Your Email is a Security Swiss Cheese
Posted: 9 April 2017 Filed under: Security | Tags: email, encryption, ProtonMail, security Leave a commentFriends, neighbors, fellow security-conscious Romans, lend me your ears…
If your privacy and security are important to you, you really need to check out ProtonMail. It’s an encrypted (highly secured) email service that offers you piece of mind when sending your personal messages to friends, family or business contacts across the Internet.
Most other email providers like Gmail, Hotmail, Yahoo, AOL, etc. are NOT secure. Your messages are sent “in the open”; meaning just about anyone with the knowhow can read your mail. There’s an old saying on the Internet, if you send unsecured emails, you need to consider that the same as sending those old style 3×5 post cards through the regular mail services (the postman who picks up and delivers to the mailbox outside your home).
If you’re serious about security when you’re on the Internet and during transmissions of personal or business emails, you should check out ProtonMail. It’s free! A little donation from time to time would help them maintain their quality service, though.
No. I’m not getting any favors from ProtonMail for sending you this. The more folks that I deal with via email who start using this secure service, the more secure our correspondence will be.
Something to think about, anyway…
Later,
~Eric
BASH – Shellshock
Posted: 28 September 2014 Filed under: Linux | Tags: BASH, bug, Open Source, patch, security, shell, Shellshock Leave a commentNothing Lasts Forever
Posted: 25 March 2014 Filed under: Linux, Microsoft Windows, Security | Tags: anti-malware, anti-virus, botnet, End of Life, End or Support, Internet, Linux, malware, Microsoft Windows, security, XP 3 CommentsThe time is rapidly approaching when Microsoft will permanently suspend all support for the Windows XP operating system.
Are we sad to see it go? Yes, in many cases, I’m sure that there will be a ground swell of angst and sadness that XP is going the way of the dodo. Unfortunately, life is all about change. We need to learn to embrace it. AHEM! Yeah… I sound like an Anthony Robbins commercial here. The facts of the matter are that many individuals and businesses around the world are still using that insecure Swiss cheese OS called Windows XP. Don’t get me wrong. I used to like XP a lot. I have a lot to be thankful to XP for, actually. It’s the NUMBER 1 MAIN REASON I started using the GNU/Linux operating system as my primary OS on ALL of my production machines.
I often wonder why MS had such a difficult time keeping ahead of the hackers, spammers, and malware merchants for much of XP’s lifetime. Being the numero uno operating system in the world definitely painted a rather large target on XP’s back, I would think. Why would a pimple faced miscreant sitting in front of his Mac on the island of Zoobie-doobie target GNU/Linux’s 1% when it could hit ’em big by hacking MS Windows XP’s 95% or so worldwide users? Makes sense, right? So, poor MS had to fight a losing rear guard action as it retreated into its hardened (by 3rd party mercenaries) Norton and McAfee bunkers. It was what it was.
MS learned a few things from that experience, though. They implemented many innovations into their new Win 7 and Win 8 operating systems to lessen the need for the hired guns required by XP to guard the gates. Sorry about all the military analogies today. I seem to be stuck in that mode at the moment. But I digress… Er, where was I? Ah. Yes… I was saying that nothing lasts forever. I think that’s the point of this exercise, anyway.
Back in the day, when I was much enamored by the Win 98SE operating system, I dreaded the time when MS would stop supporting it. I swore to never go over to the dark side by submitting to the charms and siren songs of that new OS, Win XP. Myeh… I eventually broke my vow. Sure, XP was an improvement over 98SE, but it was also a seemingly unprepared plunge into the future by Microsoft. I’m not sure anyone could have predicted the explosion of naughty, nasty, downright malicious behavior that would soon raise it’s pimply faced, greasy haired head on the Internet.
The pizza and Jolt soda driven hordes descended on the cyber world like never before. Few operating systems or their overseers were prepared for the onslaught. There are exceptions to this… AHEM. Linux. 😉 Anyway, don’t let me gloat too long on that. Moving on… So what now, security wise? Are we any better off in the world now that Win 7 and 8 are in dominance and XP is falling by the wayside? Hmm… I’m not so sure. I understand that MS can’t continue to waste time and resources at their 100% for-profit capitalist corporation to continue to pour hot oil and push back the scaling ladders of the invaders forever. Yet, there are millions of XP users worldwide who are going to become a giant botnet once open season is declared by MS in just a few weeks. Can you even imagine what fun those acne suffering residents of Zoobie-doobie and elsewhere are going to have spreading their mayhem?
