Hidden Features of GOOGLE CHROME

contain experimental features, diagnostic tools and detailed statistics. They're hidden in Chrome's user interface, so you have to know they exist to find them. These hidden pages are Chrome's version of Firefox's about: pages.

You can access each by typing chrome://, followed by the name of the page — you can also use the more traditional about: prefix, which redirects you to the chrome:// URL.

Chrome://About

The chrome://about page lists all Chrome's internal pages. Click any of the links to access the page. Many of them are the same pages you can access from Chrome's menus — for example, chrome://bookmarks is the bookmarks manager and chrome://settings is Chrome's options page.

There are also a few special URLs for debugging purposes located near the bottom of the page — for example, you can enter chrome://kill in the address bar to kill the current tab.

Chrome://Flags

The chrome://flags page, formerly known as the chrome://labs page, is probably the most interesting internal page. This page contains a treasure trove of experimental features that aren't yet enabled by default — Google warns you that your browser may "spontaneously combust" if you enable these features. They may have security, privacy or stability problems or cause data loss. Use these options at your own risk!

New features often turn up here before they become enabled by default. For example, you can enable the "Enable NTP Bookmark Features" option to add the experimental bookmark interface to Chrome's new tab page. The new bookmark manager isn't enabled by default in Chrome 16, but it probably will be in a newer version. This feature has been removed from Chrome 17, which shows how quickly these flags can vanish or break.

Chrome://Sessions

Another feature buried on Chrome's chrome://flags page is the "Enable Syncing Open Tabs" option, which adds an "Open Tabs" option to Chrome's sync settings.

After you enable this option, you'll find a list of your other browser sessions on the chrome://sessions page. This feature will eventually be enabled by default and exposed in Chrome's user interface, but you can use it now.

Chrome://Memory & Chrome://Tasks

The chrome://memory page gives you a breakdown of Chrome's memory usage. It shows you just how much memory each extension, app and web page is using. If other browsers, such as Mozilla Firefox or Internet Explorer, are running, it'll also show the other browsers' memory usage.

This is the same page you can access by clicking the "Stats for nerds" link at the bottom of Chrome's Task Manager window. Open the Task Manager by right-clicking Chrome's title bar and selecting Task Manager or access the chrome://tasks URL to open it in a tab.

Chrome://Net-Internals

The chrome://net-internals page is packed full of network diagnostic information and tools. It can capture network data and dump it to a file, making it a useful tool for troubleshooting Chrome network problems.

Most of the tools here won't be useful to average users, but the Tests page contains a particularly useful tool. If a website won't load, you can plug its address into the Tests page and Chrome will attempt to determine the problem for you.

Chrome://Crashes

The chrome://crashes page lists crashes that have occurred. You'll only see crashes here if you have the "Automatically send usage statistics and crash reports to Google" option enabled on the Under the Hood tab in Chrome's settings.

Chrome://Tracing

The chrome://tracing page is a developer tool that allows you to analyze Chrome's performance. Click Record and Chrome will start logging browser activity.

After stopping the record process, you can dig into the activity and see what's taking up the most time. If you have a page that performs slowly in Chrome, you can see what part of your code Chrome is struggling with.

Many of the other pages are technical pages listing debug information. For example, the chrome://flash page lists information about the flash plug-in and the chrome://sync-internals page displays the state of Chrome's sync process. Feel free to explore the rest on your own

GNOME Tweak tool to customize FEDORA 16

One of our complaints about GNOME 3 is its lack of customization options. The Personal section of System Settings only lets you change the desktop wallpaper. You can do a lot more than that, though.

The GNOME Tweak Tool is the way to customize GNOME 3. This application can be installed via Add/Remove Software. Just search for "tweak" and scroll down until you see A Tool to customize advanced GNOME 3 options.

GNOME Tweak Tool Installation

Once GNOME Tweak Tool is installed, you can find it in the Applications side of the Activities Overview under the the heading Advanced Settings.

GNOME Tweak Tool lets you modify the desktop, fonts, shell, shell extensions, theme, and windows (essentially everything that System Settings leaves out, and then some). The left pane of the GNOME Tweak Tools serves to switch between these sections.

GNOME Tweak Tool - Home Page

You can score yourself a functional desktop under the Desktop section by checking Have file manager handle the desktop. From there you can drop shortcuts to the computer, home directory, network servers, and trash back on the desktop.

GNOME Tweak Tool - Desktop Page

You can change default font, document font, monospace font, and window title font in the Fonts section. You can also adjust the scaling factor, hinting, and anti-aliasing.

GNOME Tweak Tool - Fonts Page

The Shell section lets you show the date or seconds in the Clock and show the "week date" in the calendar. You can also change the arrangement of the title bar buttons. This enables, amazingly enough, the missing maximize and minimize buttons! The laptop lid can be configured to taste, too.

