Sunday, March 6, 2011

Absence

Sorry about the absence. I've just been through a motorcycle crash and had a few other personal things to attend. It never makes for punctual work, let me tell you. I'll be continuing the blog this Friday.

Friday, February 11, 2011

Hamachi Virtual Networks

Hey all and welcome to another exciting tutorial. In my last blog, I mentioned using ssh and Hamachi to keep your data safe, even when browsing the interwebs at your local hack- I mean coffee shop. Today, I'll be running you through configuring Hamachi to utilize your home network. In addition to providing a secure tunnel for browsing, Hamachi also allows you to transfer documents from your home computer/server, keep your work place connected, and allow for collaboration on projects with people around the world.

The first thing that you will need to do is download and install Hamchi. The installation process is very easy and straight forward, so I won't walk you through it.

Once Hamachi is installed and online, you will need to create a new network. Select Network> Create a new network.Create a meaningful name and highly secure password for your new network. Remember, if someone knows your network name, they can attempt to break in. The first line of security is obscurity:




After the network has been created, you will need to add computers. To do this, install Hamachi on any computer you want connected to the VPN. Select Network>Join Network:


Now you are free to set share permissions to files as you see fit. That is beyond the scope of this tutorial, however. Once you have configured network shares to your liking, you are free to move about in your local java joints and connect to the internet via your home network.

Note: You might need to configure your home router to pass port 80 to a computer running Hamachi. Not all routers explicitly require this, however.

The idea behind Hamachi is to allow for a secure tunnel through port 80, which will be available anywhere that the internet is. This includes your work place and libraries. Many other solutions use separate ports to function, and these are typically disabled to prevent other shenanigans.

Hamachi is free for up to 10 computers at a time (more than enough for the typical home user) and offers a secure means of staying connected on the go. Happy tunneling.

Friday, February 4, 2011

Firesheep

As if it wasn't enough that we had to worry about that seedy looking guy with quick fingers and shifty eyes at the local coffee shop, now we have to worry about 10 year olds too. Why you ask? Codebutler just released a firefox plugin that captures outbound cookies that are loaded with login credentials and session information. It's essentially a form of session hijacking, but with a simple point and click interface.

Exactly how easy is it to use firesheep to hijack someone's facebook account? Well, you're about to find out. Here is a step by step guide that shows firesheep in action:

1) Download the latest release of Mozilla Firefox (if you haven't already). The version you need is 3.6.12 or higher.

2) Download and install the latest version of WinPCap.

Note: Both of these installs should require less than 15 minutes depending on your internet connection.

3) Download the Firesheep plug-in.

4) Install the plug-in by selecting Tools>Add-ons then dragging the downloaded plug-in to the add-on window:


5) Click install after the countdown expires:

6) Click the button to restart Firefox:

7)Press ctrl + shift + S to open the firesheep sidebar:


8) Click on the small gear at the bottom of the side bar and select Preferences to open the configuration window. On the Interface drop down menu, make certain that your current network device is selected. If your wireless card isn't listed, then select Microsoft or whatever generic name appears:



9) Click the Start Capturing button:



10) Open an Internet Explorer, Chrome, Opera, or Safari window and browse your facebook account.

11) Watch the results appear in Firesheep:



Yeah, it's that simple. So, what can you do to safeguard from these attacks? Honestly, there isn't much. It is the responsibility of the companies to enable SSL security instead of relying on unencrypted cookies.

However, there are a couple things you can do to protect your data:

1) Use a VPN program such as Hamachi to securely tunnel the connection to your home network.

2) Use SSH to create a secure connection (not to be mistaken with SSL, which enables HTTPS).

Stay tuned for future updates that deal with Hamachi and SSH for added security and large scale firewall breaching.

Blog is now available at amazon.com

I'm going to reactivate this blog and continue with security guides and how-to's for average users. If you own a Kindle device, you can subscribe to this blog here. I will be posting a guide to firesheep later today.