Archive for December, 2011

How to retrieve EXIF data from the command line in Ubuntu Linux

If you want to make use of the EXIF data stored in a JPEG (.jpg or .jpeg) or TIFF (.tif or .tiff) file from the command line in Ubuntu Linux — or most other Linux variants — here’s how.

This was tested on Ubuntu 11.10 (Oneiric Ocelot).

First, you will need to have imagemagick installed to provide the identify command.

sudo apt-get install imagemagick

Next, you can retrieve the data on an image with the following example:

identify -verbose /usr/share/backgrounds/WildWheat_by_Brian_Burt.jpg

If you want just the EXIF data, you can use something like the following:

identify -verbose /usr/share/backgrounds/WildWheat_by_Brian_Burt.jpg | grep "exif:"

, , ,

Leave a comment

Why good password practices are no longer optional — Part 2

In part 1 of this two-part series, I mentioned some of the fallacies and misconceptions in password practices. If you haven’t read it, I suggest you click here to read it now. In this part I’ll discuss a few methods for storing and securing your strong passwords themselves. It’s not as hard as it sounds, and there are lots of ways to do it. I’ll describe a few different approaches below and a few pros and cons of each one:

Paper and pencil (or pen)

I’m taking it back to the basics here. Write down your passwords in an address book, rolodex, or other suitable organizational booklet. However, don’t store this near your computer. There are some simple solutions that can help you think of — and remember — complex passwords, such as this idea from IdeaShower.com.

ProsHelps you keep organized track of username/password and security question/answer combinations easily and inexpensively. Durable and long-lasting.

ConsCan be easily compromised. Someone who knows where your password book is can still gain access to your accounts.

A simple text file, Spreadsheet, or Database

This is one step beyond the paper  method above. Storing your passwords in a simple database can do the same as above, as well as keeping it quickly sortable and searchable. However, if someone gains access to your computer or hard drive, it can be compromised. A few examples of this are a text file, an Excel spreadsheet, or an Access database.

ProsEasier to organize, search, and update than a paper file.

ConsCan be compromised if unauthorized access to your computer occurs, such as through a trojan or virus. Can be lost, corrupted, or become outdated if backups are not made and maintained.

An encrypted text file, Spreadsheet, Database, or specialized software

An encrypted database can offer you the same ease-of-use of the electronic storage method, while providing an extra layer of protection in case someone gains access to your computer’s data. There are several software programs which are designed for encrypted password storage, such as KeePass1PasswordPassword Safe, or the Firefox extension Password Hasher (though it’s not clear if it stores its password in encrypted databases or not). Though some of these can be pricey, the peace of mind and organization they provide is often times priceless.

ProsMany of the same advantages as simple file storage while providing an additional layer of security against unauthorized access. Free software programs are available. Specialized software can also assist in generating strong passwords.

ConsJust as the encryption protects against unauthorized access, you can lose access to your database if you forget the password. Store it securely. Non-free software can be pricey.

Cloud-based, encrypted password storage

Cloud-based password storage attempts to combine the best of encrypted storage as well as worry-free backup and syncing across all your devices. Keep in mind when choosing cloud-based storage that you’re placing your trust in the availability and security of the provider. Make sure that if you choose a provider that you carefully review their encryption choices and availability of an optional 2-factor authentication method.

My personal favorite in this category is LastPass. LastPass is free to use the website and browser extension, and they offer a premium subscription which allows you to access your password vault from a mobile device for $12 per year. LastPass also includes support for 2-factor authentication via a YubiKey or Google Authenticator.

(Disclaimer: I am a LastPass premium subscriber; I have not sought nor are they offering me any compensation for mentioning them in this post.)

ProsConvenient browser-based or browser extension for access and syncing of your passwords. Can auto-fill on websites. No need to worry about backing up your password file or losing it.

Cons: If your provider is compromised or goes down you could lose access to your stored passwords.

Do you have any methods of generating, storing, or securing passwords not listed above, or anything else that wasn’t covered in the above article? Please feel free to share in the comments below. Thank you!

, ,

Leave a comment

Set up an encrypted VPN using DD-WRT

DD-WRT is feature-rich alternative firmware for a large number of home router models. It adds a wonderful array of new features, VPN being one of them. This walkthrough will show you how to quickly and easily configure a PPTP VPN server on your DD-WRT-powered router, so you can connect to your home network from afar, create a secure tunnel so you can safely use a public Wifi point with your laptop, or secure your iOS or Android device.

Setting up the VPN Server

So here’s how to get started. First, you’ll need a build of DD-WRT supported by your router which includes the VPN software. If you’re doing this on an Internet connection which has an IP address that changes periodically (i.e. residential), you’ll likely want a Free DynDNS hostname to point to your IP address. You’ll also need a basic familiarity of networking.

