Using “PGP” in Gmail

May 18th, 2007

Yesterday, someone asked me if I use PGP, and at the time I wasn’t, but I am using it now. The methods I used are likely to be applicable to UMW students, because I set this up in Gmail. Next year, hopefully, Gmail will be the standard e-mail for students.

I initially set this up on a Mac and used these instructions to get started. Things didn’t seem to be working at first, but after opening a new terminal all was well. This link helped with some of the syntax, and finally, here is the link to FireGPG to install the extension that hooks into Gmail running in Firefox.

FireGPG example

The above is a screenshot showing the new buttons, context menu, and an example of encryption in Gmail.

At home on my Windows machine I installed the GnuPGP for that OS and imported the keys I had created on the Mac. I’ll probably use this software for key management on Windows.

Also for a Mac you may want to use GPG Keychain Access for managing keys. Here is an option for Gnome users.

Happy Crypting!


Giving Blink a try.

May 17th, 2007

Eeye

Blink Personal, might be the only security software to add to a PC. Here is a list of features from eEye.com.

  • Blocks and removes viruses, spyware, worms, trojans, and other malicious programs
  • Protection from unknown zero-day attacks
  • Protects against Identity Theft and Phishing attempts
  • System and Application firewalls protect against hackers and unauthorized system changes
  • Intrusion prevention and system protection prevent remote attacks and unauthorized program execution
  • Detection of missing operating system and application patches
  • Detection of weak configurations that leave personal information at risk of being compromised

Another awesome feature is that a another version of eEye’s flagship software is with this product. A personal version of Retina scanner allows for doing vulnerability scans on your own computer, and it only takes a few minutes. Not only does it check for typical Micrsoft vulnerabilities, but other software as well. I was reminded to update my Quick Time and iTunes because they contained critical vulnerabilities.

I was also surprised that it stated there were some critical problems with Word. It said there are no fixes for these particular problems yet, just to be careful what documents you open. At my former job some of the overseas posts where compromised to zero day exploits in Word. So reading this brought back memories of having to change every single password on a network of over 50,000 users.

Anyway, here are some of the negatives to Blink.

  1. It is only free for the first year, but I think I’ll be paying the $29.00 for it next year.
  2. It will report incidents back to the mother ship. This is to allow eEye to make a better product, prevent false positives, etc.
  3. It wants you to uninstall previous security type programs such as anti-virus, personal firewalls, etc. I was already going to uninstall my anti-virus but was looking for a good substitute. Some of the legitimate security tools I use Symantec wants to eat, and I can’t find a good way to stop the program from doing that.
  4. Like many outbound firewalls, it can annoying to get them trained properly. It already understands common Internet software such as Firefox and IE, but it did not like my news reader or Groupwise client, but all seems to be calm now.

I’m going to give Blink a try to see how it behaves. It looks very promising as a different, yet thorough, way of protecting one’s PC.

Update, 18May2007: Blink can be a pain for those that use not-that-popular Internet software. It will take a while to train, and it did eat some of my legitimate-software-that-can-be-used-for-nefarious-purposes, but at least it was easy to tell it to spit it back out and don’t eat it again.

Update, 15June2007:  Blink is now off most of the time.  If eEye would streamline some usability options then this would be a great product.  I rebooted my laptop where I didn’t have any Internet connectivity, and it took over 5 minutes just to shut down Blink.  Skype and LogMeIn couldn’t connect to servers, obviously, so they kept trying multiple servers and multiple ports.  Blink was extremely offended by this behavior and kept asking “Are you sure?” every time Skype or LogMeIn tried something else.

When the “Are you sure?” prompt was up I couldn’t disable Blink via the icon in the tray because this is how the software was designed.  I tried stopping the service but kept getting “access denied”.  So, I had to set up rules in Blink to allow Skype and LogMeIn to be able to talk to any IP on any port before I could stop Blink.  There should be another way to quench a security product’s desire to do good without making one’s computer wide open to external servers.  And it wasn’t just Skype and LogMeIn, there were other things running such as Quicktime, Groupwise and ClamWin that were trying in vain to phone home.

Then again, without Blink, or similar, running then those applications could talk to whomever they’d like.  I do basically trust Groupwise, etc., but I’d like to know when some unknown program tries to open a connection.  Sooo, if there was a better way to simply state that Program X can be trusted (like the behavior of older ZoneAlarm), then Blink would be a more pleasant program.


