internet

All posts tagged internet

I was about to buy a 3rd different USB wireless adapter and even considering a PCIe model with external antenna since I kept getting horrible performance with the nano adapters. I liked that they could just be plugged into the back of the system to add wireless support and they worked great on the Raspberry Pi, but on a desktop the performance was not much better than a dial-up connection.  Before ordering anther product someone mentioned interference and I then did a bit more digging and found Intel actually published a whitepaper on this subject (Linked at bottom).

After testing I was able to clearly see the effects of 2.4Ghz interference and would recommend to anyone having performance problems with wireless adapters to get a USB extension cable.  Using the same Plugable nano-N wireless adapter I ran a speed test from 3 locations:

Connected directly to back USB port

Connected directly to front USB Port

Connected to USB port via extension cable 3′ away

Intel’s Article: http://www.intel.com/content/www/us/en/io/universal-serial-bus/usb3-frequency-interference-paper.html

I was planning to setup a Raspberry Pi to use my hosts file to filter out and block ads, but while digging around on the web found a project that had already done that along with added a web admin panel and statistics too.  Pi-hole is a quick and easy to install ab-blocking solution for the whole network.

Their site has a well laid out guide and their support is fast should you run into any issues. For the most part though it’s 1) get a Pi with Raspbian Lite 2) run curl -L https://install.pi-hole.net | bash on the Pi then 3) make a couple changes on router DNS server and restart systems to receive updated settings. Once up and running all devices connecting to your network will enjoy ad-blocking even if ad-block software is not or can’t be installed on them.

Mine has been running for number of months now without any issues and receives regular updates of ad sites to block. A quick look at the admin panel shows the current day’s statistics.
pi-hole_admin

My last post discussed updating the host file on Andriod. After doing a bit more tweaking I wrote a script which can be downloaded at the end of the article or created from the code below. The script will automatically download the latest hosts file from mvps.org and install it. It requires to be run as root and under the assumption that /sdcard exists as a storage location. Remember also to set the script permission to 700. The script can also be added to the crontab so you don’t have to worry about it again. (Next article will go over setting up crond and crontab on Android)

The Script:

#!/system/bin/sh

#Remount /system RW
mount -o remount,rw /system

#Make copy of current hosts file if backup does not exist
#Comment out this block if you have installed mvps.org hosts file before making backup
if [ ! -f /etc/.etchosts ]; then
cp /etc/hosts /etc/.etchosts
fi

#Check and create tmp dir if required
if [ ! -d /sdcard/tmp ]; then
mkdir /sdcard/tmp
fi

cd /sdcard/tmp
wget http://winhelp2002.mvps.org/hosts.txt
cat hosts.txt > /etc/hosts
rm hosts.txt

#If you need to add lines to host file
#make changes to /etc/.etchosts
#and uncomment next line to enable appending to hosts
#cat /etc/.etchosts >> /etc/hosts

#Remount /system RO
mount -o remount,ro /system

Download:

android_update_hosts.zip
sha256sum 95256b28deee2cbcd418f51ed6e358d42b7651bdbcc955521457dc370e5c537a android_update_hosts.sh

By now anyone using the internet is bombarded by ads everywhere online unless measures are taken to minimize them. There are plenty of ad blocking programs out there but another method that is easy is implement is the use of the hosts file. Originally this file was used to map hosts names to IP address before Domain Name Servers (DNS) was implemented in 1984 allowed for the process to be automated. For most end users today this file is unused but could provide beneficial experiences if configured. When an IP address is specified in the hosts file for a domain the system will use that address, allowing blocking of sites by directing them to 0.0.0.0 or 127.0.0.1. This can be used to stop ads from loading and potentially increase page load times. Now it might seem like a tedious task to add all the add sites to block but there are providers of hosts files that are already completed and updated regularly; I use MVPs.org to provide my hosts files.

Note that while the hosts file when configured can block ads and some malware redirects, it is only an additional layer of protection. Systems should still run other forms of protection such as anti-virus and anti-malware with the hosts file. Below are instructions to load the file from MVPs.org to the most common operating systems.

Windows:

The hosts file in modern distributions is located at %SystemRoot%\system32\drivers\etc\hosts and can be edited with notepad or other text editors. Just be sure not not add any extension like .txt which the built in notepad is known for doing. Note that the file is in the windows directory so any app trying to edit it will require being run as administrator.

Thankfully however, MVPs.org has an app to update the host file easily. Just download the zip file from http://winhelp2002.mvps.org/hosts.htm and unzip to a folder. Then right-click the mvps batch file and choose Run as administrator. This will load the downloaded data into the host file. More detailed instructions and the date of last updated host file is available on their site.

Linux:

While I was manually updating host files before, came across a post to make a script for Linux which when added to the chrontab allows for easily maintaining the most up to date hosts file. Visit http://www.putorius.net/2012/01/block-unwanted-advertisements-on.html for details and description of the script. I made a few small changes.

To complete these steps you will need to be running as root or using sudo su to get root permission. Your prompt should end with #

First, backup your current host file:
cp /etc/hosts /etc/.etchosts

Next use vi or nano to create the script /root/update_hosts.sh and add the following code to it:
#!/bin/bash
cd /tmp
wget http://winhelp2002.mvps.org/hosts.txt
rm /etc/hosts
mv hosts.txt /etc/hosts
cat /etc/.etchosts >> /etc/hosts

Make the file executable by running:
chmod +x /root/update_hosts.sh

Schedule to run automatically:
run crontab -e then add the line below to make it update nightly at 23:59
59 23 * * * /root/update_hosts.sh > /dev/null 2>&1
The time can be changed by adjusting the numbers. the > /dev/null 2>&1 is sending all output from the scheduled job to the bit bucket so that crontab does not email the results each night.

