Countdown

265 days since the Man burns....

information security

Linux Server Hacks - O'Reilly Press, Hack #67

Oct
24
One of my absolute favorite server hacks.  This requires that you have already setup SSH keys for authentication instead of passwords.  

Hack #67. Turbo-mode ssh Logins



Even faster logins from the command line



If you've just come from the previous hack, you've only seen half of the solution! Even with client keys, you still have to needlessly type ssh server every time you want to ssh in. Back in the dark, insecure, unenlightened days of rsh, there was an obscure feature that I happened to love that hasn't (yet) been ported to ssh. It used to be possible to symlink /usr/bin/rsh to a file of the same name as your server, and rsh was smart enough to realize that if it wasn't called as rsh, that it should rsh to whatever name it was called as.



Of course, this is trivial to implement in shell. Create a file called ssh-to with these two lines in it:


#!/bin/sh 
ssh `basename $0` $*


(Those are backticks around basename $0.) Now put that in your PATH (if ~/bin doesn't exist or isn't in your PATH already, it should be) and set up symlinks to all of your favorite servers to it:

$ cd bin $ ln -s ssh-to server1 $ ln -s ssh-to server2 $ ln -s ssh-to server3

Now, to ssh to server1 (assuming you've copied your public key over as described previously) you can simply type "server1" and you'll magically end up with a shell on server1, without typing "ssh," and without entering your password. That $* at the end allows you to run arbitrary commands in a single line (instead of spawning a shell), like this:


server1 uptime





Linux Server Hacks



by Rob Flickenger

Published by O'Reilly Media, Inc., 2003
Posted By kyrka read more

Enable Two-Factory Authentication for Safety/Security

Sep
01
It's a jungle out there.  Protect yourself.  
Two factor or two-step authentication is your new friend until we figure out a better scheme than passwords. (http://en.wikipedia.org/wiki/Two-step_verification)

Here's how to turn on two-factor authentication on the most popular personal cloud storage services:

Apple iCloud

  1. Login to My Apple ID.
  2. Pick "Manage your Apple ID and sign in"
  3. Select "Password and Security"
  4. Under "Two-Step Verification," select "Get Started," and follow the instructions.

Note: Be aware that when you change your Apple ID to two-factor authentication, it's a one-way journey. You can only change your password afterwards by using the two-factor method.

Dropbox

  1. Sign in to Dropbox.
  2. Click on your name from the upper-right of any page to open your account menu.
  3. Click "Settings" from the account menu and select the "Security" tab.
  4. Under "Two-step verification" section, click "Enable."
  5. Click "Get started" and follow the instructions.

Note: You will need to re-enter your password to enable two-factor verification. Once you do, you'll be given the choice to receive your security code by text or to use a mobile app.

Google Drive

  1. Login to Google from this link.
  2. Enter your phone number.
  3. Enter the code that you'll get from either a text or a voice phone call.
  4. Follow the instructions.

Note: You will need to get a new code for each PC or device that uses any Google services. For some services, such as Gmail when accessed on an Apple device or by a mail client or some instant message clients, you'll also need to set an application specific password

Login to your Microsoft Account.Microsoft OneDrive

  1. Go to "Security & Password."
  2. Under "Password and security info," tap or click "Edit security info."
  3. Under "Two-step verification," tap or click "Set up two-step verification."
  4. Click "Next," and then follow the instructions.

Note: Microsoft may require you to enter a security code that the company will send to your phone or email before you can turn on two-step verification.

Posted By kyrka read more

Wireless Security Focus

Dec
01
My brand new Samsung Galaxy S4 4G-LTE Smart Phone activated on Black Friday. This is the free version of the Verizon Wireless "VSP" application or "Verizon Support and Protection", protecting me from Bad Things(tm) on the Internet.

As my friends and family may or may not already know I recently transitioned to work in this segment of the wireless industry. Working with new technology has always provided me a great deal of excitement throughout the years, particularly when I see technology succeed in augmenting or enhancing life - making mundane tasks easier, simpler, and perhaps even fun!

Posted By kyrka read more
Subscribe to RSS - information security