M2G

http://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf

During a packed-house discussion with students and developers at Aalto University in Helsinki, Finland, Linus Torvalds, the chief architect of the Linux kernel, talked for more than an hour about software, hardware, and all the issues faced by developers today. But there are two seconds that markedly stood out more than anything else. One of the questions posed by someone in the audience was about Nvidia’s lack of compatibility with Linux. “I was expecting that maybe Nvidia would kind of chip in and do something for it, but they said flat out, ‘No. We’re not doing any support … What’s your comments on this?” she asked. Torvalds tried to be diplomatic at first, saying, “”I know exactly what you’re talking about … Nvidia has been one of the worst trouble spots we’ve had with hardware manufacturers.” But then he just let loose, finishing his comments with this great sound byte: “Nvidia has been the single worst company we’ve ever dealth with. So Nvidia, f*** you.” Yeah, he actually said the f-word, and not only that, he also flipped the bird. Want to see this for yourself? You better believe it’s on YouTube. Check out the video below and go to 48:14 to see the entire exchange. Linux architect Linus Torvalds to Nvidia: “F*** You” - SlashGear

Cum aprilie ma? Suntem in iunie.

Bine ai venit! Uite aici carti: Index of / Nu iti ajunge viata asta sa le citesti pe toate.

Daca vrei sa inveti ceva ai tot forumul la dispozitie. Citeste tutoriale, fa ce vrei tu si nimeni nu are treaba cu tine. Daca ai ceva de impartit poti sa o imparti pe privat cu cei cu care ai probleme. Nu vezi ca te face tot forumul panarama? Sau iti place sa fi tratata asa mai hardcore? Te excita? Bineinteles ca nu ma priveste ce faci pe aici, e treaba ta. Cu toate astea, semnalizezi de zor pe aici si vrei atentie.

Din pura curiozitate te intreb. Ce cauti pe RST?

Web giant says it received more than 1,000 requests from government officials for the removal of content in the past six months, complying with more than half. Google reports it has seen an "alarming" incidence in government requests to censor Internet content in the past six months. The Web giant said it received more than 1,000 requests from governments around the world to remove items such as YouTube videos and search listings. The company, which said it complied with more than half the requests, released a catalog of those requests as part of its bi-annual Global Transparency Report. "Unfortunately, what we've seen over the past couple years has been troubling, and today is no different," Dorothy Chou, Google's senior policy analyst, said in a blog post. "When we started releasing this data, in 2010, we noticed that government agencies from different countries would sometimes ask us to remove political content that our users had posted on our services. We hoped this was an aberration. But now we know it's not." Google said it had received 461 court orders for the removal of 6,989 items, consenting to 68 percent of those orders. It also received 546 informal requests, complying with 46 percent of those requests. The study doesn't reflect censorship activity from countries such as China and Iran, which block content without notifying Google. "Just like every other time, we've been asked to take down political speech," Chou wrote. "It's alarming not only because free expression is at risk, but because some of these requests come from countries you might not suspect -- western democracies not typically associated with censorship." Among the take-down requests was a Polish demand for removal of an article critical of a development agency, a Spanish request for removal of 270 blogs and links to articles critical of the public figures, and a Canadian official's request for removal of a YouTube video of a man urinating on his passport and flushing it down a toilet. All were denied. However, the company said it complied with the majority of requests from Thai authorities for the removal of 149 YouTube videos that allegedly insulted the monarchy, a violation of Thailand law. The Web giant said it also granted U.K. police requests for removal of five YouTube accounts that allegedly promoted terrorism. Google also said it complied with 42 percent of U.S. requests for the removal of 187 pieces of content, most of which were related to harassment. Cam astea sunt tarile care au cerut scoaterea de linkuri din rezultatele google: Government – Google Transparency Report Government – Google Transparency Report Se pare ca Romania nu e printre ele. Copyright removal: Copyright Removal Requests – Google Transparency Report Sursa

