Rob's Homepage

So I was investigating how to run a rails app on my VPS. I needed to use several sources to get little bit's working, so here's the combined instructions. Note that I assume you're starting with a working apache installation.

Further to my blog post on FireSheep, I figured I'd share these links. FireSheep is a firefox plugin designed to allow anyone on the same wireless access point as you to evesdrop on your connection, seeing what you see (when browsing the web) and to impersonate you to social networking sites you're logged on to. It turns out that it's really simple to protect yourself:

With so much business being conducted over the internet a significant outage could cause issues. For example supermarkets rely on timely and frequent deliveries, if their in store systems are unable to tell their distribution systems what stock they need shelves would rapidly empty. This is why it is wise to keep in mind how reliable the internet is and whether sufficient backup procedures are in place.

A Primer

Authentication is the process of proving to a computer (or other system) that you are who you claim to be. There are several methods of doing this, of which the most common is a password.

The Factors [Reference 1.1.]

A password is in fact just one method of authenticating yourself. There are several methods available, each with their own strengths and weaknesses. These can be combined into a single login process in order to increase security. The commonly accepted factors are:

Several of the scripts used by the script kiddie varity of crackers assume a large amount about the system(s) they're attacking. Some simple changes to the configuration of SSH make sure that other machines are an easier target, thus making their fruit hang lower than yours. All that needs done is to change the port you use for SSH, so follow these steps to make SSH listen on another port, simply replace <PORT> with whatever number you want to use, for extra piece of mind keep it above 1024. It looks like there's a lot of steps but it can be done in under 2 minutes.

If you're ever sitting on an open wifi hot spot, wondering what he people around you are looking at then you need the new FireFox extension FireSheep.

Not much more to say on this other than to point you over to Steve Gibson's blog:

• Instant Hotspot Protection from "FireSheep"
• Why Firesheep's Time Has Come

http://xkcd.com/792/

Seriously folks if you're going to use the same password on multiple sites you need to be REALLY REALLY CERTAIN you can trust ALL of them.

Entropy (ie the source of random numbers) is generated by keeping an eye on such things as mouse/keyboard use, hardware interupts. However on VPSs some of this is unavailable, so here's the process for using the bitfolk entropy service.

Originally from: Steve's Blog.

Cold-blooded Calculations for Corporate Profit

Mozilla (home of FireFox) has provided a method of checking that your browser plugins are upto date. This has been extended to check plugins of other browsers too. Simply visit www.mozilla.com/plugincheck.