For the remainder of this guide, I will assume your router’s internal (LAN) IP address is 192.168.1.1.

Start by going to http://192.168.1.1 and login to your router’s administration panel.

Go to Services > VPN and set PPTP Server to enable. After doing that, a few new options will appear. The only ones you need to set are Server IP, Client IP(s), and CHAP Secrets. Set them as follows:

Server IP: You can set this to your router’s LAN IP, i.e. 192.168.1.1

Client IPs: Set this to an IP range OUTSIDE your DHCP range (See Setup > Basic Setup to figure your DHCP range) A good example value would be 192.168.1.200-250 for clients to receive addresses within that range.

CHAP Secrets: This is the username/password combinations for your VPN clients. Format is:
username*password*
Example:
myname * mypassword *

Neither the username nor password can contain spaces, and must be all-lowercase.

You’re done with this page; Click Apply Settings.

Now go to Security > VPN Passthrough and make sure PPTP is set to Enabled. Click Apply Settings if you had to change the setting.

You should now be able to connect to your VPN using your Windows, Mac, or Linux computer by setting up a PPTP connection to your public (WAN) IP or hostname.

Troubleshooting

Can’t get connected? First, try setting up your connection to the router itself, using the LAN IP (192.168.1.1). If that works, then the VPN server is set up correctly; the problem is likely on the WAN side. Keep reading for suggestions. If you weren’t able to get connected, go back to the top and double-check your settings.

iOS-Specific changes

You may need to make the following settings adjustment if you are having trouble connecting specifically from your iOS device running iOS 4.3 or above. Go to Administration > Commands and paste the following in the box. Click Save Startup.

#!/bin/sh
echo "nopcomp" >> /tmp/pptpd/options.pptpd
echo "noaccomp" >> /tmp/pptpd/options.pptpd
kill `ps | grep pptp | cut -d ' ' -f 1`
pptpd -c /tmp/pptpd/pptpd.conf -o /tmp/pptpd/options.pptpd

(Source: DD-WRT Wiki)

If you can connect from the LAN side, but are still having trouble connecting from the WAN side, it’s likely your ISP or your gateway device (modem) is blocking the needed GRE protocol or the needed PPTP port or traffic. Contact your ISP for further assistance.

Do you have any experience or tips to share regarding VPN connections to a DD-WRT-powered router, or any suggestions in addition to the above? Please feel free to share them in the comments below. Thank you!

, , , , , , , , , ,

Leave a comment

Why good password practices are no longer optional — Part 1

This is the first part in a two-part series in password security practices and storage. Be sure to click here to read part two if you haven’t already!

If you — like many people — are in the habit of using simple passwords, or even the same password over multiple sites, you’re setting yourself up for disaster.

Let me briefly explain: If you’re using a simple password it becomes much easier for a hacker to brute-force your password and gain access to your account. You should always use the strongest password — lower- and upper-case letters, numbers, and special characters — that any particular website supports.

If you’re already using strong passwords, good for you. However, if you’re using that same password — or a variation of it — on multiple sites, you’re undercutting the security of it. If one website that you use it on becomes compromised and that password is revealed or released, any other website that you use it on has also become compromised.

One example of this disaster is the RockYou hack. In  January of 2010, Imperva released data regarding passwords exposed in the RockYou.com breach. In this attack, 32 million accounts were compromised and led to the disclosure of the top ten most used passwords, which potentially led to countless more accounts being compromised which used passwords that were on that list. This list was later updated to the 25 most often used passwords, as listed on Yahoo Finance.

Another example of this disaster waiting to happen is a phishing attack. This type of social engineering attack starts with a convincing-looking email that leads you to a website where you will “log in” or provide some other account details. The site that you’re directed to — while looking like the real site — is often a fake, designed to get you to provide your account information. Once the site has it, your account information can be used to log in to the real site. From there, a hacker can seize control of your account (changing the email address, password, and security questions), and attempting to use that information to log into other sites. Again, if you’re using the same password on multiple sites, the hacker now has access to all of those other sites.

Think you can identify a phishing email? Take a few minutes and take the SONICwall Phishing IQ Test now. I got 100% on this test, feel free to post your score in the comments below! You can also try the OpenDNS phishing quiz. I scored 14 out of 14 on the OpenDNS quiz. Feel free to post your scores and feedback in the comments below.

The implications of this are almost limitless if an attacker manages to take control of your email account. Once that happens they can start issuing password reset requests on other sites, and start taking control of them as well. For that reason, protecting the security of your email account should always been first and foremost. Google for one agrees, and offers users the option of 2-factor authentication, which provides a very strong level of security. If you have a Google (Gmail) or Google Apps account, I recommend you go and set this up immediately. It only takes about 15 minutes.

