As a rule of thumb you should never open attachments or click links within emails when the email comes from an unknown source or seems fishy.

Here are some simple do’s and don’ts to keep your personal information and computer safe from malicious emails.

DO:

• Do, delete Unsolicited emails (SPAM).
• Do, Call some you know that knows about computers if you’re unsure if it’s SPAM, never open the email or forward it.
• Do, mark it as junk. If someone SPAMs you more than once, you can right click the email and choose the “Junk” option to block them forever.

DON’T:

• Don’t open the email!
• Don’t forward the email to someone else for review!
• Don’t click links in the email!
• Don’t open attachments !

SPAM filters remove millions of SPAM email messages every day however, on occasion SPAM email does slip through the cracks.

Sometimes the emails look legitimate, they play on your fear or curiosity with subject lines like:

• Important FBI notice
• Your Credit Card is stolen
• Your computer has a virus
• Your requested information
• Blank email with only a link or attachment

Or the SPAMER will claim you won something, anything to get you to click a link or open an attachment. Many times these links and attachments will infect your PC with a virus and you won’t even know it. Other times the link or attachment will try to get you to willingly submit information to them such as personal information and/or your credit card.

Don’t fall for it, if you think it’s bad then it is bad. If you’re not sure it’s probably SPAM. Don’t open emails from unknown sources and never click links or open attachments if you’re unsure about the source.

Follow these steps to remote wipe your blackberry with Blackberry Enterprise Server AKA BES.

1. After logging onto the BES
2. Manage Users
3. Right Click on appropriate user
4. Device Actions
5. Delete data and disable device
6. Device Actions
7. Specify new password and lock device

Call your service provider to disconnect phone service.

This will remove all emails and anything else stored on the phone internal memory. Any files (usually photos and videos) stored on the blackberry will remain on any flash cards added to the device.

If the user finds their Blackberry you can restore basic “new” user configuration and the email sync back up with the device. To do this just go through the same process as if you purchased the phone new.

You’ll need a freeBSD server – ssmtp installed – a gmail account – about 5 minutes spare time

ssmtp will replace sendmail – all systems commands that use sendmail with automatically now use ssmtp – the sendmail command will still work just ssmpt will be used

Step 1:

Disable Sendmail completely by setting the following in your /etc/rc.conf file:

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

Step 2:

killall sendmail

Step 3:

install ssmtp

cd /usr/ports/mail/ssmtp/

make install replace clean

Step 4:

Configure SSMTP – located here –> cd /usr/local/etc/ssmtp/ssmpt.conf

mailhub=smtp.gmail.com:465
UseTLS=YES
AuthUser=user@domainname.com
AuthPass=password222
FromLineOverride=YES
Hostname=yourhostname
RewriteDomain=sourcedomainame.com
Root=someuser@domainname.com

Step 5:

enable ssmpt at boot

echo ‘ssmtp_enable=“YES”’ >> /etc/rc.conf

FreeBSD says you need a wrapper but the doc is old or just incorrect – when you issue the make install replace clean that updates /etc/mail/mailer.conf with the correct info

Chad Perrin at Techrepublic laid down a useful explanation of the ssmtp.conf file options. I’ve included them below.

* root=user@example.com: This identifies what user account receives all mail for userid under 1000 on the local system. That basically means system accounts, such as the root user account. In other words, if your computer is trying to send your root account an e-mail message, it will send it to whatever e-mail address you specify her. This should normally be your primary e-mail account — probably the account for which you’re configuring sSMTP to send e-mails.

* AuthUser=username: The username indicated here should be the username used to log into the remote SMTP server. In many cases, this is the part of the e-mail address that comes before the @ sign in your e-mail address. In some cases, it may be the entire e-mail address, possibly with the @ replaced by a plus sign. Using the user@example.com example above, this means it the username entry might be user+example.com, depending on the SMTP server configuration.

* AuthPass=password: When authenticating, this is the password used with the username above. Because my e-mail password is stored in the file, I make sure the ssmtp.conf file permissions are set to 640 using the chmod command. This ensures that the ssmtp and system administrator accounts can access the file as needed (both to make sure the ssmtp process works properly and that I can edit the file as root when needed), but no unprivileged accounts have access to the contents of the file. For this to work, you will also need to ensure that you create an ssmtp user (with a command like pw useradd ssmtp -g nogroup -h – -s /sbin/nologin -d /nonexistent -c “sSMTP pseudo-user”) and set ownership of ssmtp.conf to that user (with a command like chown ssmtp ssmtp.conf).

