Using mobile shell Mosh for SSH sessions

The mobile shell Mosh is a command line remote terminal utility that works wrapped around SSH, it can be used inside xterm or Emacs, you will still need SSH running in the server, the main difference in between Mosh and SSH is that Mosh connects via UDP (User Datagram Protocol) instead of TCP (Transmission Control Protocol), UDP is ideal for unreliable Internet connections, like for example a mobile 4G network, you will not be disconnected from the server if your network temporarily drops, UDP does not verify that data reaches destination, Mosh will keep you connected even if your device IP changes or the computer goes to sleep. Mosh only runs UTF-8 character encoding but it fixes all Unicode bugs found in SSH.

The terminal will not fill with network buffers like sometimes happens in SSH, Mosh sets frame rates based on network conditions and if you encounter a run away process it can be terminated pressing CTRL-C

Laptop computer running Linux
Laptop computer running Linux

To use Mosh you have to install it in your computer or mobile device and the server you are connecting to, the server must have SSH running before Mosh connects via UDP in between ports 60000 and 61000 by default, use -p to specify a specific port, and then you type in the client mosh user@remotehost

The main reason why you would want to use Mosh as a substitute of SSH is to keep alive a SSH session resting on an inconstant connection, you can also use Mosh on the background in screen or tmux and SSH in the foreground, if SSH drops for any reason you could fetch Mosh as a back up, Mosh doesn’t need root rights and it will allow any user to execute it in user space even if they don’t own the server, it could be used on a restricted shell account.

A few drawbacks are that there is no IPv6 support and port forwarding is not possible yet, the developers have added it to the roadmap. There has been no cryptographic review of Mosh, this is not an SSH tunnelling utility, it deploys its own encryption scheme with AES-128bit (Advanced Encryption Standard) keys in OCB (Offset Codebook Mode) mode for authentication.

There are Mosh packages for NetBSD, FreeBSD, Mac OS X, Ubuntu, Debian, Fedora, Gentoo, ArchLinux, Android and Cygwin, the Unix environment for Windows.

Visit Mosh homepage

Chapcrack decrypts VPN PPTP and WPA2 traffic

A new tool called Chapcrack can recover the encryption keys used by the widely used WPA2 (Wireless Protected Access) protocol, used to secure wireless networks, and the PPTP (Point-to-Point Tunneling Protocol) VPN used to secure network traffic, the tool exploits a weakness in Microsoft’s MS-CHAPv2 handshake authentication protocol included in various encryption technologies. Chapcrack captures MS-CHAPv2 network traffic and reduces its encryption strength to a single DES (Data Encryption Standard) key making it easy to crack in a matter of hours with cloud computers or a few days with a dedicated cracking desktop computer, having a strong password would not protect you and still be crackable as the encryption key is considerbly weakened.

Laptop Wifi WPA hacking
Laptop Wifi WPA hacking

The tool is targeted at PEN testers and network administrators wanting to test their own network security but obviously the bad guys can also use it to break into people’s networks and sniff traffic. The outdated Microsoft’s point-to-point tunnelling protocol has been plagued with security problems since its release but it is extensively used due to Windows operating system supporting it by default, Chapcrack’s developers expect people to realise how insecure PPTP is and  stop using it once and for all switching to more secure technologies like OpenVPN and IPsec.

Visit Chapcrack homepage

How to set up an OpenVPN server easily with GAdmin

The easiest way in Linux to set up your own VPN to protect your Internet connection from eavesdropping is using GAdmin OpenVPN Server, a GTK+ client with GUI that works as a OpenVPN bridge server, you do need to know too much about Linux command line or the Vim editor to edit files, once you install GAdmin OpenVPN Server you will be able to configure everything using a quick point and click mouse.

GAdmin OpenVPN Server is available via Fedora/Debian packages or compiling it from source, you will need to have the Openvpn and bridg-utils packages installed in your server first, after that you have to install GAdmin OpenVPN Server software, search for the words gadmin in the software repository to find it.

GAdmin OpenVPN server software
GAdmin OpenVPN server software

Once installed you can start using GAdmin via GUI and configure the server settings, GAdmin OpenVPN Server can create the necessary digital certificates for you and your choosen users. If you want an alternative to GAdmin with more features, other Linux based distributions used as a firewall also have the capability to set up an OpenVPN server using GUI, some of those distributions are: Untangle and PFSense.

GAdmin OpenVPN Server homepage

How to use Linux command line to clone a hard drive

If you are a Unix command line geek you can clone your hard disk with various Linux programs. This can be quicker if you feel comfortable using the Linux shell. Computer forensics need to use a Unix live CD to clone a hard drive in order to preserve all data from alteration but unless this is your case you do not need it.

How to clone a hard disk using dd?

To execute dd you should login as root or use the su command.

1- Open Linux terminal window as root.

2- Change appropriate hard disk name, ie sda/sdb and type:

dd if=/dev/sda of=/dev/sdb

3- Cloning a hard drive using dd can take hours depending on size. You can use gzip and save storage space but this will make the hard disk back up even longer.

