Posts tagged “SECURITY”.

Gmail and Apple Mail with Parental Control

Santa Clause brought a new 13″ macbook for my eldest daughter this year.  He was kind enough to set up most of the laptop for her, but left a few tasks for me to tackle after the holiday.  One of which was email.

Apple Mail has some wonderful Parental Controls allowing the parental units to define a white list of who the child can exchange email with.  Fantastic Stuff!  But my problem was my daughter has an email address from one of my google apps domains.  I needed to figure out a way for her to ONLY use Apple Mail and not login to Google via the web to circumvent those Apple parental protections.

I decided just on a monster password that she doesn’t know.  One that she will not be able to remember or type in.  We’re talking 35 characters long, upper case, lower case, numbers, and special characters.  It’s not a perfect solution.  The password is saved in the Keychain, and she can get it out of there, when she figures it out, but it seemed like a good compromise for now.

I could blacklist the URL for gmail so she can’t access her email via the web on her computer.  But, that won’t stop her from accessing her email  from another computer if she can figure out how to get the password off her macbook.

I’ll do some more investigation around this later.  It would be nice if Google allowed an account to ONLY be accessed via IMAP.  I’ll look into if that’s an option today, and if not, I’ll ask Google for the feature.  I think it would be a nice option to have.

Yesterday we also set up iChat, so now we have a video intercom in our house.  It’s funny to video chat when your kids just down the hall.  She is completely enamored with the Alpha Channel options in Snow Leopard’s iChat.  We need to get a green screen now.

I joined Facebook ?!?

The world has officially come to an end.  The seas have turned blood red, the sky is on fire, and I hear the hoofs of the four horsemen approaching.  I joined Facebook today.

I have always felt that Facebook has it’s place for those who are not gifted with mad-uber-tech and zen-computer-fu skillz.  I never felt a need to join Facebook because I figured that if you knew me, you knew this is my web site (it’s on the bottom of all of my personal emails — just a click away) and you had all my contact information… if  you wanted to talk you just had to send me an email, video chat with me (skype, AOL or Yahoo!), or just use the phone — I’m in the book.  And here, on my own personal domain, in my own little electronic kingdom, I control my privacy completely.  If you don’t know me, my personal information on this site is pretty sparse and I feel confident that you’re not using this site as a resource to stalk me or my family.

Over the years I’ve gotten many friend requests for Facebook and for one reason or another I didn’t join.  Reasons included requests sent to my work email address, personal privacy issues, my impression that Facebook was just another re-branded version of MySpace, and Facebooks own EULA.  My content, whether you find it to be inane drivel or not, is mine and I will not grant license to any company or organization to use it as their own.  Ever!  The only thing left that we can honestly claim as our own is what we think, feel and say.  There’s no way I’m giving that up to a corporation.  Then again, I’m jaded.  I’ve seen people lose their reputations on-line.  I’ve seen people lose their jobs on-line.  I’ve seen people lose their identities on-line.  I’ve seen people lose their life savings on-line.  I’ve seen people lose their children on-line.  The Internet is a lot like New Jersey, it’s got it’s really nice parts, and it’s got drawbacks, and it’s got it’s really bad parts… except the bad parts of the Internet are way worse than Newark ever was.

So, now that you know my true, honest feelings about Facebook, I’m sure you are wondering, “Why the hell did you sign up?” Well, my brother came over for Christmas and, as a Facebook addict, he had to get on my iMac to tag someone’s wall.  I gave him the bah-humbug-facebook-shpil and he said, “Naw! You gatta look here… check this out.” So he gave me the tour.  Everything I’ve seen before except one thing.  One thing made me say, “Crap!  I have to join Facebook now!”

My 89 year old Aunt was on Facebook!

So, I read the EULA again, and three sections of it turned my stomach.  But, my 89 year old Aunt Edna on Facebook outweighed the drawbacks enough to make me join.  So I’ve joined, but there is no way I’m uploading any content of any considerable value to their site.  If you desire anything of substance from me, if you want to read anything other than a “LOL! you goof!” or a “Yeah, we need to grab a beer this weekend.” you’ll have to read it here.  Where, for whatever it’s worth, I own it.  It’s mine, all mine.

With that said, Facebook gets a minimum amount of personal information about me.  If you know me and friend me on Facebook, you’ll always have a quick, easy link to this website and you’ll always have a link to my photo gallery.

