fear of (a) average mind

you are human, no thing you do is wrong

Firefox3 download day #

Download Day 2008Firefox is having a Download day, trying to set a world record for most software downloads in 24 hours. i hope everyone who reads this blog uses Firefox (friends don't let friends use anything else). Click the pic on the left for info. The exact date is not known yet but i am sure you will hear about it.

The fox in that pic BTW is the Japanese Firefox mascot Foxkeh, i've got an avatar of him in SL, very cool, everyone smiles when they see me (even the people on Microsoft Island, lol).

*UPDATE 1*
Next Tuesday (17 June) is Download Day, see ya there.
*UPDATE 2*
YAY, i win:

Labels: , ,

Running password unsafe programs safely (sort of) #

i discovered a very nice security side effect from the post below (especially for laptops). In the first paragraph i talked about how Pidgin stores all your IM passwords in plane text (in XP look in "C:\Documents and Settings\your name\Application Data\.purple\accounts.xml" to see for yourself), not good. Also Firefox and it's remembered passwords, let me paint a really bad picture for you. You lose you laptop, hopefully you have everything backed up but what about all your info on it. The theft/finder connects to the internet with it and goes to http://mail.google.com and look, he is logged on to your google account, eek. Then he goes to Facebook/MySpace, sees the log-on e-mail, clicks "Forgot Password" and gets your Facebook/MySpace password sent to your GMail address, now he has you Facebook/MySpace accounts. Thunderbird for all your pop3 accounts. You can see how someone with access to your laptop could really mess up your on-line life.

In the last paragraph of the post below i said how i have backed up the truecrypt encrypted file (v) on my desktop PC, well i got to thinking, in that file are "portable" versions of Pidgin/Firefox/Thinderbird. These version are no different that the standard versions except they are made to run everything from one folder. FirefoxPortable and ThunderbirdPortable even update the same as the standard versions. Your Firefox profile is in the same folder as FirefoxPortable, same with the PidginPortable (including the plane text password file), all from one folder.

i showed how easy it is to use a *.cmd file to mount a truecrypt volume and run a program and i thought why don't i just have my shortcut to say... Pidgin point at a *.cmd file to mount/run instead of pointing at the installed program. So now i have runP.cmd (Pidgin), runFF.cmd (firefox), you get the idea.

This is runP.cmd:
@echo off

IF EXIST v:\StartPortableApps.exe GOTO runProg

TrueCrypt /v v /l v /m rm /a /q

:runProg
start /Dv:\PortableApps\PidginPortable\ PidginPortable.exe

exit

The "IF EXIST" line is easy to understand, if "v:\StartPortableApps.exe" exists (which it only could if the V:\ drive is already mounted) then bypass the TrueCrypt mount line and GOTO ":runProg" which just runs the start Pidgin line. If "v:\StartPortableApps.exe" doesn't exists it runs the TrueCrypt mount line, simple. That's how i do it because i use my USB back-up file.

solution for safety
This is what i was thinking for laptop users. Make a folder in C:\Program Files\ called something like unsafePrograms (obviously you would call it something else but for this example i'll call it that).

Download truecrypt and run, pick extract and copy TrueCrypt.exe, TrueCrypt Format.exe, truecrypt.sys and truecrypt-x64.sys to "C:\Program Files\unsafePrograms\", that's TrueCrypt in "traveler mode", i.e. portable. Run TrueCrypt.exe and make an encrypted file called something like "programs", 500MB should be OK (you can make a bigger one later if need be), don't matter where you make it, you can copy to unsafePrograms later. You can delete "TrueCrypt Format.exe" now, that was just there so you could create the "programs" file.

Now download the portable programs you want (Pidgin, Firefox, Thinderbird). Run the *.(paf).exe files, when they ask where to install to, browse to ya desktop (remember these are portable programs, they can run from anywhere, you can copy them anywhere).

All extracted now run TrueCrypt.exe and mount the encrypted file "programs" as P:\ (p for programs, of course pick your own drive letter). Copy all the folders from the desktop to the P:\ drive (P:\PidginPortable\, P:\FirefoxPortable\, P:\ThunderbirdPortable\). Now unmount the P:\ drive.

Make C:\Program Files\unsafePrograms\unmount.cmd:
@echo off

TrueCrypt /d p /q

exit
to quickly unmount truecrypt volumes (change p if you picked another drive letter).

Now make three quick *.cmd files...

Thunderbird (runTB.cmd):
@echo off

IF EXIST P:\ThunderbirdPortable\ThunderbirdPortable.exe GOTO runProg

TrueCrypt /v programs /l p /m rm /a /q

:runProg
start /DP:\ThunderbirdPortable\ ThunderbirdPortable.exe

exit

Firefox (runFF.cmd):
@echo off

IF EXIST P:\FirefoxPortable\FirefoxPortable.exe GOTO runProg

TrueCrypt /v programs /l p /m rm /a /q

:runProg
start /DP:\FirefoxPortable\ FirefoxPortable.exe

exit

Pidgin (runPID.cmd):
@echo off

IF EXIST P:\PidginPortable\PidginPortable.exe GOTO runProg

TrueCrypt /v programs /l p /m rm /a /q

:runProg
start /DP:\PidginPortable\ PidginPortable.exe

exit

Now just make shortcuts to the *.cmd files (right-click on a *.cmd file and drag & drop to the desktop, pick "Create Shortcuts Here"). Pidgin icon, Thunderbird & Firefox icons (direct links).



