I wrote a cloud-init script to automate the deployment of a shadowsocks server. I shared it in a gist here.
- Creates a non-privileged user
- Uploads your ssh public key to the user
- Adds this user to the sudoers group
- Disables ssh login for the root user
- Downloads and installs libraries required for chacha20
- Creates a “random” password and writes it in the config.json file
- config.json file is in the /root directory. (You will need the password in this config file to be able to connect to your shadowsocks server.)
- Starts the shadowsocks server.
You have to fill out the _YOURUSERNAMEHERE_, _YOURSSHPUBLICKEYHERE_ and _YOURFULLNAMEHERE_ with your data.
You can use this script in DigitalOcean easily following this document.
I spent some time on analyzing password usage using the data that leaked from couple of Sony hacks few days ago. The results are pretty scary.
The data size: 38698 users on 2 sites.
Top ten most used passwords are:
So if you have a password that is listed above, you better change it pretty soon.
I also compared how many people were using the same password on two different hacked Sony sites. There were 2421 users who used the same email to register and out of those only 168 users were using different passwords (about 6.5%).
And who wins the email war? Based on the same data, most of the users were using emails from the following providers:
|# of users
||other email providers
Netresec released a new Windows network sniffer tool that looks promising: RawCap. It has no winpcap dependencies and with its small 17kB foot print it does not require installing. (Having said that you still need .NET Framework libraries and DLLs.)
Here are the properties of RawCap from their webpage:
- Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)
- RawCap.exe is just 17 kB
- No external libraries or DLL’s needed other than .NET Framework 2.0
- No installation required, just download RawCap.exe and sniff
- Can sniff most interface types, including WiFi and PPP interfaces
- Minimal memory and CPU load
- Reliable and simple to use
For downloading and some screenshots and more information click here.
OK, the title means: World of Warcraft One Time Password Goodness. 🙂
I just got my OTP generator from Blizzard. It has a nice horde colors touch. The activation was very simple. I was expecting that it would replace my static password, but it didn’t. Instead it asks your password first (what you know) then it asks the code generated by the token in a second window (what you have).
It’s very nice to see from a computer game vendor to use two factor authentication. And here is a picture 😉
nmap version 5 is released today. According to insecure.org it’s the most important release since 1997.
Here is the changelog,
Here are the release notes,
And here is the download link.
I want to mention one more time how much I appreciate all work done on this exceptional product. 🙂