Subscribe RSS

This is for those people who love Newsbin Pro 4.32 (v5 is aweful, horrible and not sure why they moved away from a stellar flagship package such as 4.32). Anyway if you have all the features you need with exception of SSL, hope this helps.

As a note I am running Newsbin on Ubuntu Linux 9x/10.x using Crossover. (You probably could use Wine as well).

1. Install stunnel (apt-get install stunnel) + open ssl if required
2. Create *pem cert in /etc/stunnel (go here if you having problems (http://www.stunnel.org/pem)
3. Edit stunnel.conf, I had to remove all comments to run openssl, but you can leave them in if you create it at the link above)
4. If you getting a error about your pid = not set, this is a generic message and you have a error with one of your parameters in stunnel.conf.
5. I used port 2000 as someone suggested, you probably could test with 119, but best to use a different port so you make sure the port is unique and test it by doing a telnet localhost 2000.
6. Configure NewsBin as a regular server, specify localhost and port 2000. Don't try use 563 as this won't work, it's looking for the port below.
7. Edit stunnel.conf and copy below into it.



Conf stunnel.conf file which works

cert = /etc/stunnel/stunnel.pem
sslVersion = SSLv3

chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

debug = 7
output = /var/log/stunnel4/stunnel.log

client = yes

[https]
accept  = localhost:2000
connect = ssl.astraweb.com:563



8. /etc/init.d/stunnel4 restart or stop/start


Have fun.

Category: | 2 Comments

How I’d Hack Your Weak Passwords

How I’d Hack Your Weak PasswordsInternet standards expert, CEO of web company iFusion Labs, and blogger John Pozadzides knows a thing or two about password security—and he knows exactly how he'd hack the weak passwords you use all over the internet.
Note: This isn't intended as a guide to hacking *other people's* weak passwords. Instead, the aim is to help you better understand the security of your own passwords and how to bolster that security.
If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?
Let's see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I'll probably get into all of them.
  1. Your partner, child, or pet's name, possibly followed by a 0 or 1 (because they're always making you use a number, aren't they?)
  2. The last 4 digits of your social security number.
  3. 123 or 1234 or 123456.
  4. "password"
  5. Your city, or college, football team name.
  6. Date of birth – yours, your partner's or your child's.
  7. "god"
  8. "letmein"
  9. "money"
  10. "love"
Statistically speaking that should probably cover about 20% of you. But don't worry. If I didn't get it yet it will probably only take a few more minutes before I do…
Hackers, and I'm not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I'm not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you've shopped at might not be as well prepared. So those are the ones I'd work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we've got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser's cache. (Read this post to remedy that problem.)
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker's computer, and the speed of the hacker's Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it's just a matter of time before the computer runs through all the possibilities – or gets shut down trying.
Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
How I’d Hack Your Weak Passwords
Remember, these are just for an average computer, and these assume you aren't using any word in the dictionary. If Google put their computer to work on it they'd finish about 1,000 times faster.
Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable – but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?
Believe me, I understand the need to choose passwords that are memorable. But if you're going to do that how about using something that no one is ever going to guess AND doesn't contain any common word or phrase in it.
Here are some password tips:
  1. Randomly substitute numbers for letters that look similar. The letter ‘o' becomes the number ‘0′, or even better an ‘@' or ‘*'. (i.e. – m0d3ltf0rd… like modelTford)
  2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
  3. Think of something you were attached to when you were younger, but DON'T CHOOSE A PERSON'S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
  4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
  5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn't work if you don't use the same password everywhere.
  6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you'd like to download it without having to navigate their web site here is the direct download link. (Ed. note: Lifehacker readers love the free, open-source KeePass for this duty, while others swear by the cross-platform, browser-based LastPass.)
  7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.
  8. Once you've thought of a password, try Microsoft's password strength tester to find out how secure it is.
By request I also created a short RoboForm Demonstration video. Hope it helps…
Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn't important because "I don't get anything sensitive there." Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank's Web site and tell it I've forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?
Often times people also reason that all of their passwords and logins are stored on their computer at home, which is safe behind a router or firewall device. Of course, they've never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network — after which time they will own you!
Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven't even mentioned.
I also realize that most people just don't care about all this until it's too late and they've learned a very hard lesson. But why don't you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn't completely in vain.
Please, be safe. It's a jungle out there.
EDIT: You might also want to listen to my interview on Connecticut Public Radio about password security.

