logicalconfusion

Earlier today I realized that my domain service uses plain old FTP to transfer data. So, after watching an old hak5 ep I called their office to see if they offer SSH shells or third party discounted VPN access. I was schocked when the lady on the other end said "Please hold. I'll look into it for you." She didn't know the difference btw SSH and VPN! I was advised to log in using IE when I told her that I'm a road warrior. She couldn't answer any of my questions regarding pub wifi security. I immediately demanded to talk to a tech in tier III who speaks ENGLISH. She placed the call on hold for five mins and transferred the call to Joe. Joe had no clue wtf I was talking about. He thought I was trying to setup a plain old webpage to share cupcake and purne juice recipes. He told me to think of my website as house in cyber space. Joe for some strange reason avoided using words like encryption. To pat Joe on the back I asked him how I can send strippers to my house in cyber space without all the jeahovah's witnesses in the neighborhood knocking down the front door. He scrathed his head and then recommended establishing a secure SSL connection to their corporate network, which according to him implements 128bit SSL. To make a long story short, Joe ended up recommending a premium 400$ per yr VPS service that implements SSL and recommended developing custom scripts to run on their server. According to Joe, its possible to host a proprietary script/application on their server that encrypts info on the fly off a SSL tunnel. Imagine hak5.org stored on an encrypted server that only allows certain key holders to view info. My question here is two fold. How secure is 128bit? Most cc companies use 1024bit authentication. Secondly, Whats the best way to encrypt info stored on a hosting service using a key - like Truecypt volumes?

@Digip I am really surprised that you’re not running for governor! The email was a . eBay knowingly decided to mass e-mail all their customers right around tax season just so they can persuade everyone spend their returns online! I actually received this on 4/1/2013. So, it appears to a publicity stint spear headed by the media. America is not the nation it used to be 50 years ago. The USA is known now as the world’s largest melting pot. Ever since 911 there’s been an invasion on privacy. There are groups out there that want to do away with the second amendment to avoid terrorism! We live in a global economy now. Think about it. You’re right. Taxes are nothing to worry about in light of what we’re really facing – Big Brother.

@poptart Virtual machines and Full disk Encryption is the way to go. There's no such thing as an un-crackable encryption scheme. Encryption is just something the guys at Versign Inc. want you to believe. Think about it, even if you managed to setup a AF234003847382CDE2391030940948547583498B2340832489082439238D234F23432E23940 digit pswd it can be cracked using a quantum computer. We're all at the mercy of sophisticated mathematicians.

@digip I know but this time it seems serious according to ebay's CEO. Take a look

@Pwnd2Pwnr Lol you guys have been online too long. Didn't you hear that the senate decided to charge taxes on internet purchases. So everyone's guna have to pay s/h+tax....whats the solution?!

Now that we're all guna have to pay on eBay and Amazon, what's next?

check the md5 sum next time around

99.9992934230893249233.14% of the the people (men/and ugly girls) just aren't smart enough to think about algorithms. I know digip's guna go all keyboard IP commando. BUT hey check out the opencourse on MIT if u'd like to know. JAVA's Object O http://www.openculture.com/

@digip lol I never really thought of rendering art through an SSH tunnel! LoL; call me old skool...But imagine using 3d studiomax thousands of miles way. I bet there are cloud solutions out there already for artists. Anway, so far, it looks like tightVNC is out of the game. NX implements a 128bit PK encryption scheme so I much rather stick with that just incase SSHD happens to kick the bucket on the remote terminal...lets see how it goes.

@digip You got a point there. Apps like rdesktop were designed for M$ Windows. I'm looking for a similar app that allows remote admin of linux terminals. It took me a while to get SSHD working on my BT5R3. I had to dig around for lots of info and spent days debugging it using cmd like (tail -f /var/log/auth.log and /usr/sbin/sshd -p 6666 -d and-vvv sshuser@localhost). I finally figured out, with a help of a friend, that I had to generate host keys on BT! So, now that I got the host keys in place (dpkg-reconfigure openssh-server), it actually works! I'm not really fimiliar with NX machines. According to google/youtube its possible to implement a NX machine on BT through a SSH tunnel. So, lets see how much faster it is compared to VNC. VNC is pretty old skool, so I'm not surprised to hear that its slow. Lets see if I can write a script to automat the process. Right now I'm using Putty to initiate the shell....

@digininja Now go outside and think about all the places that don't accept pounds ;]

@digininja What do they (the law enforcers) say to all the people who run open wifi home networks without any security? What did theysay to Michael Jackson when the found his computer full of child porno and backdoor trojans? Think! digitalnull is out to experiment and monitor the area using a honeypot in the DMZ zone on his network. An attacker cannot see or traverse the DMZ unless the system/honeypot is insecure, which I doubt. He can probably use any old distro and watch it using wireshark. Most VoIP adapters are usually set in the DMZ, especially for FIOS and DSL users who are NAT'D. Do you hear of security breachs from VoIP companies? I think he's smart enough to know when to pull the cord...

I got an old BT5R2 box loaded with all the default apps. I want to connect and admin it using rdesktop. I tried to connect directly to it using rdesktop. But, BT5R apparently is not loaded with a rdesktop(RDP) daemon. I read on the internet that its possible to tunnel into BT5R2 using SSH. According to the article I read, its also possible to initiate and RDP (rdesktop) session once the tunnel is in place. Can anyone show an example of the procedure and cmdline params?

insane!

@digip I agree. Most people, manufactures include, don't give a rats ass. They still ship devices that support WEP! You won't believe how many people depend on WEP protection, even though its crackable. The only real WIFI protection around is WPA2/AES. Security experts generally recommend a hidden SSID, MAC filtering, and frequently changing the 63 char hex paswd along with the SSID.

