Archive for the ‘Travel’ Category

Opting Out for Freedom

June 2, 2011

I travel fairly often, both for business and pleasure, and I’m the guy who always opts out of the new scanners.

Not because I’m a terrorist, some kind of subversive or because I am worried about the long term medical implications of untested millimeter wave or backscatter x-ray machines but because I want to send a message.

Image001

The message is simple. Don’t let politicians under the guise of the war on terror whittle away at those inconvenient freedoms that we won’t notice as they are taken away bit by bit. Don’t less commercial interests drive the adoption of technology at our expense with no benefit. Don’t let the terrorists win by creating a climate of fear where these abuses are simply accepted.

First it was the requirement to show ID before you could board a plane (sounds a bit like Eastern European travel passes) and now you have to submit to either security by theatre or an attempt at public humiliation. What next? Travel Permits? DNA testing?

The only winners are the suppliers of these very expensive pieces of equipment, and the politicians who earmark these into legislation in return for promises of campaign support. Has a single terrorist been thwarted by these measures? It would seem not as the press releases that self-important agencies like the TSA love to issue just talk about what a great “deterrent” they are, and how safe the machines are… meanwhile the politicians and TSA officials skip both the machines and the enhanced pat-down process that we mere mortals have to decide between.

Ironically in many airports it’s possible by getting in the right line, or picking the right checkpoint to avoid these machines altogether – do we really expect agents of the Axis of Evil to be less cunning than a harassed business traveller desperate to get to Boise to sell tractor parts?

There are better solutions: making use of properly trained screening agents (as in Israel); designing airports to be safe and secure by default to reduce risk of an attack in an un-secured place by starting basic checks and observation further out; by making passengers, airlines, airport operators and the security agencies partners in the process.

Meantime… I’m the guy being made to stand in my socks while a TSA Agent yells “male assist, opt-out” because it’s easier to try and shame me into compliance than actually make flying safer. Next time you fly… join me. It’s fun being the center of attention sometimes 🙂

Building a safe and portable way to get online

May 19, 2011

Over the last few months I’ve had a couple of friends go through some rather unfortunate domestic situations which have involved partners spying on their computer activities, intercepting and even sending emails from what they thought was a private account. They’ve used a variety of means ranging from simply accessing a machine that’s not been locked through to using a keylogger or network sniffer to steal passwords and read email.

There are weaknesses with any operating system, especially if you do not have sole access to the machine or a way to secure the local area network to avoid eavesdroppers, so to try and solve the problem I looked at ways to eliminate the risks of both physical access and software spying.

The solution I came up with is a little technical, but works pretty well and provides a good balance of security and ease of use

Image001

The first part of the solution is unobtrusive USB Flash Drives. These can take many forms but for convenience I’ve been using LaCie USB Keys that look like keys. They come in various sizes (though I consider 8GB the minimum for what I’m doing) and are easy to hide in plain sight, and you’re not likely to misplace it if it’s with your house or car keys.

The second part of the solution is a stand-alone installation of Ubuntu. While it’s not as user friendly or as familiar as Windows or OSX for a lot of people its fairly simple to set up a totally self-contained installation that runs entirely from the USB Key – it leaves no trace on the host machine, it never starts the host machine (so software key-loggers and other spyware are useless) and it’s fairly light-weight so you can start up or shut down in less than 30 seconds.

Setting Ubuntu up in this way doesn’t follow the usual path to build a LiveCD that most people use to try out Linux – with that style of setup you can’t store data on the drive or perform in-place upgrades (patching the build, adding new drivers or even migrating to a new version)

The final part of the solution is installing anti-virus scanners that you can use to examine the host machine, and a VPN client to secure your communications with the outside world…

Preparing the Bootable Ubuntu key

These instructions do assume you have a clue what you’re doing, and that you can deal with the consequences of doing something wrong along the way. If you follow the recommendations you should be okay but, as with anything of this nature, there may be dragons ahead…

Safely selecting the right drive.

You may omit this step if after partitioning you choose to install grub to the root of the usb drive you are installing Ubuntu to, (ie sdb not sdb1). Unless you do this correctly though you can overwrite the HDD MBR which can be a pain to deal with so it’s not recommended. If you don’t know what grub is… proceed with caution!

·         Turn off and unplug the computer.

·         Remove the side from the case.

·         Unplug the power cable from the hard drive.

·         Plug the computer back in.

Installing Ubuntu

·         Insert the flash drive.

·         Insert the Live CD.

·         Start the computer, the CD should boot.

·         Select language

·         Select “Install Ubuntu”.

