Security Notes: August 2008

Thursday, August 21, 2008

No Place Like 127.0.0.1 (W1nd0w$)

Alright, this is a continuation of the previous post (No Place Like 127.0.0.1 - Linux).
Just to recap:
You know that little thing called a hosts file? Did you know that it can help PROTECT you??? I was referred to this site:
http://www.mvps.org/winhelp2002/hosts.htm
They have a HUGE list of sites that you probably want to block.

Ok, now we are going to do it on Windows. We will have to get a little more in-depth here cuz were are going to need:
1. Download Curl
2. Move Curl To Program Files
3. Download Grep
4. Download BATCH Script
5. Make A Scheduled Task

1. Download Curl. I went through the little 'wizard' they have just to be sure I got the right one. Win32-XP
2. After extracting the curl folder, just move the folder into program files.
3. Download Grep. I selected Complete package, except sources'.
NOTE: The localhost.bat script assumes you installed grep to its default location!
4. Download the below BATCH script and place it into the curl folder you just put inside of Program Files (ex: C:\Program Files\curl-7.18.2-ssl-sspi-zlib-static-bin-w32\localhost.bat)
NOTE: The localhost.bat script assumes it is located in the SAME place as curl.exe!

localhost.bat

echo 127.0.0.1 localhost > c:\WINDOWS\system32\drivers\etc\hosts
echo # This hosts File Downloaded From: http://www.mvps.org/winhelp2002/hosts.txt >> c:\WINDOWS\system32\drivers\etc\hosts
echo # Update Of This File Based On Daily Schedule >> c:\WINDOWS\system32\drivers\etc\hosts
curl -s http://www.mvps.org/winhelp2002/hosts.txt | "c:\Program Files\GnuWin32\bin\grep.exe" -v localhost | "c:\Program Files\GnuWin32\bin\grep.exe" -v \# >> c:\WINDOWS\system32\drivers\etc\hosts

5.a. In case you didn't know, here is scheduled tasks:

5.b. Open "Add Scheduled Task" > Click Next
5.c. Click "Browse" & Navigate to the location you put localhost.bat (ex: ex: C:\Program Files\curl-7.18.2-ssl-sspi-zlib-static-bin-w32\localhost.bat)
5.d. Select localhost.bat (The '.bat' part may be hidden) & Click 'Open'
5.e. Now, you can name the task anything you want. I left mine as 'localhost'.
5.f. Click on the circle for 'Daily' IF YOUR PARANOID; If not, then just select 'Weekly'
5.g. Select a good start time that your computer will be on, but probably not using it. Examples would be Lunchtime, Middle of the night, etc.
5.h. Select a RANDOM day. It wouldn't be very nice if we all put 3:00 AM on Monday. The server would get a lot of traffic and our nice little updates would take forever.
5.i. Enter your credentials to make it all happen. If you put it Administrator w/ admin password then you never see anything come up on your screen and you don't have to worry about if you ever change you account to 'Limited'.
5.j. Congrats, just finish up the wizard and your set to have an extra layer of protection. :)

No Place Like 127.0.0.1 (Linux)

You know that little thing called a hosts file? Did you know that it can help PROTECT you??? I was referred to this site:
http://www.mvps.org/winhelp2002/hosts.htm
They have a HUGE list of sites that you probably want to block.

Well, guess what... I wrote a little script that will auto-magically update my local list every day. :)

localhost.sh

#! /bin/bash

getcurl=`curl -s http://www.mvps.org/winhelp2002/hosts.txt`
cutcurl=`echo "$getcurl" | grep -v localhost | grep -v \# | fgrep "127.0.0.1"`
echo "127.0.0.1 localhost" > /etc/hosts
echo "# This hosts file downloaded from: http://www.mvps.org/winhelp2002/hosts.txt" >> /etc/hosts
echo "# Update of this file is based on a daily schedule." >> /etc/hosts
echo "$cutcurl" >> /etc/hosts

Now, make it so you can run it:
chmod 700 localhost.sh

Then add a line to your crontab:
crontab -e
0 3 * * * /usr/local/bin/localhost.sh (or wherever you put it)

Happy Browsing!!

EDIT: Updated to make sure all hostnames are pointing to 127.0.0.1. That way if someone made a type or if someone tried to submit a site and got an address besides 127.0.0.1 it wouldn't make it to your hosts file anyway. On a side note, this list makes it so if you already have malware that is messing with your hosts file, it won't anymore as you are overwriting it! :)

Saturday, August 2, 2008

Tunnel - Putty - Firefox

Ever have the need to browse the internet in an un-secure hot-spot? Say... a coffee shop or the airport (typing this at the Las Vegas airport right now)... Well, it might be a good idea to make your connection secure (never know who is collecting your wireless packets). If you've got an SSH server setup at home (built into most Linux distros) then you are set.

First thing first; you will need Putty. Go to www.google.com and search/download ''Putty''. You don't even need to install it as it can run straight from your desktop. I suggest putting it in your program files directory just to keep things uniform.

1. Open Putty
2. Put in the IP or Host Name of your SSH server.
3. Leave it at 22 or change it to whatever port you run your SSH server on.
4. Verify that SSH is selected.
5. Give it a Saved Session name.

6. On the left side, expand SSH.
7. Click on Tunnels to see your options for types of tunnels.
8. Enter the ''Source port'' of 4321
9. Leave the ''Destination'' EMPTY.
10. Make sure ''Dynamic'' and ''Auto'' are selected.
11. PRESS ADD

12. Now go back to the category ''Session'' on the top left.
13. Click SAVE
14. Then Open
15. Log into your SSH server and do some thing useful. ;)
16. Open Firefox & at the top, click on Tools -> Options
17. Then the ''Advanced'' page; then the ''Network'' sub-menu.
18. Select ''Manual proxy connection''
19. Under ''SOCKS Host'' enter: 127.0.0.1
20. Under ''Port'' (to the right of SOCKS Host) enter: 4321
21. Click Ok;Ok
22. Visit http://www.whatismyip.com to verify your viewing the internet with your SSH server's IP instead of the IP of where you are actually located. :)

Security Notes

Thursday, August 21, 2008

No Place Like 127.0.0.1 (W1nd0w$)

No Place Like 127.0.0.1 (Linux)

Saturday, August 2, 2008

Tunnel - Putty - Firefox

Firefox Add-On Musts!

Blog Archive