Apple Mac OS X 10.6 Snow Leopard has the capability of native NTFS support. In other words, you do not need NTFS-3G or any other third party application to be able to write to your NTFS storage media. However, you do have to enable it. Here is how:

1. In Terminal, type diskutil info /Volumes/volume_name, where volume_name is the name of the NTFS volume. From the output, copy the Volume UUID value to the clipboard.
2. Back up /etc/fstab if you have it; it shouldn’t be there in a default install.
3. Type sudo vim /etc/fstab
4. In the editor enable typing by pressing i, type UUID=, then paste the UUID number you copied from the clipboard. Type a Space, then type none ntfs rw. The final line should look like this: UUID=123-456-789 none ntfs rw, where 123-456-789 is the UUID you copied in the first step.
5. Repeat the above steps for any other NTFS drives/partitions you have.
6. Save the file and quit vim (Esc, :wq), then restart your system.

You can now read and write to NTFS without a third party application.

Till next time,

Jorge Orchilles

Every information security professional will tell you to use different passwords for every site. This is because if one site gets compromised and your password is cracked then the attacker can log into every site you use. The biggest complaint consumers have with using different passwords is remembering them all; now you don’t have to. Reading 59 Open Source Tools That Can Replace Popular Comercial Software, they suggest three Password Management solutions. Only one of these suggestions will work across different platforms (operating systems). If you are unfamiliar with password management please review the basics of password management. We will be discussing the desktop solution. I am not focusing on hosted/web solutions like LastPass as I do not trust a single site with all my passwords however here is a great write up by Steve Gibson as to why you should trust LastPass.

This post will focus on using a password management system across multiple operating systems: Windows, Mac OS X, and Linux. I will be using KeePassX for password management and DropBox for syncing across multiple devices. If you only use Windows you can use KeePass or Password Safe with DropBox, the process is similar.

First, create a DropBox account (free for 2GB), and install the application on your computers. They have support for Windows, Mac OS X, Linux, and smart phones.  Make sure to note where you placed the DropBox folder. Inside the DropBox folder, create another folder and call it “Safe” or whatever you want for your password file.

Next download KeePassX for the operating system being used. Extract the directory to your Applications directory. On Windows this is most likely C:\Program Files\KeePassX. Open KeePassX and select File-New. You will be creating the new database file. You can select to use a master password and/or a key file. I suggest always using a master password that is a very complex password (or phrase) that you do not use ANYWHERE else. Retype the password when prompted. Now before adding anything to the file, select Save. Choose the folder within the DropBox folder you created.

The basic setup is complete, now repeat the step on all your systems. Ensure you can open the KeePassX file on all your systems. You can only write to the file on one system at a time, so if you try to open the file that is already open it will prompt you to open as read only.

Once all your systems have Dropbox and KeePassX installed you are ready to start filling the database. Take this time to change your passwords on all your sites and ensuring you are using unique passwords on each web site.

Till next time,
Jorge Orchilles

I hope no one is still running Internet Explorer 6; if you are Microsoft has a countdown and awareness campaign to get you and your grandmother to upgrade. For those that are fairly up to date, be informed you are not because Microsoft released Internet Explorer 9 today. If you are feeling risky and are running Windows Vista or Windows 7 you can download Internet Explorer 9 from Microsoft’s official download site (not the millions of Google results for it’s download location). There are issues with certain sites so ensure you test this before deploying in production:

Microsoft also set up a domain dedicated to the new browser: www.beautyoftheweb.com. Unfortunately, that site isn’t hosted under the microsoft.com domain, nor does it have an SSL certificate to confirm that it belongs to Microsoft. Using this site to distribute the browser goes against the advice of downloading software only from known vendor websites. Copycat malicious sites claiming to distribute IE 9 will probably appear shortly, if they aren’t around yet.

Internet Explorer 9 includes a number of security improvements that make the upgrade worth your consideration. These include application reputation capabilities that are part of the SmartScreen feature thathelps protect the user against socially-engineered malware. The browser also supports the notion of Pinned Sites, which implements “secure launch” capabilities to safeguard users’ sessions with important websites. Internet Explorer 9 also improves its resistance to exploits by embracing support for DEP/NX, ASLR and SafeSEH memory protection capabilities. The new browser also improves the messages its users see when they download files and programs; the messages are designed to make it easier for the users to assess the risk of opening such files.

Till next time,

Jorge Orchilles

I was going through my Facebook Account a settings as everyone should be doing and found a few new settings and options I did not know about. Facebook Account settings may be accessed through the top right of any Facebook page once you are logged in. Some changes I made today:

• Password – you should change your Facebook password at least every 90 days and use a complex password: 8 or more characters, upper case, lower case, numbers, and symbols.
• Privacy – I set everything to Friends only you can click customize to deny the option to individual friends or a list of friends. Often Facebook resets some of these or adds new ones with the default privacy setting of “Everyone” which is not a privacy setting at all.
• Account Security – I don’t know how I missed this but Facebook now allows “Browse Facebook on a secure connection (https) whenever possible”. This should be enabled by EVERYONE. I don’t know why it is not enabled by default.
• Account Security – Enable the option: when a new computer logs in send me an email. Also go through the list of systems allowed on Facebook. Remove all those that you do not use or do not remember by clicking Remove.

These were all the usual changes I make but I found a new link towards the bottom: Download Your Information

Clicking the link to learn more allows Facebook to prepare a download of your entire profile. Allow Facebook to do this and wait for an email to come in saying your download is ready. You will have to verify your password and then be able to download a zip file with your entire profile. Go through this file and see everything that is available about you. Ensure you keep this file safe and delete it when you are done browsing as it contains your entire profile.

I signed up for Facebook in College and my history goes back to 2006. Go through the file and see if you every posted anything you did not want. Now it may be too late to remove it but it should at least make you think before you post in the future.

Till next time,

Jorge Orchilles