Sursa

Frustrated by their inability to stop sophisticated hacking attacks or use the law to punish their assailants, an increasing number of US companies are taking retaliatory action. Known in the cybersecurity industry as "active defence" or "strike-back" technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the US or other countries, such as hiring contractors to hack the assailant's own systems. In the past, companies that have been attacked have mostly focused on repairing the damage to their computer networks and shoring them up to prevent future breaches. But as prevention is increasingly difficult in an era when malicious software is widely available on the internet for anyone wanting to cause mischief, security experts say companies are growing more aggressive in going after cybercriminals. "Not only do we put out the fire, but we also look for the arsonist," said Shawn Henry, the former head of cybercrime investigations at the FBI, who in April joined new cybersecurity company CrowdStrike, which aims to provide clients with a menu of active responses. Once a company detects a network breach, rather than expel the intruder immediately, it can waste the hacker's time and resources by appearing to grant access to tempting material that proves impossible to extract. Companies can also allow intruders to make off with bogus files or "beacons" that reveal information about the thieves' own machines, experts say. Henry and CrowdStrike co-founder Dmitri Alperovich do not recommend that companies try to breach their opponent's computers, but they say the private sector does need to fight back more boldly against cyber-espionage. It is commonplace for law firms to have their emails read during negotiations for ventures in China, Alperovich told the Reuters Global Media and Technology Summit. That has given the other side tremendous leverage because they know the Western client company's strategy, including the most they would be willing to pay for a certain stake. But if a company knows its lawyers will be hacked, it can plant false information and get the upper hand. "Deception plays an enormous role," Alperovich said. Revenge attacks Although some strike-backs have occurred quietly in the past, Facebook popularised going on the offensive, said Jeff Moss, founder of the influential Black Hat security conferences and an adviser to the Department of Homeland Security. In January, Facebook named some of the Russian players behind the malicious "Koobface" software that spread through spam on various social networks, earning the gang an estimated $2 million. Other security experts say a more aggressive posture is unlikely to have a significant impact in the near term in the overall fight against cybercriminals and internet espionage. Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage. "There is no business case for it and no possible positive outcome," said John Pescatore, a National Security Agency and Secret Service veteran who leads research firm Gartner's internet security practice. Nevertheless, the movement shows the deep anger and sense of futility among security professionals, many of whom feel that a bad situation is getting worse, endangering not only their companies but the national economy. "There's nothing you can do" to keep determined and well-financed hackers out, said Rodney Joffe, senior technologist at internet infrastructure company Neustar, and an adviser to the White House on cybersecurity. Joffe recently looked at 168 of the largest 500 US companies by revenue and found evidence in Neustar forensic logs that 162 of them owned machines that at some point had been transmitting data to hackers. Frustration by security professionals is not new. Some privately admitted to rooting for Lulz Security last year during that hacking group's unprecedented spree of public crimes, when it broke into and embarrassed Sony, an FBI affiliate and others with routine hacking techniques. They said the resulting media coverage finally caught the attention of CEOs and legislators, although tougher cybersecurity laws have yet to pass Congress. State-sponsored attacks The security industry's shortcomings were underscored most recently by the discovery of the Flame spying virus in the Middle East. Mikko Hypponen, the well-regarded chief research officer at Finland's F-Secure, told the Reuters Summit his company had a sample of Flame in 2010 and classified it as clean, and later missed another virus called Duqu that was suspected of being backed by Western governments. "These are examples how we are failing" as an industry, Hypponen said. "Consumer-grade antivirus you buy from the store does not work too well trying to detect stuff created by the nation-states with nation-state budgets." Because some national governments are suspected in attacks on private Western companies, it is natural that some of the victims want to join their own governments to fight back. "It's time to have the debate about what the actions would be for the private sector," former NSA director Kenneth Minihan said at the RSA security conference held earlier this year in San Francisco. In April, Department of Homeland Security Secretary Janet Napolitano told the San Jose Mercury News that officials had been contemplating authorising even "proactive" private-entity attacks. Many large security providers no longer preach that keeping the enemy out is paramount. Instead, they adopt the more recent line taken by the Pentagon, which is to assume that hackers have gotten inside and will again. The mainstream advice now is to focus on trying to detect suspicious activity as quickly as possible in order to shut it down. Hitting back with force is only the most colorful of possible responses after that. More common alternatives include deep analysis of what data has been sent out and attempts to learn whether the recipients were competitors, criminals who might try to resell it, or national governments, who might be inclined to share it with local industry. Some experts also say executives should identify their most prized intellectual property and keep it off of networked computers and consider evasive action - such as having 100 versions of a critical digitised blueprint and only one that is genuine, with the right one never identified in emails. "There is a reason that people fly halfway around the world to have a one-hour meeting," Joffe said of intelligence agencies. Sursa

As zice sa inveti C dar mai bine uita-te peste toate. Fa cateva tutoriale chiar daca nu intelegi mare lucru prima data si vezi care iti place mai mult. Daca esti chiar la inceput nu e problema doar de limbaj la tine. Trebuie sa inveti algoritmica. Si pentru asta iti trebuie o carte de structuri de date si algoritmi ca sa poti invata logica unui program. Sa stii cum sa gandesti un program ca mai apoi sa il poti aplica intr-un limbaj de programare. Nu e bine sa te iei dupa ce zice lumea in privinta limbajelor. Experimenteaza si invata cel care te atrage mai mult. Cauta pe net informatii despre diverse limbaje si uita-te pe youtube la clipuri. Poti incepe cu clipurile celor de la "The New Boston" pentru ca te iau cam de la 0 si au tutoriale pentru mai multe limbaje. Dar inca odata, daca nu ai experienta deloc in programare si vrei sa inveti o sa ai nevoie si de o carte buna de structuri de date si algortmi pentru a putea intelege mai bine ce faci acolo si pentru a-ti dezvolta anumite obiceiuri bune de programare. Iti urez bafta si multa rabdare.

Placa de baza are un jumper de reset. Cam pe langa baterie. Scoti acel jumper, alimentezi calculatorul si apesi butonul power. Nu o sa porneasca. Introduci jumperul inapoi si il pornesti iar. Asta ar trebui sa reseteze bios-ul daca zici ca se blocheaza chiar si in bios. Daca nu booteaza nici de pe hdd nici de pe un cd bootabil, verifica placutele ram.

