Skip to content

Archive for 2011

15
Dec

A poor man’s https, using ssh to secure web traffic


Sometimes you get a web-hosting environment that only serves non-ssl (http) content. If you need to do any type of management through tools like phpMyAdmin, then you can see the problem with this. All it would take is someone on your network or on the Internet to sniff the traffic and retrieve your username and password, then they too can do a bit of “management” on your site.

If you also have secure shell (SSH) access, then there is a way to manage your site securely by using SSH’s venerable port forwarding (SOCKS). The trick is to tell your management tools to only listen or respond to connections coming in over SSH instead of normal traffic.
Read moreRead more

8
Dec

SSH as a socks proxy

Recently there was a need to visit a US based website to verify some personal information. Apparently there are ‘rules’ about who is geographical allowed to get access to the site which means that a citizen of said country cannot access the site from outside of the US.

I will not get into the absurdity of such security mandates, instead we will go around the problem and get our information that bureaucracy tried to prevent.

The general idea is to use a proxy inside the US that will allow us to hop over the geographical firewall. I do not trust open proxies by default because of their ability to sniff traffic. I do however have access to a secure shell (SSH) in the US that I can use.
Read moreRead more

24
Nov

Better password security through length

As comically seen on xkcd, a password’s length is more important than its complexity. What we should take away from the comic is that short but hard to remember passwords are easiest to crack while long and easy to remember passwords are harder to crack.

Try for yourself with my online password cracking calculator.

As an example, we will compare two passwords: “Tr0ub4dor&3” and “correct horse battery staple”. We will assume that a brute-force machine that can theoretically do 200,000,000 guesses per second, which is more pessimistic than a machine with four ATI HD 5970s at 22,400,000 guesses per second. It would take such a machine about 242,243,228 days to guess “Tr0ub4dor&3”. It would take the latter password 9.62×10^41 days to guess.
Read moreRead more

17
Nov

Asymmetric networking using Linux

The idea is simple, two subnets (separate networks) and then route packets from one to the other. The environment, however, is not symmetric. We wanted to contact a node on the other subnet and we could see the packets travelling over the switch to the router back through another switch to the node, but the node itself refused to reply.

Each node has two NICs and each NIC is connected to a separate network. If you try to connect or ping one node from another, Linux is smart enough to go directly over the NIC with the right network. If a NIC should ever fail, the failover is that the packets are then routed up one network to the router then over to the other network.
Read moreRead more

14
Nov

Wireless BCM4312 3.2 kernel

Broadcom Chipset BCM4312

Since there is an Ubuntu package ‘firmware-b43-lpphy-installer’ which is up to date and will work against the 3.0 kernel, my earlier posts are obsolete. If you are not running Ubuntu, then you will still need to reference my post.

The latest 3.2 Linux kernel however has a few ABI changes, most notably in the network stack which effects the Broadcom’s wl module. Most notably is: .ndo_set_multicast_list which was replaced with .ndo_set_rx_mode.

Read moreRead more