Subtle Rantings

Found out about this interesting little tool the other day. It’s called Spam Mimic and basically it encrypts your text to make it appear as spam. Here’s the description of the service from the web site:

There are terrific tools (like PGP and GPG) for encrypting your mail. If somebody along the way looks at the mail they can’t understand it. But they do know you are sending encrypted mail to your pal.

The answer: encode your message into something innocent looking.

Your messages will be safe and nobody will know they’re encrypted!

There is tons of spam flying around the Internet. Most people can’t delete it fast enough. It’s virtually invisible. This site gives you access to a program that will encrypt a short message into spam. Basically, the sentences it outputs vary depending on the message you are encoding. Real spam is so stupidly written it’s sometimes hard to tell the machine written spam from the genuine article.

I don’t know how useful this would be since I’m guessing most spam filters would catch this and delete it, but nonetheless, neat idea.

Spam Mimic

I am currently on contract with a large financial institution as a IT Security Engineer. One of the benefits of this contract is that I am allowed to work from home at least 4 days a week, if not all week. For the first 2 years of working there, I was bringing home my laptop from the office and then hauling it back to the office on the one or two days I actually went in.

This was fine and a small annoyance to have to deal with, after all, I was getting to work from home all the time. However, late last year my client added a new feature to their existing remote access solution that allows me to leave my laptop at the office, and connect to it using Window’s RDP over an SSL VPN. So now, I never have to bring my laptop home. Enter one major caveat.

Obviously since this is a laptop and this is a major financial institution with sensitive information on said laptop, full disk encryption is utilized. Therefore, if a reboot is performed on the laptop while I’m not physically there, I can’t get back into the machine due to the computer needing a password to boot up and decrypt the hard drive. So, I don’t like to reboot my laptop unless I’ll actually be in the office.

Now, just recently, I was logged into my laptop remotely and I started typing. I hit the ‘M’ key and my windows were minimized and I was shown the Desktop. Hrm, that’s weird. I started typing again and hit the ‘L’ key. The laptop “locked” itself. I typed in my password then hit the ‘E’ key. Sure enough, a Windows Explorer window opened up. If you haven’t caught on yet, these keys I was hitting are short cut keys that are activated when you hold down the “Windows” key. For a full list of shortcuts, check out this link here.

So it appeared my Windows key was stuck in the “down” position, although I wasn’t pressing it. That’s not good, I’m sure a reboot will fix it, but that normally meant a trip into the office. That is, until today. I actually google’d my problem and came up with this wonderful, yet simple solution here @ a blog untitled Bunker Hollow.

It seems that pressing Windows-U will pop up the Accessibility menu where you can pull up the On-Screen Keyboard and toggle the Windows key off and on again until it eventually unsticks. As far as I can tell, there’s no real scientific method to unsticking it, you’ll just have to try it out.

So if you’re Windows XP or Vista RDP (Remote Desktop Connection) session starts displaying that erratic behavior that I just described, check out Matt Williamson’s Bunker Hollow for a fix. Thanks Matt, that was a lifesaver!

I can’t talk to badly about Twitter since I do have a Twitter account (Twitter does have some valid uses). However, this video encompasses what 90% of the people are using Twitter for right now – spewing forth the most inane, mundane minutia of their lives in order that they might feel better about themselves. Anyhow, here’s the video.

Some of you may remember me asking back in March if anyone had any NAS recommendations. I finally came across a solution that I think is going to serve me well. I picked up a D-Link DNS-323 NAS and a couple Seagate 500GB SATA/300 drives to fill the dual bay D-Link enclosure. The total investment was right at $360 – not too shabby for a terabyte’s worth of data.

One of the reasons I chose the D-Link was because of it’s RAID options. It offers RAID-0, RAID-1, and JBOD. I am currently using RAID-1, which is just disk mirroring. This way if/when one drive fails, the other just takes over and since it’s a mirror of the other disk, all data is safe and secure. This does not protect me if I happen to accidentally delete some files, as the mirrored disk will have those same files removed. To combat this, I’m thinking of buying another DNS-323 unit to serve as a backup unit to my first DNS-323 unit. This way I can do a nightly differential rsync on this secondary unit and I will again have a highly redundant storage system.

In regards to setup and install, it was very easy and straightforward. D-Link provided a “Quick-Install” guide that walked me through it. Basically, you insert both your drives into the enclosure, connect the network and power cables and power it on. No tools are necessary for drive installation or removal. Once the unit is powered on, you can use the included D-Link Easy Search utility which will find the DHCP IP address that unit was assigned. From there, you open a browser and connect to the NAS via the web interface. Basically, set up just consists of choosing which RAID option you would like (if any) and formatting the drives. Once that was done, the unit was ready to be accessed from any Windows PC via a standard shared drive.

I’ve had the NAS for a week now and I have to say I’ve been very happy with it so far. I would definitely highly recommend this NAS enclosure and the drives of your choice to anyone. It’s definitely a much more budget friendly NAS when compared to other similar products like the NetGear ReadyNAS or any of the Buffalo TerraStation’s.

Jeff Jonas shares quite a bit of insight into the security and tracking that goes on at a Casino in this Computerworld article. Plus there’s some interesting little anecdotes.

“There’s this one casino, one of their high rollers beat them for US$18 million,” Jonas said. “That’s actually going to show up on quarterly earnings. So they left with US$18 million. The casino sent a jet to their town and left a limo in front of their house on weekends and said ‘you know just in case you get the bug.’ And they got the bug and they took them up on it and they came back and lost something like US$22 million.”

