Tag Archives: tutorial

3 steps to install DNScrypt to improve your privacy – Ubuntu version

Also if you use OpenDNS to improve your standard of privacy, you are not protected by “last mile” dangers but you can boost your security installing DNScrypt on your digital device. DNScrypt “works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks”.

DNScrypt “is a protocol that authenticates communications between a DNS client and a DNS resolver” and it “is not a replacement for a VPN, as it only authenticates DNS traffic, and doesn’t prevent “DNS leaks”, or third-party DNS resolvers from logging your activity”.

For this reason you have to be conscious that DNScrpt is just a -very good- improvement of your privacy but not the definitive solution to all your privacy concerns.

DNScrypt is so versatile that you can install it on every kind of device you prefer. In fact it is possible to download DNScrypt for servers, IOS, OSX, Android, Windows and Linux computers (DNScrypt-proxy version). Obviously the installation and setup will vary a little depending the OS you installed on your device.

Concept-Skyscraper-Feeds-on-Air-Pollution-Uses-It-to-Grow-433607-2

Image from softpedia.com

Here we are talking about DNScrypt installation on Ubuntu.

For this purpose I suggest to use the Terminal that allows you to install DNScrypt i just 3 steps:

sudo add-apt-repository ppa:anton+/dnscrypt

sudo apt-get update

sudo apt-get install dnscrypt-proxy

Last but not least, you need to interface the Internet traffic of your computer through the DNScrypt-proxy. For this reason you have to Edit your Network Configuration and add the address 127.0.0.2 to the “DNS Servers” line as for the below screenshot:

DNSCrypt

Now you can start DNScrypt just typing:

sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u okturtles

Where, in my specific case, okturtles is the name of the remote DNS resolver I decided to use. I chose that specific risolver from the list I found into into my computer after DNScrypt-proxy installation:

/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv

As usual in similar situations, you may want to spend another couple of minutes to configure your computer to start DNScrypt at the computer boot. Open the Session and Startup manager through the desktop Dash and Add this specific command to the Application Autostart menu:

sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u dnscrypt

HTML5 Privacy Matters: DOM Storage. How to solve it in only 2 steps!

Leave a reply

Recently I started an online course that was created using the Google Course Builder.

After I registered the course I was not able to access it because “my browser didn’t allow the web storage” and, for this reason, a message informed me that it would be necessary to use a up-to-date browser as Chrome or Firefox.

The only problem is that I always use Firefox. Obviously a “particular” version of Firefox where I also added a bunch of different add-ons to enhance the privacy protection level of my navigation and, for this reason, the Google course was not available for me.

Normally I would have decided to quit the course because I prefer not to modify my Firefox configuration after I spent so much time searching the best add-ons to preserve a minimum of privacy. But, in this case, I really wanted to attend the course and so I decided to manually operate on the Firefox configuration to “solve” the problem and allow Google to keep all the information it would have considered as essential.

This is the list of what I did:

– open Firefox and type:

about:config

in the address bar.

– search for:

dom.storage.enabled

and change its configuration from “false” to “true” double-clicking on it.

After this fast change in the Firefox’s configuration menu I was able to attend the Google course but….. I am conscious that my privacy is a little bit less protected because now Google can store up to 5 MB of content on my browser. In fact, before HTML 5 we were used to “cookies” and we were able to “manage” (better: erase) them also if, as the LSO Flash cookies, they were more persistent than usual. Moreover in the old html times, the space available for cookies on your local browser was 4 KB (yes… KB) but now, in the Html 5 era, a single website can easily manage and permanently store till 5 MB on your browser. And this is the reason why I decided to protect my privacy disabling the DOM Storage on Firefox and this is also the reason because I will disable DOM Storage as soon as I complete the Google course…

If you are not a simple user but you prefer to directly and consciously operate on the Firefox configuration to improve your privacy level, you would read this interesting post by BestVPN.

————-

References:

https://www.bestvpn.com/blog/8499/make-firefox-secure-using-aboutconfig/

https://www.bestvpn.com/blog/8337/things-go-bump-night-http-etags-web-storage-history-stealing/

Configure OpenDNS on your Ubuntu Computer through DDclient in just 6 steps – Tutorial

2 Replies

1 – Why should I change DNS?

As for Wikipedia, DNS (Domain Name System) is “a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network… …it translates more readily memorized domain names to the numerical IP addresses needed for the purpose of locating and identifying computer services and device with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality of the Internet “.

You “use” them in any moment, every time you are in front of a computer but usually you don’t consider to directly manage or change them because you think that it is not worthy to do anything with them.

On the contrary, you know that many different online companies offer dedicated DNS addresses you can use to substitute the default DNS addresses provided by your ISP.