Eu am lucrat cu JDOM, cand am avut de a face cu fisiere xml. Iti las mai jos o clasa ca sa intelegi cam cum merge. Nu am commenturi ca a trebuit sa il termin repede si dupa nu ma mai interesat sa le pun. package com.m2g.books.Model; import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.util.List; import java.util.TreeMap; import org.jdom.Document; import org.jdom.Element; import org.jdom.JDOMException; import org.jdom.input.SAXBuilder; import org.jdom.output.Format; import org.jdom.output.XMLOutputter; public class BookParser implements XMLParser{ private TreeMap<String, Object> booksTree; private File xmlFile; private SAXBuilder builder; public BookParser(){ booksTree = new TreeMap<String, Object>(); builder = new SAXBuilder(); xmlFile = new File("src/com/m2g/books/data/books.xml"); } @Override public void parse() { try { Document document = (Document) builder.build(xmlFile); Element rootNode = document.getRootElement(); @SuppressWarnings("rawtypes") List list = rootNode.getChildren("book"); for (int i = 0; i < list.size(); i++) { Element node = (Element) list.get(i); String ISBN = node.getAttributeValue("ISBN"); String Title = node.getChildText("Title"); String Author = node.getChildText("Author"); String Genre = node.getChildText("Genre"); String Price = node.getChildText("Price"); String Quantity = node.getChildText("Quantity"); int price = Integer.parseInt(Price); int qty = Integer.parseInt(Quantity); Book b = new Book(Title, Author, Genre, ISBN, price, qty); booksTree.put(ISBN, ; } } catch (JDOMException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } } @Override public TreeMap<String, Object> getElemetsTree() { return booksTree; } @Override public void addElement(Object el) { Book added = (Book) el; try { SAXBuilder builder = new SAXBuilder(); File xmlFile = new File("src/com/m2g/books/data/books.xml"); Document doc = (Document) builder.build(xmlFile); Element rootNode = doc.getRootElement(); String price = Integer.toString(added.getPrice()); String qty = Integer.toString(added.getQty()); Element ISBN = new Element("book").setAttribute("ISBN", added.getIsbn()); Element Title = new Element("Title").setText(added.getTitle()); Element Author = new Element("Author").setText(added.getAuthor()); Element Genre = new Element("Genre").setText(added.getGenre()); Element Price = new Element("Price").setText(price); Element Quantity = new Element("Quantity").setText(qty); ISBN.addContent(Title); ISBN.addContent(Author); ISBN.addContent(Genre); ISBN.addContent(Price); ISBN.addContent(Quantity); rootNode.addContent(ISBN); XMLOutputter xmlOutput = new XMLOutputter(); xmlOutput.setFormat(Format.getPrettyFormat()); xmlOutput.output(doc , new FileWriter("src/com/m2g/books/data/books.xml")); } catch (IOException io) { io.printStackTrace(); } catch (JDOMException e) { e.printStackTrace(); } } @Override public void deleteElement(Object el) { Book toDelete = (Book) el; try { SAXBuilder builder = new SAXBuilder(); File xmlFile = new File("src/com/m2g/books/data/books.xml"); Document doc = (Document) builder.build(xmlFile); Element rootNode = doc.getRootElement(); @SuppressWarnings("rawtypes") List books = rootNode.getChildren("book"); for (int i = 0; i < books.size(); i++) { Element node = (Element) books.get(i); if (toDelete.getIsbn().equals(node.getAttributeValue("ISBN"))) { rootNode.removeContent(node); } } XMLOutputter xmlOutput = new XMLOutputter(); xmlOutput.setFormat(Format.getPrettyFormat()); xmlOutput.output(doc , new FileWriter("src/com/m2g/books/data/books.xml")); booksTree = new TreeMap<String, Object>(); } catch (IOException io) { io.printStackTrace(); } catch (JDOMException e) { e.printStackTrace(); } } @Override public void updateElement(Object el, String oldISBN) { Book toUpdate = (Book) el; try { SAXBuilder builder = new SAXBuilder(); File xmlFile = new File("src/com/m2g/books/data/books.xml"); Document doc = (Document) builder.build(xmlFile); Element rootNode = doc.getRootElement(); @SuppressWarnings("rawtypes") List users = rootNode.getChildren("book"); for (int i = 0; i < users.size(); i++) { Element node = (Element) users.get(i); if (oldISBN.equals(node.getAttributeValue("ISBN"))) { String price = Integer.toString(toUpdate.getPrice()); String qty = Integer.toString(toUpdate.getQty()); node.getChild("Title").setText(toUpdate.getTitle()); node.getChild("Author").setText(toUpdate.getAuthor()); node.getChild("Genre").setText(toUpdate.getGenre()); node.getChild("Price").setText(price); node.getChild("Quantity").setText(qty); node.getAttribute("ISBN").setValue(toUpdate.getIsbn()); } } XMLOutputter xmlOutput = new XMLOutputter(); xmlOutput.setFormat(Format.getPrettyFormat()); xmlOutput.output(doc , new FileWriter("src/com/m2g/books/data/books.xml")); booksTree = new TreeMap<String, Object>(); } catch (IOException io) { io.printStackTrace(); } catch (JDOMException e) { e.printStackTrace(); } } } Aici ai fisierul xml pe care poti sa il folosesti pentru test. <?xml version="1.0" encoding="UTF-8"?> <Library> <book ISBN="0061804193"> <Title>The Cove: A Novel</Title> <Author>Ron Rash</Author> <Genre>Novel</Genre> <Price>51</Price> <Quantity>28</Quantity> </book> <book ISBN="1430272058 "> <Title>Pro WPF in C# 2010: Windows Presentation Foundation in .NET 4</Title> <Author>Matthew MacDonald</Author> <Genre>Technical</Genre> <Price>60</Price> <Quantity>0</Quantity> </book> <book ISBN="12"> <Title>Calico Joe</Title> <Author>John Grisham</Author> <Genre>Novel</Genre> <Price>323</Price> <Quantity>5</Quantity> </book> <book ISBN="0312380828"> <Title>Come Home</Title> <Author>Lisa Scottoline</Author> <Genre>Novel</Genre> <Price>45</Price> <Quantity>15</Quantity> </book> <book ISBN="0596009208 "> <Title>Head First Java, 2nd Edition</Title> <Author>Kathy Sierra</Author> <Genre>Technical</Genre> <Price>58</Price> <Quantity>35</Quantity> </book> </Library> Bun! Uita-te in metoda parse() din acea clasa si vezi ce se intampla. Se ia elementul radacina: Element rootNode = document.getRootElement(); Apoi se creaza o lista cu toti copii acelui root node care au numele/tagul "book": List list = rootNode.getChildren("book"); Se parcurge acea lista si se extrag copii lui book. Faci similar si pentru a intra mai adanc in structura. Nu am timp sa stau sa explic acum dar ruleaza niste exemple si o sa intelegi. Bafta!

