Category Archives: Security

Playing with connections

Reply

Decided to play with different connections for my machines (The inspiration was in part this post at The Register): [Edit: added what they do]

1. SSH Tunnel using TunnelerX. Really easy to get going and just in case I forget what to do I have a screenshot of their page on the laptop. [Encrypts all data sent from your machine so no-one can eavesdrop]

2. Chicken of the VNC. Again easy to get up and running. My eldest is no slouch though – I installed it on her MB and from upstairs logged in to her machine, opened Textedit and started typing. She typed “Hi Dad” before I’d finished. Only have this running locally though. [Login to another machine and control it as if you were in front of it]

3. HamachiX. Still not difficult. I looked for some docs before just clicking New Connection and going for it. [Establish private network to link 2 or more machines anywhere on the net. I could let you browse my machine and take what you wished for instance.]

4. LogMeIn. Remote desktop. Free. Super easy to get working. [Login to another machine and control it as if you were in front of it]

As to what to use them for …
TunnelerX. I really should use all the time on the laptop and when J goes to the MB I’ll probably set hers up. Our home network is not encrypted at all – access to the router is by MAC address – so some sort of encryption would probably be wise.
Chicken of the VNC. I can better show J what to do with some apps probably and can use the laptop to see this screen I’m looking at right now but otherwise, no idea.
HamachiX. I could have done with this last weekend at my sister-in-law’s house. It was wanting that connection that made me look again at Hamachi.
LogMeIn. Reading IRC when I’m not in the house maybe…

I was pleasantly pleased with how easy these were to get working but the ability to spy on someone using Chicken was surprising. I would never ever check what the girls are doing on the net and I disagree with any parent who feels they need to spy so it was very odd when I did log in and saw her Facebook page, saw the IM client open, saw the background on her laptop changing – and she’ll not have known. That I could have sat and watched felt strange, very uncomfortable.

Anyway, it was all something I’d meant to get around to setting up and today I decided to play and see what happened – for once I’m not ending it frustrated.

An excellent password widget

Reply

I give out passwords daily when they have been lost. I used to just make them up when I started and the event was rare, then I started using a dashboard widget. I forget the name of it, but I had to click generate on the widget, then ctrl-a (or double click) then ctrl-c (or right-click > copy). It’s only a few keypresses but I’m all abut saving clicks where I can these days. And now I have RPG (Widget Edition). What I did in several links I now do in 2. Excellent. And I can change the number of letters, exclude o 0 1 l and that makes it more excellent.

To av or not av

7

Do I install av software on the reinstalled machine?

Yes:
- viruses are bad
- its expected that you do

No:
- malware is much worse
- av eats more resources than it ‘gives back’ in results
- safe practice is most of the battle against virii anyway

So right now I’m veering to No.
I do have spybot installed and hijackthis available. Clamwin is a purely on-demand solution which sounds okay but I have yet to dig around for reviews and comparisons.

Got av?

Secure cake

8

I have a directory on this site which is linked from nowhere and I know that for an absolute fact. There is no way it has been indexed. I could put it’s name into robots.txt but then you could look there and see what I don’t want the search engines to see. For the curious, here is my robots.txt

User-agent: HenryTheMiragoRobot
Disallow: /

User-Agent: OmniExplorer_Bot
Disallow: / 

User-agent: *
Disallow: /images/
Disallow: /catch/
Disallow: /gallery-ink/
Disallow: /nota/
Disallow: /stats/

Of those, /images gives you a 403, /catch no longer exists, /gallery-ink is renamed, /stats is really old and the /nota directory will ban you. Really it will – it’s there to catch bad bots. Anyway, the point is that the directory I mean is fairly secure. You can’t find it.

Now to my point. I have a lot of information I need to keep and keep safe. It’s backed up here but I’m thinking of an online backup too. A wiki. But how to keep that safe given there may well be a link somewhere – it would take just the one for the bots. So if I have cpanel information and blogs logins for people – which I do and it’s a lot of people (and no, its not FreshlyPressed clients) – how can I keep them safe?
I like .htaccess file and passwords like g&unbj8[_1-7Xa but I regularly see some people claim that such files are easy to crack/bypass and they offer little security. Do they?
If I was to store your cpanel / blog logins on a site of mine what would be your chosen method of protection? It’s got to be easily usable should I need too. If I said here is the link and cracking it would get you information how would you want that protecting? How would you protect it?

I’m forever telling people that once it’s on the net should must assume it’s there for the world to see and you cannot whinge if that actually happens so I suppose I want to see if I can have my cake and eat it.

What’s the best way I can protect my information?

PTFE, lobes and an image

6

Yesterday a friend’s site was hacked. She asked me to take a look while it was all still there to try and establish how they did it. Apart from the server access log not going back to the time of the entry there was nothing wrong. Permissions were fine. Datestamps were fine yet they had got in, deleted all the posts and planted their ‘message’. Included in this was a short video clip from a site called (and I am not linking it) w w w o g r i s h c o m. There is a strong warning before you enter that but consider it as extremely NSFW. You do not want that in your work’s browser history. The video clip, judging by the filename, was related to the Chechen war. It was a beheading with a knife and was shockingly graphic and very disturbing. And that image I cannot shake from my mind. It replayed a lot yesterday and even today, over 18 hours later it still pops into my mind. It’s not that we all don’t know these things happen, it’s not that I have not seen graphically shocking images before so … maybe it was the unexpectedness.. horrific images though. In the light of that, given my friend was using what I would consider a decent password (8 random letter / number characters) I am increasing all mine. There may well be another explanation as to why this happened but it’s beyond me how this happened, so from now every password that works on this site is something like this: KLDCoRYzNFUq0OOjQ42D (and no, that’s not one used. You think I’m that stupid ? ;) ) Maybe that’s extreme but hey, why not ?

Ever taken a bicycle tyre off ? And when you put it back on it goes fine until the last bit which is really hard to get back into the groove ? Well my lobes are like that. They are at marginally over 20mm wide and the new wood plugs are around 21 and a bit. But the flared edge on the plugs is closer to 23mm hence the tyre analogy. So the first stage of wrapping wodges of PTFE around an existing plug begins today, that coupled with lots of massaging ..