* mailhub=mail.example.com: Set the mailhub option to the fully qualified hostname for the SMTP server you will be using, so that sSMTP knows where to send outgoing e-mails. This option may actually take the form mailhub=mail.example.com:465, which sets the port number to use when contacting the SMTP server to 465. This allows unencrypted connections to use 25 (the default port number for SMTP traffic), and 465 is the standard alternate port number for TLS- and SSL-protected SMTP connections.

* rewriteDomain=example.com: This tells sSMTP that your mail headers need to be edited to say that the domain name you use for your e-mail address will be listed as the source of your e-mail address. Failing to rewrite the source domain name in this manner may cause problems at the receiving end when your e-mail address arrives at its intended destination.

* hostname=hostname.domain: The hostname indicated here is the hostname of the computer you are using to compose and send e-mails. The .domain part may or may not be present. On Unix and Linux systems, you can find the hostname for your computer by entering the command hostname at the shell prompt.

* FromLineOverride=YES: The From: header in an e-mail handled by sSMTP can be overwritten at this point. Setting this to YES just uses the From: value provided by the program that sent the e-mail to sSMTP to be forwarded to the SMTP server in the first place. In my case, since I use mutt as my mail user agent, this means that setting FromLineOverride=YES will cause sSMTP to use whatever From: header line mutt provides.

* UseTLS=YES: At last, we’ve struck gold. This is the configuration line that tells sSMTP to encrypt its connection to the SMTP server, protecting your authentication username and password as well as the rest of the session.

Black hat hackers got your email account?

If I had dollar every time someone came to me worried about their wife or husband, kids Gmail email account being hacked I’d be a… If someone hacks your gmail you can detect it and even narrow who could have done it based on geographic location. Google published an article on how to monitor suspicious account activity.  According to google “a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert.”

While this is helpful when your gmail is hacked by someone in China it won’t tell you if you neighbor logged in.

But you can indeed identify suspicious activity on your own without depending on a notice from google in your gmail account.

When you log in to gmail look to the bottom of the page and you’ll see an area that list the location of the the last account activity as well as a detailed link which will list the last five logins, there time and IP information.

notice the location information - the "details" link contains the last 5 login attempts, location and time

So now what?

First figure out your IP address

Now any discrepancies in the details provided by Google in comparison to your IP address you know it’s not you!

So now just run a IP LOOKUP to determine who those other IP Addresses belongs to.  Using the location information and at time the provider can really help you narrow down the location so you’ll have an idea of who hacked your gmail account.

Always keep your passwords longer than 15 characters and any inclusion of letters, numbers and special characters is always helpful. If you suspect someone has got your email password change the password ASAP. Chances are you’ll never find out for sure.

But if you’re up to the task head over to http://www.countryipblocks.net/tag/cidr/

Here you can list all IP addresses by Country and then add them to a blacklist of untrusted IP Addresses.

Or better yet allow those you trust and disallow everyone else.

Now you can block bad IP addresses based on Country but user beware, IP addresses are added often, you’ll want to keep it up-to-date at least once a month.

Of interest to me in the Crypto-Gram Bruce discussed:
Obama’s Cybersecurity Speech
Cloud Computing

In Obama’s Cybersecurity Speech he announced that the country’s disparate efforts to “deter, prevent, detect and defend” against cyber attacks would now be run out of the White House. That makes me wonder why and how when we already have the Pentagon, the National Security Agency, the Homeland Security Department and other agencies over the conduct of defensive and offensive cyberoperations. Why not utilize the existing departments more effectively? Inject the fund necessary and pass the laws necessary to help the existing departments share information?

Cloud Computing, as Bruce points out, isn’t a new concept at all. When a computer is within your network infrastructure, you can defend it with other security systems such as Cisco firewalls and Intrusion Prevention Systems, IDS and IPS.  As we all know with any outsourcing model, whether it be cloud computing or hosted services etc you can’t. You have to trust your outsource completely. You not only have to trust the outsourcers security, but its reliability, availability, disaster recovery, and its business continuity. Perhaps full scale cloud will really on help out the small business man or the large company testing technology on a smaller scale. But what happens if you lose your Internet connection..

Mr. Schneier is world a renown security guru. He sends out “good reads” 10 or 12 times a year.. You should subscribe.