Cum ridicam awareness-ul angajatiilor care lucreaza cu date importante(date si informatii care sunt esentiale pentru securitatea unei comanii)? Care sunt cele mai bune moduri de a stabili un canal sigur de comunicare intre doua parti? Cum se poate face distribuirea cheilor din algoritmul RSA astfel incat sistemul sa nu fie vulnerabil unui atac de tipul man in the middle? Daca se folosesc certificate cum se folosesc si de ce? Cum te protejezi cand te conectezi la o retea wireless nesecurizata? Cum si cat de tare sunt corelate informatiile despre tine pe care o entitate X poate sa le analizeze? Cum si ce poate deduce din analiza acestora? Cat de tare e bine sa fii expus? O expunere prea mare face ca un atacator sa isi faca mai usor un profil psihologic al tau si sa isi organizeze mai eficient atacul? Cam asta imi vine acum in minte, daca imi mai vine vre-o idee revin.

Cred ca au schimbat GUI-ul doar pentru a semana mai tare cu metro style din windows 8.

http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf Mirror: FileShare Download iOS_Security_May12.pdf

Exemplele cu bananele si ce mai vezi prin poze sunt doar de demonstratie. E interesant cand poti sa iti desenezi pe o coala de hartie niste butoane si sa le folosesti ca si controller. Poti de asemenea sa iti faci un joystick cu destula imaginatie. Chestia cu acest dispozitiv e ca poti sa il conectezi la ce vrei si sa folosesti acel obiect pentru a controla calculatorul. Uitati-ca la acel video de pe site. Nu ii pot pune embed aici...

Costa 40$. O sa apara prin august. Se poate face preorder. Scrie mare pe site in partea dreapta.

Done. Multumesc de atentionare.

