Archives for posts with tag: networking

it’s easy, and pretty cool for ssh if you have multiple users.

Anything text can be used, just save it as login_banner in your ~ folder, and add this to the end of ~/.bashrc for the user:

#custom login banner

cat login_banner

 

this could be a do list, a warning, reminder, etc. but my fave thing is ascii art like so:

Image

some sites for generating ASCII art:

http://patorjk.com/software/taag/#p=display&f=Graffiti&t=Type%20Something

http://www.glassgiant.com/ascii/

Advertisements

With the recent surveillance nightmares of 90s hackers coming true, I’ve begun moving a bit toward the “dark arts” of networking, as agencies such as the NSA and CIA are rather blatantly spying on the American people now. I am not fully informed on how the rest of the web looks, but I don’t think it’s much better. I know Brazil is a mess at the moment.

Facebook is currently the most popular social network site, and has gotten more commercial by the day since it achieved its popularity. Numerous companies use facebook “likes”, comments, and social patterns of Facebook for marketing purposes, and borderline legal data mining for their own purposes. Facebook is also notorious for disrespecting the assumed privacy of such a network, and anything discussed in Facebook messages can be assumed to be open for their admins, other companies, and law enforcement to read.

In this mini-tutorial I will guide you through how to run Facebook chat through a separate client, and encrypt the messages so Facebook’s staff and records cannot read them. Other Facebook interaction cannot be secured from their own servers this way, but there is a great open-source, community maintained social network called Diaspora* starting up now. If one really cares about security, a direct connection from server to server is optimal, followed by secure forums such as IRC. However, Facebook’s pre-existing network is too convenient to ignore.

*DISCLAIMER* If you use this to mask illegal activities, don’t blame me

*DISCLAIMER* BOTH ends will need to be set up like so for this to work

1.) Install pidgin. Pidgin is a small IM client on a GNU General Public License, and works in Linux with Gnome, KDE, and on Windows. (Windows is not featured on this blog, but the Windows set up should just be an install .exe or .zip, then again for otr which will be mentioned later on)

for Debian/Ubuntu/Mint: su -c “apt-get install pidgin”

for Fedora/Red Hat: su -c “yum install pidgin”

for Arch Linux: su -c “pacman -S pidgin” (unverified, but should be there, otherwise check AUR)

2.) Get pidgin-otr. To save time this could have been done with the above step, but I felt it was important to identify this extension separately. OTR means “off the record”, which is a feature of pidgin allowing encrypted chat between users. I believe this method will use PGP, but I could be wrong.

for Debian/Ubuntu/Mint: su -c “apt-get install pidgin-otr”

for Fedora/Red Hat: su -c “yum install pidgin-otr”

for Arch Linux: su -c “pacman -S pidgin-otr” (unverified, but should be there, otherwise check AUR)

3.) Configure otr in pidgin. This is done by launching pidgin, the at the top navigating Tools > Plugins, or hitting ctrl+u. In these plugins, check the checkbox next to otr, then in those settings, enable otr, but do NOT require it. Requiring it will prevent pidgin from sending unencrypted messages, so the client will not work unless both ends of chat are configured this way. Next it will have an option to create a key, which will take a few moments. Try to move the cursor around and hit random keys to create entropy.

4.) Configure facebook. Pidgin should have a wizard for this, and if you do not know your username, go to your facebook page and the URL will be www . facebook . com/YourUserName, and your password will be your password.

5.) Begin otr chat. Open your “buddies list” for Facebook, then right-click a name and choose “IM”. This will being an IM session with this user. Pidgin, if properly configured, with have a button which reads “not private”, which is used to toggle private, aka encrypted conversation. If the other end is not set up, the message will read [encypted message], and then all messages after the “starting off the record chat” message will show up normal, and unecrypted. Again, both ends must be set up this way, and they must accept the invite to otr, or this will not be encrypted.

In conclusion, one can essential ignore Facebook as a social network, and just pretend it’s a very popular IM client, and after removing personal data from their site, ones security is restored. Through encrypted messaging Facebook is unable to read messages, and with no “likes” or personal info to mine, they have nothing to gain from you, and you are, as the title says, using Facebook without them using you.

As far as I know, Facebook stores all removed data for a period of 6 months before actually deleting. Please comment, ask questions, provide further info, or notify me of errors or vulnerabilities of this method in the comments.

Image

photo credit: http://elioguevara.blogspot.com/

Following recent US laws which minimalize the security of social networking sites, I myself am setting up a deepnet server I can use to chat with my friends, and am making a guide on how to set one up. It’s fairly easy and can work with nearly any computer that has a steady internet connection.

1.) Install Linux or BSD

I have a guide on choosing a Linux distro here

you will not need xorg or a desktop manager for this, so unless you plan to use the device for other purposes I would suggest not installing a graphic interface for better security and speed.