Well, that all happened.  It’s all true.  But there was something else.  Aunt Edna was the #1 reason I joined Facebook.  But there was one more thing that tipped the scales in favor of signing up at Facebook — Google Wave.  Google Wave integrates with Facebook.  So I don’t actually have to login to Facebook to participate in the conversations there.  I can do it all remotely, from Google Wave.  That to me is just cool.  I’ve grown to be a google fanboy of sorts, and anything that makes me use Google Wave more, can’t be a bad thing.

Google Wave might actually get me to sign up for Twitter too…

Twit – Regarding Clouds


Clouds are scary. You can't see through them and you can't stand on them.

Haxors and this site

I was browsing my logs today. I get bored sometimes. As a security guy, it’s something I know I should do more often. It just seems a little pointless. No bragging here, my time is expensive. Every minute I’m not working is a minute I’m not securing my family’s future. I sound like an investment commercial there, but it’s true. In life, nothing is free, there is a cost that can be associated with everything. Like the costs of running this site. Some would argue it’s only a few dollars a month. I feel though that it’s more than that now. You see today, I’ve seen tracks… traces of an undesirable element in my log files. Yes, today, I have seen the tell tale sign of haxors.

zero sum game

zero sum game

I use that spelling specifically. I’m one of those old-fogies that call themselves a hacker. But I’ve never done harm. Never deleted a file. Never defaced a website. Never threatened anyone’s lively hood. I have played a practical joke or two. But nothing that brought any harm, real or perceived. In my mind a true hacker is a ‘computer enthusiast.’ A person who likes to play games and solve puzzles. A person who likes to cobble together creative solutions to technological challenges. For example, the other week I decided to see if I could have a radio-show without a microphone. Why? For the same reason people climb mountains, “Because it was there.”

Haxor is my way of identifying one who is not a true hacker. One who is trying to spread malicious code, create a bot network, deface a website, etc. You might have heard terms like script-kiddie, cracker, hijacker, etc. I like haxor.

Anyway, I started my site using iWeb to publish static content here. It seemed to work fine. But one of my very close friends, also in security, basically refused to come here because the created code was so javascript heavy. I kept my eyes open for a solution to this dilemma. I want something that I can quickly and effortlessly publish and update that produces good clean code. Another colleague of mine suggested WordPress. I did some research and found it to be quite nice. I have some reservations running a php based site, but I put a little effort into setting it up properly. I also found that I could use Gallery with iPhoto (there’s a nice plugin that allows me to publish effortlessly) and I now have a site that is accessible, robust and easy.

Today, I saw why I was originally hesitant of running a PHP site. The requests in my logs were for install configuration php files and other files that had my database password within. Now while this is distressful, it’s not something I didn’t expect to happen some time sooner or later. I didn’t think my site was popular enough to warrant a haxor presence, so on one hand I’m pretty flattered. On the other, I just have to wonder why? Is it because I’m in security? It is because I’ve upset someone? It wouldn’t be the first time, believe me. What is the benefit and what is the cost?

No-win scenario.

No-win scenario

Well, the benefit might be bragging rights that a security guy’s site was haxed. But there’s really not much to brag about. I put very little effort into securing this information.

What is that you say, Mr. Haxor? You own my database? You know my password? That password is either really lame and low security or randomly generated. It won’t even get you into my email. Believe me, it’s only used for the database. And I have backups of my database. Purge, reinstall, restore, and I’m back up again.

What is that you say, Mr. Haxor? You have uploaded nasty maleware to my site? No worries, rm -rf ./* will fix that. And I have backups of my site too. It might take a few days to upload it all, but you’ve done nothing but waste some of my precious time.

What is that you say, Mr. Haxor? You pwned me? You think this is a game. That’s funny, because I wasn’t playing any security games with you. I don’t have time to. You’re really not worth my time. Nor is finding and plugging any security holes in WordPress or Gallery.

Will I plug holes that you so rudely point out? Yes, because I don’t want to continue wasting my time restoring my website. Will that mean you won and forced me to play your stupid games? No. There is a secure way of using these programs, it’s just a waste of my time and website resources. Will I eventually do it? If you piss me off enough probably. But then again, where are you going if your goal in life is to piss people off? My guess, prison.

So everyone knows, this site is a soft target. Nothing special here. No time, money, or desire to secure it. If you’re just a griefer, realize this, I could not care less. As in, I care as little as possible. As in, this is my notebook. If it’s lost, burned, or soaked in coffee, I’ll just replace it.

If you crack this site I officially declare you to be a script-kiddie-wannabe. Weak. Lame. Tired. Pathetic. Go beat up a first grader. You’re still worthless. You have proven nothing.

Time to step down from my soapbox.