So, at this point, your main question is “Why should I change DNS on my route or my computer”?

For example, for one or more of these different reasons:

– to have a chance of a possible increasing of speed and reliability when you surf Internet;

– if you want to delegate to a third “professional” part some security tasks (e.g. third party security filtering to protect yourself against phishing or viruses);

– acces websites that are normally geoblocked by commercial policies/agreements or censorship imposed by Governments;

– parental monitoring if you prefer to have a rough idea of what websites your children visit or if you whant to filter some specific contenents.

2 – Choose a reliable DNS provider

If you decide that you want to try a different DNS provider you need to choose a reliable one. A quick search on Internet will help you to find the most appropriate DNS Provider for your needs.

In this specific case we are examining how to configure the DNS from OpenDNS.com so, if you want to test it, you have to sign up for a free account on opendns.com or simply copy the DNS addresses you find in the bottom right of their homepage or sign up for a OpenDNS.com free account. In the last case, you have the possibility of monitoring your traffic in a professional statistical way and probably you will satisfy one or more of the reasons that may explain your choice to use different DNS.

3 – Install DNS from OpenDNS on your router

If you want to use OpenDNS on your LAN you have to configure the router through the its configuration interface. The way you can do this varies from one router to another but in all the popular models you will easily find a specific sub-menu where you could activate the “use predefined DNS” option compiling the two addresses provided by OpenDNS.

In this way all your LAN traffic will be pipelined through OpenDNS and you will not need to singularly configure each computer you have.

Image from: oriental-press.com

4 – Install DNS from OpenDNS on your Linux computer

4a – Preliminary configuration.

The problem with opendns.com is that it doesn’t provide an official tutorial to correctly install its DNS on a Linux machine. For this reason you can follow this brief notes that I wrote after installing it on a Ubuntu 14.04 LTS Ubuntu computer.

Go to the OpenDNS.com support page dedicated to the installation on Ubuntu and follow their instructions:

https://support.opendns.com/entries/38042814-Ubuntu

I exactly followed all the instruction till the point 8 but, when I had big problems when I typed:

sudo ifdown eth0 && sudo ifup eth0

because this message appeared:

ERROR unknown interface eth0=eth0

The matter is that my ethernet is really named eth0 (I double checked using the commands ifconfig and netstat -r -n) but it was not possible to operate on it.

To solve this problem I used the Poorak’s Blog suggestion and I had to open the interface file via Terminal with:

sudo nano /etc/network/interfaces

– or if you prefer:

sudo gedit /etc/network/interfaces

and manually add these lines:

auto eth0

iface eth0 inet dhcp

then I restarted my networking

sudo /etc/init.d/networking restart

References: [SOLVED] ERROR unknown interface eth0=eth0 on ubuntu

4b – Install DDclient on Ubuntu if you have a dynamic IP

Normally the Internet Service Provides provides a dynamic IP to users that may change over time. So, if you don’t want to pay more to obtain a static IP, you need to install a software that could constantly communicate your actual IP address to OpenDNS.com. In my case, I dedcided to install DDclient to be able to continue to properly use the OpenDNS.com services.

To install DDclient I preliminarly had to install coreutils through Terminal:

sudo apt-get install coreutils

and the required SSH and SSL sockets:

sudo apt-get install ssh libio-socket-ssl-perl

and finally the DDclient:

sudo apt-get install ddclient

At this point you manually edit the configuration file:

sudo nano /etc/ddclient.conf

(or, if you prefer sudo gedit /etc/ddclient.conf)

typing:

##
## OpenDNS.com account-configuration
##
use=web, web=myip.dnsomatic.com
ssl=yes
server=updates.opendns.com
protocol=dyndns2
login=opendns_username
password=opendns_password
opendns_network_label

where:

– ‘opendns_network_label’ is the label given to the network you’re updating in your account.

If you have spaces in your network label, replace them with an underscore ( _ )

You can find the network label in the Settings Tab of the OpenDNS Dashboard.

– the login is your email address with OpenDNS

– the password is your opendns password.

“If you have special characters in your password wrap the password in single-quotes ( ‘ ).

If there are any single-quotes in your password, put backslash ( \ ) before the single-quote to escape the character”.