Mac:

Instructions for updating the Mac OS host file can be found here: http://pointhope.de/tips&tricks/no_place_like_localhost.html

Android:

If you have root on your Android device the hosts file is stored at /system/etc/hosts and can be changed with a terminal app, however you will need to mount the path as R/W before changes can be made. Something like Beansoft – Mount /system (rw / ro) will do the job. Because on Android the hosts file is symbolic linked to /etc/hosts as well it seems to not want to allow overwriting the file but the contents can be changed with the cat command and achieve the same desired result.

Remember to run su as commands require root access.

First time  backup your current hosts file:
cp /system/etc/hosts /system/etc/.etchosts

Then run the following to update:
cd /sdcard/tmp
If you do not have a /sdcard/tmp directory run mkdir /sdcard/tmp and rerun the cd command above
wget http://winhelp2002.mvps.org/hosts.txt
cat hosts.txt > /system/etc/hosts
cat /system/etc/.etchosts >> /system/etc/hosts
rm hosts.txt

At this point you can exit terminal and then remount System as R/O.

A common issue I’ve run into on public access Wi-Fi is web content filtering. While it is great places offer guest Wi-Fi, I don’t care for being restricted to what I can or cannot look at while connected. So in that case an easy solution is to change the DNS server your device is resolving to and bypass any DNS filters and blocks the guest Wi-Fi service may have.  Other options include remote access of another computer else where (like your home computer if doing sensitive transactions), or a VPN connection.

As DNS settings are generally easy to edit and Google has an easy to remember DNS servers I use them regularly. These can be set on your devices or even in your router. For the purpose of this article I have included steps for Android and Windows 7.

Google Public DNS IP addresses (IPv4):
8.8.8.8
8.8.4.4

Google Public DNS IP addresses (IPv6):
2001:4860:4860::8888
2001:4860:4860::8844

Setting the DNS on an Android device is fairly straight forward; just go to Wi-Fi settings, tap and hold on the network after connecting then select Modify Network. On the screen that appears check the box to display advanced settings and change IP settings to Static. Once on the IP settings screen just replace the DNS servers with the Google ones (Conveniently on Android when you erase the DNS servers, Google’s pre-populate).
Android Network Settings

On Windows it is a few more clicks but still easily set. Just go to the Control Panel and select Network Sharing Center. Then click the option Change Adapter Settings. Right-Click adapter to change (wireless) and select the properties option. Double click on the IPv4 then enter Google’s DNS server settings.
Win7 Network Settings

As previously discussed in Part 1, a password manager can assist in maintaining secure and unique passwords for every site you access while only having to remember one master password. However, which is there right one to use? LifeHacker reviewed six in their article which I used as a starting point in my decisions. If you’re really paranoid you may also want to look at Clipperz which was not reviewed by LifeHacker. It appears very secure, however, only accepts Bitcoin as payment so that made me look at more easily available solutions for the current time.

Before picking a password manager a few things need to be looked at:

  • Is it for local computer only or will it need to sync to other computers?
  • What about use on mobile devices?
  • The level of security offered and required to meet your needs?
  • Costs of software?

For the past 10 years I had been using RoboForm as a local only password manager. If I was to continue or start using a new local only password manager I’d look at KeePass instead for being free and open source. However, with more things online and spending more time away from my computer and on mobile devices, it was time to find a new product with better mutli-device, mobile support and cloud synchronization.

While looking at cloud options I found that RoboForm does offer cloud sync for about $20/year ($10 for the first year), but after having already spent close to $100 over 10 years to maintain desktop and portable licenses I was hesitant to throw more money at it without doing more research of the other options and verification of security.

In that regard I chose to switch to LastPass for being cross platform with could synchronization but also looked at a number of other factors. Continue Reading

In today’s cyber world security is a must have, however, many go oblivious to their lack there of or believe in principles that are ineffective. With more reliance on the digital world now than ever before, one needs to be proactive with security to prevent being a victim of the next cyber hack attack or at a minimum mitigate the damages.

While some think that passwords must be complex and include uppercase, lowercase, numbers, and symbols to be effective this obscurification adds little if any security to the password. Today’s computers can now easily do the substitution of ‘@’ for ‘a’ or ‘$’ for ‘s’ while adding little time to the cracking attempts. It’s length that makes a password more secure. XKCD does good at graphically explaining this concept for creating long memorable passwords.

Password Strength

http://xkcd.com/936/

Another problem is the use of the same password for more than one site. With the difficulty in remembering passwords it’s not uncommon to use the same or slightly varied versions of a password across all sites, but this introduces the security risk that if one account is compromised then all your accounts are vulnerable to attack. Even though you may have picked one secure password you do not know how other companies and sites store that data. If the password was stored in a database as plain text or un-salted hash then an attacker could compromise accounts quickly should that database ever be hacked.

For the best security all sites should have their own password that is unique, randomly generated, greater than 14 characters, including your traditional upper, lower, number and symbol requirements. Websites should have password like  ‘&AuGwW7ML&sBJ6Ga;Jr2hBdah’ or ‘rx97QMYE+Jgf6o9%~jtsL7o;t’ for maximum security. But who could remember that?

A simple solution to managing secure passwords is the use of a password manager. This allows for only having to remember one strong password, like described in the XKCD picture, and increases security by using randomly generated passwords for every site. There are many password managers to chose from on the market. This LifeHacker article explains a the features of a bunch and Part 2 of this topic will include which I chose to use and why.