Here is an easy and cheap way to recover your laptop if it was ever stolen and if you did not want to pay for a laptop lojack service. Such services cost about $50/year and they guarantee recovery of your laptop, remote hard drive deletion and sometimes up to $1000 if the laptop cannot be recovered. The problem I have with it is that you may end up spending $50/year and never lose your laptop just because you may never use it outside of your home.

So what is the dirt cheapest way to recover a laptop if it was ever stolen? If the thief does not erase the hard drive before connecting the laptop to the Internet, then a free dynamic DNS client may just do the trick. http://www.no-ip.com and http://www.dyndns.com offer free dynamic DNS services. You can create a free account and download one of the many free DNS clients whose purpose is to send and update the current IP address of your computer to the free dynamic DNS service. Such services are often used to host web services or remote back onto home computers.

If your laptop were to be stolen and connected to the Internet, the DNS client would immediately send the laptop IP to the DNS service. The IP address can be used by authorities to locate and recover your laptop. Easy? Full proof? No, but it is probably the easiest way to get some useful information about your laptop location. You can always do better. You could use www.gotomypc.com to be able to remote back into your stolen PC and maybe turn the webcam on and take a picture of the thief, or look at documents the thief may have created or websites the thief may have gone to. Such information may lead to a face, a name or an address.

Posted by |-Fidem-|

The DoD deadline for upgrading all of its network infrastructure to IPv6 is quickly approaching. By the end of the month, all of DoD's Network infrastructure should be using the new IP standard, but are they really on track? In the meantime, China is also planning to convert all of its infrastructure to IPv6 across the country.

Don't be surprised if you have never heard of Ipv6, many network experts are still having a hard time with it, most of them have never even considered looking into it yet. If you are familiar with IPv4, an IP address looks something like 192.168.1.100 and for many is simple to remember. The equivalent IPv6 address looks something like fe80::213:2ff:feba:41ad/64 and forget trying to remember it!

We will soon see colleges and private training companies tarting to teach IPv6 classes and IPv4 to IPv6 migration courses. You can read about IPv6 on your own here and here.

Posted by |-Fidem-|

There are many different ways to remotely access your home PC. The easiest way to do so requires just a browser, an Internet connection and a free account with LogMeIN

LogMeIn is available for free for personal and home use and it is compatible with PC and MAC. It requires no special configurations, it is easy and quick to setup and it provides security through encryption.

What do I use to login to my home PC? As paranoid as I am, I first create a SSH tunnel to my Linux box whose SSH server listens no a non-standard port and requires certificate authentication. Then, I forward RDP or VNC over the SSH tunnel based on which PC I need to connect to. I also use DynDNS to keep track of my home IP address.

Why don't I use LogMeIn? Because I am a geek who likes to complicate the whole process and enjoys spending hours trying to figure out how to make something more difficult work.

Posted by |-Fidem-| 

The streetview feature of Google Maps and Google Earth provides close up street level imagery. Google's streetview cars have been pretty busy lately taking pictures all around Hampton Road. The hunt has now begun to look for funny and interesting images. I was able to find my car parked by my house and see my next door neighbor walking by it. Steerview images outside my work building show some of my coworkers by the building entrance. Many websites such as this one have put together lists of top google streetview sightings, and youtube shows a funny one here

Posted by |-Fidem-|

A new type of virus encrypts files on your computer and then leaves you a ransom note. Once you pay the ransom, the hacker may, or may not send you the decryption key. Talk about personal and corporate extortion! Such malware usually enters your computer when you open or execute an infected email attachment. You can also get the virus from many other different sources. What can you do about it? Backup your important data!

Posted by |-Fidem-|

There is a lot of hype today as Apple fanatics and investors around the world await the kickoff the Apple Worldwide Developers Conference in San Francisco. Apple CEO Steve Jobs is expected to showcase the new iPhone development kit and possibly a new and improved iPhone with 3G and enterprise capabilities today at 10am. Apple plans to sell 10 million phones this year compared to the 6 million of last year. Oddly, Apple shares (AAPL) fell 2% last Friday.

In the meantime, the old iPhone models have been pulled from the Apple online store. This is a signal that Apple is preparing to stock its store with the new model.