Do you have any other password security practices that you would recommend? Do you have a story to share about an account being compromised? Do you have anything to share that I didn’t cover above? Please feel free to share in the comments below! Also — check back for part two of this article, coming soon!

, , , , ,

Leave a comment

Bash script to automatically sort photos into folders based on EXIF data for Ubuntu Linux

If you — like me — take a lot of digital pictures, you probably have a hundred folders full of images on your hard drive or external drives, and not nearly as sorted as you would like them to be. you have probably gotten to the point that you don’t know what’s in them or can’t find an image when you’re looking. I had around 10,000 images in over a dozen folders spanning 5+ years, and I had no intention of even trying to sort them manually :) So I wrote this script.

The following script was written in bash on Ubuntu Linux and automatically sorts your images into directories based on the date and time the photo was taken. How does it do this? By making use of the EXIF data your digital camera stores inside the image. The date and time the photo was taken is stored in that EXIF data. When an image doesn’t have EXIF data (such as when it was downloaded from the Internet, or taken from a camera that doesn’t support adding EXIF data), it will use the files last-modified time.

First, this should be run in the top-most directory of wherever your pictures are stored. If you have pictures/foldername/somepics/ and pictures/anotherfolder/morepics, run it from your pictures/ directory.

There are quite a few opportunities to improve this script — and some cautionary notes as well — marked within the script with FIXME tags. I’m already finished sorting my images, but anyone is welcome to contribute suggestions and improvements, which I’ll look into incorporating the next time I’m using this. You are welcome to include any suggestions or code improvements in the comments below using <code> and/or <pre> tags.
Usage: Copy the script into a file, editing options where appropriate, and save it. Make it executable and run it from the command line or window, from the directory where your pictures are stored. No command-line arguments. Back up your stuff first :)

UPDATE: Because WordPress keeps mangling this code, it has been moved to github, here.

Questions, comments, or feedback can be left in the comments below, or please use the contact form. Thank you!

, , , ,

Leave a comment

How to enable BitLocker TPM+PIN after encrypting hard drive

BitLocker by itself is great drive encryption, but unfortunately it has some shortcomings in its default configuration. Namely, there’s no safeguard at boot time preventing the drive from being accessed. If your computer is stolen or physically compromised, the drive is ready and willing to give access to your data.

Fortunately BitLocker supports a PIN code which would can be required to be entered at boot time to unlock the drive. To enable the BitLocker PIN, simply open an administrator-level command prompt and run the following:

manage-bde -protectors -add c: -TPMAndPIN

You should receive output similiar to the following, during which you’re prompted for your PIN (no confirmation of keystrokes will appear on the screen during PIN entry):

BitLocker Drive Encryption: Configuration Tool version 6.1.7601
 Copyright (C) Microsoft Corporation. All rights reserved.
Type the PIN to use to protect the volume:
 Confirm the PIN by typing it again:
 Key Protectors Added:

If you get the following error…

ERROR: An error occurred (code 0x80310060):
Group Policy settings do not permit the use of a PIN at startup. Please choose a
different BitLocker startup option.

… then you will need to edit the local computer policy to allow a PIN to be set by performing the following steps:

  1. Click Start > Run and type mmc
  2. If Local Computer Policy is not visible, or Group Policy Object is not already added, add it by going to File > Add/Remove Snap-In > Group Policy Object
  3. Browse to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives
  4. Open the key Require additional authentication at startup
  5. Enable that Key and set Configure TPM startup Pin to Require startup PIN with TPM

Now you can set the PIN by running the manage-bde command once more.

, , ,

Leave a comment

How to create a multi-page PDF from multiple image files using OpenOffice

I ran into a scan a document to send it via email. PDF format would have been preferable, but Windows Scan and Fax wouldn’t export as a PDF. Fortunately OpenOffice is quite capable of converting a multi-page document to a PDF, and does it quite easily. I had already scanned my documents, so I wanted something that would work with the existing scans. Side note: OpenOffice also works on Linux.

Here’s how I did it.

Step One:

Scan your pages into JPG files and save them where you can find them. In this example, I have four scanned JPG files which I want to convert into a single PDF.

Step Two:

Start OpenOffice Writer

Step Three:

Click Insert > Picture > From File

Step Four:

Select the image to insert. Repeat with any additional images you wish to insert. Once you have all your images inserted, go to…

Step Five:

Click File > Export as PDF.

Step Six:

Set the PDF export options. If you aren’t sure what to do here, accept the defaults as they are fine. Click Export and you’ll be prompted to give the file a name and save it.

That’s it!

, , ,

Leave a comment