lulzSec got caught. Apparently HMA did provide authorities with logs that gave away a lot of vital information about its members. So entirely due to principles, in this case being that it makes no sense to pay a fee for privacy, if privacy is not really garanteed. It's not like LulzSec killed anyone.
The other big contender was Strong VPN, which I almost signed up with before I had done more reading. Their prices seem fair, and they do have a lot of options in terms of where their servers are, however, I really was looking for a service that included servers in different countries, freedom to switch servers frequently, the ability to connect via PPTP or OpenVPN. At Strong VPN, the ability to have all those things would cost me quite a lot, so I decided to go with Astrill. They offered pretty much all I wanted for a decent price if you do at least a 3 month contract.
The installation in Ubuntu as well as Windows 7 was easy. On Ubuntu you may need to download OpneVPN through apt-get, but after that you just click to download a small client. Windows just requires the client. I'll use it during the next few months, and I'll post if I encounter any problems.
Tuesday, August 21, 2012
PPTP, OpenVPN, IPSec and L2TP - What's the difference?
I have recently started to look into VPN services to enhance my privacy while using the interwebs. One thing that started to confuse me pretty quickly was the variety of different servers available, and honestly it took me a while to start to understand what the differences are. Well to make this process simpler for other people, here is a nice short summary from zzing123, which was posed at "perfect-privacy.com forum.
On a general level, PPTP was invented by Microsoft as a VPN that could be used with dialup, and is far older than OpenVPN, and as such is practically available from any device that supports a VPN of some description. That and the fact it's easy to use are really the only reasons it's used. In terms of security it's basically crap: at best it uses 128 bit encryption with an RC4 handshake (Handshake is the authentication/login process for setting up the VPN). At worst, 64 bit encryption and a plain-text handshake (so it wouldn't even take 2 weeks: just read the packet!). Naturally, PP uses the better sort.
OpenVPN is - in this league - very new technology. It's basically the amalgamation of several technologies, like SSH, Stunnel, OpenSSL's encryption libraries all of which provide unix with best of breed power and together form OVPN, a best of breed VPN. OVPN allows you to choose the method and algorithm for handshaking as well as for data encryption, plus uses SSL certificates, PSK's or User/Pass (or a combination of) to authenticate clients on top of that. With hardware acceleration, OVPN is easily faster than PPTP. Without acceleration, it's entirely dependent on the algorithms chosen - Blowfish is designed to be the fastest software-only algorithm, so OVPN would be a lot faster than PPTP. Encumbered with a software AES-256 implementation, and PPTP's 128 bit encryption is faster. This ultimate configurability is also OVPN's downfall: it's pretty complicated to set up.
With PP's OVPN service, ideally they should provide a client.crt and client.key unique to every customer, instead of using the auth-user-pass directive for ultimate security, but management of these keys becomes a nightmare. That said PP uses RSA 4096-bit encryption for the handshake and AES-256 for data, which are probably the two most secure algorithms you can use currently in OVPN.
There is also a third technology: L2TP / IPSec. L2TP provides the layer 2 tunnel, and IPSec the encryption, and was invented by Cisco to bridge 2 networks together. IPSec uses either RSA or a Pre-Shared Key (PSK) for the handshake, which uses Diffie-Hellman hashing over and above that. For data, it can use 3DES, DES, Blowfish, AES and CAST-128. IPSec does have pretty good support in clients and is widely regarded as being PPTP sorted out. Because Cisco developed it to sell more routers, a lot of expensive network gear has IPSec support built in, meaning that if you have very expensive network kit using IPSec, your VPN's will be so fast there's practically no latency overhead. Software implementations are as fast as PPTP.
So in summary:
- Choose PPTP: If you want an albeit crusty VPN technology available everywhere
- Choose OVPN: If you want the most powerful, secure and modern VPN
- Choose IPSec/L2TP: If you want high performance between two sites
Wednesday, October 12, 2011
Vim - what's so special about this text editor?
I've heard about Vi and Vim a few hundred times since I've started my exploration of the Linux world. Up until today, I thought the only real reason people like using Vim is because of the ease of use when programming and features that apparently allow technical text editing at a different level. At this point I can't say I will ever understand what is so special about Vim, but I definitely found a use for it.