GNOME Tweak Tool - Shell Page

The Shell Extensions page is where additional extensions can be installed and activated/deactivated.

GNOME Tweak Tool - Shell Extensions Page

In the Theme section, you can add icons to menus and buttons, as well as change the cursor, keybinding, icon, GTK+, window, and shell themes.

GNOME Tweak Tool - Theme Page

Window behavior like double-, middle-, and right-click on the title bar is modifiable, along with the focus mode.

GNOME Tweak Tool - Windows Page

With the GNOME Tweak Tool installed, let's look at some of the powerful shell extensions available for GNOME 3

Input Tips and tricks in Fedora

Nearly every function familiar to most desktops is somehow different in GNOME Shell. So, navigating the UI with a keyboard might feel more efficient than hunting around with a mouse. Thankfully, there are a lot of handy keyboard shortcuts available in GNOME 3.

Keyboard Shortcut
Function
Windows Key
Opens Activities OverviewAlt + F1
Opens Activities OverviewAlt + F2
Opens Run Command prompt
Alt + Tab
Switches between open applications from left to right
Alt + Shift + Tab
Switches between open applications from right to leftEsc
Closes Activities Overview or current menu/dialog
Alt + ~ (tilde)
Opens the Application SwitcherCtrl + Alt + Tab
Open the Accessibility Switcher which changes focus of different UI elements for keyboard control
Ctrl + Alt + Shift + R
Toggles Screencast Recorder on/off
Ctrl + Alt + Down Arrow
Switch to Workspace below current Workspace
Ctrl + Alt + Up Arrow
Switch to Workspace above current WorkspaceCtrl + Alt + Shift + Down ArrowMoves currently selected window to the Workspace below current Workspace
Ctrl + Alt + Shift + Up ArrowMoves currently selected window to the Workspace above current WorkspaceCtrl + F6
Switches between windows of active application
Alt + Esc
Switches between windows on current Workspace
Prt Scr
Takes a fullscreen screenshot
Alt + Prt Scr
Takes a screenshot of the currently selected window
Ctrl + Alt + Del
Log Out
Ctrl + Alt + L
Lock ScreenAlt + Spacebar
Toggles the menu of the currently selected menu
Alt + F10
Maximizes currently selected window
Alt + F5
Restores currently selected window
Alt + F4
Closes currently selected window
Alt + F7
Activates movement control of currently selected window
Alt + F8
Activates resize control of currently selected window
F10
Opens first menubar entry of currently selected application
F8
Selects divider in multi-paned applications
F1
Displays Help knowledge base for currently selected application

Application Switcher

Hopefully you've picked up on the fact that GNOME 3 has no on-screen task management, and the Activities overview is somewhat of a hassle. Fortunately, there is a new application-based Alt-Tab switcher.

The Application Switcher can be activated without auto-cycling through windows by holding down the Alt and ~ key. Being application-based (not window-based), the Application Switcher combines multiple windows of the same application into a single icon. Pressing the down arrow over an application icon displays thumbnails of all windows created by that application. You can use the right and left arrows to cycle through applications and windows.

The Application Switcher

Although this isn't a suitable replacement for on-screen task management facilitated by taskbars and docks, it can help shave off time you'd otherwise spend fooling around with the Activities Overview. Then again, keyboard shortcuts are never a sufficient remedy for UI design problems.

Mouse

If you really rely on a mouse for navigation, you're not entirely left out in the cold. Despite the extra burden that GNOME Shell hits you with, there are a few helpful mouse tricks.

Mouse Shortcut
Function
Third Button Click (press scrollwheel) on Application Launcher
Opens application in new desktop
Double-click window Title BarMaximizes window
Right-click on Application Launcher
Opens contextual menu for the application
Ctrl + Left-click on Application Launcher
Opens new instance of application on current workspace
Ctrl + Scroll Wheel Up
Zooms in currently selected window
Ctrl + Scroll Wheel Down
Zooms out currently selected application
Scroll Wheel Up over Window in Activities Overview
Zooms in window preview
Scroll Wheel Down over Window in Activities OverviewZooms out window preview

Zoom Windows In The Overview

The Windows section of the Activities Overview can quickly get confusing if you have multiple windows of the same or similar applications open at once.

Which one was I looking for?

Using the mouse scroll wheel over any of the windows in the Overview zooms in on it for greater detail. This comes in useful if you find yourself with multiple visually-ambiguous applications open. Text editor and terminal junkies are sure to find this trick essential.

Ah, there it is!

Hidden Minimize

While GNOME 3 ditches the minimize and maximize buttons, right-clicking on window title bars brings up a menu that contains the option to minimize applications.