If you’re running an XP system that has access to the Internet, I would strongly recommend pulling the plug on it. I’m being serious now, folks. Once Microsoft stops patching newly discovered vulnerabilities in the XP operating system, your ass will be swinging in the breeze out there. The 3rd party anti-virus and anti-malware companies will not be focusing on XP nor will they be able to keep up with the hordes that will be descending upon that OS after April of 2014. Do yourselves a favor. Move on to Win 7 or even 8. I can’t honestly recommend 8 to you at this time because I’ve read too much bad press about it and because I’ve never experienced it myself personally. I can, however, say that Win 7 is a very solid OS. If you can still find yourself a copy of it, that would be a wonderful alternative.
And I know many of you out there expect me to make the GNU/Linux suggestion. Well, that’s really the optimal alternative, as far as I’m concerned. However, it wouldn’t necessarily be that optimal for many Win XP users. Folks are often reluctant to change and unwilling to invest time into learning something new. They would have to do both to use GNU/Linux. Yes, there are relatively gentle transition distributions out there… Ubuntu, Linux Mint, Vector Linux, Zorin, Ultimate Edition, Mepis, etc., but there is still a pretty good learning curve for folks coming from XP. It is what it is. I’m not one to bullshit, so take that for what it’s worth.
End your XP dependence. You’ll be better for it.
Later…
~Eric
Image credits: all clipart images in this article courtesy of http://www.clker.com/
Microsoft One Drive and Office Online
Posted: 7 March 2014 Filed under: Miscellaneous | Tags: cloud computing, cloud services, Microsoft, Office Online, One Drive, security, Win 7 7 CommentsDon’t be shocked now, but this hardcore Slackware Linux user does still have an MS Windows operating system (Win 7) installed on a partition on my main system and one on my office laptop.
I know some of you are highly disappointed to hear this, but fret not. The only reason I have Win 7 on my main system is for gaming. I don’t use it for anything else. Slackware is most definitely my daily production OS, but the PC games I play perform much better in Windows. It’s just easier for me to play them that way than in any kind of virtual environment. Also, I do need to stay up-to-date on MS Windows in order to be tech support for my family and friends whom I haven’t converted to GNU/Linux yet.
Anyway, tonight I was bored, so I consolidated my Microsoft login credentials and signed up for their One Drive (formerly Sky Drive). It was fast, simple, painless, etc., as is most Windows point n’ click world these days. One Drive is basically MS’s Dropbox; works pretty much the same way, too. However, you get more space (7 Gig) with your initial One Drive account than with Dropbox (2 Gig).
I like the way MS has tied in all their services and connected them to the unified login. I do have one complaint, though. They’re trying to improve security with two-step verification and all that, but they still do not allow passwords greater than 16 characters. What’s up with that MS?
The Office Online service is pretty neato, too. You just go there and start using Word or Excel or whatever. It’s all saved to your spiffy new One Drive account. Ah… computering in the clouds. Ain’t it all grand? Till it gets hacked or crashes. This stuff is all pretty cool, but I probably won’t ever use it for anything of any importance. I don’t trust cloud computing. I want my important data on my own SECURED GNU/Linux systems, not swingin’ out there in the breeze on someone’s cloud servers.
But that’s just me. Try Microsoft’s new One Drive and Office Online services. They are pretty COOL! 🙂
Later…
~Eric
The End of the Internet…
Posted: 21 August 2013 Filed under: Internet Privacy | Tags: 1984, Big Brother, BIG Gov, Homeland Security, Internet privacy, privacy, security, surveillance state 2 Comments… and quite possibly your own personal privacy? How has it come to this?
The truth is outing in small bits and pieces. It’s like a large sack of feces oozing from small rents in its skin. The Surveillance State is very reluctant to give up its game plan. Are people like Assange, Manning, Snowden, and others really the EVIL plotters and traitors that governments around the world are desperately trying to paint them up to be? As more and more of the reality of our current security/surveillance apparatus comes out in to the light of day for our shocked appraisal, can we see a pattern here? Are we being lied to by our governments? Nah… say it ain’t so, Joe. 😦
Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under
robber barons than under omnipotent moral busybodies. The robber baron’s cruelty may sometimes sleep, his cupidity may at some point be
satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.~ C. S. Lewis
A few days ago, Ladar Levison of Lavabit did a brave thing.
