SteveLooi.com » Security

Secure free email account to protect your privacy

Steve Looi — Thu, 14 May 2009 15:49:37 +0000

Hushmail provides secure free email address for everyone. It allows you to send and receive confidential email between you and the intended recipients by encrypting the email message, so that you won’t need to worry about your email being intercepted and view by any person.

Every secure free Hushmail account include these features:

Spam filtering
Virus scanning
File storage and sharing with other Hushmail users
Unlimited contacts
POP3 access to external email accounts
Easy encrypted communication with contacts at any email address using Hustmail Express
Hush Messenger for secure instant messaging
Email notification
Read receipts, auto-responders, drafts, and templates
Digital signatures for email and attachments
End-to-end encryption for email and files
Full OpenPGP support with 2048 bit encryption
Encryption toolkit

Managing Multiple PuTTY Instances in Tabs

Steve Looi — Mon, 13 Apr 2009 03:06:35 +0000

PuTTY is a free Telnet and SSH client for Win32 and Unix platforms. It lacks the tabbing feature, which is one of the most important missing feature of PuTTY that many users are complaining. When you create multiple PuTTY connection instances, each instance will be opened in a separate window.

PuTTY Connection Manager is a free PuTTY Client Add-on for Windows platforms which provide a solution for managing multiple PuTTY instances by creating a tab for each PuTTY instance within the program window.

According to the features listed in the PuTTY Connection Manager web site, they include:

Tabs and dockable windows for PuTTY instances.
Fully compatible with PuTTY configuration (using registry).
Easily customizable to optimize workspace (fullscreen, minimze to tray, add/remove toolbar, etc.).
Automatic login feature regardless to protocol restrictions (user keyboard simulation).
Post-login commands (execute any shell command when logged).
Connection Manager : Manage a large number of connections with specific configuration (auto-login, specific PuTTY Session, post-command, etc.).
Quick connect toolbar to quickly launch a PuTTY connection.
Import/Export whole connections informations to XML format (generate your configuration automatically from another tool and import it, or export your configuration for backup purpose).
Encrypted configuration database option available to store connections informations safely (external library supporting AES algorithm used with key sizes of 128, 192 and 256 bits, please refer for the legal status of encryption software in your country).
Standalone executable, no setup required.
Localizable : English (default) and French available (only when using setup version, standalone is english only).

The PuTTY Connection Manager requires Microsoft .NET Framework 2.0 and PuTTY in order to run.

In the PuTTY Connection Manager, access the Tools > Options. In the Options window, select PuTTY and browse or type the location of the PuTTY Client program in your PC.

Visit PuTTY Connection Manager homepage to download the software.

Facebook Privacy Glitch Revealed Private Photos

Steve Looi — Wed, 26 Mar 2008 12:12:24 +0000

A lapse in security for Facebook discovered by Byron Ng, a computer technician from Vancouver, Canada, allowed him to sneak through Facebook’s newly improved privacy controls deployed last week.

The security loophole allowed him to view private photos of celebrities, along with other access restricted photos posted by other Facebook users.

The Associated Press verified Ng’s claim by accessing and viewing a private photo posted by Facebook founder Mark Zuckerberg.

According to a Facebook spokeperson, the security hole was fixed immediately after it was reported.

Streamyx Blocks Outgoing SMTP Port 25

Steve Looi — Mon, 24 Mar 2008 18:22:16 +0000

Streamyx issued a notice in its web site informing its users about an anti-spam exercise to mitigate spam in its network.

The action taken was by blocking outgoing SMTP port 25 for all outgoing e-mails from dynamic IP addresses to non-Streamyx mail servers.

In other words, if your company hosts its own mail server, the employees will not be able to send outgoing e-mails if they are connected from home to the office mail server via Streamyx.

SMTP port 25 is a standard outgoing port for most e-mail client software such as, Outlook Express, Mozilla Thunderbird, Eudora, and etc.

Streamyx offered several alternative configuration options. Users may either relay their mail server to Streamyx’s SMTP or use port 587 for all outgoing e-mails.

Windows Vista SP1 is Available for Download Via Windows Update

Steve Looi — Sat, 22 Mar 2008 19:18:04 +0000

Microsoft released the long awaited Windows Vista SP1 on 18 March 2008. It is available for download via Windows Update.

The Windows Vista SP1 contains more than 300 hot fixes compiled since the launch of Vista. These hot fixes are designed to improve the operating system’s security, speed and stability.