2.) Install talk and OpenSSH

for Ubuntu/Debian/Mint: (these should be included, but if not:)

apt-get install openssh

apt-get install talk

for Mandriva/Fedora/OpenSUSE: (these should be included, but if not:)

yum install openssh

yum install talk

for Arch Linux:

pacman -S openssh talk

for others, google how to do it.

3.) Configure ssh

The default settings will work fine, but if you want even more enhanced security read this

Also make sure to log in to your router, and if necessary, your modem, and ensure port 22 is forwarded to the IP of the machine you are configuring this on (this is where 99% of ssh problems come from)

Your modem should forward 22 to your router, then your router should forward 22 to your machine.

4.) Learn to use talk

I unfortunately am not at my server right now and cannot provide screenshots or an in-depth guide on using talk, but it should be simple. For instructions and info on talk, type:

man talk

or

info talk

5.) Configure talk

Again, defaults should be fine, but you can mess with the settings for more security

6.) Connect peers to server with ssh

Make an account for each peer you wish to speak to privately on the machine (useradd on most systems), and have them log in with ssh (ssh -l username@IP)(note this is the IP of your modem, which can be found by typing “IP” into Google)

ssh is a tricky program to figure out for newer users, and I haven’t seen many good guides on it. If you need help, ask on various Linux channels on Freenode (I’ve found #Fedora and #Ubuntu the most helpful)

You can check who is connected with the command “who”

7.) Talk to your peers

the command will be “talk person tty”

on my machine, “who” returns:

[peaceblaster@ArchMobile ~]$ who
peaceblaster :0 2013-04-22 10:55 (:0)
peaceblaster pts/0 2013-04-23 05:10 (:0)
peaceblaster tty2 2013-04-23 05:39

so to message user “peaceblaster”, I would type:

talk peaceblaster tty2

Why this is secure:

Essentially what this does is use very old UNIX components from the 1980s, which were made long before Facebook or Twitter were even possible. Ssh allows secure, encrypted logins from anywhere in the world, which are then used to chat on the server you have set up. By hosting your own server, the only one who has access to any logs is you, so Facebook, Google or any social networking company can’t be forced to give out your information to anyone who pays them enough. Since you use a raw IP instead of a domain, the network is in the “deepnet” or “darknet”, outside of the visible section of the web people call “the internet”.

The other convenient aspect of this setup is that OpenSSH comes with the program “sftp”, which allows equally secure file transfer between machines. The command for sftp is similar to ssh:

sftp username@IP

This will open a shell with which you can send and receive files (there is more on the shell in the man page for sftp)

There you go, secure messaging and filesharing for you and your friends. If you are very paranoid you can look up guides on securing OpenSSH.

P.S.

I noticed most of my readers are not from English-speaking countries, so I have done my best to make this readable. I hope I have done well.

FreeBSD server is up!

just took a computer from the back room my parents haven’t turned on in years and turned it into a fully functioning ftp and ssh server with FreeBSD.

I had some issues with the CD drive and biostar motherboard not liking each other, but after installation all is well. Network and graphics card drivers worked out of the box, so all is well. (I know this isn’t GNU/Linux, but FreeBSD is similar in both license and structure so I feel it’s ok to blog about on here).

I would definitely advise taking that old PC you haven’t used since Windows ME and installing FreeBSD, if nothing else just to have a guinea pig for learning about UNIX-based operating systems on. You could also use it as a personal VPN, extra firewall, or package filtration machine since it was just sitting around anyway. The community is helpful, and all is well-documented, so even for a new user it’s not hard to get into!

It takes around 4 hours to go through, but using Linux’s built in “mail” program one can send a text message from the command line if one knows the recipient’s service provider. SMS messages, aka texts are emails, using an email address varying by cell service provider. The message will appear to be from yourUser@whatEverYourHostnameIs. I am unsure if responses work yet, as none of mine have come through, though more than likely one would need a registered domain matching that of the machine for this to work.

the command is as follows:

echo “message” | mail -s “insert subject” fullPhoneNumber@providerEmail.com

known email providers:

phonenumber@messaging.sprintpcs.com – Sprint

phonenumber@vtext.com -Verizon

phonenumber@tmomail.net – T-Mobile

phonenumber@txt.att.net – AT&T

I will not provide my actual phone number for security reasons, but I will use a random example number in order to provide sample code for learning purposes:

$ echo “Better to have loved and lost than never to have loved at all” | mail -s “testing” 18598675309@tmomail.com

(that should all be on one line, if there was any confusion)

Potential issues:

Message cannot contain operators used in scripting, such as “!”

Message took an extraordinary amount of time to send; my first one took around 4 hours.

Many spam filters will block these since they are from a suspicious domain (your computer).

I have only tested this in Linux Fedora 17, but this should work for all Linux distros, or Unix-based operating systems still containing the Unix mail server.