I have been looking for ways to safely store my passwords electronically. I have moved away from the basic text file with all the info for a while, but I do miss having that kind of accessibility. Well, I found out Vim may offer an interesting option for me, which is to read and edit encrypted text files. So I may be able to go back to my simple text password storage, and still be safe. If you are interested in this topic here is some more info for you:
Downloading Vim is pretty simple, especially if you are using ubuntu (or any other ?buntu). Vim is easily found in the Ubuntu Software Centre, you can get it through Synaptic Package Manager as well. As I'm not 100% familiar with Vim yet, I can't explain what the add-ons do yet. Getting Vim via the terminal is also pretty easy, and that's how I got it for my laptop:
This however will only get you the terminal version of Vim, which is a bit tricky to get started with. There are some useful tutorials out there for anyone interested in how to work with Vim on a terminal. It certainly seems full featured, but the learning curve is there for new users. Alternatively there is also a GNOME GUI version of Vim that may interest you more (this is called gvim in Ubuntu). To install such application you may use the terminal by typing:
The interesting use I have been talking about for Vim, is the ability to encrypt files using Vim very easily. Just to get you started on how to work with Vim, you can use this URL to help you getting a grasp of the basics.
Once you know how to create, open and save a file, as well as how to insert text you can use the following command in the terminal to create an encrypted file, which will require a password to be opened. Very handy! If this file does end up in the wrong hands somehow, it can be opened with any text editor, but it will simply look like gibberish.
$ vim -x filename.txt
Once you create your file you will be prompted for a password, just make sure you don't forget this password of course. I'm not sure how you go about creating this encrypted file using the GUI version of Vim (gvim), however once you create this file using the terminal version of Vim, you can open and edit the file via the GUI Vim.
I have been looking for ways to safely store my passwords electronically. I have moved away from the basic text file with all the info for a while, but I do miss having that kind of accessibility. Well, I found out Vim may offer an interesting option for me, which is to read and edit encrypted text files. So I may be able to go back to my simple text password storage, and still be safe. If you are interested in this topic here is some more info for you:
Downloading Vim is pretty simple, especially if you are using ubuntu (or any other ?buntu). Vim is easily found in the Ubuntu Software Centre, you can get it through Synaptic Package Manager as well. As I'm not 100% familiar with Vim yet, I can't explain what the add-ons do yet. Getting Vim via the terminal is also pretty easy, and that's how I got it for my laptop:
$ sudo apt-get install vim
This however will only get you the terminal version of Vim, which is a bit tricky to get started with. There are some useful tutorials out there for anyone interested in how to work with Vim on a terminal. It certainly seems full featured, but the learning curve is there for new users. Alternatively there is also a GNOME GUI version of Vim that may interest you more (this is called gvim in Ubuntu). To install such application you may use the terminal by typing:
$ sudo apt-get install vim-gnome
The interesting use I have been talking about for Vim, is the ability to encrypt files using Vim very easily. Just to get you started on how to work with Vim, you can use this URL to help you getting a grasp of the basics.
Once you know how to create, open and save a file, as well as how to insert text you can use the following command in the terminal to create an encrypted file, which will require a password to be opened. Very handy! If this file does end up in the wrong hands somehow, it can be opened with any text editor, but it will simply look like gibberish.
$ vim -x filename.txt
Once you create your file you will be prompted for a password, just make sure you don't forget this password of course. I'm not sure how you go about creating this encrypted file using the GUI version of Vim (gvim), however once you create this file using the terminal version of Vim, you can open and edit the file via the GUI Vim.
Wednesday, September 14, 2011
Delving into Linux - wget, metasploit (Ubuntu) and searching for files
I've been spending a significant amount of time learning more about Ubuntu lately and I have to say, Linux impresses me more every day. I figured I should share some of my most recent finding with my readers.
wget - This command line tool comes on Ubuntu out of the box, and probably other linux distros as well I would imagine. It is great for downloading things, giving you the ability to resume unfinished downloads as well as being quite a persistent little app. Not only that, but it also allows you to download full websites through it, which I still haven't learned how to use. Anyway, here are some links to help you get started using this tool.
15 wget examples
Download an entire website (saved on your home folder by default)
http://www.go2linux.org/limit_rate_resume_downloads_wget
Metasploit - This is a popular pentesting framework that I first discovered in my BackTrack distro. I wanted to start learning how to use MSF on my Ubuntu distro and this guide helped me get it setup fairly easily
http://www.redspin.com/blog/2011/08/19/installing-metasploit-4-in-ubuntu-11-04/
Recoll - This great little tool allows you to search through your computer files. It is an open source application available for many different distros and it is not terribly bulky to run. I tried google desktop but that didn't quite work out for me.
http://www.lesbonscomptes.com/recoll/
wget - This command line tool comes on Ubuntu out of the box, and probably other linux distros as well I would imagine. It is great for downloading things, giving you the ability to resume unfinished downloads as well as being quite a persistent little app. Not only that, but it also allows you to download full websites through it, which I still haven't learned how to use. Anyway, here are some links to help you get started using this tool.