Windows Vista Secrets

How to Tunnel VNC over SSH with PuTTY on Windows XP or Windows 2000

Steve Looi — Fri, 21 Mar 2008 19:00:58 +0000

VNC stands for Virtual Network Computing. It is a remote control computing software that allows you to view and control another PC desktop remotely over the Internet.

Once the VNC session is established, all VNC data exchange between the client and the remote computers is unencrypted. A malicious user might be able to spoof your VNC data, thus allowing the person to gain access to your computer. VNC software usually contains a VNC server and a VNC viewer program.

Secure Shell or SSH is a network protocol that allows data to be exchanged between two computers over an encrypted secure channel. PuTTY is a popular and easy to use free SSH client.

Cygwin is an emulation of the Linux/UNIX-like environment and OpenSSH for Windows.

There are free software available for you to download from the Internet to tunnel VNC traffic over SSH connection.

You will need:

Cygwin
RealVNC
PuTTY
TCP port 22 enabled at the remote computer

Install Cygwin on the remote computer

Create a folder called c:\cygwin

Download the Cygwin setup file and save it in c:\cygwin folder.

Double click and run the Cygwin setup file.

Type c:\cygwin for the “Local Package Directory”.

Click the little View button for “Full” view.

Find the package “openssh“, click on the word “Skip” so that an “X” appears in the column.

Find the package “tcp_wrappers“, click on the word “Skip” so that an “X” appears in the column.

Find the package “zlib“, click on the word “Skip” (should be selected already) so that an “X” appears in the column.

Click “Next” to begin installing Cygwin and SSH.

Right click My Computer > Properties > Advanced > Environment Variables

Click the “New” button to add a new entry to System Variables:

Variable name: cygwin
Variable value: ntsec

Click the “OK” button.

Right click My Computer > Properties > Advanced > Environment Variables

Select the “PATH” variable and click the “Edit” button.

Append ;c:\cygwin\bin to the end of the Variable value.

Click the “OK” button.

Double click the Cygwin icon to open a cygwin window.

At the prompt, type ssh-host-config -y (the “-y” option automatically answers “yes” to the three questions below)

If the script asks about “privilege separation”, answer yes
If the script asks about “create local user sshd”, answer yes
If the script asks about “install sshd as a service”, answer yes

When the script asks about “CYGWIN=”, answer ntsec

To start the sshd service, open a Cygwin window and type either one of the following commands:

net start sshd
cygrunsrv ––start sshd

To stop the sshd service, open a Cygwin window and type either one of the following commands:

net stop sshd
cygrunsrv ––stop sshd

To harmonize Windows user information with Cygwin, open a Cygwin window and type the following commands, one line at a time:

mkpasswd ––local > /etc/passwd
mkgroup ––local > /etc/group

To test your sshd installation, open a Cygwin window and type the following command:

whoami

The current username should be displayed.

ls -h /cygdrive/c

You should see a directory listing.

Type exit at the command prompt to exit the Cygwin SSH session.

Install the VNC Server program

Download the RealVNC setup file on the computer to be controlled remotely.

Double click and run the RealVNC setup file.

Select the checkbox for VNC Server.

Click “Next” to begin the installation.

Type a VNC password when asked so that you will be prompted to enter a password every time you establish a VNC session.

Install the VNC Viewer program

Double click and run the RealVNC setup file on the computer you are using to control the remote computer desktop.

Select the checkbox for VNC Viewer.

Click “Next” to begin the installation.

Configure and run the PuTTY program

Double click and run the PuTTY program file on the computer you are using to control the remote computer desktop.

At the “Session” category in the tree menu, Type the Host Name or IP Address of the remote computer.

The Port should be default to 22 and the Connection type should be default to SSH.

Click the “SSH” category to expand the tree menu, and select “Tunnels”.

Add these entry below the “Add new forwarded port”:

Source port: 5900
Destination: 127.0.0.1:5900

Select the default values as “Local” and “Auto“.

Click the “Session” category in the tree menu.

Type a name at the “Saved Sessions” and click the “Save” button.

Click the “Open” button to establish a new SSH session to the remote computer.

Type the Windows username and password to login.

Leave the PuTTY program window open.

Run the VNC Viewer program

Double click and run the VNC Viewer program.

Type localhost or 127.0.0.1 and click “OK” to connect.

The VNC session should be tunelling through the SSH connection by now.

You can verify it by closing the SSH session. The VNC connection will be disconnected immediately too.

SSH, The Secure Shell