Hidden Minimize/Maximize Controls

This appears to be the only way to minimize applications in GNOME Shell by default. With no task bar to speak of, who knows where they actually go? The window still appears in the Activities overview. But apparently, minimizing windows in GNOME 3 simply causes them to disappear from the windowing area.

Touchscreen

Unlike Canonical, which developed the fantastic uTouch gesture language, the GNOME project is working with Qt and X.org developers to bring modern multi-touch support to all of Linux. There is no telling how long this will take. But many of you may have noticed how large screen elements like window title bars and the close button have become.

Logic Behind IP SPOOFING

The Internet Protocol, or IP, is the main protocol used to route information across the Internet. The role of IP is to provide best-effort services for the delivery of information to its destination. IP depends on upper-level TCP/IP suite layers to provide accountability and reliability. The heart of IP is the IP datagram, a packet sent over the Internet in a connectionless manner. An IP datagram carries enough information about the network to get forwarded to its destination; it consists of a header followed by bytes of data . The header contains information about the type of IP datagram, how long the datagram should stay on the network (or how many hops it should be forwarded to), special flags indicating any special purpose the datagram is supposed to serve, the destination and source addresses, and several other fields, as shown in Figure 1.

Figure 1: The IP Header

Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping lets you prepare spoofed IP datagrams with just a one-line command, and you can send them to almost anybody in the world. You can spoof at various network layers; for example, you can use Address Resolution Protocol (ARP) spoofing to divert the traffic intended for one station to someone else. The Simple Mail Transfer Protocol (SMTP) is also a target for spoofing; because SMTP does not verify the sender's address, you can send any e-mail to anybody pretending to be someone else. This article focuses on the various types of attacks that involve IP spoofing on networks, and the techniques and approaches that experts in the field suggest to contend with this problem.

Spoofing IP datagrams is a well-known problem that has been addressed in various research papers. Most spoofing is done for illegitimate purposes—attackers usually want to hide their own identity and somehow damage the IP packet destination. This article discusses ways of spoofing IP datagrams, various attacks that involve spoofed IP packets, and techniques to detect spoofed packets and trace them back to their original source; spoofing concerns for IPv6 are briefly addressed.

Spoofing an IP Datagram

IP packets are used in applications that use the Internet as their communications medium. Usually they are generated automatically for the user, behind the scenes; the user just sees the information exchange in the application. These IP packets have the proper source and destination addresses for reliable exchange of data between two applications. The IP stack in the operating system takes care of the header for the IP datagram. However, you can override this function by inserting a custom header and informing the operating system that the packet does not need any headers. You can use raw sockets in UNIX-like systems to send spoofed IP datagrams, and you can use packet drivers such asWinPcap on Windows . Some socket programming knowledge is enough to write a program for generating crafted IP packets. You can insert any kind of header, so, for example, you can also create Transmission Control Protocol (TCP) headers. If you do not want to program or have no knowledge of programming, you can use tools such as hping, sendip, and others that are available for free on the Internet, with very detailed documentation to craft any kind of packet. Most of the time, you can send a spoofed address IP packet with just a one-line command.

Why Spoof the IP Source Address?

What is the advantage of sending a spoofed packet? It is that the sender has some kind of malicious intention and does not want to be identified. You can use the source address in the header of an IP datagram to trace the sender's location. Most systems keep logs of Internet activity, so if attackers want to hide their identity, they need to change the source address. The host receiving the spoofed packet responds to the spoofed address, so the attacker receives no reply back from the victim host. But if the spoofed address belongs to a host on the same subnet as the attacker, then the attacker can "sniff" the reply. You can use IP spoofing for several purposes; for some scenarios an attacker might want to inspect the response from the target victim (called "nonblind spoofing"), whereas in other cases the attacker might not care (blind spoofing). Following is a discussion about reasons to spoof an IP packet.

Scanning

An attacker generally wants to connect to a host to gather information about open ports, operating systems, or applications on the host. The replies from the victim host can help the attacker in gathering information about the system.

These replies might indicate open ports, the operating system, or several applications running on open ports. For example, a response for connection at port 80 indicates the host might be running a Web server. The hacker can then try to telnet to this port to see the banner and determine the Web server version and type, and then try to exploit any vulnerability associated with that Web server. In the scanning case, attackers want to examine the replies coming back from the host, so they need to see the returned packet. If the spoofed address is actually an address of a host on the attacker's subnet, then the attacker can use a sniffer to see the packets.