FTP alternatives

May 9th, 2007

As of July 1st, FTP access to the main shares will be disabled from the Internet except for faculty and staff using a VPN. As of the Fall, FTP access will be disabled altogether. This link lists other options for getting to a share.

Unfortunately, none of the alternatives work with Vista out of the box, however, NetStorage does work if one installs and uses Firefox. NetStorage only allows one file to be uploaded/downloaded at at time, but at least it is a viable option until, hopefully, one of the other options will be updated to work with Vista by the Fall.

Update: Another workaround for Vista that does work without installing additional software is to disable TLS 1.0 in Internet Explorer, but make sure SSL 3.0 is still set. This will allow NetStorage to work with IE. Use this option only as a last resort because it does lower the security posture.

Using Firefox has security advantages, mainly that it doesn’t allow ActiveX applets to run. It is also open source which means that hundreds, if not thousands, of security experts have gone through the source code looking for exploits. Mozilla offers a $500 reward for any security flaws found in Firefox (as long as the flaw isn’t exploited by the discoverer).


Windows users, There’s a new exploit in town!

April 3rd, 2007

There is a newly found vulnerability that effects Internet Explorer, Outlook, Outlook Express and even the Windows’ OS itself. Actually, the discovery isn’t that new, the flaw was reported on 20 Dec. 2006 to Microsoft.

The short answer is to make sure antivirus definitions are up to date. All major AV vendors had an update over the weekend for this new attack vector. Avoid using Outlook Express if at all possible because the exploit will fire even if viewing in text mode. Use Outlook in text mode, and only use IE for going to known safe sites.

Microsoft says there will be a patch today. This must be a big threat for MS to release a patch out of cycle, which is normally the 2nd Tuesday of each month.


Disk Image Encryption for Macs

March 30th, 2007

TrueCrypt was mentioned in an earlier blog entry as a way to encrypt part of a drive. This great utility is only available for Linux and Windows. Well, Mac OS X has a built in way of encrypting disk images.

Mac Disk Encryption

As with TrueCrypt this method can be used for encrypting portions of a drive, and sections of a thumb drive as well. I’m liking Macs more and more as time goes on. ; )


Is Your Computer a Criminal?

March 28th, 2007

There are estimates that over 10 million computers on the Internet are infected with malware.  Malware which is used for sending out spam… and worse.

http://redtape.msnbc.com/2007/03/bots_story.html#posts


Weak Passwords

March 28th, 2007

Here is an interesting blog entry on passwords. Note specifically the chart where he shows how long it takes to crack passwords.

http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/


Truecrypt, disk encryption software

March 20th, 2007

Truecrypt is a wonderful open source program for encrypting content on disk drives or removable media.  It works on Windows and Linux (sorry, fellow Mac users).  It is a good solution for protecting sensitive files.  When using a strong password this software can protect one’s data very, very well.

Setting up TrueCrypt to work on a portion of a hard drive is fairly straight forward.  Just follow the installation wizard.

Truecrypt can also encrypt data on a flash drive.  Though it is possible to encrypt the entire drive, that may not be the best option because by leaving a portion of the drive unencrypted then the drive can be set up in Traveler mode.  This mode can  set the drive up in a way that it can be used on most computers.  Note that it does require admin access to mount an encrypted volume, most everyone’s regular account is an admin anyway, except for Vista users (more on that in a future post).

Here is link to a video, by Chris at RioSec, that explains how to set up Traveler mode, step-by-step.

In conclusion, TrueCrypt is a wonderful open source tool that can protect data on hard drives and removable drives.  It is a good option for safeguarding confidential files.


Cyber-attacks ‘more aggressive than ever’

March 20th, 2007

A report from Symantec states that most Cyber-attacks are getting more organized, and better at getting data.  I was surprised to read that, by far, most of the attacks come from within the U.S., at 31% and over three times higher than second place China at 10%.

Here is a link to MSNBC’s take on the report, and here is the report itself.

The short answer to the story is to not open attachments from anyone you don’t know, and don’t respond to e-mails with personal information.  Now that most of us have properly patched systems and firewalls, online criminals are trying to trick us via e-mail.


Viewing Stored Passwords in Internet Explorer

March 19th, 2007

It is important to note that even though Firefox can display saved passwords by default, there are several freely available tools that can display passwords stored in Internet Explorer.  These tools do have to be copied/downloaded to the computer but a determined snoop can get all of one’s ‘hidden’ IE passwords in less than a minute.


css.php