Conficker’s April Fool’s joke — the huge, menacing build-up and then
nothing — is a good case study on how we think about risks, one whose
lessons are applicable far outside computer security. Generally, our
brains aren’t very good at probability and risk analysis. We tend to use
cognitive shortcuts instead of thoughtful analysis. This worked fine for
the simple risks we encountered for most of our species’ existence, but
it’s less effective against the complex risks society forces us to face
today.

We tend to judge the probability of something happening on how easily we
can bring examples to mind. It’s why people tend to buy earthquake
insurance after an earthquake, when the risk is lowest. It’s why those
of us who have been the victims of a crime tend to fear crime more than
those who haven’t. And it’s why we fear a repeat of 9/11 more than other
types of terrorism.

We fear being murdered, kidnapped, raped and assaulted by strangers,
when friends and relatives are far more likely to do those things to us.
We worry about plane crashes instead of car crashes, which are far more
common. We tend to exaggerate spectacular, strange, and rare events, and
downplay more ordinary, familiar, and common ones.

We also respond more to stories than to data. If I show you statistics
on crime in New York, you’ll probably shrug and continue your vacation
planning. But if a close friend gets mugged there, you’re more likely to
cancel your trip.

And specific stories are more convincing than general ones. That is why
we buy more insurance against plane accidents than against travel
accidents, or accidents in general. Or why, when surveyed, we are
willing to pay more for air travel insurance covering “terrorist acts”
than “all possible causes”. That is why, in experiments, people judge
specific scenarios more likely than more general ones, even if the
general ones include the specific.

Conficker’s 1 April deadline was precisely the sort of event humans tend
to overreact to. It’s a specific threat, which convinces us that it’s
credible. It’s a specific date, which focuses our fear. Our natural
tendency to exaggerate makes it more spectacular, which further
increases our fear. Its repetition by the media makes it even easier to
bring to mind. As the story becomes more vivid, it becomes more convincing.

The New York Times called it an “unthinkable disaster”, the television
news show 60 Minutes said it could “disrupt the entire internet” and we
at the Guardian warned that it might be a “deadly threat”. Naysayers
were few, and drowned out.

The first of April passed without incident, but Conficker is no less
dangerous today. About 2.2m computers worldwide, are still infected with
Conficker.A and B, and about 1.3m more are infected with the nastier
Conficker.C. It’s true that on 1 April Conficker.C tried a new trick to
update itself, but its authors could have updated the worm using another
mechanism any day. In fact, they updated it on 8 April, and can do so again.

And Conficker is just one of many, many dangerous worms being run by
criminal organizations. It came with a date and got a lot of press –
that 1 April date was more hype than reality — but it’s not
particularly special. In short, there are many criminal organizations on
the internet using worms and other forms of malware to infect computers.
They then use those computers to send spam, commit fraud, and infect
more computers. The risks are real and serious. Luckily, keeping your
anti-virus software up-to-date and not clicking on strange attachments
can keep you pretty secure. Conficker spreads through a Windows
vulnerability that was patched in October. You do have automatic update
turned on, right?

But people being people, it takes a specific story for us to protect
ourselves.

This essay previously appeared in The Guardian.

A copy of this essay, with all embedded links, is here

You can find an array of USB flash drive products on the market which offer encryption and password protection. I have used and trust Edge Tech Corp Secure USB Drives . If you have invested heavily in a USB Flash Drive one could use Truecrypt to protect the data on this drive. Truecrypt will encrypt the data on the flash drive as well as password protect it. TrueCrypt enables the user to easily encrypt the data on their USB Flash Drive with the selection from a wide range of industry standard algorithms.

If you ever forget or loss the password you could use DBAN to erase the data on that drive. DBAN A.K.A Darik’s Boot and Nuke is free and of course open source.

Truecrypts website isn’t really organized the way I would have done it. I’ll give you some simple steps to get you up and running as well as some troubleshooting tips in case you run into issues.

Step 1

Download and install TrueCrypt. Then launch TrueCrypt by double-clicking the file TrueCrypt.exe or by clicking the TrueCrypt shortcut in your Windows Start menu.

Step 2

Now we will create a container within your flash drive where you encrypted files will reside

Step 3

In this step you need to choose where you wish the TrueCrypt volume to be created. A TrueCrypt volume can reside in a file, which is also called container, in a partition or drive. Here I’ll show you how to make a TrueCrypt volume within a file on your flash drive. This is also the default option so you can just click Next.