Uitati-va la primul video de la ei de pe site. E super tare dispozitivul. What Can I Make? That's up to you! First, load up a computer program or any webpage. Let's say you load up a piano. Then, instead of using the computer keyboard buttons to play the piano, you can hook up the MaKey MaKey to something fun, like bananas, and the bananas become your piano keys Or let's say you Google for an online Pacman game and draw a joystick with a pencil: Then you can play Pacman by touching the drawing. Or you could load up facebook or gmail and send a message on a custom-made alphabet-soup keyboard: What's MaKey MaKey? MaKey MaKey is an invention kit for the 21st century. Turn everyday objects into touchpads and combine them with the internet. It's a simple Invention Kit for Beginners and Experts doing art, engineering, and everything inbetween: The kit will include everything you see above: MaKey MaKey, Alligator Clips, USB Cable. How Does it Work? Alligator Clip two objects to the MaKey MaKey board. For example, you and an apple When you touch the apple, you make a connection, and MaKey MaKey sends the computer a keyboard message. The computer just thinks MaKey MaKey is a regular keyboard (or mouse). Therefore it works with all programs and webpages, because all programs and webpages take keyboard and mouse input. Make + Key = MaKey MaKey! Who is MaKey MaKey For? Artists, Kids, Educators, Engineers, Designers, Inventors, Makers... Really it is for everyone. Here is a photo of some 8-year-olds using MaKey MaKey in a Maker Space: She invented a "knife-and-log" interface for cutting virtual wood in an online game. We ran a workshop in February 2012 with some professors and grad students who specialize in interaction design. One grad student made this beachball game controller: Another grad student made this working pressure sensitive switch by layering Play-Doh under a spring: The workshop took place at Queen's University during a conference. With MaKey MaKey, kids can start inventing right away, and experts can make working prototypes in minutes instead of days. What materials work with MaKey Makey? Any material that can conduct at least a tiny bit of electricity will work. Here are some materials people have used in our workshops including Ketchup, Pencil Graphite, Finger Paint, Lemons, etc.: Other materials that work great: Plants, Coins, Your Grandma, Silverware, Anything that is Wet, Most Foods, Cats and Dogs, Aluminum Foil, Rain, and hundreds more... Why Are You Creating MaKey MaKey? We believe that everyone is creative, inventive, and imaginative. We believe that everyone can create the future and change the world. So we have dedicated our lives to making easy-to-use invention kits. We believe that the whole world is a construction kit, if we choose to see it that way. We are inspired by the Maker Movement. We want to help people start to think of themselves as Makers and agents of change. When you have the "Maker's Mindset," you know you can change the world. Before we created MaKey MaKey we worked on other creative tools and invention kits such as: Drawdio, Singing Fingers, and Scratch. Have You Prototyped This? Everything in the video is real, running on either the first or the second prototype. Two years ago, we created the first prototype for MaKey MaKey at the San Francisco Exploratorium: Then we built the second prototype from 2011 to 2012, which looks like this: Our third prototype was just made, and looks like this: Right now, we are designing the kit a fourth time. What Does the Back of the Board Look Like? Mai multe vedeti voi pe site-ul lor. E super tare ideea. MaKey MaKey: An Invention Kit for Everyone (Official Site)

The hackers have sure been busy. In less than 10 days, a slew of social media sites, including LinkedIn, Last.fm and eHarmony, have had their security breached and user info leaked. Yet, while the mainstream press devoted copious digital ink to these high-profile incidents, it largely missed another more interesting–and worrisome –hack perpetrated this month. On June 1, the hacktivist group UGNazi hijacked the domain of the notorious imageboard 4chan and redirected visitors to a UGNazi-owned Twitter account. The hackers called 4chan a “playground that allows pedophiles to share their ‘collections’ and the disgusting bronies [fans of the cartoon My Little Pony] to hang out,” but added they had carried out the attack mostly for their own amusement. Juvenile rhetoric and bravado aside, what makes the 4chan hack interesting is how it was done. UGNazi got to 4chan by attacking the site’s host — a company called CloudFlare — and did so by exploiting a flaw in Google’s authentication system. “The attack was the result of a compromise of Google’s account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps,” wrote CloudFlare’s CEO Matthew Prince. Rather than crack Prince’s password, it seems, UGNazi asked Google for an account reset. This is because, should users forget their password, Google gives them the option of having a new one sent to a mobile phone associated with the account. Prince believes the hackers began the recovery process and then tricked (hackers might say “socially engineered”) AT&T’s support staff into giving them access to his voicemail, where the code would have ended up. From there, it was a matter of using Prince’s personal email to recover his Google Apps business account. Technically, the additional security Google puts on business accounts — in the form of two-factor authentication – should have prevented this. When UGNazi hackers logged in, they should have been asked for an additional piece of verification. However, a glitch in Google’s system allowed them to circumvent this as well. “If an administrator account that was configured to send password-reset instructions to a registered secondary email address was successfully recovered, two-step verification would have been disabled in the process,” Google said in a statement. The search giant has since fixed the problem, but it’s a timely reminder of the inverse relationship between convenience and vulnerability. When our devices and programs are all interconnected, we’re only as secure as the weakest link. In Prince’s case, the keys to his business were available to anyone with access to his voicemail. If we’re going to take online security seriously, then we’ll have to think about more than just strong passwords; after all, Prince was using a random string of more than 20 characters. We need to put walls up between the different computers we use and stop relying so heavily on so few companies. We can start by not giving Google our phone number. Sursa

