Installing Linux Kernel v4.10

I started using CentOS over several other Distros that I have been testing ever the years. I still have an Ubuntu laptop just to keep up to date with things seeing that it’s one of the most popular ones.

I’ve covered installing Kernels before but I wanted to refresh that topic and include how to do it on CentOS.

Continue reading Installing Linux Kernel v4.10

Netgear Router Security Update

Netgear noted that several of their routers have a command injection Vulnerability issue where an attacker can use a phishing method to gain control of your router.

Tip:
To find the model/version number, check the bottom or back panel of your NETGEAR device.

From the vulnerability Notes Database:

R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 1.0.7.2_1.1.93, R6400 version 1.0.1.12_1.0.11, and R8000 version 1.0.3.4_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277.

By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http:///cgi-bin/;COMMAND

Continue reading Netgear Router Security Update

Bringing down the Net?

Security expert Bruce Schneier recently talked about how someone is learning how to take down the internet. We have seen lots of companies talk about attacks on their infrastructure, breaches, hacking and stealing accounts, etc. As per the companies, it seems name of the attacks are made out to seem like probing for ways to get into networks and do harm.

It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.
– Bruce Schneier

Continue reading Bringing down the Net?

Researchers find over 100 spying Tor nodes

Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites

When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to. Continue reading Researchers find over 100 spying Tor nodes

Linux Kernel Zero Day Vulnerability CVE-2016-0728

This vulnerability has existed since 2012 and it affects Android and Linux systems running Linux Kernel version 3.8+, and Linux server or desktop running kernel 3.8+ is vulnerable.

As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets).

How do I fix this?

First some background on what the CVE-2016-0728 bug is. From the Perception Point Research Team

CVE-2016-0728 is caused by a reference leak in the keyrings facility. Before we dive into the details, let’s cover some background required to understand the bug. It can successfully escalates privileges from a local user to root.

Continue reading Linux Kernel Zero Day Vulnerability CVE-2016-0728

Ubuntu and Debian End-of-Life Timeline

Ubuntu

Standard Ubuntu releases are supported for 9 months and Ubuntu LTS (Long Term Support) releases are supported for five years on both the desktop and the server. During that time, there will be security fixes and other critical updates.
Continue reading Ubuntu and Debian End-of-Life Timeline

SSH Private-Public Key Auth for Linux and Mac

First Things First

First off, let’s talk about SSH keys and Security real briefly so that you can understand a bit more about what’s going on here and why it’s important. With all the issues happening in today’s digital age, everyone needs to start thinking about and taking one thing very seriously. You know, all the hacking and spying going on around us all.

One of the ways you can accomplish that is by using stronger encryption methods, in this case … SSH Keys or Public Key Cryptography. One of the major things is the key size. 1024 was common but that has long been hacked and not used anymore for websites and other public; so logically many are moving on to 2048 and even 4096, which is what I use.

SSH Keys provide a much more secure way to log into your servers than using passwords. While passwords can be easily broken by brute force attacks, SSH Keys way more difficult and if using a higher key can be almost impossible to decipher.

How does it work?

Generating a key pair provides you with a Private and a Public Key. You place the public key on a server you will connect to leaving the private key on your machine. When you SSH to your server you will not need to enter your password as your public key will be unlocked by your private key and you will be verified and allowed to get in. Continue reading SSH Private-Public Key Auth for Linux and Mac

Apple iOS Apps

So I’ve been writing articles for a while and I never really spent time to put together something that lists apps for Apple devices. So here’s my first run in no particular order.