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations.
Just today, Pamela Jones of Groklaw did a brave thing.
There is now no shield from forced exposure. Nothing in that parenthetical thought list is terrorism-related, but no one can feel protected enough from forced exposure any more to say anything the least bit like that to anyone in an email, particularly from the US out or to the US in, but really anywhere. You don’t expect a stranger to read your private communications to a friend. And once you know they can, what is there to say? Constricted and distracted. That’s it exactly. That’s how I feel.
Where will this end? These are brave people mentioned above who have decided to NOT participate in a system they can no longer believe in or recommend to others. This is one type of bravery. Another type is the Manning, Snowden, Assange type. And still another type will be those who will eventually rise up and do something about our world going so wrong on us. Really, folks… George Orwell didn’t have a clue. He had no idea of the technology that would be just around the corner to make his nightmarish world come true in spades!
Big Brother is watching you!
~ George Orwell
More seepage today from that sack of shit…
U.S. futuristic spy apparatus taking shape
The Department of Homeland Security recently tested a crowd-scanning project called the Biometric Optical Surveillance System — or BOSS — after two years of government-financed development. Although the system is not ready for use, researchers say they are making significant advances on it. That alarms privacy advocates, who say that now is the time for the government to establish oversight rules and limits on how it will someday be used.
This better alarm more than just privacy advocates. It better damned well alarm YOU, dear reader. Put down your damned mobile device for a couple minutes. Get off Facebook for just a moment or two. Pick up a newspaper. Visit an online news site. Pay attention to what’s happening to your world right now, this minute. Do it for yourself. Do it for your children and grandchildren. Be aware and BEWARE. Understand where this is leading. Comprehend its ramifications for you and those you love and the world as a whole.
All that is necessary for evil to succeed is for good men to do nothing.
~ Edmund Burke
You can take this article anyway you like. Consider it a rant by some tech geek or silly blogger. Peruse it and giggle uncontrollably. Or, even better… don’t just look, SEE. Wake up. Don’t just heave and push your way into the chute like the rest of the sheeple. The choice is yours… while you still have a choice.
Later…
~Eric
Further reading:
SSH – Can It Be More Secure?
Posted: 17 March 2013 Filed under: Linux, Security, Slackware | Tags: remote login, RSA key pairs, security, Slackware Documentation Project, ssh 4 CommentsYes, actually. There are ways to harden your ssh implementations that aren’t that difficult.
An example of a simple way to increase your security when using ssh is to utilize the public/private key security rather than using your remote system’s user passwords to access the device. By using RSA key pairs, you can initialize your remote connection without ever having to expose your remote login’s password to the transfer at all.
I recently reinstalled my Slackware on my main machine (It’s a long story for another time, maybe). One of the things I needed to do was to reestablish my ssh connections between the machines on my local network. I settled in this evening to do just that. I ended up having some laughable issues while attempting to get all my machines talking again. We won’t go there, though.
In the process of troubleshooting my issues with ssh, I ran across Noryungi‘s excellent how-to at the Slackware Documentation Project. This place is really shaping up, no thanks to me. I haven’t been too active there because of my other pursuits lately. However, the dedicated folks who contribute there on a regular basis are kicking ass!
Anyway, using this tutorial, I easily set all three of my machines to use RSA public/private key exchange to initiate my ssh connections. I don’t have to sling my user’s passwords around the Ether anymore. Now anyone sniffing packets will only see the public RSA key bouncing around.
Ain’t technology wonderful? 🙂
Well, back to studying tomorrow. My Cisco ICND2/CCNA examination is rapidly approaching. Gotta’ go study up on those pesky routing protocols before bedtime.
Later,
~Eric
Think Your Passwords Are Secure?
Posted: 11 December 2012 Filed under: Security | Tags: brute force, password hacking, security Leave a commentMaybe you should read this article from PhysOrg:
Password-cracking feats at blistering speed shown in Oslo
Researcher Jeremi Gosney, the founder and CEO of Stricture Consulting Group, was the thinker behind the hardware and software setup that could make 350 billion guesses per second. The result was that eight-character passwords could fall in hours; some passwords could be had in minutes.
Scary, huh?