Category: | 0 Comments

If you’ve already splashed out on the huge flat-screen tv, a state-of-art Blu-Ray player, and a satellite dish with a monthly subscription that brings with it hundreds of channels, then it probably seems like it’s a small price to pay for HDMI cables. But, this is exactly the mentality that gets people to pay for this habitually over-priced bit of technological excess. The truth, as our infographic points out, is that there is absolutely no difference between the cheapest and most expensive HDMI cables, at least over shorter runs. If you’re wiring an entire house, you may find these cables to be worth it.

To understand why you shouldn’t pay extra, you need to understand the difference between analog and digital. With analog cables, the signal degrades, with digital cables such as HDMI, it either works or it doesn’t. The signal doesn’t degrade any more than your JPEGs degrade when you put them on a thumb drive.



Budget Planner – Mint.com

If you’ve already splashed out on the huge flat-screen tv, a state-of-art Blu-Ray player, and a satellite dish with a monthly subscription that brings with it hundreds of channels, then it probably seems like it’s a small price to pay for HDMI cables. But, this is exactly the mentality that gets people to pay for this habitually over-priced bit of technological excess. The truth, as our infographic points out, is that there is absolutely no difference between the cheapest and most expensive HDMI cables, at least over shorter runs. If you’re wiring an entire house, you may find these cables to be worth it.

To understand why you shouldn’t pay extra, you need to understand the difference between analog and digital. With analog cables, the signal degrades, with digital cables such as HDMI, it either works or it doesn’t. The signal doesn’t degrade any more than your JPEGs degrade when you put them on a thumb drive.

Category: | 1 Comment

What if you experience a sticking accelerator pedal while driving? Learn the proper procedure for bringing your vehicle to a safe stop.

http://www.toyota.com/recall/videos/stoppingprocedure.html

Category: | 0 Comments

News just in that Adobe Creative Suite 5 will be released on April 12th, with shipping expected to start a month later.
As usual, CS5 will combine the very best features in graphics, video and Web design for professionals, for an extortionate price.
That said, have a watch of this video of just one of the new Photoshop’s capabilities. You will be blown away. This makes light work of what previous would have taken hours, maybe even days of work.
If you’re low on time, skip through to 2.50.


Category: | 0 Comments

This demonstrates how you can give a group Database Group Access as well as give them access to run commands for that particular group in SUDO. If you want a group to be able to run certain commands but still not be a Superuser, you can configure it as the example below.


## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, 
/bin/umount
Cmnd_Alias MOUNT   = /usr/local/bin/mount.sh, /sbin/mount.cifs, /bin/umount

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now


%grpadmin       ALL=(ALL)       NOPASSWD: ALL

%grpdba         ALL=(oracle)    NOPASSWD: ALL
%grpdba         ALL=MOUNT

Category: | 0 Comments

== Scope of this NAS ==

There are many choices of Home NAS's out there today which you could consider depending on what you looking for.

If you just want a simple NAS, and are not that much interested in flexibility, managing your data etc, take a look at the NAS in a BOX Solutions.

The HOME NAS I wanted to talk about meet some relatively simple objectives, if these objectives are for you, please read on. I am choosing Flexibility over HIGH Performance


# Fairly simple to setup and maintain
# Easy to recover from a failure
# Easy to upgrade disks to larger disks without impacting the NAS or having to try recreate a logical volume.
# Keep old disks as backups should you have a complete failure or mishap
# Raid 1 type redundancy (more costly)
# Encryption options if required


What I was not so much concerned about although would of been a nice to have

# High Performance
# Saving disk space or having large capacity when using RAID 5.


What I wanted to stay away from was a situation where I lost my data either due to a disk failure or unable to replace th hardware due to age such as a raid controller.