·         Select Download updates while installing and Select Install third-party software.
If you have an active network connection (wired recommended) this will save time later on.

·         Forward

·         At “Allocate drive space” select “Specify partitions manually (advanced)”.

·         Forward

·         Confirm Device is correct.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = 4 to 6 GB, Beginning, Ext4, and Mount point = “/” then OK.

Optionally configure a Home partition

If you’re only planning to have a single user and primarily store data in desktop folders then this isn’t required.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = 4 to 8 GB, Beginning, Ext2, and Mount point = “/home” then OK.

Optionally configure swap space

This allows hibernation but from experience with this configuration it’s quicker and easier to shut down and start than hibernate.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = remaining space, (1 to 2 GB, same size as RAM), Beginning and “Use as” = “swap area” then OK.

Finish installation

·         Confirm “Device for boot loader installation” points to the USB drive. Default should be ok if HDD was unplugged.

·         Click “Install Now”.

·         Select your location.

·         Forward.

·         Select Keyboard layout.

·         Forward.

·         Insert your name, username, password, computer name and select if you want to log in automatically or require a password.

·         Select “Encrypt my home folder” for added security (especially if there is a risk of losing the drive)

·         Select forward.

·         Wait until install is complete.

·         Turn off computer and reconnect the HDD.

·         Reboot computer and select the flash drive to start

·         Log in and complete installation, upgrading packages and adding options like Chrome browser or Evolution email client

Securing your connection

While having a stand-alone machine image that allows you to keep local content secure you want to make sure no one is sniffing communications on wired or wireless networks. At the very least you need to ensure people are not stealing passwords so in Chrome you want  to install something like the KB SSL Enforcer which will try to redirect any connection to a secure channel to make snooping a lot harder.

If you want to ensure none of your online communications are overheard then you want to install and configure a Virtual Private Network (VPN) connection with someone like StrongVPN – this has the added advantage for some that you can even choose which country you want to appear to be surfing from 🙂

There are a number of Linux based anti-virus solutions (such as ClamAV) that can be used to scan the host machine but I’d recommend if you want to clean a Windows machine that you get a bootable version of Spybot S&D (that you can also run from a Flash Drive and keep up-to-date) as that’s a more robust solution.

Email and Documents

Depending on your situation you may want to keep as much as possible on the USB Key and as little as possible on the web, vice versa or somewhere in between. Personally I recommend setting up a new webmail (Hotmail or Gmail) account only once you are securely connected (so the password is never visible on an unsecured connection) and using Evolution to keep that in sync with the local drive so you can work either from the disk in off-line mode, or log in from a web browser in an internet café or somewhere away from prying eyes. For documents a service like Ubuntu One (probably a good bet as it’s integrated with the OS), DropBox or SkyDrive gives you the flexibility of working locally or “in the cloud”.

Given the risks of losing the drive, or corruption happening due to an overzealous or early removal I would strongly recommend keeping important data backed up somewhere secure and online just in case. You might want to consider installing Prey on the image just in case you lose it.

Stay safe out there!

A lot of the things you need to do to stay safe is common sense – don’t share logins, don’t re-use password and things like that but sometimes you need to bring more sophisticated tools and techniques to bear… I’d love to see some comments about how to improve this solution or make it simpler. If you like the idea of having this sort of setup but the instructions have put you off I’m happy to build a key for you for a reasonable fee (to cover time and expenses). Support for Ubuntu or any other applications mentioned here should come from the respective suppliers.

Do you pray you’ll never lose your laptop or phone

May 18, 2011

How many laptop or mobile phone users have ever had that sinking feeling when you realize your precious device isn’t where you thought it was. Your phone isn’t in your pocket or your laptop disappears from your bag on a crowded train.

If you’ve planned ahead and installed a small bit of software from the Prey Project then you can do more than pray…

Image001

Prey is a small utility that hides itself away (on Windows, OSX, Linux and many different types of smartphone) and, most of the time, does nothing.

However if it receives an instruction to wake up and go to work (for computers that’s via the web control panel you can access from anywhere, for smartphones it’s via an SMS message) any thief will be in for a surprise…

When activated Prey will collect as much information as it can to help you track it down – GPS location, IP address, available wifi networks and, if it has a webcam, it’ll even take a picture of its surroundings. All this information gets bundled up and send to the web console every 20 minutes (or however often you set it for) until you gather enough information to either have law enforcement go and pick it up (or sheepishly go back to Starbucks to collect it).

Prey is open source and free for basic use, but they do have a more powerful commercial version (Prey Pro) available if you need more features or the ability to manage a large number of devices.