Sequence-Number Prediction

If you establish the connection between two hosts by using TCP, the packets exchanged between the two parties carry sequence numbers for data and acknowledgments. The protocol uses these numbers to determine out-of-order and lost packets, thus ensuring the reliable delivery to the application layer as promised by TCP. These numbers are generated pseudo-randomly in a manner known to both the parties. An attacker might send several spoofed packets to a victim to determine the algorithm generating the sequence numbers and then use that knowledge to intercept an existing session. Again it is important for the attacker to be able to see the replies.

Hijacking an Authorized Session

An attacker who can generate correct sequence numbers can send a reset message to one party in a session informing that party that the session has ended. After taking one of the parties offline, the attacker can use the IP address of that party to connect to the party still online and perform a malicious act on it. The attacker can thus use a trusted communication link to exploit any system vulnerability. Keep in mind that the party that is still online will send the replies back to the legitimate host, which can send a reset to it indicating the invalid session, but by that time the attacker might have already performed the intended actions. Such actions can range from sniffing a packet to presenting a shell from the online host to the attacker's machine.

Determining the State of a Firewall

A firewall is used to protect a network from Internet intruders. Packets entering a firewall are checked against an Access Control List (ACL). TCP packets sent by a source are acknowledged by acknowledgment packets. If a packet seems like an acknowledgement to a request or data from the local network, then a stateful firewall also checks whether a request for which this packet is carrying the acknowledgment was sent from the network. If there is no such request, the packet is dropped, but a stateless firewall lets packets enter the network if they seem to carry an acknowledgment for a packet. Most probably the intended receiver sends some kind of response back to the spoofed address. Again, for this process to work, the attacker should be able to see the traffic returning to the host that has the spoofed address—and the attacker generally knows how to use the returned packet to advantage.

Denial of Service

The connection setup phase in a TCP system consists of a three-way handshake . This handshake is done by using special bit combinations in the "flags" fields. If host A wants to establish a TCP connection with host B, it sends a packet with a SYN flag set. Host B replies with a packet that has SYN and ACK flags set in the TCP header. Host A sends back a packet with an ACK flag set, finishing the initial handshake. Then hosts A and B can communicate with each other, as shown in Figure 2.

Figure 2: A Normal TCP Connection Request from A to B

The three-way handshake must be completed in order to establish a connection. Connections that have been initiated but not finished are called half-open connections. A finite-size data structure is used to store the state of the half-open connections. An attacking host can send an initial SYN packet with a spoofed IP address, and then the victim sends the SYN-ACK packet and waits for a final ACK to complete the handshake. If the spoofed address does not belong to a host, then this connection stays in the half-open state indefinitely, thus occupying the data structure. If there are enough half-open connections to fill the state data structure, then the host cannot accept further requests, thus denying service to the legitimate connections (Figure 3).

Figure 3: Half-Open TCP Connection

Setting a time limit for half-open connections and then erasing them after the timeout can help with this problem, but the attacker may keep continuously sending the packets. The attacked host will not have space to accept new incoming legitimate connections, but the connection that was established before the attack will have no effect. In this type of attack, the attacker has no interest in examining the responses from the victim. When the spoofed address does belong to a connected host, that host sends a reset to indicate the end of the handshake.

Flooding

In this type of attack an attacker sends a packet with the source address of the victim to multiple hosts. Responses from other machines flood the victim. For example, if an attacker uses the IP address of source A and sends a broadcast message to all the hosts in the network, then all of them will send a reply back to A, hence flooding it. The well-known Smurf and fraggle attacks used this technique.

Countermeasures for IP Spoofing

IP spoofing countermeasures include detecting spoofed IP packets and then tracing them back to the originating source. Detection of spoofed IP packets requires support of routers, host-based methods, and administrative controls, whereas tracing of IP packets involves special traceback equipment or traceback features in routers. The following section discusses both IP spoofing detection and IP spoofing traceback techniques.

Spoofed Packet Detection

Detection of a spoofed packet can start as early as at Layer 2. Switches with the IP Source Guard feature[8] match the MAC address of the host with a Dynamic Host Configuration Protocol (DHCP)-assigned dynamic or administratively assigned static IP address. Packets that do not have the correct IP source address for that particular MAC address are dropped, thereby limiting the ability of hosts connected to such a switch to send a packet with their neighbor's address. The IP Source Guard feature works very well for interfaces with a single IP address, but one interface can be assigned multiple IP addresses, and that may cause problems. The same problems can occur with Network Address Translation (NAT), where hosts might get different IP addresses several times. Routers work at Layer 3 in networks, and they know which interface a network is connected to and what network addresses can be expected to come from that network. If the outgoing packet from an interface does not have the network address of that interface, then the packet is spoofed and the router can stop that packet at that point; however, if the attacker is spoofing an IP address of a host on the same network (most likely in the attacks where they will be sniffing the replies), then this technique is not really helpful. The same logic can be used for an incoming packet; if a packet destined for an interface has a source address of the same network as the interface, then it is a spoofed packet. Routers can detect spoofed packets only when the packets pass through them, and if the target and attacker are both on the same subnet then this technique does not work.