Raid controllers are great when they work, but if you unable to replace them, you may have no data which will be a disaster if you rely on your nas.

I also want to be in control of my data and how it is backed up, accessed, encrypted etc.



== Hardware Requirements ==


# Suitable Server/PC with a basic configuration.
# A minimum 3 Hard disks to start with, 300GB and up. I would recommend a minimum of 2 x 1GB Disks + 1 Disk for the Boot disk. My preference is Seagate, but you can choose what you like.

































# A decent case for cooling your hard disks. I recommend the Antec 900 that can handle many 9 hard disks and has 7 fans for cooling. This is a really cool and inexpensive case. The 7 fans keep the hard drives as cool as anything. The fans also have a speed control, so you can make the hard disks super cool, definitely consider it.







       



== Software Requirements ==

# Ubuntu 9.10 and up or any recent release
# Samba
# Truecrypt if you need or want encryption for your data. [http://www.truecrypt.org Truecrypt]


== Setting up your NAS ==

# Install Ubuntu
# Install SSH (apt-get install ssh)
# Install [[Truecrypt]] (apt-get install truecrypt)
# Verify all your disks are setup by going to System -> Administration -> Disk Utility / Gparted. You should see 3 Disks, 1 Boot disk and 2 Data disks.















== Configure Disks ==

# For each physical disk, create a file system on it such as /dev/sdc1, /dev/sda1. You can choose what ever file system you want, I chose ext3. This takes about 30 mins or so for a 2TB disk.
# Once you have the file systems created, you can choose to encrypt the file systems or not. I am going to walk you through the process at a high level on how to encrypt the disks.
# Truecrypt comes with a gui now, so encrypt devices is fairly straight forward, here is a quick command line tutorial which does the same thing [[Truecrypt_Tutorial]]
# I just encrypt the entire disk, but you can create hidden volumes etc.
# Once you have encrypted your volumes, you can just mount them with a simple script. [[Truecrypt_Mount_Script]] or load the gui, but this is more of a pain if you have multiple file systems.

Once you have the file systems mounted, you should have something like this.

Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sde1             14326296   4520356   9078200  34% /
udev                    246324       316    246008   1% /dev
none                    246324       204    246120   1% /dev/shm
none                    246324       784    245540   1% /var/run
none                    246324         0    246324   0% /var/lock
none                    246324         0    246324   0% /lib/init/rw
/dev/sr0                177218    177218         0 100% /media/cdrom0

/dev/mapper/truecrypt1  961431816 726301372 186292460    80% /fs2
/dev/mapper/truecrypt2  961431816 726129220 186464612    80% /fs3
/dev/mapper/truecrypt3  1922858096 482702424 1342480088  27% /fs4
/dev/mapper/truecrypt4  1922858096 482702412 1342480100  27% /fs5



== Disk Replication / Rsync Disks ==

In order to keep your disks in sync, put a rsync script in cron which syncs your file systems

# m h  dom mon dow   command
00 01 * * * /fs2/rsync.sh


== rsync.sh ==

#!/bin/bash -x
rsync -a -v --delete /fs2/ /fs3
rsync -a -v --delete /fs4/ /fs5



== Samba / File sharing ==

Once you have your disks up and running, you now need to setup samba.

# Edit /etc/samba/smb.conf and add your shares. See a example of [[smb.conf]] here.
# Restart Samba /etc/init.d/samba restart
# Try connecting from your PC to your NAS Server IP and your share name.

Also check out GeekyFrog for additional reviews of products and items http://geekyfrog.com  Neat reviews of new products and other things.


Category: | 0 Comments