Not one reply! THIS IS JOKE – whatever happened to the concept of UBUNTU! I got sick of waiting for you pansies, so I decided to brew my own tut for Debian (Ubu and BT). It’s really not as confusing as it seems. You don’t have bloat your system with Apache server and utilities like chkconfig. Here’s how you can DIY to share your mp3s in just 7 easy steps, forget about the 101 opts in vsftpd.conf for now. 1. Install vsftpd – sudo apt-get install vsftpd and open-ssl and FileZilla and then reboot. 2. Make sure FTP is active by running either nmap localhost or service - -status-all &> services.txt or ftp localhost. You might need to install the actual ftp program at this point. 3. Create a fake shell to help jail (restrict) users. Adding a “fake” shell edit the /etc/shells file and add a non-existent shell name like /bin/false, for example. This fake shell will limit access on the system for FTP users , edit the shells file. sudo root gedit /etc/shells # /etc/shells: valid login shells /bin/sh /bin/bash /bin/false /bin/false is our added no-existent shell. With RH Linux, a special device name /dev/null exists already. 4. Add user(s) and set the proper permissions on the file directory. For simplicity lets work with “ftpuser”. root and a handful of other usernames are not permitted login via ftp by default. The list of names are typically found in file /etc/vsftpd/ftpusers and/or /etc/vsftpd/user_list. This is because of the (default) clear-text nature of FTP leaving the root user's password freely obtainable to anyone along the path with even the slightest interest of capturing clear-text passwords. mkdir -p /home/ftp/ftpuser useradd ftpuser -d /home/ftp/ftpuser/ -s /bin/false passwd ftpuser chown ftpuser /home/ftp/ftpuser chmod 700 /home/ftp/ftpuser 5. Back up and modify VSFTPD.CONF as root. IT’S ALL ABOUT VSSFTPD.CONF. You have to gut the entire file and replace it with the following : listen=YES anonymous_enable=NO local_enable=YES write_enable=YES #local_umask=022 #change to 077 if you want your uploaded files avail with a mask of 700 use_localtime=YES xferlog_enable=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem Don’t forget to save the file as root! Reboot vsftp server services vsftpd restart See if you can login as ftpuser. If you cant then go back to step one or check your firewall settings. You might have to change your firewall rules so that it works with FTP. 6. Now its time for SSL/TLS. Make sure open SSL/TLS is installed! apt-get install vsftpd openssl Once that’s set change add the following lines right ABOVE “rsa_cert_file=/etc/ssl/private/vsftpd.pem” ssl_enable=YES allow_anon_ssl=YES force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH Save the file as root! Now generate a key using the following: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem reboot vsftp server! services vsftpd restart 7. Use the site manager in FZ to select TLS/AES to login and test ftpuser. You can probably use lftp and ftp-ssl, but I bet you’re probably tired of typing by now. Stay tuned for my next tutorial. I’ll demo harden the server using different opts and ciphers. Have a good one!

now thats worth tethering to my bmrks for now. Its the only way to keep illiterate giants at bay.....

Whats the best way to save live streaming video to a website or HD? I want my website to d/l shows from ITV and CH-4, live feeds like the Superbowl, converted to mpg4. I used flashget to d/l streams from opencourseware sites before. VLC? Get_iplayer?

@digninja I was actually referring to the wirelss dongle/SSD hd I originally suggested, the one that injects battery acid or lethal radio freq into the SSD when its triggered. I know what youre saying! It's probably impossible to make a foolproof wireless dongle, unless its embedded in the ass, religiously, by a priest. When you think bout it, nano-technology is just around the corner. It won't be long before this is on the shelf. I know that there're software solutions. Where can I find the RFC btw? Can you post links to software solutions available?

@digininja precisely! I didn't mean that it has to worn like some kind of ankle braclet they use to detain parolees. I bet anything that an iphone app exists that configures every feature of the dongle/SSD device. What if it fails to detonate....when stolen. There's really not much info on pairing devices. I mean, the only thing on the table right now is the bluetooth solution that was recommended. And even thats hackable.

@sierrabrav0 do you know of any SSD manufactures that offer an on star type service that will inject battery acid into the drive if its stolen?

@demonjester It seems like your looking for a dedicated machine on amazon's cloud service. You would have to pay monthly for such a service. Running an OpenVPN server will secure your connection when connecting to your home network from a remote location. But, the traffic will still go through your ISP and it might open your homenetwork to attackers if its not configured properly. You can find videos on youtube. Have you considered hidemyass?

@telot that means the technology is already out there. Its just no available to the general public. okay! so it looks like I wont pick a wireless self destructive dongle for my iphone/pc/or lap on amazon. back to the drawing board...I'll send post the schematics for it one day, till then pls post the video.

@digip I dont think a coldboot attac or Firewire grab will do the trick. Think bout it - the military can send unmanned drones all over the world at super sonic speeds using satellite technology. Forcing a SSD to fall a apart (w/out causing a freaking fire alarm) is pretty trivial. I actually want a software (OS ) independent solution that works on top of the hardware. @digip Forget about guns and muggers. Lets just pretend I want to remotely destroy a drive for shits and giggles. Think of it as the ink-security tag stores attach to expense clothing.

@digninja WTF kind of pyro manic sh!t is this man! We don't want the thief to end up as an amputee. I was thinking of somewhat more elegant solution that implements electromagnetic resonance to erase the the solid state drive. You're right. U got it friend. He doesn't make make a 100$ He's actually a hobo who strings tin cans and buttons for the statue of liberty. I bet anything MIT has the solution....