Category Archives: security

How to protect your profile and emails on Thunderbird 3 (Ubuntu and Windows instructions)

On Thunderbird, the only way to be 99% sure nobody will read your emails is to save your profile on an encrypted folder (or disk partition) using e.g. TrueCrypt but if you are not concerned that you are under surveillance, you can simply use a quick and useful trick that allows Thunderbird to ask for the Master password every time you launch it.

In Ubuntu you have to follow two different steps. First of all, go to Edit —> Preferences —> Security —> Passwords and create your Master Password. Secondly, go to Edit —> Preferences —> Advanced —> Config Editor (click on “I’ll be careful, I promise”). Then in the filter bar, type password and change the parameter for mail.password_protect_local_cache to True. The next time you will launch Thunderbird nothing will be displayed (old and new emails) before you insert the correct Master Password.

If you are using Thunderbird on Windows you have to modify mail.password_protect_local_cache going to Tools —> Options —> Advanced —> Config Editor (click on “I’ll be careful, I promise”). Then, as for Ubuntu, in the filter bar type password and change the parameter for mail.password_protect_local_cache to True.

Prey: a multiplatform, open source anti-thefth free software for laptops

1 Reply

What about losing your laptop? Obviously the chances to find it and have it back are very few! But there are several software you can install on your laptop to trace the ip and geo-location of te laptop and with a bit of fortune you could find it. Prey is one of these programs you can use and it is particularly interesting because it is open source and free up to three laptops. After the download of the proper version for your OS (Linux, Windows, Mac OS X or Android) you have to run it on your machine and configure it through a very simple interface (on Ubuntu: Applications —> System Tools —> Prey Configurator). Do not forget to select Enable guest account and Wifi autoconnect to improve the possibilities to trace your laptop. You are also asked to provide an email account where you will receive the geo-location reports if your laptop is stolen. When you activate your Prey account do not forget to fill in the Configuration and Modules tabs. Personally we suggest to switch to ON the following commands: Auto update, Notify new reports and all the commands contained in the left column of the Modules tab. At this point, if your laptop is missed, you have to log in your on-line Prey account and, in the Configuration tab, switch the Missing option on YES. Since this moment, Prey software on your laptop is activated and will start sending reports to your email and to your Prey webpage. Last but not least, to better protect your laptop I suggest to hide or cancel the Prey Configurator icon from the OS menu (in Ubuntu: System —> Preferences —> Main Menu —> System Tools and deselect Prey Configurator).

I2P a real versatile anonymizing network for Linux and Windows

Leave a reply

This week for our Freeware Page, we tested I2P a freeware which let you to surf internet without revealing your IP and encrypt your data. As described on the I2P Homepage, this freeware is a “anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties”. During out test we used bothXP and Ubuntu because I2P is a java file even is it seems to be a exe file and it could be used on all the Linux OS. On Windows XP it is very simple to use I2P but at the beginning it is really slow and for this reason we suggest to keep it run for about twelve hours because this freeware needs to build its own network and for this it takes some hours. When ready you have to setup all the software you want to filter through it. For this reason, we setted Firefox (Preferences-> Advanced -> Network -> Settings) Manual Proxy Configuration to HTTP Proxy as localhost, port 4444. Then we put a tick on “Use this proxy server for all protocols” and we finished indicating “No proxy for” as localhost, 127.0.0.1. After some seconds we discovered that our IP was now in the northern part of the France (far away from our real location). To setup I2P it is necessary to point Firefox on http://localhost:7657/index.jsp because, by default, I2P tries to launch Internet Explorer also when it works on Linux. After a week of tests we can say that I2P is a little bit slower than TOR but it can easily be integrated on your browser, mail client, chat and others programs. For our (limited) experience I2P is the most complete anonymizing network we know. To conclude, as already discussed also on this post none or nothing can create a perfectly anonymous software but I2P can help to better improve our privacy. Recommended!

RepoGen: how to create and keep up-to-date your Software Sources on Ubuntu 8.04, 8.10, 9.04 and 9.10!

Leave a reply

This week, in our Linux Page (in Spanish) we added a post about a new fantastic online service to manage and add software sources to your Sources List (System – Administration – Software Sources). Adding the right repository sources in Ubuntu is essential for a more practical and fast management of your OS. In fact, using the correct sources list you can be sure that your system is always updated and safe. RepoGen has been created for all these reasons. It also automatically compiles all the necessary GPG keys and you have just to add them (one by one) running the suggested command in the Terminal. We tested RepoGen on two different PCs running both Ubuntu 8.04 & Ubuntu 9.04 and were able to update our Software Sources in less of 15 minutes and without discovering a single problem. To conclude we strongly believe that RepoGen is an online service that can help you to save a lot of time and keep your Ubuntu always up-to-date! Strongly recommended!

A fast guide for beginners to install ClamAV on Ubuntu

4 Replies

This week, in our Linux Page (in Spanish) we have posted a quick guide to rapidly install ClamAV: one of my favourite and open source antivirus for Linux. We have already written some notes in our previous post “Security package (Rev. 1.2) for Ubuntu: antivirus, firewall and P2P stealth” and in that occasion we decide to suggest an external link. This time we reinstalled a fresh new Ubuntu 8.10 and decided to directly add ClamAV. First of all, it is necessary to run Synaptic Package Manager (in System – Administration) and to search Clam and select clamav and all the extra packages you prefer to install. Read very carefully the description that is visualized each time you click on one of them and select the extra feature you need. Then, with the right button of the mouse, select “mark for installation” and click on Apply in the upper menu bar. After few seconds ClamAV will be correctly installed. Now, if you check on Applications – System Tool you will find a new ClamAV icon whose name is Virus Scanner. Now, if you launch ClamAV you will discover that, unfortunately, it is not possible to upgrade the program without administrative privileges. I solved this “problem” dragging and dropping the ClamAV icon to the upper panel. Then I clicked on the icon using the right button of the mouse and selected the Properties panel. Then, in the “command” space I added sudo before the text clamtk %F that I found already written there (sudo clamtk %F). Now, when you click on the upper panel ClamAV icon, you are able to upgrade your new antivirus in a breeze. Recommended!

Use chkrootkit to fight against rare (but always possible) rootkits on your Linux PCs!

Leave a reply

This week, in our Linux Page (in Spanish), we would like to focus your attention on chkrootkit, an interesting software for Linux which can really help you to detect malicious rootkits on your Linux PC. Unfortunately, the last update we have found on the chkrootkit homepage is dated December 2007 but we hope to see a new release during the 2009. To check if you have chkrootkit already installed, type chkrootkit on you Terminal:

desktop:~$ chkrootkit

and you certainly will receive this message:
The program ‘chkrootkit’ is currently not installed. You can install it by typing:
sudo apt-get install chkrootkit

Follow the above instructions and you will be ready to execute the software just typing:

sudo chkrootkit

Please, note that, at our first scan on Ubuntu 8.10, we found a false positive:

Checking `sniffer’… lo: not promisc and no packet sniffer sockets

eth0: PACKET SNIFFER(/sbin/dhclient3[4835])

Do not worry! This (unfortunately frequent) false positive has already been discussed by the community at

http://ubuntuforums.org/showthread.php?t=556517

and

http://ubuntuforums.org/showthread.php?t=270340

If you know other good anti-rootkits, please be so kind, to add a comment on this post. We are really interested to discover new “security software” (especially anti-rootkit) for Linux machines!

Google Chrome: how to neutralize the unique ID tracker and partially preserve your privacy

Leave a reply

Today, in our Freeware Page we added a post about two useful freeware which are able to remove the ID tracker contained in this new browser. Using them you will able to defend your privacy a little more effectively your navigation when using Google applications. The first is Chrome Privacy Guard (CPG), a useful tool, whose icon you will click on to activate Google Chrome. When using CPG you have to remember not to run directly the Google Chrome icon. Moreover, this software contains also a command which allows you to disable the CPG option inside Google Chrome, so your browser will send again statistical data to Google. The second one is UnChrome, an Abelssoft creation which definitively remove the unique ID contained in Google Chrome. Last but not least, I want to focus your attention on the fact that these two freeware run only in Windows PCs but we hope that a MAC and Linux version will be released in the next months. Useful!!

Security package (Rev. 1.2) for Ubuntu: antivirus, firewall and P2P stealth

2 Replies

Last May, in our Linux Page (in Spanish), we posted some suggestions about a basic security package for Linux. After less than one year we are back on this topic also because more than something has changed. As you know, Linux is the safer OS you can use today: specific Linux viruses are few and malware is rare but with the increasing of users some threads are becoming real. For this reason, I strongly believe that nowadays a firewall, like Firestarter, is not enough and we all need also a good antivirus and Moblock: the program which allows to use the Peer Guardian lists on Ubuntu protecting your privacy. Today, in our Linux package we’ve posted a short updated manual where we explain how to install a firewall (Firestarter), an antivirus (ClamAV) and a P2P stealth (Moblock). We have tested all this software on a Ubuntu 7.10 without relevant problems; the combined use of this triplet is strongly recommended for people who desire to preserve their data and privacy. Read us!

QGRUBEditor: a simple but effective GRUB editor for many Linux OS

Leave a reply

QGRUBEditor is one of the most interesting system tool for Linux I have met during the last two months. For this reason I decided to post a review in our Linux Page (in Spanish). This System tool is simple to install, easier to use and the results are very enjoyable. In our tests, we were able to easily modify the GRUB boot loader without damaging our OS. QGRUBEditor has a special feature which allows you to backup (highly recommended) your actual GRUB configuration before starting playing with its tools. If something goes wrong you can restore your previous GRUB just clicking on the restore button. Last but not least, QGRUBEditor allows you to add a password to rise the security of your GRUB.