Copying a hard disk partition using dd

If you don’t want to make a complete duplication of your hard disk the following command will create an image file “disk1.img” in your user’s recovery directory from /dev/sda

dd if=/dev/sda of=~/recovery/disk1.img

To restore a partition or a hard disk from an image file, just exchange the arguments “if” and “of”. For example, restore the whole hard disk from the image file “disk1.img”:

dd if=disk1.img of=/dev/sda

 

Linux command line hard disk cloning
Linux command line hard disk cloning

 

How to clone your hard drive using ddrescue?

Also known as Gddrescue in Ubuntu, ddrescue is quicker than ‘dd’, gets better results and it also keeps a log file that records each of the bad blocks found.

1- SystemCdTools includes ddrescue but you may have to install dderescue from the repositories otherwise as many other Linux distributions do not come with it.

2- Open Linux terminal window as root.

3- Change source sda and destination sdb if needed, depending on your hard disk name, then type:

ddrescue -v /dev/sda /dev/sdb

If your hard disk has bad sectors the following Linux ddrescue command line below will attempt to recover them:

ddrescue -r 1 /dev/sda /dev/sdb rescue.log

NOTE: There is another Unix tool called dd_rescue do not confuse it with ddrescue, they both enhance dd but are not the same command line.

List of Linux live CDs for hard disk cloning

The easiest way to recover your operating system in case of disaster is by cloning it once a week to an external disk. You will save lots of time tweaking the settings once again if you need to reinstall your operating system.

Main Linux live CD to clone a hard disk

CloneZilla: Clonezilla live is suitable for single machine backup and restore, Clonezilla saves and restores only used blocks in the hard disk, this increases the clone efficiency. This live CD to mirror your hard disk can be a bit overwhelming for newbies not used to Linux.

SystemRescueCD: This Linux live CD is normally used to recover data, you can use it to backup data from an unbootable Windows computer not able to boot anymore, as long as the hard disk is still working, you will just need to mount the partition.

UltimateBootCD: You can use this Linux live CD for hard disk cloning using some of the tools it has, such as CopyWipe, g4u, HDClone, partimage and others. You can also use this Linux live CD for data wiping as it includes hard disk wiping tools such as  Darik’s Boot and Nuke (DBAN) and HDDErase.

PartedMagic: This is mainly a Linux live CD used for partitioning but it also includes CloneZilla from the command line.

GRML: For the advanced Linux user, this Linux live CD based on Debian has been designed for the Linux system administrator comfortable with the command line, GRML provides security and network related software, data recovery and forensic tools and many text tools.

GRML Linux screensplash
GRML Linux screensplash

 Computer Forensics live CD to clone hard drive

Caine: Ubuntu based computer forensics live CD, mainly used to acquire data of a suspected criminal computer but also useful as a back up live CD. User friendly graphical interface.

CAINE computer forensics live CD
CAINE computer forensics live CD

DEFT Linux: DEFT it’s a new concept of Computer Forensic live system that use LXDE as desktop environment and Thunar file manager and mount manager as tool for device management. It is a very easy to use system that includes an excellent hardware detection as well as open source applications dedicated to incident response and computer forensics.

Kali Linux: Kali Linux is a versatile penetration testing distribution with 300 open source tools to test your network for vulnerabilities before a break in or do a post mortem after an intrusion has taken place.

Learn computer security and privacy with these mailing lists

There is no need to spend on expensive college fees and teachers that might turn up to be unhelpful or low qualified, the best free way to learn about computer security and privacy is by yourself, practicing, and asking and reading questions at security forums and mailing lists. Below you will find active computer security mailing lists open to everyone.

  • Tor proxy mailing list: The or-talk mailing list is for all discussion about theory, design, and development of Onion Routing, to join the or-talk mailing list, send an e-mail message to “majordomo @ seul.org” with no subject and writing on the email body “subscribe or-talk”.Or-talk archived mailing list:
    http://archives.seul.org/or/talk/

Computing mailing lists and Usenet groups accessible from the web

An way to access computer related Usenet and mailing lists for those who don’t want or can’t use a Usenet or email client, some of the servers will archive mailing lists as if they were newsgroups, they are read only, in order to post you would still have to be subscribed to the mailing list.

Other Unix related mailing lists

Usenet newsgroups

  • Or-talk can also be accessed as a read only newsgroup via news//:news.mixmin.net (SSL port 563, no username no password). The name of the group is local.lists.tor.talk

Making strong passwords in Unix with mkpasswd

If you need to generate a secure customized password in Unix (Linux,BSD,Solaris) there is a command line utility created by Don Libes from the National Institute of Standards and Technology called mkpasswd that will help you to choose a strong random pass,  you can get makepasswd from any Linux repository and there is a FreeBSD port and it can be used in Windows via Cygwin. 

mkpasswd examples

  • To generate a 10 characters random password: mkpasswd –char=10 
  • To generate a random Linux password using specified characters: mkpasswd -s “insertwordhere” 
  •  To generate a hard to guess random password made up of 12 characters: mkpasswd -l 12
  • To generate a random 12 characters password with at least 2 digits and 4 uppercase characters: mkpasswd -l 12 -d 2 -C 4

Check out mkpasswd –help to learn all of the possible options or see mkpasswd man page online.