Lookout – Backup, Security and Missing Device

by: Lookout, Inc.
Don’t lose your iPhone or iPad again! Lookout is the best way to protect your precious iOS device from data loss, theft and other threats that put your personal information at risk.
Download from App Store

Norton Mobile Security – Lost Phone Finder

by: Symantec
Norton Mobile Security delivers powerful, effective protection for your iPhone and iPad against theft and loss. Remotely locate your phone from any place with an Internet connection or set off an alarm on your lost device.
Download from App Store

Free VPN – Onavo Protect

by: Onavo, Inc.
Onavo Protect helps keep you and your data safe when you browse and share information on the web. This powerful app helps keep you safe from malicious, phishing and unsecure mobile websites. It also helps secure your details when you login to websites or enter personal information such as bank accounts.
Download from App Store

Workflow: Powerful Automation Made Simple

by: DeskConnect, Inc.
Workflow is your personal automation tool, enabling you to drag and drop any combination of actions to create powerful workflows for your iPhone, iPad, and Apple Watch.
Download from App Store

Inbox by Gmail – the inbox that works for you

by: Google, Inc.
Inbox by Gmail requires an invite. Email inbox@google.com to request one. Your email inbox should help you live and work better, but instead it often buries the important stuff and creates more stress than it relieves. Inbox, built by the Gmail team
Download from App Store

Hours Time Tracking

by: Tapity, Inc.
Free for a limited time, celebrating the Apple Watch version. Hours is the time tracker you will use.
Download from App Store

RunKeeper – GPS Running, Walk, Cycling, Workout and Weight Tracker

by: FitnessKeeper, Inc.
Track your run pace, measure workout distance, chart weight loss, crush training goals and more with LifeHacker’s Best Running App! RunKeeper is the simplest way to improve fitness, whether you’re just deciding to get off the couch for a 5k, biking every day, or deep into marathon training.
Download from App Store

Calorie Counter & Diet Tracker by MyFitnessPal

by: MyFitnessPal.com
Lose weight with MyFitnessPal, the fastest and easiest-to-use calorie counter for iOS. With the largest food database by far (over 5,000,000 foods) and amazingly fast and easy food and exercise entry, we’ll help you take those extra pounds off!
Download from App Store

Minecraft – Pocket Edition

by: Mojang
Play the biggest update to Minecraft: Pocket Edition so far! It’s the overhaul of a generation. Download it now and see for yourself! Minecraft is a game about placing blocks and going on adventures.
Download from App Store

Quick Scan Pro – Barcode Scanner. Deal Finder. Money Saver.

by: iHandy Inc.
Quick Scan Pro – Find the lowest price for any product! Ever want to shop wiser? Quick Scan will be your best shopping companion. Just a fingertip away, low prices and product details from 1000+ online shops and local retailers en route to you anytime, anywhere.
Download from App Store

Map My Walk+ – GPS Walking and Step Tracking Pedometer for Calories and Weight Loss

by: MapMyFitness
Start walking with the MapMyWalk+ community. Record GPS-based activities to view detailed stats; connect with 400+ devices to import and analyze all your data in one place; log over 600 different activity types.
Download from App Store

OmniFocus 2 for iPhone

by: The Omni Group
OmniFocus for iPhone brings task management to your fingertips. Keep track of tasks by project, place, person, or date. With OmniFocus for iPhone, you’ll always have your important information at hand, whether it’s a shopping list, agenda items to discuss at work, things to do at home.
Download from App Store

OmniFocus 2

by: The Omni Group
Now a Universal iOS App with Apple Watch Support! OmniFocus for iOS brings the in-depth task management features of a desktop app to your fingertips. With flexible viewing options, location awareness, and on-the-fly task entry from just about anywhere.
Download from App Store

Mail+ for Outlook

by: iKonic Apps LLC
Securely access Outlook Email and Calendar – #1 Outlook/Exchange Email App – Top 5 business apps, peaked at 55 overall. Keep your work and personal email accounts separate.

Duolingo – Learn Languages for Free

by: Duolingo
Duolingo is Apple’s 2013 App of the Year! Learn Spanish, French, German, Portuguese, Italian, Irish, Dutch, Danish, Swedish, and English. Totally fun. Totally free.

