Sunday, 13 April 2014

How to be secure using the Internet - a simple guide

With the recent publicity surrounding the Heartbleed bug in the media it has highlighted the importance of being secure on-line. Aside from the Heartbleed bug there have been many high profile companies which have had major security issues with massive amounts of credit card records stolen. Target and Adobe are two of the most high profile examples. In the case of Adobe the numbers of users affected is believed to be 38 million.

On-line security can feel like an impossible task but in many ways its similar to a car. There are a number of things you can do to reduce the risk you will have your car broken into. For a car not leaving valuables on display and parking in a well lit area are things we take for granted as common sense. In this article I am going to discuss some simple strategies to help keep you safe on-line.

1. Software Updates

This is the easiest and most underestimated task. If you frequently feel getting updates for Java, Windows or other software is annoying its important to realize that its vital these updates be applied ASAP as they usually contain major security fixes to recently found vulnerabilities. The same is true on any device that is connected to the Internet e.g. smartphone, tablet, TV.

2. Password Manager

Best practise for passwords on the Internet is always to use a different and difficult to guess (numbers + non standard characters) passwords. Over time with more services on the Internet this becomes impossible as how can you remember over 100 unique passwords? The answer is to use a Password Manager. There are many options available on the market and you can research the best password manager for your needs. Many password managers have security alerts and password generators as features.

3. Multiple accounts

Have multiple email, Facebook, Twitter and similar accounts that you can use when you are required to sign up for a service or promotion. In this way it will ensure that your primary email and Facebook account will not be targeted by spam. Also if the service you sign up for is hacked they will not have your primary account information.

4. Personal information

On social networking sites like Facebook set privacy settings as high and do not share birth dates (including the year) as this can make it easier to answer security questions. If you do not require to provide your email or Facebook account to sign up to a new service create a new unique username and password to protect your identity.

5. Restrict use of public WiFi

Never use public WiFi for any financial transactions if at all possible. Anyone who is in the same coffee shop as you are could potentially access your information and you would never know. Restrict usage just for information e.g. Google or a news web site.

6. Be on the lookout for Phishing scams

Be careful on emails that are sent to you and do not open any attachments from people you do not know. Be careful with emails relating to financial information and account information resets.

7. Always use HTTPS when browsing  

When browsing the Internet always use the secure https:// rather than http:// version of a web site/. This ensures that your communications are encrypted. A good plugin that will automatically perform this is HTTPS Everywhere from the Electronic Frontier Foundation.

HTTPS Everywhere - great simple browser extension to keep data safe

Over the weekend at Linux Fest North West I attended a great talk given by the Electronic Frontier Foundation on Internet security. It touched on a few themes but the one I found of most benefit was a free extension called HTTPS Everywhere that they developed.

The premise is that you likely go to a web site direct from a search engine and just click on the link that appears. You may not be aware there is an https version of that web site. The extension will automatically redirect you to the HTTPS version of the site, even though you clicked on the HTTP link.

One example given in the talk was Wikipedia who have a HTTPS version of the site. Why would you want to use a secure version of a site that hosts public accessible inforemation? The reason is you would like to protect your privacy e.g. looking up symptons for a disease or party political related information.

With the browser extension for Firefox or Chrome installed when you open an HTTP link that the extension lists in its DB, it automatically redirects to the HTTPS site.

I have been using it for a week now and its great. You can download it here for Firefox and its also in the Chrome store. There is an extensive FAQ that gives more detailed information if you are interested.

You can now enjoy a more secure web web browsing experience :)

Capture packets in Ascii and grep on traffic

There is so many different features to tcpdump for packet captures which can be used in many situations. Recently I wanted to capture traffic and grep on a certain string in the packet.


  •  On Linux Mint or Ubuntu :
$ sudo apt-get -y install tcpdump


  • To capture all http web traffic (port 80) containing ''

$ sudo tcpdump -i eth0 -A -nn -vvv -s 0 port 80 | grep -e ''

  • Either open a browser or use 'wget'
 $ wget

  •  The capture will show for example
 $ sudo tcpdump -i eth0 -A -nn -vvv -s 0 port 80 | grep -e ''
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
<body id="www-wikipedia-org">
<form class="search-form" action="//">

  • It can be more useful to direct to a file :
  $ sudo tcpdump -i eth0 -A -nn -vvv -s 0 port 80 | grep -e '' > $HOME/tmp/wikipedia.tmp

  •  Note on some Linux systems you may need to direct all ASCII traffic to a file as the redirect after the grep may not work

 $ sudo tcpdump -l -i eth0 -A -nn -vvv -s 0 port 80 > $HOME/tmp/wikipedia.tmp

  •  To sort by uniq values and count the amount of occurrences in columns
$ grep "" wikipedia.tmp | grep href | sort | uniq -c | sort -nr | head -n 2

1 <span lang="no">Norsk (<a href="//" lang="nb">bokm..l</a>&nbsp;... <a href="//" lang="nn">nynorsk</a>)</span>&nbsp;...
1 ..&..O.. href="//" lang="chy">Ts..hesen..stsestotse</a>&nbsp;...

Generate random MAC Address with bash on Linux

It can be useful to be able to quickly generate a Random MAC address with virtual environments like KVM. The following is a method which always sets the first octet as 00 which can be set as required. 

$ MACAddress=$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/00:\2:\3:\4:\5:\6/')

$ echo $MACAddress

How to install execstack on Ubuntu and Arch Linux

Execstack is a great tool for learning and training on Linux. It is  a program which sets, clears, or queries the executable stack flag of ELF binaries and shared libraries. When I was looking to install it I took me a bit to find which package to install it in. You can install with :


$ sudo apt-get install prelink

Arch Linux

$ sudo pacman -S prelink