Hosts receiving a suspicious packet can also use certain techniques to determine whether or not the IP address is spoofed. The first (and easiest) one is to send a request to the address of the packet and wait for the response; most of the time the spoofed addressees do not belong to active hosts and hence no response is sent.

Another method is to check the Time to Live (TTL) value of the packet, and then send a request to the spoofed host. If the reply comes, you can compare the TTL of both packets. Most probably the TTL values will not match. But of course it is also possible that these TTL values are the same but the packet is coming from a different source, and conversely. Packets generated by different operating systems differ slightly in values of certain fields; for example, in Internet Control Message Protocol (ICMP) ping packets, you can examine the data payload to determine the operating system. Windows fills the packet with letters of the alphabet, whereas Linux puts numbers in the data portion. If the suspicious packet does not have the same characteristics as the legitimate packet, that is evidence it was not sent from the IP address that is in its source address field. You can also use IP identification numbers to determine whether a packet is actually coming from the said source. For legitimate packets the IP ID is close in value, but this method is not reliable because the attacker can ping the said source and determine the IP ID that it is using, and then craft packets that will seem legitimate. In all these techniques we are trying to determine only whether or not a packet is spoofed, and taking all these steps for all packets would be prohibitive from an overhead standpoint. Thus you should either randomly check packets or determine some suspicious activity that would trigger further investigation for spoofed-packet detection. The next section addresses measures you can take to trace a spoofed packet back to its real source.

Tracing Spoofed IP Packets

IP traceback technology plays an important role in discovering the source of spoofed packets. Hop-by-hop traceback and logging of suspicious packets in routers are the two main methods for tracing the spoofed IP packets back to their source.

When a node detects that it is a victim of flood attack, it can inform the Internet Service Provider (ISP). In flood attacks the ISP can determine the router that is sending this stream to the victim, and then it can determine the next router, and so on. It reaches either to the source of the flood attack or the end of its administrative domain; for this case it can ask the ISP for the next domain to do the same thing. This technique is useful only if the flood is ongoing.

As mentioned earlier, a router has an idea of the IP addresses that should be arriving at its interfaces. If it sees any packet that does not seem to belong to the address range for its interface, it can log the packet as suspicious. Appropriately timed broadcasts among different domains to detect spoofed packets can help administrators of different networks trace spoofed IP packets back to their source.

IP Spoofing and IPv6

IP spoofing detection, or in other words validating the source address of an IPv6 packet, is a little more complicated than the process for IPv4. A host using IPv6 may potentially have multiple addresses. Again the problem inside the Local Area Network is to associate the IPv6 address with the Layer 2 or MAC address. Among peers on the same network, you can use Neighbor Discovery or Secure Neighbor Discovery (SEND) advertisements to verify the source address in a packet. You can verify source addresses of packets arriving from nodes outside the network by using the Authentication Header (AH) in IPv6 datagrams. You can use agreed-upon parameters between source and destination to calculate authentic­ation information on header fields that does not change during transit. Although this process will not prevent someone from signing a spoofed address, it does provide a means to authenticate the identity of the source.

IPv6 and IPv4 network inter­connections will likely face spoofing problems. IPv6 packets are usually encapsulated in IPv4 packets to travel across the non-IPv6 supporting networks. The IPv6 interim mechanism "6to4" [10, 11] uses automatic IPv6-to-IPv4 tunneling to interconnect networks using different IP versions. This mechanism uses 6to4 routers and 6to4 Relay Routers that accept and decapsulate IPv4 traffic from anywhere. There are no constraints on such embedded packets. Relay routers act as bridges between IPv6 and 6to4 networks and can be tricked into sending spoofed traffic anywhere. Also, anyone can send tunneled spoofed traffic to a 6to4 router, and the router will believe that it is coming from a legitimate relay. There is no simple way to prevent such attacks, and longer-term solutions are needed in both IPv6 and IPv4 networks.

Cloud storage security solutions

Cloud storage services such as Dropbox, Google Drive, and SugarSync are convenient, efficient—and notoriously insecure. Files are rarely encrypted, data transfer is typically not protected, and companies are usually able to access your files (even if they state they won't, they may be legally compelled to do so).

Documents such as business plans or other sensitive files (say, a copy of your birth certificate) should be protected. You can utilize a special, ultra-secure provider such as Wuala or Tresorit, or you can encrypt files yourself before uploading them to larger storage services, such as Dropbox.

Wuala

Price: 5GB Free; Plans starting from 20GB for $4/month

Platforms: Windows, Linux, iOS, Android

IMAGE: SARAH JACOBSSON PUREWAL

Wuala's service encrypts your files locally before sending them to the cloud.