Later…
~Eric
The Latest Stallman Rant
Posted: 10 December 2012 Filed under: Internet Privacy, Linux | Tags: Amazon, privacy, rant, Richard Stallman, security, Ubuntu 1 CommentAlways entertaining, often enlightening. Read what Mr. Stallman has to say about Ubuntu’s new relationship with Amazon.
Ubuntu Spyware: What to Do?
One of the major advantages of free software is that the community protects users from malicious software. Now Ubuntu GNU/Linux has become a counterexample. What should we do?
Read the rest of this interesting article HERE.
Later…
~Eric
SSH in Slackware and Arch – a Brief How-To
Posted: 19 March 2012 Filed under: How-tos, Linux | Tags: Arch, computer networking, file transfer, gFTP, openssh, security, Slackware, ssh, ssh protocol 2, ssh-agent, static IP 7 CommentsLet me state right out in the open here that my knowledge of computer networking is lacking. I’m learning as I go.
For most of the time that I’ve used computers in my home, I’ve only had one machine going at any given time. This past year or so, though, I’ve gained two more systems in addition to my main system. I have a laptop and a shop system up and running now in my home. The laptop connects via Ethernet or wireless. The shop system, which is outside in my workshop connects via wireless 100% of the time.
The main OS on all three of these systems is Slackware. For a year now, I’ve been running back and forth with thumb drives or CDs filled with data to keep the systems in sync with one another; mostly my personal documents, music, and Mozilla settings. I occasionally use DropBox for small files, but it’s not feasible for larger stuff due to its slow upload speeds. Cloud computing ain’t never going to work as long as ISPs throttle upload speeds.
Anyway, back when I first got the laptop, I attempted to network it with my main system. I failed miserably and ended up throwing in the towel. You can read about that learning experience in this long thread at Scot’s Newsletter Forums – Bruno’s All Things Linux. You’ll see that quite a few folks there were trying to help the dunderhead get his systems linked. Well, I finally succeeded just this past weekend.
Sometimes, you just have to walk away from a problem for a while. 😉
Here’s how I finally got it working using ssh:
- Make sure that the ssh daemon script is executable so that it will run at boot up
#chmod 755 /etc/rc.d/rc.sshd
- Modify the /etc/ssh/ssh_config as follows:
#vim /etc/ssh/ssh_config
<snip>
# Port 22
Port <your port choice>
# Protocol 2,1
Protocol 2
</snip>
*Either un-comment and change the default port setting and the protocol or just add a line, as I did.
The purpose of this is mostly for security. Changing the port to a port of your choosing enhances your “security by obscurity” chances. Changing to to Protocol 2 is recommended because there are security flaws in Protocol 1.
- Modify the /etc/ssh/sshd_config as follows:
#vim /etc/ssh/sshd_config
<snip>
#Port 22
Port <your port choice>
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
Protocol 2
</snip>
- In your router’s Administration preferences (see your manufacturer’s instructions) you’ll need to set each device you plan on linking via ssh to use a static IP address. This has nothing to do with your ISP’s assigned IP address. This is just your home network we’re talking about here. The router assigns an IP to each device hooked to it. In order to ssh into remote devices, you’ll need to make sure the devices’ IP addresses don’t change (static).
That’s it. You are ssh’ing now, my friends.
It’s easy to access your remote machines now.
$ssh <username>@<device name>
Password: *********
The username is the name of the account that your are trying to access on the remote machine, say your wife Debbie’s account. The device name is the domain name of the device. Like this…
#ssh debbie@debbieslaptop01
Once you enter the password for Debbie’s account, you’ll have access to her user data and privileges.
In Arch Linux, the process is a bit simpler. First, make sure you have openssh installed on your Arch system. You still need to modify the ssh_config and sshd_config files in a similar fashion, but the getting the daemon to run at boot time is as simple as just adding “ssh” to your /etc/rc.conf file.
You can manipulate (edit, backup, copy, etc.) files on remote machines using ssh from the command line. However, to transfer files between machines, you might want to use ftp. It’s easier, in my opinion. Personally, I use gFTP in Slackware and Arch for this. There are many other choices out there, though. Use whatever works best for you.
So, there you have it. My next project is going to be adding my printer to my router’s USB connection and setting it up as a network printer for all three of my systems.
Stay tuned…
~Eric
Further reading: