As far as I have an active life I use often open Wi-Fi networks(for example, at the university or hotspots). Once I realized that it is not at all safe to use the open networks without encrypting my data . At home I use AES encryption with a password over 60 characters, at the university on the contrary, I call my mails easily, although I know that there is no encryption in network.
My goal was, therefore, to find a possibility to encrypt my data before sending it over the network. It was quite clear that an intermediate point was needed. My Linux server was certainly appropriate but I had to adapt the acrossing platforms, because I am on my laptop was running Windows. One of the possibilities was to configurate Squid in a way that the data be encrypted. This is not so easy as you might think, and also I had Squid set up for the other purposes. After a brief search I found a simple solution. This is based on SSH tunneling principle. The only thing was that SSH was not a default protocol of Windows, so you should rely on Putty.
Everything you need to do is to create a new session and to add under the “Tunnels ” a new “Tunneling port” (eg 7070). You should set Radio buttons on «Auto» and «Dynamic», choose the connection through Socks5 by Firefox as a host you will get 127.0.0.1 and as a port 7070. It is easier than setting up VPN or Squid-SSL encryption, is´t it?
Open WLAN and security (Windows)
February 9th, 2009Quake as a browser game
January 12th, 2009I’m always skeptical when I read about browser games. You can’t compare the level of those games with conventional computer games. Most of them are at the level of the beginning or middle of the nineties. The graphics are often drawn by hand, the interaction is implemented with the text-based mode. Although I love those games, like Monkey Island or Goblins, but the time goes forward and the technologies are constantly evolving, so I see no reason to focus on the ways of the past century.
When I read about Quake as a browser game, I thought first that it is not to bad with the browser playing, as I presented it to me. Indeed, an offering of game like Quake III Arena for all players in the world for free is not only a challenge for Flash programmers, but also for the hardware, which should be available to support playing of a large amount of people at the same time. Of course I wanted to try the game immediately. But I was not able to do this. First, I need to register. This is not a problem. But why they want to know my real name?. This is really not very useful anyway because they can not verify whether I enter real data or not.
But what I see there? I was with my optimism seems a bit too early. The site told me that there are 25,817 players that are in the queue, in order to play Quake.
Assuming that they are only interesting to try out the game for one minute, then I will wait 18 days before I can play. It’s really funny 
Technical problems at 1 & 1
December 16th, 2008For Several days, the Internet did not work at my home. Multiple IP addresses were not reachable. First I thought that the problem is on name resolution service. Using tracert I could find that the packets could not forwarded by a router at a certain point of way. After a short search in google, I found out that this is a well known problem that occurs not for the first time. There was no any solution, for this problem. The only thing I could do is – wait.
Or maybe not? Of course not! Fortunately, my server, also at 1 & 1 is reachable. I am logged on Putty and tried to open a website with the help of lynx, that I could not reach from my home PC. That went smoothly. The viewing a web page using lynx is not a solution that I need. That’s why I decided to setup a proxy server. I had not any experience with proxy servers, that’s why I asked the Linux community for help. The help was quick, but as always too short. They recommended me a Squid proxy server. As a guide I should use “man squid“. I must admit, I hate manuals that are written in the style of “man”. So I searched for a short and understandable HowTo. Fortunately there are lots of them in the web. I needed about an hour to understand how everything works. The hardest part for me was setting up the password prompt. The location of program ncsa_auth was known for me and I could not find it with help of „find“ command. But when I found this program, I made the setup very quick. After this point I was able to use Internet and view any web site without a problem.
How secure is your Windows machine?
November 30th, 2008Yesterday, I decided to test my work computer for viruses. The last test I made when I still had Avira as antivirus solution. For several months I use Kaspersky Internet Security 2009 but since that time I had not yet complete any tests of the running system.
Although KIS found no malicious software, it found a lot of vulnerabilities. The new version of Kaspersky apparently seeks not only for viruses or Trojans, but also examining the whether installed on the system software up to date and has no security gaps. Here were my failings clearly visible. From the report I learned that my system has not only a one version of Flash player installed, but also two older versions (8 and 9). There were also a few programs that are written in Java and had an independent Java Runtime Environment. This two programms had JRE not up to date and were a serious security vulnerability. An Attack with the help of such JRE is rather unlikely, because these programs are not as widespread (For example Brockhaus encyclopedia), but in the case of a targeted attack, it would have disastrous consequences. The fact that I work with rights of a user, would not help in this case. Overall, KIS found in my system a dozen of such gaps.
The reason why there are so many gaps in my system, is that I have except a work computer, 2 other computers at home. I was not able to maintain an overview of all of my installed programs, and so it came to such negligence. There were no viruses or Trojans found on my system, but such a vulnerability that could certainly be exploited to access the system. I am really pleased that Kaspersky offers such feature.
Up-to-date is the key to security
September 29th, 2008A major disadvantage of Windows operating systems is that there is no centralized software-based solution that would take care of actuality of a software of third party developers. In the Linux world is such software since long time a part of the operating system. SuSE Linux Yast does this function, Debain offers APT numerous graphical user interfaces (for example Synaptic).
As an administrator of a Windows operating system, it will become increasingly difficult over time, to keep the overview of the installed software. Precisely for this reason, the developers from Secunia developed a software called Secunia PSI. This program is, according to the manufacturer is able to review more than 4700 applications and the quantity of the database is growing with each day.
The program works like this: it collects information about the system and transmits it via an encrypted HTTPS connection to the server where the data is finally evaluated.
Secunia PSI is still in beta and does not yet entirely reliable. There are still problems with programs that run without installation, because Secunia PSI is not able to find it. Although, I found the program very helpful. I was able to recognize, for example, that my WinSCP-Installation is very old and it was very importnant for me. The program is also free for private use and I find thic fact very positive.
ZoneAlarm blocks the internet connection after Windows Update (KB951748)
July 16th, 2008This update was developed for Windows XP and Windows 2000, to block the use of static source ports for DNS requests, because the hacker were able to guess and falsify the transaction-ID of DNS queries with a very high probability.
Although this problem was known since a long time and several software vendors worked together with the aim to find a solution, Checkpoint, the maker of ZoneAlarm, was obviously surprised. After the installation of the above update, ZoneAlarm blocks all connections, so there is no name resolution possible and the Internet activity is paralysed. I had this problem yesterday, when I started my notebook. I knew already that such problem is exists, but I thought that I will not have this problem on my laptop. But because Windows Auto Update on my computer is on, the update was downloaded and installed on my computer automatically. As a result, I could not access the Internet. The problem was solved by getting firewall on “Medium”, then I could update ZoneAlarm to the latest version. Despite the rapid solution, I am very disappointed that I had experiencing this problem. It could occur not at home, but at work, while presentation of some product to my customers. It would be very unprofessional act and I’m sure that the customers would see the source of the problem not at Checkpoint, but at me.
How to access linux file system under windows
June 26th, 2008I have on my computer both Linux and Windows Vista installed. It’s very convenient because I need both systems from time to time for certain purposes. However, because my data is stored on different partitions, I must constantly switch between the systems, if I need certain data. The reason for this problem lies in the fact that Linux and Windows systems are using different file systems. All current versions of Windows set on NTFS. Linux use mostly EXT3. I can access from Linux to NTFS partitions, but I can not write on NTFS. If I’m on Windows, I can’t read or write on EXT3 partition.
I tried to find a simple way to find a solution for this situation, how could I get access from Windows to Linux partition. After a short time, I found this solution.
There are at least two programs that gain an access to EXT3.
One of them is DiskInternals Linux Reader. This program works under Windows 2000 and above. It supports files that are larger than 2GB.
Another program is called Ext2 IFS for Windows. The author of it is Stephan Schreiber. It also works on all versions of Windows and works with files that are larger than 2 GB too.
Linux Reader is a very practical tool with a user-friendly GUI. This is a great for accessing data from Linux partitions. But if you need a write access, you will need Ext2 IFS for Windows. After the installation of Ext2 IFS, you can use linux drives as ordinary drives. They could be accessed as well as the Windows drives.
Actually, there is a possibility to get a read and write access between NTFS and EXT3. It is possible if you use a FAT32 file system. The problem of this solution is that this file system supports files that are not bigger then 4 GB.
Regular expressions
May 8th, 2008
Regular expressions are widely used and provide a filter criterion, in which the expression in the form of a pattern is matched.
That’s the theory …
In practice, the regular expression often used, for example, to filter strings or to create a rewrite rules for Apache. To understand the regular expressions, you must lern the EBNF. In this topic I would like to explain the basics, so that you could understand how the regular expressions work:
| – Pipe symbol stands for logical “or”.
() – Round brackets indicate a grouping.
e.g. (a | b) stay for „a or b“.
[] – The square brackets define a range of characters that can occur. For example, [0-6] means that there is a number from 0 to 6 can occur.
[a-z] would mean that there is a small letter of the alphabet can occur.
You can also combine: [a-zA-Z0-9] would mean that any Latin letter or any number can occur.
[^ f] – A ^-symbol before a character means an exception, it could occur any symbol expect f.
. – Point stands for „any character“. (Note, if you would like to match point self, you should mask it with a backslash “\.”).
? – The term with question mark is optional.
Example: (aaa) (abc)? All of the strings with the phrase “aaaabc”, but also just “aaa” will be matched.
+ – The expression occurs at least once, but it can also occur many times.
Example: (aaa) + – This allows strings “aaa”, but also “aaaaaa” or “aaaaaaaaa” etc.
* – This expression can occur many times, but it is not required.
For example [a-z] *
{min, max} – This rule define how often the expression may occur.
For example, [0-9] (1.2) would mean that a number from 0 to 9 could occur at least 1 times and not more than 2 times.
If you have problems and do not know where the your mistake, I recommend the program The Regex Coach, so you can operate wonderfully debugging and error.
Gateway antivirus software
August 7th, 2007The main problem is to find a solution for windows that is good and not very expensive. At the moment I read about solutions from CA, F-Secure and Trend Micro. Perhaps know somebody a solution for SBS that are cheap and good at the same time?:-)
Antispam-Solution for Exchange
July 17th, 2007If some important e-mail address of your firm is an aim of spammer, you have a problem.
It is impossible to delete or rename such e-mail addresses as info@domain.tld or webmaster@domain.tld and that’s why it is needed to find some other way to protect e-mail and reduce spam.
Some time ago I have this problem on my to-do-list. My aim is to find a solution, which is able to act against spam not only on client side, but on server side too.
The most simply and free solution that I tried at first is an Intelligent Message Filter (IMF) by Microsoft.
IMF is since Service Pack 2 for Exchange Server a part of Exchange Server. This filter detects approx. the half of spam mails. For me is a good result, because of the big amount spam.
But because I had some false positives on level 4, I can’t increase it any more.
Some other solution that I will test in near future is ASSP.
I don’t know anything about how powerful is ASSP, but I’ll test it and tell about my experience.