Wuala is a secure cloud storage service offered by storage company LaCie. This service differs from mainstream cloud storage providers in two ways:

Client-side encryption of files: All of your files are encrypted locally on your device before being sent to the cloud, which ensures that even on a non-encrypted transfer, no readable data would leak out. This process is more secure than a secure transfer, mainly because it means that nobody except you ever has access to your data.

IMAGE: SARAH JACOBSSON PUREWAL

Don't lose your Wuala password, because that's the only way to get to your files.

Zero-knowledge password policy: Only you know your password, and therefore only you can access your account. Wuala's employees cannot see your password, nor can they see your data except in raw form (how many files you have and how much storage space they take up). So even if the government came knocking on Wuala's door and asked them to turn over your files, they simply wouldn't be able to do so. Nor will you be able to get to your stuff if you forget your password, so keep it carefully.

Security aside, Wuala operates like the cloud storage services you're used to. Simply download Wuala's application and the service will install a special sync folder to your device, where you can drag and drop files to store both locally and in the cloud. Wuala also offers backup and versioning, which means you'll be able to access previous versions of files or restore files should you accidentally delete them. Like other cloud storage providers, Wuala offers 5GB of storage for free. Pricing plans start at 20GB for $4 per month.

Tresorit

Price: 5GB Free; Plans starting from 100GB for $7/month

Platforms: Windows, Mac OS X, iOS, Android

Tresorit is a cloud storage provider that claims to offer "a truly secure cloud storage service." Security features include client-side encryption, secure data transfer, and secure data centers that are equipped with physical security measures against intrusion as well as uninterruptible power and backup systems.

IMAGE: SARAH JACOBSSON PUREWAL

Tresorit lets you secure any folder on your device, not just special ones the service creates.

Like Wuala, Tresorit encrypts your data on your local machine to help ensure that your files are protected at all times. It, too, practices a zero-knowledge password policy, which means that nobody in the company can ever access your password or decryption keys. Of course, the drawback of such a policy is that if you forget your password, you're basically out of luck (you'll have to create a new account, and you'll lose all of your data in the cloud).

Tresorit's main difference from Wuala, and other mainstream cloud storage services, is the ability to turn any folder on your device into a secure "tresor." What this means is that you do not have to drag and drop files into a special sync folder. Instead, you can simply right-click on an existing folder and "tresor it." This is especially convenient if you're digitally organized and you'd prefer not to rearrange your files into one sync-able folder.

Tresor offers 5GB of space for free. An additional 100GB will cost you 5 euros, or just under $7, per month.

McAfee Personal Locker

Price: 1GB free with a subscription to McAfee LiveSafe

Platforms: Windows 8, iOS, Android

McAfee's Personal Locker is a cloud storage vault that you manage via your smartphone or Windows 8 device. It can store up to 1GB of data, which you can access from anywhere—but only after you've jumped through a series of security hoops.

IMAGE: SARAH JACOBSSON PUREWAL

McAfee Personal Locker uses face and voice recognition along with a PIN to secure data.

The app requires voice recognition, biometric data (facial recognition), and a PIN to verify your identity before giving you access to your files. Every. Single. Time. You can choose to set certain files as low priority (you'll only have to enter a PIN to access them), but where's the fun in that?

While definitely not the sort of service you want to use for everyday cloud storage, Personal Locker would work well for sensitive documents that you may need to access from anywhere, such as legal documents, medical records, or copies of your passport or birth certificate. Personal Locker is free with a subscription to McAfee LiveSafe, which costs $80 per year.

Unauthorised access to HTTP and HTTPS traffic

Unauthorized HTTP and HTTPS Traffic Blocked on Port

ContentProtect Security Appliance can block proxy servers from redirecting unauthorized HTTP and HTTPS traffic to non standard ports, which is generally an attempt to bypass filtering on the appliance. This is especially helpful when organizations experience users running Filter Avoidance Programs to bypass the filtering system of ContentProtect Security Appliance, just so they can access more web site locations without being detected.

 

Unauthorized HTTP and HTTPS Traffic

Blocked on Port

 

Contact: Customer Support for help with technical questions.

Standard Ports

The following are standard ports used by ContentProtect Security Appliance when Anonymous Proxy Guard is enabled. Any HTTP and HTTPS traffic redirected to any other ports not listed below are considered non standard ports and will be blocked.