References:

– Using DynDNS Protocol to Replace OpenDNS Updater

– How To Install DDclient On Ubuntu (ssh, ssh-perl, ddclient)

5 – Start OpenDNS and DDclient on your Ubuntu computer

At this point you have all the elements to start so you can open a Terminal and type:

sudo /usr/sbin/ddclient chkconfig ddclient on && sudo /usr/sbin/ddclient service start

On the other side, if you want to check the status of DDclient, you will type:

sudo /etc/init.d/ddclient status

References: opendns on Ubuntu via ddclient

6 – Configure Linux OS to start DDclient at boot on Ubuntu

On Ubuntu is really simple to configure DDclient to start at the computer boot. You have to open the Session and Startup manager through the desktop Dash. Now you are able to Add a specific command to the Application Autostart menu to run DDclient at the boot:

sudo /usr/sbin/ddclient chkconfig ddclient on && sudo /usr/sbin/ddclient service start

If you are configuring OpenDNS through DDclient on a different Linux distribution you can google the right tutorial or follow the guide created on aboutLinux.info.

At this point you will automatically use OpenDNS on your Ubuntu computer.

References: Using DynDNS Protocol to Replace OpenDNS Updater

3 Good Reasons to persist in using Google ncr = no country redirect

Leave a reply

Image from: marketing-partners.com

Since some weeks ago, I used:

http://google.com/ncr

for my web search and I was able to open the main Google Homepage without to be redirected to any local Goole site.

What I usually obtained was:

1 – less “personalized” search results: the algorithm will be not “contaminated” by my local IP and I will able to find information “cleaned” by local trends;

2 – the possibility to use the “same” Google even when I am abroad;

3 – the security that my searches were always up-to-date respect the global actual trends. For my experience when I search some particular topics as “marketing” I obtain, in the first Google page, fresh news only using Google in its NCR version. If I try to use my local Google homepage I have to spend more time setting the Google’s “advanced search” or trying to understand what information are “really” fresh new.

Image from: mods2015.com

I found the right solution when I visited ycombinator.com and I found the post created by newman314 that submitted a link that combined NCR and SSL protocol (for a little bit of more privacy).

https://encrypted.google.com/search?q=test&qscrl=1&n…

https://encrypted.google.com/search?q=test&qscrl=1&ncr=1

Where the word “test” is what I am looking for.

Then I also found a faster solution by dragop:

http://www.google.com/?gfe_rd=cr&gws_rd=cr

and, in the same webpage, a shorter version from 3dfan:

http://www.google.com/?gws_rd=cr

On my side I prefer to use this other URL that gives me the same results through an SSL connection:

https://encrypted.google.com

To be sure that the results were really the same and not simply related with the English language and influenced by the IP, I tested this URL comparing them from what I obtained from the above mentioned:

http://www.google.com/?gws_rd=cr

I discovered that what I “received” using encrypted.google.com are really the same links and they are not just the standard local results in the English language.

I know that cookies will not allow me to have real “septic” results but this is the first step to a less passive use of Google search because I would like to be a more active user and not just a passive customer pampered by Google.

Protect your Privacy: use a Self-destructing, single-use File Sharing Service

Leave a reply

Image from infoworld.com

If you need to share a confidential file to one of your colleague and you have not enough time to manually encrypt the file before uploading it to a you may consider to use securesha.re.

This online service let you to share a file through its online service encrypting it before it is uploaded to the securesha.re servers.

DevStash.io uses a 128-bit client-side AES encryption through a SSL protocol. This website automatically offers a 40 charaters long, randomly generated password that can be changed by user if he/she prefers to use its own passphrase.

Moreover securesha.re keep the file reachable in a long, random URL to decrease that files could be discovered through a brute force search.

Last but not least, this website let you delete the uploaded file after a pre-defined amount of time or/and after a pre-defined number of views. The default configuration allows just one view and an automatic deleting after seven days but the views can be extended till 10 and the amount of days reduced to just 1 day.

Personally I normally prefer to encrypt files by myself before sharing them online but I will keep securesha.re in mind in the case I need to share a file and I have not my laptop with me.

Link

verify-that-processor-has-the-aes-instruction-flag

Image by cibercity.biz

How to find out AES-NI (Advanced Encryption) Enabled on Linux System

3 things you need to remember when Upgrading to Fedora 23 as for the Unicmen’s instructions

Leave a reply

The upgrade from Fedora 22 to Fedora 23 is not automatic, as usual in my Fedora experience, but it is really simple to manage if you follow the path suggested by Unixmen.

There are few things you need:

– connect your laptop to the power plug (if you use a laptop);

– a couple of hours (something more or less depending on your CPU, RAM, Internet connection speed, etc..);

– few lines of commands on the Terminal

Image from https://fedoramagazine.org

The upgrading process is well structured and to start it you need to launch Terminal and upgrade the native Fedora Fedup with its new version that now is integrated into DNF:

dnf upgrade

Then you have to install the DNF plugin:

dnf install dnf-plugin-system-upgrade

and finally you can start the “core” part of the upgrade just typing:

dnf system-upgrade download –releasever=23 –allowerasing –best

Where:

– allowerasing will continue the upgrade also in presence of any “old” (not yet upgraded) third part repositories that normally would have completely stopped the main upgrading process

-best is a verbose mode in case of unsatisfied dependencies

After a while, depending on your Internet connection speed, you will be able to conclude the upgrade typing:

dnf system-upgrade reboot

Your laptop will reboot and the upgrade starts.

From now you spend more than 40 minutes waiting and answering to few easy questions that the OS asks you to solve some configuration matters.

The length of the waiting time depends obviously on the CPU, the RAM and the type of Hard Disk installed into your PC.

That’s it!

Link

http3a2f2fwww-redpill-linpro-com2fsysadvent2fassets2fimg2fbackup_disk

Image from redpill-linpro.com

Cloning block devices online using Software RAID

TrueCrypt – Try it again! Waiting for CipherShed…

Leave a reply

truecryptlogo_256 TrueCrypt is safer than we thought! A specific audit tested TrueCrypt 7.1 unmantained through a complex verification process and the results are surprising.

First of all we have to consider that TrueCrypt is not mantained since 2014 and that its “natural” fork, VeraCrypt, is directly developed by Microsoft. For this simply reason many former TrueCrypt users prefer not to use VeraCrypt.

Secondly, the bugs revealed by the testers in TrueCrypt are less worrying than that discovered using its competitors solutions.

For this reason I decide to install TrueCrypt (that I use previously it was unmantained) on my Fedora 22 laptop.

To begin, I searched for a good repository and, at the end, I opted for that mantained by GRC. So I downloaded the TrueCrypt 7.1 archive from GRC that is still storing all the others TrueCrypt versions.

I decided to use the 7.1 version because it has more features than the last 7.2 version (the last known release of TrueCrypt). In any case I am monitoring the Swiss website and I wish that the CypherShed project will be completely developed soon.

After I extracted the file and moved it to a specific folder.

Last but not least I opened Terminal and typed:

sudo ./truecrypt-7.1a-setup-x64

and the software was correctly installed into my Fedora 22 OS.

After some tests I can adfirm that TrueCrypt is still a good security solution not only for the above mentioned audit but also because it is really stable, flexible, full of useful features and simple to use.

To sum up: Try it… again!

Synkron: a flexible & powerful way to synchronize your files or folders on Linux – An “encrypted” example for security and privacy reasons

2 Replies

Sometimes it is really easy, other times you waste your time. A good synchronization between files or folders is something you need everyday but it could become a nightmare if you miss something.

In my specific case I need to automate a synchronization between a folder (F1) where I usually save my office files (Documents) with a second folder contained, for security reasons, in an encrypted volume/partition (F2). This last folder (F2) automatically synchronize its content with a third folder (F3), located in the same encrypted volume/partition, that is the client folder of a remote storage hosting (F4).

This also means that when I am out of the office and I add a file in the online storage host (F4) the document is automatically copied to the client folder of the remote storage hosting and to the folder located in an encrypted volume/partition (F2 and F3).

Moreover, I need to erase the Documents folder F1 as soon as it is synchronized with its mirror F2 in the encrypted volume.

The described scenario is common in the everyday working life and it is conceptually not hard to solve… in theory… When I tried to set up the above described operations using grsync on Fedora and Ubuntu I had big problems to obtain an acceptable result.

Many times the synchronization was unidirectional and I was not able to run it properly just using grsync still I found one right solution with Synkron. Synkron is a multi platform software (Linux, OSX, Windows and portable) written in C++ that is really flexible for all multitasking synchronization needs.

First of all, Synkron is multi-tab and this is a winning features because it let you to “slice” any problem (synchronization matter) into simple, easy to solve, tasks.

In my example I determined the two Folders I wanted to sync – F1 & F2) and decided thath both folders had to be considered as Master by the software.

Then I used the Advanced Menu and I chose to “Move contents to Folder 2, leaving folder 1 empty” and to “Store database in a text file” for my convenience (F1 to F2 deleting F1 contents after synchronization).

At this point, I opened a second synchronization tab where I selected two folders (F2 to F3 sync) and I also asked Synkron to “Synchronize hidden files and folders” and to “Detect collisions”.

At this point I had obtained an acceptable solution to my initial task, simply dividing my problem into two separate operations.

Moreover, I’ld like to focus your attention on the fact that Synkron has a specific feature for multi-synchronizing three or more folders at the same tome. The tuning of this particular feature is really intuitive and you can also selected many of the different advanced options we described here above.

If you have complex synchronization needs and you have many tabs configured you can always choose what tabs you want to activate or deactivate using the “Sync folders” option you find in the upper part of each tabs. Another option for this specific issue is represented by the SyncView visualization that let ypu to have a quick general glimpse about the state of all the sync and multisync tabs.