SshTunnel
Latest
How to guard yourself and your Mac from Firesheep and Wi-Fi snooping
The prevalence of free/cheap and open Wi-Fi networks in coffee shops, airports, offices and hotels is a great boon to the traveling Mac or iPad user; it makes connectivity and remote work much easier than it used to be. Unfortunately, since most of those networks don't employ WEP or WPA passwords to secure the connection between device and hotspot, every byte and packet that's transmitted back and forth is visible to all the computers on the wireless LAN, all the time. While certain sites and services use full-time browser encryption (the ones that have URLs beginning with https:// and that show a lock in the browser status bar), many only encrypt the login session to hide your username and password from prying eyes. This, as it turns out, is the digital equivalent of locking the door but leaving the windows wide open. Firesheep is a Firefox extension which makes it trivially easy to impersonate someone to the websites they log in to while on the same open Wi-Fi network. It kicks in when you login to a website (usually in a secure fashion, via HTTPS) and then the site redirects you to a non-secured page after login. Most sites that operate this way will save your login information in a browser cookie, which can be 'sniffed' by a nogoodnik on the same network segment; that's what Firesheep does automatically. With the cookie in hand, it's simple to present it to the remote site and proceed to do bad things with the logged-in account. Bad things could range from sending fake Twitter or Facebook messages all the way up to, potentially, buying things on ecommerce sites. That process is known as "HTTP session hijacking" (informally, "sidejacking") and has been a known problem for several years, but many sites have not changed to protect their users. Firesheep has made this process of sidejacking very easy, and a reported 104,000+ people have downloaded it. It is important to realize that the security problem exists for users of all browsers. Firesheep is available only for Firefox, but that's just the exploit side; it will gladly harvest cookies from Safari, Chrome, IE or anything else. Unfortunately, you've got to assume that any unencrypted site you go to while on an open Wi-Fi network is susceptible to compromise by this attack. Read on for some suggested ways to combat this security challenge. Photo by adactio | flickr cc
Meerkat 1.5 automatically reconnects your SSH Tunnels
Meerkat turns SSH tunnels -- a fairly obscure and complicated concept -- into a feature anyone should be able to use, and does so in a very Mac-like way. I've known about SSH tunnels for a long time, but I've never been able to get them working. The concept is simple enough: a SSH connection is formed between two computers, allowing for secure access between them. (For more, see SSH: Tunneling Explained.) What would you use a SSH tunnel for? Here are a couple possibilities: you can stream your iTunes library across the web for free. Our local library has a terribly onerous "web filter" which even blocks Delicious and a bunch of other useful sites. By setting up a SSH tunnel and SOCKS proxy I can avoid that filter. If I want to access my webhosting management panel, I have to do so from a "known" IP address or go through a multi-step process to register another IP. By using a SSH tunnel, I can securely connect to my webhosting company and then access the tunnel. But how do you setup ssh tunnels? You could do it manually via Terminal.app, but that's not very Mac-like. We've mentioned Meekat before but even then I wasn't able to get it to work until recently. What made the difference? The new "Tunnel Setup Assistant." When version 1.5 was released, it added something very cool, especially for laptop users: automatic reconnection. Combine it with NetworkLocation and you can have a nearly seamless and flexible set of rules to let you access all of your information securely, regardless of where you are. (It's also fully AppleScript-able.) If you've ever tried to setup a SSH tunnel before and gave up because it was too complicated or too much work, give Meerkat a look. It's a slick program that should appeal to power Mac users of all shades. There's a 14-day demo, plenty of time to figure out how it works and how to use it. A license costs US$19.95, and there's a 30-day guarantee. If you have any questions, I found the developer, Justin Miller, to be very responsive.
Palm Pre data tethering is a go, Sprint be damned
Well, that was fast. Just a couple hours after we noted Palm warning against hacking webOS to allow data tethering on the Pre, the first set of instructions has popped up. It's not the cleanest hack we've ever seen -- you need to root your phone, enable SSH, and then configure your browser to run through a SOCKS proxy -- but it'll certainly get the job done in a pinch. Just don't go crazy, alright? We've got a feeling Sprint's watching Pre accounts with an eagle eye.
Meerkat: simplified SSH tunneling
I would wager that most of the people who know they need an SSH tunnel also know the Terminal commands to make it happen. But if those people happen to be Mac users, it's quite likely they wouldn't be averse to having menu bar access, Growl integration, Bonjour capability and a nice GUI to handle their tunnels. And to those who just know they want secure browsing, email and other network activities but aren't SSH ninjas, such things might be even more attractive. Code Sorcery Workshop's Meerkat is a handy application that provides all of the above tools and offers setup wizards to provide the right settings for the particular tunnel you need. It turns setting up a quick SOCKS proxy for web browsing into a 2 minute task. Setting up a tunnel for Mail is just as simple. Whether you're already using tunnels or looking to get some protection while browsing at the coffeehouse, Meerkat may be able to help out. You can try Meerkat out for free with a time-limited demo. If it should become something you can't (or don't want to) live without, you can register it for $19.95. Thanks, Mark!
SSH tunneling for fun and profit
Will O'Brien is a little paranoid, but we still love him. He has written up a great step by step post over at Engadget, a little known blog that I read, detailing how to setup SSH tunneling when you are on potentially insecure networks.Go read it, because you don't want me reading your email (and if you don't SSH tunnel I WILL read your email).