Port 80 - HTTPPort 8080 - Proxy ServersPort 443 - HTTPS

How Anonymous Proxy Guard Works

If ContentProtect Security Appliance recognizes that HTTP traffic is trying to use port 5000, the traffic is considered unauthorized and knows that someone has sent a web request to a non standard port, thus bypassing the filter. ContentProtect Security Appliance blocks the traffic, and sends a Blocked Website message back to the user. The user message also includes the port that the traffic was attempting to access. By default, Anonymous Proxy Guard only uses standard ports for HTTP, HTTPS traffic. It is possible that a user could send a valid web request over a non standard port. In this case, you must add an exception to the Traffic Flow Rule Set to send the web request through the web filter so that future web requests reach the host destination successfully.

Note: Even though the message says unauthorized HTTP traffic was blocked, HTTPS traffic could also have been blocked.

The following graphic shows that the URL address is attempting to send HTTP information through port 6666. Some URL addresses have the port redirection embedded in the URL and may not appear in the addresses.

 

Filter Avoidance Programs

There are several programs available on the market that allow users to bypass the filtering rules onContentProtect Security Appliance, by sending HTTP and HTTPS traffic through proxy server. Some programs may even send HTTP and HTTPS traffic encrypted, which makes it much more difficult to determine what type of traffic is trying to access the non standard ports. Some requests could be valid, but most are not. In any case, you want to create a signature that forces web requests to the standard ports and go through the Web Filtering system on ContentProtect Security Appliance.

 

Example: If a student in Palo Alto, West Coast school district uses the program Ultrasurf to bypass filtering by sending web requests over non standard ports, then you can resolve the filtering avoidance issue by blocking all ports except the standard ports, 80, 8080, and 443.

Creating a Custom Signature for HTTP and HTTPS Traffic

When Anonymous Proxy Guard is enabled a user may be blocked from accessing a valid site because the site is redirecting its traffic over a non-standard HTTP, HTTPS, or Proxy server port.

 

Allowing web requests over non-standard ports when Anonymous Proxy Guard is enabled, requires creating a custom signature so that the HTTP and HTTPS traffic goes through the Web Filter before going to the non standard port.

 

 

To create a custom signature for HTTP and HTTPS traffic

From ContentProtect Security Appliance, selectManage > Policies & Rules > Policy Manager.Click a Group on the Policy Manager page to find out what Internet Usage Rule has been assigned.

From ContentProtect Security Appliance, selectManage > Policies & Rules > Internet Usage Rules.Click on the Internet Usage Rule assigned to the Group that you want to change.Write down the name of the Traffic Flow Rule Set(TFRS) used for the Internet Usage Rule.

Anonymous Proxy Guard is only enabled when using a TFRS that contains the nameAnonymous Proxy Guard.

From ContentProtect Security Appliance, selectManage > Applications > Applications.Click Create.

Enter a Name for the new application, which also appears in the application reports.Enter a Description for the new application.Select HTTP as the Application Set from the drop-down list.Select Source and Destination Port as the Type from the drop-down list.Enter the port number for the ValueSelect TCP as the Protocol from the drop-down list.Select Web Filter as the Target from the drop-down list.Click Save.

Installing software on linux from windows using cygwin

 

If you are using SSH client to connect to Linux server from your Windows laptop, sometimes it may be necessary to launch UI application on the remote Linux server, but to display the UI on the windows laptop. Following are two typical reasons to perform this activity:

Install software on Linux from Windows: To launch a UI based installer to install software on remote Linux server from windows laptop. For e.g. A DBA might want to install the Oracle on the Linux server where only the SSH connection to the remote server is available and not the console.Launch Linux X client software on Windows:To launch X Client software (for e.g. xclock) located on your remote Linux server to the Windows laptop.

Cygwin can be used to perform the above activities. Following 15 steps explains how to install Cygwin and launch software installers on Linux from Windows. Go to Cygwin and download the setup.exe. Launch the setup.exe on the Windows and follow the steps mentioned below.

1. Welcome Screen. Click next on the Cygwin installation welcome screen.

2. Choose a download source. Select the 'Install from internet' option

3. Choose Installation directory. I selected C:\cygwin as shown below. This is the location where the Cygwin software will be installed on the Windows.

4. Select Local Package Install directory. This is the directory where the installation files will be downloaded and stored.

5. Select Connection Type. If you are connected to internet via proxy, enter the information. If not, select 'Direct Connection'.

6. Choose a download site. You can either choose a download site that is closer to you or leave the default selection.

7. Download Progress. This screen will display the progress of the download.

8. Select Packages to install. I recommend that you leave the default selection here.

9. Installation Progress. This screen will display the progress of the installation.

10. Installation Completion.

11. Start the Cygwin Bash Shell on Windows.Click on cygwin icon on the desktop (or) Click on Start -> All Programs -> Cygwin -> Cygwin Bash shell, which will display the Cygwin Bash Shell window.

12. Start the X Server on Windows. From the Cygwin Bash Shell, type startx to start the X Server as shown below. Once the X Server is started, leave this window open and do not close it.

