TylerBurton.ca

Say you are travelling, or are at a neighbourhood coffee shop, using whatever unsecured WiFi network they make available. You could either:

1. trust that no one is sniffing your web traffic, capturing passwords, e-mails, IMs, etc.
2. trust that no one is using more sophisticated methods to trick you into thinking that you are secure (i.e. man in the middle attack)
3. route your Internet traffic through a secure tunnel to your home PC before going out onto the web, protecting you from everyone at your current location

which would you choose?

VPNs and SSH tunnels are actually a relatively easy means for you to be more secure while browsing the Internet from potentially dangerous locations. There are many, many different ways for you to do this but I find using a Linux PC that is running on your home network to be the easiest.

1. Configure your home Linux PC. Install ssh (and sshd if it is separate). If you are using Ubuntu this is as easy as running the following command: sudo apt-get install ssh
2. Sign up for a free DNS service like DynDNS so that you know of a web address that always points to your home Internet connection. To do this follow the instructions at the service you choose.
3. On your laptop (that you have taken with you to the hotel or coffee shop) connect to your home PC’s ssh server. If you are on Windows you will need to get a program like PuTTY. See their documentation on how to forward ports. On Linux you can simply use the ssh command. The goal is to forward a dynamic port to the remote ssh server. For instance if you are using a Linux laptop and ssh then the command would look something like: ssh -D [dynamic port] [user]@[home server] -p [external port number - if not 22]. An example of one would be ssh -D 4096 user@example.com -p 4000
   
4. In your browser open the networking options window. This will allow you to tell the browser to forward all of its traffic to a proxy, which in this case, will be our dynamic port that we set up in step 3. Here is an example of my configuration for the example above.
5. Browse normally.

You are now browsing the Internet by routing all of your traffic (in Firefox) securely through your home PC. Note that this doesn’t actually make web browsing any more secure beyond protecting you from people in your immediate vicinity (i.e. connected to the same insecure WiFi network).

I logged onto my desktop the other day, for the first time in a couple of weeks – I’ve been away travelling, and was surprised to notice that my PGP key was set to expire. Long story short I have generated a brand new key.

OpenPGP Key

Name: Tyler Burton
Key ID: 0x1CD3E3D8
Key Fingerprint: 96ED 6B13 10B1 69C1 8299 693C 2921 6D80 1CD3 E3D8
Keyserver: pgp.mit.edu
Key Algorithm: RSA
Preferred Cipher: AES256
Preferred Digest: SHA512
Direct Download: Download Here

Well GPG to be more accurate

As my existing key was set to expire at the end of this year I have issued myself a brand new one! After much though I finally decided that creating a new key from scratch was the best idea, rather than simply adding a new subkey, because I wanted to move away from DSA/ElGamal toward RSA primarily because of the weakening of SHA1. If this all sounds like gibberish to you then don’t worry, the details aren’t nearly as important as the security provided by my new key.

If you’d like to make use of my new key please head over to the About Me section where you will find it!

I would like to start a series of non-regular posts related to basic computer security. Security and cryptography are two areas of computer science that I have a passion for and, unfortunately, are two areas that most computer users do a truly terrible job at. I will try to make these as straight forward as possible so anyone can follow along!

For the record, the suggestions I will be making in these tips are simply things that I have found to work for me. Whether or not they work for you, or even are appropriate for you, falls completely upon you to decide.

---

Earlier in the year Adobe’s Acrobat Reader fell under attack do to a flaw in the way it processes JavaScript inside of PDFs. This was especially shocking to me because I had no idea you could even embed JavaScript inside of a PDF. Thankfully this has since been patched, however scripting is one of those things that seems to attract continuous attacks. Therefore I am going to walk you through how to turn off JavaScript inside of your favourite PDF reader, so long as your favourite PDF reader is either Acrobat Reader or Foxit Reader

Note: I understand that JavaScript can be useful for many things, for example as a PDF form auto-competition mechanism. That being said I have never needed this feature and since disabling it many months ago I have never had to enable it for a single PDF. While your circumstances may vary from mine, I still do not see any harm in disabling this feature and then only selectively enabling it when and if you ever need it.

Adobe Acrobat Reader

1. Open Acrobat Reader
2. Open the Preferences window. To do this click Edit > Preferences
3. Click JavaScript on the left
   
4. Uncheck “Enable Acrobat JavaScript”
   
5. Click OK
6. You’re done!

Foxit Reader

1. Open Foxit Reader
2. Open the Preferences window. To do this click Tools > Preferences
3. Click JavaScript on the left
   
4. Uncheck “Enable JavaScript Actions”
   
5. Click OK
6. You’re done!