Now you switch on ya laptop, click the Firefox icon, you get asked for a password, give it, and firefox runs. Now if you want to run Thunderbird or Pidgin you will not be asked for a password because the p:\ drive is already mounted. Switching off the laptop unmounts the P:\ drive.

OK now lets look again the the nasty picture i painted before. A theft nicks ya laptop, runs it and sees the Firefox icon, his little mind lights up thinking of all your accounts he is going to own. he clicks the icon and is like WTF, why is firefox asking for a password, weird. OK he sees the Pidgin icon so he thinks he owns all your passwords, goes and has a look at "C:\Documents and Settings\your name\Application Data\" but finds no ".purple" folder so he clicks the icon, again he is asked for a password. He right-clicks the shortcut, goes the the folder it points to and sees TrueCrypt.exe and understand he is never going to see any of your stuff, all he can do now is format the laptop and start again. It's bad you lost your laptop but you can feel safe in the knowledge all your accounts are safe.

Hope you found this useful, stay safe ^_~

*UPDATE*
i just had a cool thought, you could make a *.cmd file to run all these programs, like "runEVERY.cmd":
@echo off

IF EXIST P:\PidginPortable\PidginPortable.exe GOTO runProg

TrueCrypt /v programs /l p /m rm /a /q

:runProg
start /DP:\PidginPortable\ PidginPortable.exe
start /DP:\ThunderbirdPortable\ ThunderbirdPortable.exe
start /DP:\FirefoxPortable\ FirefoxPortable.exe

exit
Nice, you can open all ya internet programs with one shortcut.

Labels: , ,

Geek Porn (USB style) #

My USB thumb drive is cool. i just recently encrypted the whole thing (well 3.50GB of the 4.00GB), i had it unencrypted for a long time and i didn't install a few plugins in Portable Firefox because of this, if i had lost the drive, the finder would have had access to all me passwords (including this blogs password) as i am quite lazy and let Firefox remember all my passwords. Pidgin stores it's password file in plain text so the finder would also have had all my IM passwords, not good.


Desktop to begin with.

The USB drive is U3 which means it pretends to be a CD when plunged in so it can autorun. i have set it to autorun a *.cmd file (XP *.bat file) so it can run a few commands. When you plug in a U3 drive there is actually two drives. the CD drive and the data drive, i installed SmithTech App Launcher (ISO for U3 drives) on the "CD" drive and set it to run "Gear/jGo.cmd" on the data drive.

This is jGo.cmd:
@echo off

TrueCrypt /v v /l v /m rm /a /q
CMD /c V:\Gear\vRUN.cmd

exit

As you can see this runs truecrypt (in traveler mode) to mount an encrypted file called v as drive V:\ (i chose V:\ as i heard some people change all their CD drives to something like X,Y or Z so no matter how many HDs/USB keys they attach to their PC their CD letters never get messed up, V:\ seemed like a drive letter no one would choose).


jGo.cmd running truecrypt which is asking for the password.

Once the volume is mounted the next command runs another *.cmd file (vRUN.cmd) on the V:\ drive.

This is vRUN.cmd:
@echo off

rem start /wait /d "Gear\backup" bakup.exe
start StartPortableApps.exe
start /d "Gear\RK" RKLauncher.exe

exit

As you see this just runs StartPortableApps.exe (XrX Portable Apps Menu Mod) and RKLauncher.exe, (backup.exe is remarked out, more on what that is later). i could put a lot more commands in there if i wanted. That is the good thing with running a *.cmd file as opposed to running a program (*.exe), lots of commands.


XrX Portable Apps Menu Mod running (it changes the XP wallpaper, cool) with the very nice Moonito 01 theme by jorgito (dA page).


Also runs a nice little OSX like menu thing called RK Launcher which is simple and handles relative paths nicely.

Programs used:
SmithTech App Launcher (ISO for U3 drives)
TrueCrypt
XrX Portable Apps Menu Mod
RK Launcher

Useful site for apps:
PortableApps.com
the Portable Freeware collection
PortableApps Theme Central
my U3 del.icio.us tag (:

The bakup.exe program that doesn't run in vRUN.cmd is interesting, is is basically a bat file that runs a few programs to swipe Windows/IM/network passwords from the PC you plugged the USB key into, and copies them to a text file, it even copies the IE/Firefox history. It is based on the USB Switchblade from the podcast Hak5. It is a *.exe file because there is also a shortcut to it on the PortableApps Menu, one problem i found with the PA menu is it's can't run cmd/bat files so a quick google search found Bat_To_Exe_Converter.exe, name says it all.

To unmount the V:\ drive i made a unmount.cmd:
@echo off

TrueCrypt /d V /q

exit

Once unmounted all that is left is a 3.50GB encrypted file called v, with all me stuff safe inside it. Of course this file is backed up on my desktop PC so if i ever did lose the key i just get a new one and copy it onto that.

Stay safe (and secret) ^_~

Labels: , , , , ,