We'll get you past the daunting configuration issues so you can use OpenVPN to provide no-cost, secure networking for your Windows, Mac or Unix/Linux systems. OpenVPN is famously difficult to get up and running, but the truth is that it needn’t be. In this second and concluding OpenVPN article I am going to go through what it takes to get an OpenVPN Ethernet tunnel set up between a laptop computer and an office or home machine acting as an OpenVPN server. Downloading and Installing OpenVPN Before you can get OpenVPN running on any computer you need to download and install it: Windows: Download the OpenVPN GUI installation package from OpenVPN GUI for Windows Red Hat, Fedora, CentOS: Download RPM packages from Index of /openvpn Ubuntu: Download and install OpenVPN using Synaptic Package Manager Mac OS X: Download and install Tunnelblick OpenVPN GUI client installation package from tunnelblick - OpenVPN GUI for Mac OS X - Google Project Hosting Source code: Download source code from Downloads, compile and install it. Creating a Public Key Infrastructure Once you’ve got OpenVPN successfully installed, it’s time to build the public key infrastructure needed for certificate-based authentication. If you don’t know what this means, don’t worry: just follow the instructions. A fuller explanation can be found at HOWTO To get started, you’ll need to use the Easy-RSA PKI suite. On Windows machines you’ll find it at: C:Program FilesOpenVPNeasy-rsa On Linux machines this will probably be installed in an easy-rsa directory machines at /usr/share/doc/packages/opevpn or /usr/share/doc/openvpn-2.0, but it’s a good idea to move this to /etc/openvpn to prevent it getting overwritten by future updates. Generating the Master Certificate Authority (CA) Certificate & Key Windows: From the Start button select cmd, and in the command window type: cd "C:Program FilesOpenVPNeasy-rsa Linux/BSD/UNIX: Open a terminal window and type: cd /etc/openvpn/easy-rsa (assuming you have moved the easy-rsa directory to this location) Then type the following commands, followed by return: Windows: init-config vars clean-all build-ca Linux/BSD/UNIX: ./init-config ./vars ./clean-all ./build-ca The last command will invoke a window which will ask for a series of values. You can press the return key to enter the default values for all of these except the value for Common Name. For this, type: TestVPN Generating the Server and Client Certificates and Keys Then next step is to generate a server certificate and key, again using the Easy-RSA suite. The command for this is: Windows: build-key-server server Linux/BSD/UNIX: ./build-key-server server In the interactive session that follows, simply press Enter to provide the default value each time, until you are asked for a Common Name. For Common Name enter “server” , then continue entering the default values until prompted to sign the certificate. Answer “y” to this question and to the following one to finish. Then generate the certificate and key for your client machine. The process is similar to the one for building the server certificate and key, but this time enter client1 as the common name. If you think you may want to access the OpenVPN server from more than one laptop, repeat the process, replacing client2 or client3 for client1 each time. Windows: build-key client1 Linux/BSD/UNIX: ./build-key client1 Generating Diffie-Hellman Parameters The final step is to generate Diffie-Hellman parameters for key exchange: Windows: build-dh Linux/BSD/UNIX: ./build-dh You’ll find the results of all this work in a subfolder called keys in the easy-rsa folder, and the final task is to move the client key and certificate to your client device. The files in question are client1.key and client1.crt. (If you have created more than one client certificate key and certificate, move the client2.key and client2.crt files to the second machine, and so on.) Windows: place the files in C:WindowsProgram FilesOpenVPNeasy-rsakeys Linux/BSD/Unix: place the files in /etc/openvpn/ Your public key infrastructure is now set up. Creating the OpenVPN Configuration Files When OpenVPN runs it reads a configuration file at c:Program FilesOpenVPNconfig (Windows) or in /etc/openvpn (Linux/BSD/Unix). This text file contains all the information OpenVPN needs to know to make or receive a connection, so it’s crucial that these files are correct. The easiest way to get OpenVPN working in the way we want is to edit the highlighted lines in the following config files to match your network setup, save them as a text file and copy them to the appropriate location. Server configuration file: #server config file start local 192.168.1.15 # Change this address to the IP address of the network card attached to your router. To ensure this does not change you need either to have a static local IP address, or to configure your router to always assign this local IP address to your server. port 1194 # This is the port OpenVPN will run on. Change it to a different port if you prefer proto udp mssfix 1400 push "dhcp-option DNS XXX.XXX.XXX.XXX" # Replace the Xs with the IP address of the DNS server for your network push "dhcp-option DNS YYY.YYY.YYY.YYY" # Replace the Xs with the IP address of the secondary DNS server for your network dev tap ca "C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt" #change this location to /etc/openvpn (without quotation marks) for Linux/BSD/Unix systems cert "C:\Program Files\OpenVPN\easy-rsa\keys\server.crt" #change this location to /etc/openvpn for Linux/BSD/Unix systems key "C:\Program Files\OpenVPN\easy-rsa\keys\server.key" #change this location to /etc/openvpn for Linux/BSD/Unix systems dh "C:\Program