fear of (a) average mind

you are human, no thing you do is wrong

Running password unsafe programs safely (sort of) #

i discovered a very nice security side effect from the post below (especially for laptops). In the first paragraph i talked about how Pidgin stores all your IM passwords in plane text (in XP look in "C:\Documents and Settings\your name\Application Data\.purple\accounts.xml" to see for yourself), not good. Also Firefox and it's remembered passwords, let me paint a really bad picture for you. You lose you laptop, hopefully you have everything backed up but what about all your info on it. The theft/finder connects to the internet with it and goes to http://mail.google.com and look, he is logged on to your google account, eek. Then he goes to Facebook/MySpace, sees the log-on e-mail, clicks "Forgot Password" and gets your Facebook/MySpace password sent to your GMail address, now he has you Facebook/MySpace accounts. Thunderbird for all your pop3 accounts. You can see how someone with access to your laptop could really mess up your on-line life.

In the last paragraph of the post below i said how i have backed up the truecrypt encrypted file (v) on my desktop PC, well i got to thinking, in that file are "portable" versions of Pidgin/Firefox/Thinderbird. These version are no different that the standard versions except they are made to run everything from one folder. FirefoxPortable and ThunderbirdPortable even update the same as the standard versions. Your Firefox profile is in the same folder as FirefoxPortable, same with the PidginPortable (including the plane text password file), all from one folder.

i showed how easy it is to use a *.cmd file to mount a truecrypt volume and run a program and i thought why don't i just have my shortcut to say... Pidgin point at a *.cmd file to mount/run instead of pointing at the installed program. So now i have runP.cmd (Pidgin), runFF.cmd (firefox), you get the idea.

This is runP.cmd:
@echo off

IF EXIST v:\StartPortableApps.exe GOTO runProg

TrueCrypt /v v /l v /m rm /a /q

:runProg
start /Dv:\PortableApps\PidginPortable\ PidginPortable.exe

exit

The "IF EXIST" line is easy to understand, if "v:\StartPortableApps.exe" exists (which it only could if the V:\ drive is already mounted) then bypass the TrueCrypt mount line and GOTO ":runProg" which just runs the start Pidgin line. If "v:\StartPortableApps.exe" doesn't exists it runs the TrueCrypt mount line, simple. That's how i do it because i use my USB back-up file.

solution for safety
This is what i was thinking for laptop users. Make a folder in C:\Program Files\ called something like unsafePrograms (obviously you would call it something else but for this example i'll call it that).

Download truecrypt and run, pick extract and copy TrueCrypt.exe, TrueCrypt Format.exe, truecrypt.sys and truecrypt-x64.sys to "C:\Program Files\unsafePrograms\", that's TrueCrypt in "traveler mode", i.e. portable. Run TrueCrypt.exe and make an encrypted file called something like "programs", 500MB should be OK (you can make a bigger one later if need be), don't matter where you make it, you can copy to unsafePrograms later. You can delete "TrueCrypt Format.exe" now, that was just there so you could create the "programs" file.

Now download the portable programs you want (Pidgin, Firefox, Thinderbird). Run the *.(paf).exe files, when they ask where to install to, browse to ya desktop (remember these are portable programs, they can run from anywhere, you can copy them anywhere).

All extracted now run TrueCrypt.exe and mount the encrypted file "programs" as P:\ (p for programs, of course pick your own drive letter). Copy all the folders from the desktop to the P:\ drive (P:\PidginPortable\, P:\FirefoxPortable\, P:\ThunderbirdPortable\). Now unmount the P:\ drive.

Make C:\Program Files\unsafePrograms\unmount.cmd:
@echo off

TrueCrypt /d p /q

exit
to quickly unmount truecrypt volumes (change p if you picked another drive letter).

Now make three quick *.cmd files...

Thunderbird (runTB.cmd):
@echo off

IF EXIST P:\ThunderbirdPortable\ThunderbirdPortable.exe GOTO runProg

TrueCrypt /v programs /l p /m rm /a /q

:runProg
start /DP:\ThunderbirdPortable\ ThunderbirdPortable.exe

exit

Firefox (runFF.cmd):
@echo off

IF EXIST P:\FirefoxPortable\FirefoxPortable.exe GOTO runProg

TrueCrypt /v programs /l p /m rm /a /q

:runProg
start /DP:\FirefoxPortable\ FirefoxPortable.exe

exit

Pidgin (runPID.cmd):
@echo off

IF EXIST P:\PidginPortable\PidginPortable.exe GOTO runProg

TrueCrypt /v programs /l p /m rm /a /q

:runProg
start /DP:\PidginPortable\ PidginPortable.exe

exit

Now just make shortcuts to the *.cmd files (right-click on a *.cmd file and drag & drop to the desktop, pick "Create Shortcuts Here"). Pidgin icon, Thunderbird & Firefox icons (direct links).



Now you switch on ya laptop, click the Firefox icon, you get asked for a password, give it, and firefox runs. Now if you want to run Thunderbird or Pidgin you will not be asked for a password because the p:\ drive is already mounted. Switching off the laptop unmounts the P:\ drive.

OK now lets look again the the nasty picture i painted before. A theft nicks ya laptop, runs it and sees the Firefox icon, his little mind lights up thinking of all your accounts he is going to own. he clicks the icon and is like WTF, why is firefox asking for a password, weird. OK he sees the Pidgin icon so he thinks he owns all your passwords, goes and has a look at "C:\Documents and Settings\your name\Application Data\" but finds no ".purple" folder so he clicks the icon, again he is asked for a password. He right-clicks the shortcut, goes the the folder it points to and sees TrueCrypt.exe and understand he is never going to see any of your stuff, all he can do now is format the laptop and start again. It's bad you lost your laptop but you can feel safe in the knowledge all your accounts are safe.

Hope you found this useful, stay safe ^_~

*UPDATE*
i just had a cool thought, you could make a *.cmd file to run all these programs, like "runEVERY.cmd":
@echo off

IF EXIST P:\PidginPortable\PidginPortable.exe GOTO runProg

TrueCrypt /v programs /l p /m rm /a /q

:runProg
start /DP:\PidginPortable\ PidginPortable.exe
start /DP:\ThunderbirdPortable\ ThunderbirdPortable.exe
start /DP:\FirefoxPortable\ FirefoxPortable.exe

exit
Nice, you can open all ya internet programs with one shortcut.

Labels: , ,