Reminders – Simple Security and Finding Sanity In the Digital Age

Jordan Drysdale //

ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential for this blog entry to be used as an opportunity to learn and to possibly update or integrate into modern tools and techniques.

As I wander through life, in what now seems like a world gone entirely mad, disconnecting from digital is my newest hobby. Information overload constantly smashes us in the face at every turn. I try to maintain overload data in a collection of bookmarks, mental notes, recurring nightmares, scrawl and Post-It™ notes on my cubical wall. Without further ado, here are a few favorites, Post-It™ notes and personal disconnects from the annals of a sysadmin.

For those who live and work inside a shell, did you know that you can paste strings into a shell easily with CTRL + SHIFT + v? Another paste trick that had Lawrence thanking me infinitely after he spent the last couple years manually entering our brutal 25 character randomized strings into VMs – you can paste directly into a virtual machine using VMWare Workstation. Yes, we know you can integrate your VMs with tools to make everything less secure. Yeah, so…select the field in the VM you want to paste in to, ALT + CTRL to escape the mouse capture, copy your string and navigate to Edit > Paste in Workstation.

Did you remember that you can hide from bash history by tagging the spacebar in front of your commands? Yup, by default the HISTCONTROL variable is set to ‘ignorespace’ and can be modified to also ‘ignoredups’ or ‘ignoreboth.’ Link for reference and picture proof, try it:

Change can be difficult, but the boss just asked “If I gave you an extra hundred bucks a day, that’s change too, right?”. So how do I change the tone of this blog from semi-technical randomness and the ignorespace variable to my garden? Like in life, it usually happens when I executed something idiotic in a shell a co-worker might see. Regardless of how we make the transition, the garden and green space are one of my favorite places to hide from my phone and the travails of Internet life. Cucumbers are as easy as anything to grow; place seeds in dirt add water. Pickles are one of my all time favorite foods. Grow cucumbers, garlic and dill. Buy jars and salt. Set up your canning rig. Profit. Mmmmmmm….pickles.

It hasn’t been so long since the article about cleansing your history from the omnipotent overlords of the information age, but it seems like an eternity. Since, well, yeah….I just had to cleanse location data and maps and location data, personal searches, et cetera again. My search history is littered with recipe requests, odd facts, historical trivia, movie quotes, YouTube [TM] requests and command strings.. Frightening what they maintain – caution, toothy link. Quiet reminder…if you aren’t paying money for it, you’re not the customer.

In the spare time I create in life, I also love making jams, jellies and salsa. Disconnect digital device, check. Baste peaches and peel, check. Boil sugar, peaches and pectin, check. Fire up the water bath, fill jars, rock and roll. Boom!

Since we are talking about hiding, covering our tracks and so forth, don’t forget to scrub your picture files of meta data before uploading them to the Internet. For Linux, the exif-tool is rad. Also, this blog_post  is an amazing guide for how to hide on the Internet. Digressed again…Anyway, I borrowed this for loop wandering about the Internet, so credit is due to someone, somewhere:

$ pwd
/some/pic/dir/
$ for i in *.jpg; do echo "Processing $i"; exiftool -all = "$i"; done
$ for i in *.png; do echo "Processing $i"; exiftool -all = "$i"; done

You want to shrink those pictures too? Go grab imagemagick (Linux) and do something like this:

$ for file in *.png; do convert $file -quality 60 shrunk-$file; done ##60 here represents a percentage quality reference
$ for file in *.jpg; do convert $file -quality 60 shrunk-$file; done

Ref: http://www.howtogeek.com/109369/how-to-quickly-resize-convert-modify-images-from-the-linux-terminal/

Socks proxies are fun too and depending on where you are in the world and if you are restricted, you might still be able to evade filters. Two commands, the first to create a localhost socket and the second to launch chrome with a socks proxy.

$ ssh -D 3333 -f -C -q -N -p 2222 [email protected] ###assumes ssh is listening on 2222 at 12.34.56.78
$ google-chrome --proxy-server="socks://localhost:3333"

In your browser, visit icanhazip.com and you should see the text string of 12.34.56.78.

Let’s remember to secure all the things!!! These folks make our favorite external drives in the whole known universe: Apricorn (@apricorn_info). They just released a new Secure USB 3 with the following awesomeness in quotes – “Data written to the drive is encrypted on the fly using military-grade, full-disk AES 256-bit XTS hardware encryption. It’s also FIPS 140-2 Level 3 validated…” and is designed to Inspector Gadget self-destruct in response to brute force attempts. Trust me, if your organization takes ‘data in transit’ security seriously, something in this_product_matrix can solve those problems for the foreseeable future.

If you haven’t heard of Yubico or seen their products, take a look. They produce a series of USB “token” products that can be used for strengthening authentication across a multitude of services: Docker / Github / Google Apps / Password Databases / your SSH systems… They are quickly gaining traction and this is a solution I would love to see in more businesses. Oh yeah, and for paranoia enthusiasts, these are manufactured in the US and Sweden.

Article summary review: Yubikey is awesome for protecting super sensitive things and password files…like KeePass/LastPass. Apricorn (@apricorn_info) literally makes one of the most secure external drives on the market today. Cleanse and shrink your pictures before posting them and find a hobby, like photography, gardening, something. Clean up your google history too! Last – don’t forget to disconnect once in awhile.