Files\OpenVPN\easy-rsa\keys\dh1024.pem" #change this location to /etc/openvpn for Linux/BSD/Unix systems server 192.168.10.0 255.255.255.128 # This will be the virtual IP address and subnet of the server’s OpenVPN connection. Change it to something similar like 192.168.11.0 if this subnet is already in use ifconfig-pool-persist ipp.txt push "redirect-gateway def1" keepalive 10 120 cipher BF-CBC # Blowfish (default)If you prefer, you can use one of the two ciphers listed below (which must be the same as the client) #cipher AES-128-CBC # AES #cipher DES-EDE3-CBC # Triple-DES comp-lzo max-clients 3 # Change the 3 to the number of client keys you have created persist-key persist-tun status openvpn-status.log # user nobody # remove the # at the start of the line for Linux/BSD/Unix systems # group nobody # remove the first # at the start of the line for Linux/BSD/Unix systems verb 1 #config file ends Save this file as server.ovpn, and move it to c:Program FilesOpenVPNconfig (Windows) or /etc/openvpn (Linux/BSD/Unix) What to Do If You Don’t Have a Static Public IP Address OpenVPN clients connect to the OpenVPN server using a public IP address or host name that needs to be entered into the client config file. If your ISP provides your business or home network with a dynamic IP address that changes each time an Internet connection is reset then your client config will no longer work after a reconnection. To get round this you can get a free hostname from DynDNS which automatically points to your dynamic IP address, even when it changes. To get a dynamic host name (such as myhost.dyndns.org) visit Managed DNS | Outsourced DNS | Anycast DNS. Client Configuration File #client config file start client dev tap proto udp remote XXX.XXX.X.XXX 1194 #Change the Xs to the static public IP address of your home or office network. If you do not have a static IP enter you dyndns name (like yourhost.dyndns.org) here. If you changed the port from 1194 to another port number in the server config change the 1194 here to the appropriate port number route 192.168.1.0 255.255.255.0 vpn_gateway 3 #Change this to the IP address scheme and subnet of the local network your server is on. resolv-retry infinite nobind persist-key persist-tun ca "C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt" #change this to “/etc/openvpn/ca.crt” on Linux/BSD/Unix systems cert "C:\Program Files\OpenVPN\easy-rsa\keys\client1.crt" # change this to “/etc/openvpn/client1.crt” on Linux/BSD/Unix systems key key "C:\Program Files\OpenVPN\easy-rsa\keys\client1.key" # change this to “/etc/openvpn/client1.key” on Linux/BSD/Unix systems. This key file should be kept secret ns-cert-type server cipher BF-CBC # Blowfish (default)If you prefer, you can use one of the two ciphers listed below #cipher AES-128-CBC # AES #cipher DES-EDE3-CBC # Triple-DES comp-lzo verb 1 # user nobody # remove the first # at the start of the line for Linux/BSD/Unix systems # group nobody # remove the first # at the start of the line for Linux/BSD/Unix systems # end of client config file Save this configuration file as a text file called client1.ovpn, and save it to c:Program FilesOpenVPNconfig (Windows) or /etc/openvpn (Linux/BSD/Unix) on your client device Setting Up the Router There are a couple of configuration changes that need to be made to the router connected to your server in order for OpenVPN to work properly. Port Forwarding Port forwarding ensures that any traffic sent to your router from the Internet on port 1194 (or the port that OpenVPN is configured to use in the configuration files) is forwarded to the local IP address of your server machine. To ensure this does not change you need either to configure the server machine to have a static local IP address, or to configure the DHCP server in your router to always assign the same local IP address to your server. To configure port forwarding, log on to your router’s configuration page, find the option for port forwarding, and enter the following information: Name: OpenVPN Protocol: UDP Starting Port: 1194 (change this as necessary) End Port: 1194 (change this as necessary) Forward to: 192.168.1.15 (change this to the local IP address of your OpenVPN server) You’ll also the following routing information on your router’s “routing” or “advanced routing” page, to ensure that data can travel between the OpenVPN link and other devices on your home or office network: Route name: OpenVPN Destination LAN IP: 192.168.10.1 (change this to the virtual IP address specified in the server configuration file) Subnet Mask: 255.255.255.252 Default Gateway: 192.168.1.15 (change this to the IP address of your home computer) Running OpenVPN To run OpenVPN, you need to start OpenVPN first on the server, and then on the client. Remember that the client machine needs to be connected to a different network. Starting the server using Windows: Start OpenVPN GUI, then right click on the program’s icon in the system tray, select “server” and then “connect”. Starting the server using OS X: From the Tunnelblick OpenVPN GUI select Connect “server” Starting the server using Linux/BSD/Unix: Start a terminal window, then as root (or using sudo) type: openvpn –-config /etc/openvpn/server.ovpn Repeat the process on the client machine, replacing “client1” for “server” Testing OpenVPN To confirm OpenVPN is working, try pinging another device connected to your LAN using its LAN IP address. You can also open a browser on your client machine, and check your IP address by visiting a site like What's My IP Address? Networking Tools & More If OpenVPN is working correctly the IP address of your server, not your client machine, will be shown. Sursa