I just signed up for Twitter a few days ago. Frankly, I’m not quite sure why. I think mainly because I keep hearing about it and I wanted to find out what’s all the fuss. I don’t yet understand the point of it. At first glance, it still seems like a bunch of people detailing every minute of their lives for all to see.

Right now I’m just experimenting with using it for fun. Since this is another “social network” per se, I can definitely see myself wasting a lot of time here, so I’ve got to be careful.

If anyone is interested in following me on Twitter, I can be found here. And if anyone can offer any insight as to how you’re using it for means other than personal pleasure, I’d be interested.

With the wife and I acquiring more digital matter (as I’m sure everyone is), I am wanting to move away from my antiquated, albeit functional, FreeBSD file server. Currently, I am running FreeBSD on three boxes. One box is the main file server that anyone on my network can access. The other two boxes serve as backup systems for the primary file server. Through a variety of rsync scripts, I have a very redundant system of storage that has served me very well over the past few years.

To give you an idea of my existing configuration, I have two main partitions on my file server. One is for my MP3 music collection, and the other is for anything else (documents, archived programs, email backups, etc). I wanted to create a system that would be easy to use, but at the same time impervious to a number of attacks or disasters.

I have one script that runs every 15 minutes on the 2 backup servers. This script does a differential rsync on the main file server to see if any new files were added. This rsync does not delete anything. This means, I’ve created an environment where there is only a 15 minute window of vulnerability. For example, I just created my budget for 2008 and I save it to the file server. If the file server were to die BEFORE that rsync script runs every quarter hour, I would lose that file. However, no files that had already been backed up during the last 15 minute script execution would be lost. As you can see, this is MUCH better than a daily backup routine.

Here’s the coolest feature of my design in my opinion. Since I am syncing the backup servers with the main file servers every 15 minutes, what if I got a virus on my machine that started deleting everything on my local and networked drives? Or what if I accidentally deleted an entire folder that I didn’t meant to? That’s OK. Here’s why: Whenever I delete something on the main file server, it is indeed deleted from that server. However, the deleted item(s) still exists on the backup servers. You may remember me saying earlier how my rsync script only copies new items and doesn’t delete anything. Once a week I run a “cleanup” script that goes through and compares the backup server filesystem with the main file server and will delete items that no longer exist on the main server. This protects me from any worm or trojan outbreak that may occur on my network.

The only way I lose all my data is in a house fire or some other locally physical event. How’s that for redundancy?

While my current setup has served me well and flawlessly, I’m ready to move to a NAS. I want something that has a much smaller footprint, less power requirements, and a more standardized implementation. So I need someone to recommend a NAS to me. Here are my requirements in order of importance:

• Supports RAID 5
• Network Attached (duh)
• Relatively fast
• Web GUI as well as Shell Access

Any ideas?

Once again Charter Communications has confirmed it is the absolutely worst company in America. As if poor cable service, poor customer service and absolutely poor HD channel selection wasn’t enough, now news sources were reporting today that Charter has accidentally deleted the email accounts of approximately 14,000 of it’s customers. 14,000!

They also mention there is no way to retrieve any of the emails, attachments, or other data that was in the user’s email account at the time. I guess they’ve never heard of backups? From a privacy standpoint, I support the decision to NOT have the data reside elsewhere. However, some sort of backup should not have been out of the question.

How did this happen? According to Charter spokespeople:

…Charter gives each broadband subscriber a free e-mail account. But since many people use other e-mail addresses, the company routinely deletes unused accounts. On Monday, some active accounts wound up being deleted with the inactive accounts.

Oh and here’s the best part. If you were one of the 14,000 affected by this incident you are entitled to a $50 credit. Now aren’t you glad you’re a Charter customer? Good luck getting someone from the Billing department to actually answer the phone too.

I really can’t stand Charter. I wish they would go bankrupt or at least lose their monopoly on the cable market in my area.

I did forget to mention one thing the other day when I was talking about senduit.com. Not that it matters that much, but senduit.com is ad supported. This isn’t a huge price to pay for such a cool service. The ad in question, yes just one, is displayed whenever someone goes to download your file. So at least you as the file sharer don’t have to look at it.

Like I said, it’s not much in reality, but I did want to let everyone know just…because I can.

Often times I’ve found the need to send someone a file that is much larger than would be considered acceptable to send via email (ie. greater than 5 or 6 megabytes). Personally, I am fortunate enough to have some tech savvy and a place where I can upload all the files I want. Most importantly the latter of the two in case you were wondering.

This is however not always the case for the average non-geek computer user. Which is where senduit.com comes in. Senduit.com is a site where you can upload any file, up to 100 mb, and they will store it on their servers for up to 1 week. It’s a very simple, easy to use interface that anyone would be able to use.

Once your file is uploaded, you are given a link similar to this one:

http://senduit.com/7827ed

This link in particular was a file I uploaded and gave it an hour expiration time. I like the fact they give you a small, easy to handle URL, that also doesn’t expose exactly what the file is. I like this for any prying eye’s that may be reading over your shoulder, reading your email, or spying on you in some other manner.

While senduit.com does not claim to be a secure, encrypted file sharing site, it does address security and privacy concerns in their Privacy Policy. In their Privacy Policy they claim to not save, review, or analyze the file name, contents, type or even origin (IP address). They throw in the standard 21st century disclaimer that while they attempt to maintain perfect security, they cannot guarantee it, so it would be best to not share sensitive data using their service. Duh!

All in all, as I stated earlier, I’ve never really had the need for a file sharing service like this, but I like it. It’s perfect for that short term sharing of files. Plus there’s no clean up of storage space to worry about. I think I’ll be bookmarking this one and using it from time to time.