Viewtorial

This Rapid Reference will introduce you to you how can encrypt files on your computer, files on your USB key, or your entire USB key. TrueCrypt is a free and open source application that does on-the-fly encryption. This reference sheet will show you where to download the software, create an encrypted container to put files in, mount the container, create a password for the container and more. If you want to make your files on your USB key more secure (in case you lose or misplace the USB key), get TrueCrypt today. Click on the click below to download the PDF:

Rapid Reference: Introduction to TrueCrypt

-Angel Brady

This Rapid Reference is an introduction on Internet Security . This Rapid Reference explains in brief detail how to watch yourself on the internet, avoid things like phishing, trojans, viruses, sniffing wireless networks, and best practices when surfing the web. Feel free to download the PDF below. Enjoy!

Internet Security Rapid Reference

Here is the audio from my presentation on Friday night on Free and Open Source Software to the Brookdale Computer Users Group. We had a fantastic time, and I can’t wait to go back. We had a lot of laughs, we all learned a lot, and I feel like I have a lot of new friends out by the shore. Thanks to BCUG for being so welcoming!

http://media.rider.edu/authors/lemasney/2007_lemasney_bcug_foss.mp3

I recently came across this list of 103 free (but not all Open Source or all cross platform, but some are) security applications for Mac, Windows, and Linux. Security is a fundamental component when using your computer, be it for work or leisure. This list is nice because it doesn’t include trail versions of software. Why not equip your computer with the software it needs to fight grayware and malware and do it without breaking your budget. This list is for a beginner in computer security to advanced power users. Even if you just breeze through the list and never heard of any of these terms, it is a good learning experience in computer security. Check out the list here at :http://www.itsecurity.com/features/103-free-security-apps-041607/.

Thanks to IT Security for this list. If you would like to view an abbreviated version of this list, click on the more link. To view the list with brief descriptions, visit the IT Security website.

-Angel Brady
Read the rest of this entry »

I recently came across an article that explained cookies on a web developer end. I liked the basic explanation of the question “what is a cookie in my web browser?”, so I decided to share the article on this blog. This question usually comes up from time to time on campus. Kudos to informit.com for the wonderful explanation. Please read below.

~Angel Brady

How Not To Use Cookies

Last updated Dec 15, 2006.

Within one week’s time, we stumbled across two different sites using cookies the wrong way. While the attack vectors were a bit different, both sites trusted the cookie data to secure their users’ accounts. Therefore, this week we are going to spend some time discussing cookies, when they should be used, and what can happen if they are misused.

What are Cookies?

Before a web developer can understand the dangers associated with trusting cookies to store sensitive data, it is important to recognize what they are, and what they aren’t. Specifically, a cookie is just a small text file that is stored on your computer by a specific website. Cookies are not programs, they can’t read your personal data, and they don’t cause spam. In fact, cookies can be very helpful if used within the correct context. Read the rest of this entry »

In this online Article at campustechnology.com, it talks about a topic that has become rather important at Rider University, Emergency Preparedness. In my meetings about this topic, it’s specifically about technology, e.g. how to keep the web server up in the case of a blackout. This article talks about a presentation done by the people at Tulane, who had spotlights of national coverage on them regarding their response to emergency and their preparedness during Katrina, and the focus is that they realized the people are so much more important than the technology, and it’s actually possible to over prepare in terms of technology. I’m not saying that we’re over-preparing at Rider, but maybe we should consider the length to which we’ll rely on technology as a focus in the case of a real emergency.

Campus Technology
Moreover, they added, no level of hitech preparedness can ever be guaranteed to be enough, or to be precisely the right kind of technological preparation for any given disaster. How easy it would be to assuage our fear of future catastrophe by constructing a fortress of systems and tools! But that would not only be no assurance of safety, the panelists pointed out, it would represent a conscious decision to move dollars (always a finite commodity in institutions of higher education) away from the provision of learning—and the mandate to educate our students is the reason that institutions of higher learning exist.