15 wget examples
Download an entire website (saved on your home folder by default)
http://www.go2linux.org/limit_rate_resume_downloads_wget
Metasploit - This is a popular pentesting framework that I first discovered in my BackTrack distro. I wanted to start learning how to use MSF on my Ubuntu distro and this guide helped me get it setup fairly easily
http://www.redspin.com/blog/2011/08/19/installing-metasploit-4-in-ubuntu-11-04/
Recoll - This great little tool allows you to search through your computer files. It is an open source application available for many different distros and it is not terribly bulky to run. I tried google desktop but that didn't quite work out for me.
http://www.lesbonscomptes.com/recoll/
Wednesday, September 7, 2011
Tor project - protecting privacy while browsing
I just discovered a nice little tool to help protect me from the dangers of browsing. This tool is called Tor. This is a free software that helps you protect yourself from network surveillance and traffic analysis. If you care about anonymity online, this may be a good option. In order to get it running you can do some reading and get the app here:
Ubuntu instructions
Ubuntu installation
More Ubuntu network privacy info
Windows instructions
Tor also has a plugin for Firefox, and since I'm a Firefox user I will also need Torbutton
Just a note, Tor will help you with anonymity, but in no way it is perfect, there are still risks. Not only that but be aware that using Tor will probably slow down your internet, so use it as you see needed. If you have the firefox plugin you can enable and disable it whenever you want, which adds a bit of flexibility depending on your needs.
Ubuntu instructions
Ubuntu installation
More Ubuntu network privacy info
Windows instructions
Tor also has a plugin for Firefox, and since I'm a Firefox user I will also need Torbutton
Just a note, Tor will help you with anonymity, but in no way it is perfect, there are still risks. Not only that but be aware that using Tor will probably slow down your internet, so use it as you see needed. If you have the firefox plugin you can enable and disable it whenever you want, which adds a bit of flexibility depending on your needs.
Friday, July 15, 2011
New antivirus and anti-malware
After some significant frustrations with my computer in recent days I decided to looks for different ways to protect my machine. I was basically using Norton Antivirus and just whatever comes with windows in terms of firewall and stuff.
On my desktop now I have been running Microsoft Security Essentials and I have had a good experience so far. I is only using 2.1k of memory compared to the 15k I was using with NAV.
http://download.cnet.com/Microsoft-Security-Essentials/3000-2239_4-10969260.html
http://www.microsoft.com/en-ca/security_essentials/default.aspx
I am now also using malwarebytes to get rid of unwanted malware that isn't picked up by MSE. This is a great little program, that you can use for free if you get a version without live protection. It's not a big deal to use the free version as long as you do regular scans imo.
http://www.malwarebytes.org/
Lastly, I've also been using the Microsoft Safety Scanner on a weekly/biweekly basis. It is a backup way to look for unwanted software and scripts. It helps remove viruses, spyware and other malicious software in conjunction with the AV. It works similarly to malwarebytes, where you have to do scheduled scans, but I've had quite a bit of success using it to get rid of some of those really really annoying ad-wares. Here is where you can pick up a free copy:
http://www.microsoft.com/security/scanner/en-us/default.aspx
*note that this one is updated often, and the software expires in 10 days since it will be outdated already by then. I tend to use this one twice a month or so.
On my desktop now I have been running Microsoft Security Essentials and I have had a good experience so far. I is only using 2.1k of memory compared to the 15k I was using with NAV.
http://download.cnet.com/Microsoft-Security-Essentials/3000-2239_4-10969260.html
http://www.microsoft.com/en-ca/security_essentials/default.aspx
I am now also using malwarebytes to get rid of unwanted malware that isn't picked up by MSE. This is a great little program, that you can use for free if you get a version without live protection. It's not a big deal to use the free version as long as you do regular scans imo.
http://www.malwarebytes.org/
Lastly, I've also been using the Microsoft Safety Scanner on a weekly/biweekly basis. It is a backup way to look for unwanted software and scripts. It helps remove viruses, spyware and other malicious software in conjunction with the AV. It works similarly to malwarebytes, where you have to do scheduled scans, but I've had quite a bit of success using it to get rid of some of those really really annoying ad-wares. Here is where you can pick up a free copy:
http://www.microsoft.com/security/scanner/en-us/default.aspx
*note that this one is updated often, and the software expires in 10 days since it will be outdated already by then. I tend to use this one twice a month or so.
Subscribe to:
Posts (Atom)