Posted by |-Fidem-|

Here is a controversial topic that divides many information security practitioners and experts. Those who follow Auguste Kerckhoffs' principle agree that “The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents”, which in plain terms means that a secure system is such not because nobody knows how it works but because it is secure by design.

I do agree with Dr. Kerckhoffs, but I also believe that security through obscurity can increase the security of a system by introducing an additional layer of security and complexity which may deter some compromise attempts as well as empower the system administrator to observe unusual activity.

Here is an example which I employ all the time. Running a Secure Shell Server (SSH) on a non-standard port. This is a clear example of security through obscurity where the SSH server is running on a high port, I.e. TCP port 47321 instead of running on the standard TCP port 22.

Kerckhoffs' followers would say that doing so results in no added security because it would not take much for an attacker to run a port scan on the server and find that it is listening on port 47321 instead of port 22. Moreover, they would claim that whether the server listen on a standard port or not, its security is based on the server implementation and on having a strong password.

Although I do agree that an up-to-date, patched server and a strong password are enough to make the server secure, there is a gain and some extra benefits from changing the server's default port. First and foremost, We can now decide to ignore all login attempts to port 22 since the server is not longer listening there and not worry about 0-day attacks that may have exploited a design flaw in the server. Second, We can be certain that any attempt to connect to the server on port 47321 would be a malicious one if it is not coming from a trusted network.

So, does security through obscurity really increase security or does it give a false sense of security. The debate is still open and there is no right or wrong answer. With more and more 0-day attacks and automated tools, it may prevent the server from being compromised by one such tool. It won't make a bit of a difference to the determined hacker.

Posted by |-Fidem-|

I started using OpenDNS in my computer DNS settings a while back. OpenDNS is a free DNS service available at www.opendns.org. It offers a slew of features. The most interesting ones are the ability to get DNS stats, configure DNS shortcuts and blacklists.

If you are a parent who worries where your kids go on the Internet, then OpenDNS can give you an extra level of protection. You can change the DNS settings on your home router or PC and not only will you be able to select what categories are permitted or not but if you want to be even sneakier, you can allow everything and just check the logs at OpenDNS.org :-)

In addition OpenDNS will protect you from Phishing sites by blocking them and alerting you. You can set up shortcuts so that if you just type the word MAIL on your browser, it will automatically go to your preferred webmail site.

I find the service to be very reliable, the configuration and setting documentation and guides easy to find and simple to follow, and the dashboard feature rich.

Posted by |-Fidem-|

Nowadays you can find your approximate location without the need of a GPS system. Google has recently unveiled LocateMe, an application that uses cell tower signal or WiFi access points to triangulate, locate and draw your position on Google maps. While the average consumer GPS has an accuracy of ~3ft, LocateMe with his ~300ft approximation is not as accurate but it is good enough.

So how does LocateMe really works? If you are using a supported phone or blackberry, the program uses surrounding cell towers' identification to approximate your location. If you are using a WiFi enabled device, it uses surrounding access points. Someone must have driven all around the world with a wireless sniffer and a GPS! That also means that your access point and location is somewhere in a large database. Privacy? Well, Google says no personal data is retained.

As mobile technology becomes more location aware, we will soon see local ads, weather, traffic and other information being sent to our devices based on where we are.

Posted by |-Fidem-|

I've got a new toy. It's a brand new iPod Touch and it goes really well with my MacBook Air :-) The stock firmware didn't make it past 5 minutes though. I immediately proceeded to JailBreak it so that I could gain shell access and look around inside it. Once the iPod was “hacked” I decided to install a few open source apps and games. I installed aMaze, the wooden balance labyrinth, Tetris, Pong, and VNC so that I could connect and control my home PC's.

Since I am paranoid about security and Ziphone comes with a ssh client and server, I decided to change the default root password as well as the built-in mobile user password. Bad idea! The iPod went into an infinite loop and I had to use the recovery mode to reset it to factory default and then jailbreak it again.

Firmware 2.0 is due to be released soon. It should allow third party applications through the Software Development Kit and make JailBreaking a mood point. I hear it may also support 802.1x wireless authentication and exchange. I sure hope so.

Do you have a cool iPod Touch or iPhone application or have you tried the 2.0 beta firmware? Tell us about it and give us some feedback.

Posted by |-Fidem-|