Digital certificates lie at the heart of Public Key Infrastructure (PKI) security technologies such as encrypted email, document signing, VPN access, server SSL authentication, and software code signing. Certificates are a vital part of PKI because they provide a means to establish the ownership of an encryption key. If you have someone else's public key, then you can send them an encrypted message that only they can decrypt with their private key. You can also verify someone else's identity by using their public key to decrypt something that could only have been encrypted with their private key. Certificates are typically issued by Certificate Authorities (CAs), which are trusted third parties whose root certificates (containing their public keys) are bundled in all popular web browsers . A certificate issued by a CA states that something is true, and is digitally signed with the CA's private key. Since every browser has the CA's public key, it can use that to verify that the certificate really was issued by the CA in question. Then it simply comes down to a matter of trust: Do you trust the reputation of the CA, and therefore do you believe that what the CA certifies to be true really is true? Established CAs such as VeriSign have good reputations, and for that reason they can charge for the certificates they issue. In fact they charge a range of prices for certificates, based on the length of keys that are employed and the amount of effort they put into verifying that the information they are certifying is correct. For example, a basic VeriSign SSL certificate valid for one year costs $399, while an Extended Validation certificate which requires more extensive fact checks costs $1499 for one year. But if your organization runs a secure web server that's only used by employees, or if you encrypt email sent between employees, or if you use digital certificates to authenticate employees onto the corporate VPN, then there's really no need to pay a CA for certificates at all. That's because you can act as your own CA and issue your own digital certificates for internal corporate use. The benefit to rolling your own certificates is that you can issue as many certificates as you like for free, although you do have to factor in potential CA software licensing fees, plus the cost of the server hardware used to run the software. You'll need to keep your CA private key secure to prevent hackers from using it to issue fraudulent certificates , but this is arguably no riskier than relying on a third party CA to keep its private key secure (as the Diginotar debacle proved). So what happens when a web browser encounters a certificate issued by your company? Normally, it would alert the user that the certificate has not been issued by one of the trusted CAs whose root certificates are bundled with the browser. To avoid this alert, you'll need to equip your employees' browsers with your organization's root certificate, which is easy to do. What you can't do is put your CA root certificate into the browsers of people outside your organization – and that's why certificates issued by your organization are only really useful for internal corporate use. How to issue your organization's own digital certificates There are many packages around for different operating system environments, including OpenSSL (multi-platform) and Keychain Assistant (part of OS X.) (An article on Enterprise Networking Planet explains how to set up your own CA using OpennSSL as part of a VPN implementation.) For the purposes of this guide we will use SimpleAuthority, a GUI -driven application which is available for Linux, Windows and OS X. The software is free for up to 4 users, $50 for up to 50 users, and $860 for 50 or more users. Software that issues certificates needs to be secure, so it is highly recommended you install SimpleAuthority on a dedicated server. Once SimpleAuthority has been installed, the first thing you'll be asked to do before you can issue any certificates is create a new Certificate Authority. Click Yes to create a new CA. Next, fill in the details such as the CA's name (probably the name of your organization) and the expiry date of your CA. Ten years is a good default term. You'll now need to add some entropy into the system by moving your mouse or pressing keys until the software has enough "randomness" to generate the keys for the CA certificate. You'll also be asked for a master password to protect the CA certificate. Be sure to choose a strong password as the CA certificate needs to be highly secure. SimpleAuthority works with the concept of users, to whom certificates are issued. A user can be a person or a server. To enroll a new user and create a certificate, click on the New User icon at the top left hand side of the application, or select File-New User. Then fill in the user's name, select General Purpose (for a person) or SSL Server (for a server) from the Certificate Type drop down box, and add an email address and other information if you wish. Select a validity period (usually 365 days), and click New Certificate at the bottom of the screen. Next, export all your certificates to a folder for distribution to end-users or servers by going to the Tools menu and choosing Export - Latest Certificates. Importing your CA root certificate into users' browsers To avoid presenting users with a warning every time they encounter one of your organization's certificates, you need to import your CA certificate into their browsers. To do this you'll first need to export the CA certificate from Simple Authority by selecting Tools - Export - CA Certificate. The certificate can then be distributed to individual users. To import the CA certificate into Internet Explorer on a user's machine: Select Tools - Internet Options Click the Contents tab, and then Certificates Click the Trusted Root Certification authorities tab, and the Import… button so that the Certificate Import Wizard starts. Next, select the certificate and allow Windows to select the correct certificate store, and click finish. A security warning will appear to alert you that you are about to install a CA certificate. Click Yes to install the certificate anyway. Your CA certificate will now appear in Internet Explorer's Trusted Root Certification Authorities lists: n Mozilla Firefox, you'll need to go to Tools - Options and then click the Advanced and then the Encryption tabs. Then click View Certificates, and finally click Import to select and import your CA certificate. Once your CA root certificate is installed in user browsers, you can then use the certificates you issue just as you would commercially available certificates - but without the associated costs. Sursa

La multi ani omnule! Sa ai parte de tot ce iti doresti. Apropo, cred ca sunt a treia persoana care ti-a zis doar ca nu ai vazut. Uita-te pe un anumit site de socializare.

Video aici: http://blip.tv/play/AYLz_y8C.html?p=1 Download video: http://blip.tv/file/get/Chrisjrn-AndroidTheYearOfLinuxOnThePalmtop795.m4v Here’s my talk from the Hobart TasLUG meeting yesterday (18 April 2012) on the features of Android from the point of view of a Linux user — both from a technical perspective, and issues arising from Android’s unique status as an Open Source OS for cellphones. If you want to download the video, you can download it, or watch it in the embedded format later in this post… Enjoy! Sursa