Step 4

Do you want a standard or hidden TrueCrypt volume? Lets do a standard TrueCrypt volume. Standard volume just means everyone can see the encrypted volume. Hidden means it’s hidden and no one can easily see it.

Step 5

Now here you need to select your flash drive as the location you wish to place your encrypted volume. Note that a TrueCrypt container is just like any normal file. It can be moved, copied and deleted as any normal file. It also needs a filename, which you will choose in the next step. It’s a container for files.. not a file. Sounds confusing but hang in there it will make sense in the end.

Step 6

Okay create the TrueCrypt volume on your flash drive and the filename of the volume (container) will be My Volume.

IMPORTANT: Note that TrueCrypt will not encrypt any existing files. If you select an existing file, it will be overwritten and replaced by the newly created volume (so the overwritten file will be lost, not encrypted). You will be able to encrypt existing files (later on) by moving them to the TrueCrypt volume that we are creating now.*

Step 7

Click next.. LOL did you really need this step?

Step 8

Here are your encryption option. The default options are fine. You can bump up the encryption level a good bit by selecting AES 256 but that will slow things down a bit when accessing files in this container. Click Next

Step 9

Volume Size – If you want the encrypted container to use up all of your flash drive then input the amount of free space shown.

Step 10

This is one of the most important steps. Here you have to choose a good volume password and all passwords should be at least 13 characters or more. Just a passphrase instead of a password. Passphrase can be something like “Iliketopetdogs” its easy but long and will take a long time for a password cracker to figure out. After you choose a good password, type it in the first input field. Then re-type it in the input field below the first one and click Next.

Step 11

Move your mouse as randomly as possible within the Volume Creation Wizard window at least for 30 seconds. The longer you move the mouse, the better. This significantly increases the cryptographic strength of the encryption keys (which increases security).

Click Format.

Volume creation should begin. TrueCrypt will now create a file called My Volume in the folder D:\My Documents\ (as we specified in Step 6). This file will be a TrueCrypt container (it will contain the encrypted TrueCrypt volume). Depending on the size of the volume, the volume creation may take a long time.  A box will pop up when you’re done encrypting your flash drive. Click OK to close the dialog box that pops up.

Step 12

Now it’s time to mount the volume we just created. It must be mounted so you can dump files into it. We will return to the main TrueCrypt window (which should still be open, but if it is not, repeat Step 1 to launch TrueCrypt)

Step 13

Select a drive letter from the list. This will be the drive letter to which the TrueCrypt container will be mounted.

Click Select File.

The standard file selector window should appear.

Select the volume we created earlier called “My Volume”  – it should be on your USB flash drive but if you can’t find it just do a file search for “my volume”

Once you have selected the file click OK - Now in the main TrueCrypt window, click Mount.

A password box will pop up.. just put in the password / passphrase you created earlier in step 10.

Now you’re all done. Wasn’t that easy? Just add files to that mounted drive and they will be placed in a password protect encrypted volume.

1. Darik’s Boot and Nuke (“DBAN“) load this up to your floppy or other bootable disk and you can securely wipe the harddrive of most computers.
2. Bacula is a set of Open Source, enterprise ready, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.
3. Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux

Your servers are like Adware
Agitating me and providing no satisfaction
And when an application goes down
I’ll know you’ll come a askin

“What is wrong with the network?”
“What have you done?”
“I didn’t change anything ”
“And now my services won’t run”"

“Users can’t connect”
“They usually get an error”
“It must be the network”
“It is all very apparent”

You’ll walk away briskly
To fire off a CC filled email
Telling everyone of the network issue
And the problem you found

“Dear Boss, VP and CEO, the network is down. It is the root cause of this issue and the reason the applications are down”

Now I must jump to attention the blame is on me
I must come to the rescue like some star on TV
Packet captures, wire sniffs, interface checking abroad
Unfortunatly the network looks sound and everything is in accord

Several hours roll by
as my projects fall further behind
And next thing you know everything is working
Everything is fine

Here you come with that look on your face
Notebook in hand walking at a moderate pace
“What was wrong what do you fix”
I shake my head and say nothing as you hang me on your proverbial crucifix

So for all you server admins who can’t troubleshoot worth a crap
Get your stuff straight and stay off my back
If you need help ask for it don’t drop your load on me
Get your self a syslog box and then we will see