13. Xterm window: startx from the above step will open a new xterm window automatically as shown below.

14. SSH to the remote Linux host from the Xterm window as shown below. Please note that you should pass the -Y parameter to ssh.-Y parameter enables trusted X11 forwarding.

jsmith@windows-laptop ~ $ ssh -Y -l jsmith remote-host <This is from the xterm on windows laptop> jsmith@remotehost's password: Warning: No xauth data; using fake authentication data for X11 forwarding. Last login: Thu Jun 12 22:36:04 2008 from 192.168.1.102 /usr/bin/xauth: creating new authority file /home/jsmith/.Xauthority [remote-host]$ xclock & <Note that you are starting xclock on remote linux server> [1] 12593 [remote-host]$

15. xclock on windows laptop. From the Linux host, launch the xclock software as shown above, which will display the xclock on the windows laptop as shown below.

Use the same method explained above to launch any software installer on Linux (for e.g. Oracle database installer) and get it displayed on the Windows laptop.

FTP using Filezilla

Welcome to the FileZilla Client tutorial. In this tutorial, you will learn how to

Connect to an FTP server,Download and upload files,Use the site manager.

If you already know how to use an FTP client, you may want to read the more advanced usage instructionsinstead.

We assume that you already installed and started FileZilla Client (installation instructions).

Connecting to a server

The first thing to do is connecting to a server.

This is our (fictional) login data - please use your own data instead if you want to actively follow the tutorial.

Hostname: example.org Username: john Password: 7PjU#.J3

We will use the quickconnect bar for establishing the connection:

Enter the hostname into the quickconnect bar's Host:field, the username into the Username: field as well as the password into the Password: field. You may leave the Port: field empty unless your login information specifies a certain port to use. Now click onQuickconnect.

Note: If your login information specifies a protocol like SFTP or FTPS, enter the hostname as follows:sftp://hostname or ftps://hostnamerespectively.

FileZilla will now try to connect to the server. If all works well, you will notice that the right "column" switched from Not connected to any server to displaying a list of files and directories.

Navigating and window layout

Legend: 1. Toolbar, 2. Quick connect bar, 3. Message log, 4. Local pane, 5. Remote pane, 6. Transfer queue (Full-size version)

The next step is to get familiar with FileZilla's window layout.

Here is a quick introduction: Below thetoolbar (1) and quick connect bar (2), themessage log (3) displays transfer and connection related messages. Below, you can find the file listings. The left column (local pane, 4) displays the local files and directories, i.e. the stuff on the PC you're using FileZilla on. The right column (server pane, 5) displays the files and directories on the server you are connected to. Both columns have a directory tree at the top and a detailed listing of the currently selected directory's contents at the bottom. You can easily navigate either of the trees and lists by clicking around like in any other file manager. At the bottom of the window, thetransfer queue (6) lists the to-be-transferred and already transferred files.

Transferring files

Now we will upload these files (or the ones you choose, respectively):

website/ +- index.html +- images/ +- image01.jpg +- image02.jpg

Uploading

First - in the local pane - bring the directory into view which contains data to be uploaded (e.g.index.html and images/). Now, navigate to the desired target directory on the server (using the server pane's file listings). To upload the data, select the respective files/directories and drag them from thelocal to the remote pane. You will notice that the files will be added to the transfer queue at the bottom of the window and soon thereafter get removed again - since they were (hopefully, if nothing went wrong) just uploaded to the server. The uploaded files and directories should now be displayed in the server content listing at the right side of the window.

Local and remote file listings after uploading the example files

Note: If you don't like using drag-and-drop, you can also right click on files/directories (in the lower local pane) and select Upload to upload them - or simply double-click a file entry (this does not work for directories).

Note (advanced): If you enable filtering and upload a complete directory, only the not-filtered-out files and directories inside this directory will be transferred.

Downloading

Downloading files, or complete directories, works essentially the same way as uploading - you just drag the files/directories from the remote pane to the local pane this time, instead of the other way round.

Note: In case you (accidentally) try to overwrite a file during upload or download, FileZilla will by default display a dialog asking what to do (overwrite, rename, skip...).

Using the site manager

Now that you are confident in transferring files (if not, practice a little bit), you might want to add the server information to the site manager to make it easy to reconnect to this server. To do this, select Copy current connection to Site Manager... in the File menu. The site manager will be opened and a new entry will be created with all the important information already filled in. You will notice that the entry's name is selected and highlighted - you can enter some descriptive name so you will later on find your server again (enter something like domain.com FTP server for example - you can rename it later if you wish). Now close the dialog by clicking on OK.

The next time you want to connect to this server, you can simply select it in the site manager and clickConnect.