I just found the potential replacement for PuTTY as an Open Source SSH client for Windows: Poderosa. There are some things that are caveats, such as missing portability (this must be installed to work), and the fact that the .Net framework is required for it to work, but other than that it seems like a genuine improvement over some of the inconsistencies in PuTTY, like the nonstandard private key. I especially like that you can set your options globally, instead of per connection. (that’s just me, I’m sure)

At any rate, I’ve only been using it a few minutes, but I like it a lot. Due to PuTTY’s portability, I’ll probably be keeping that handy on my USB key for a while. - j.

index - Terminal Emulator Poderosa
Against common terminal emulators such as Putty or TeraTerm, Poderosa has following features.

Tabbed style GUI
It is convenient to open multiple connections at the same time. Moreover, you can split the window into panes and allocate each connection.
Many differnt ways in connection method.
In addition to Telnet and SSH1/2, local cygwin shell and serial ports are supported.
Fulfilling options and tools
A lot of functions for terminals are available. For example, SSH2 port forwarding tool, SSH Key generation wizard, SOCKS connection.

Plugin architecture
You can extend the feature of Poderosa by plugins like Eclipse. Actually serial port and X/ZModem are provided as additional plugins. A manual for plugin developers is included the installation package.

Support of government
In 2005, the government of Japan chose us as one of originative software projects and promoted financial resources.

Privacy on the internet is a big issue these days. If you haven’t heard of the recent AOL leak of personal web searches (or even if you have), you might want to read on about how you can protect yourself, your identity, and privacy while searching through the big ol’ world wide web. These tips from LifeHacker will help prevent people from putting together a personal profile of you (think marketing, id theft, or worse).

Protect Your Web Searches

Protect Your Web Searches

by Wendy Boswell

“My goodness, it’s my whole personal life,” she said. “I had no idea somebody was looking over my shoulder.” -Thelma Arnold, AOL Searcher No. 4417749

AOL’s recent “doh!” release of more than 500K user search records has prompted many people to examine their search methods. While no one approach is absolutely foolproof, using a combination of common sense searching strategies will make it harder for engines (or anyone else) to put together a detailed profile of you. Keep reading today’s feature for a few ways to protect yourself from search engines.

AOL: shock and awe

The biggest problem with AOL’s search records release is not what the individual queries revealed (although some of them were pretty disturbing); it was the fact that any search could be tied to one unique user ID. Looking at someone’s individual searches is not necessarily invasive - however, tie all those searches to one unique user ID and we’ve got a problem. For example:

~Angel Brady

So here is a site that shows why it’s important to choose good passwords. For those of you who groan when I give you your default password for an account because it’s ‘hard to remember’ note that the reason it’s not something as simple as, oh, your last name, is so that bad people don’t come into our system and mess up your stuff without having to do some work to figure out your shift-character laden, alphanumeric, mnemonically phrased password.

From: http://www.lockdown.co.uk/?pg=combi&s=articles

Examples

These are just a couple of examples to show the resilience of certain types of password, using the information in the tables above you will be able to make your own examples.

Sample Passwords		Class of Attack
Pwd	Combinations	Class A	Class B	Class C	Class D	Class E	Class F
darren	308.9 Million	8½ Hours	51½ Mins	5 Mins	30 Secs	3 Secs	Instant
Land3rz	3.5 Trillion	11 Years	1 Year	41 Days	4 Days	10 Hours	58 Mins
B33r&Mug	7.2 Quadrillion	22,875 Years	2,287 Years	229 Years	23 Years	2¼ Years	83½ Days

As always, OpenSSH is one of my favorite applications, and understanding it is kind of an art. Whenever I see a good overview, howto, or explainer, I like to capture it here. Enjoy!

An Illustrated Guide to SSH Agent Forwarding
In this paper, we’ll present the various forms of authentication available to the Secure Shell user and contrast the security and usability tradeoffs of each. Then we’ll add the extra functionality of agent key forwarding, we hope to make the case that using ssh public key access is a substantial win.