Learn Spanish – Brainscape

by: Brainscape
Did you know that you may be wasting a huge portion of your time learning Spanish due to inefficient learning methods? Let me tell you how you can learn FASTER. It’s all about a new technique called Intelligent Cumulative Exposure.
Download from App Store

How to Cook Everything

by: Culinate, Inc.
This first-of-its-kind app of the bestselling cookbook—How to Cook Everything® from New York Times columnist Mark Bittman—has 2,000 recipes, 400 how-to illustrations, and a host of features that appeal to cooks on the go.
Download from App Store

That’s it for now. I will be adding more lists over time.

How to Encrypt an Android Device

Privacy, Security; two words that you hear a lot these days after the Snowden Incidents and with all the Govt snooping, corporate data mining and all those data leaks like Target and Home Depot. More than ever, protecting your data and privacy should be a top priority to each and every one of us. With new tactics being employed all the time, we have to keep up with the game and encrypting your devices is one way to do just that.

What is Encryption

TechTarget has an awesome article on this.

Encryption is the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties. The word encryption comes from the Greek word kryptos, meaning hidden or secret. The use of encryption is nearly as old as the art of communication itself. As early as 1900 BC, an Egyptian scribe used non-standard hieroglyphs to hide the meaning of an inscription. In a time when most people couldn’t read, simply writing a message was often enough, but encryption schemes soon developed to convert messages into unreadable groups of figures to protect the message’s secrecy while it was carried from one place to another. The contents of a message were reordered (transposition) or replaced (substitution) with other characters, symbols, numbers or pictures in order to conceal its meaning.

Why Encrypt your phone

As described above, encryption scrambles all data on your phone in an unreadable format so if you loose your phone your data will remain secure. The basics of how this works is that at boot time you will have to enter a password or pin to unscramble (un-encrypt) your phone. If someone does not know your password or pin they cannot access your device nor data. An attacker won’t be able to access the data without the encryption key. with that in mind; if someone really wanted access to your data, they could employ the freezer attack. This basically employs freezing your device’s ram so it takes longer for the encryption key to be erased from RAM. 

If you recall Snowden made light of a little project called Prism, where Verizon and the Govt were working together to allow data mining. That is, they have been going through the call records of Verizon’s approximately 99 million users looking for, well, anything! and if you think that Verizon is the only place this has been happening then I got bad news for you. 

 Some recent legal rulings have suggested that encryption can protect against warantless searches. The California Supreme Court has ruled that police officers can lawfully search your cell phone without a warrant if it’s taken from you during arrest – but they would require a warrant if it was encrypted. A Canadian court has also ruled that phones can be searched without a warrant as long as they’re unencrypted. You may want to do your own searches to better understand these legal items or contact your attorney if you have one.

How do I encrypt my Android

You should have at least a pin, password or swipe pattern or even face or voice recognition setup right? If you are using any lock screen widgets, disable them ASAP; they can disclose your location and other sensitive information about you.

Before we continue

Some forewarning before we proceed.

  • Encrypting will cause your device to work a bit slower, not by too much tho. However, depending on your actual device it may be noticeable. Most newer devices shouldn’t make that much difference.
  • Encryption is one-way so if you loose your key or would like to go back to using a non-encrypted device then you will have to wipe your phone and restore to factory settings.

The encryption process should take about an hour or more depending on how much data is on your device. So, let’s start:

  • Go to Settings
  • Click Security
  • From the options, choose Encrypt Device or Encrypt Phone
    • Note that in the Security settings screen you can also choose to encrypt an SD card.
  • Enter your password (must be at least 6 characters with 1 number)

You’ll see a progress indicator appear. After it’s done, your device’s storage will be encrypted. You’ll have to enter the PIN or password each time you boot your phone or its storage will be unreadable, so don’t forget the password! Android uses dm-crypt, which is the standard disk encryption system in the Linux kernel. It’s the same technology used by a variety of Linux distributions.

That’s it, go enjoy your newly encrypted and secured Android phone.

Richard Stallman discusses Copyright at UofC

Richard Stallman lecturing about copyright at University of Calgary on 2009-02-03. Free/Libre formats & raw footage can be found here, as per Stallman’s request. (Transcode-SR1 contains wireless mic audio.)

Links