Tag: security

Worried About Dropbox? Get OwnCloud!

  • May 16, 2014
  • Comments Off on Worried About Dropbox? Get OwnCloud!

After using Dropbox for years, I finally hit the 5G free limit.  I looked at the prices and while they are fair, it hurts to pay for something I know I can do for free using rsync or a simple FTP.  In this case, I got lucky and found that ownCloud is even easier to use than ever before, and does all the same things Dropbox does and more. Since I do practically everything in a VM, the first thing I did was spin up an Ubuntu 12.04 Desktop, go to the http://www.ownCloud.org web page and following the links for installing the DIY server edition.  Thank you, OpenSuse for hosting the install packages!   http://software.opensuse.org/download/package?project=isv:ownCloud:community&package=owncloud   I drilled down and got myself to the appropriate version of Ubuntu (and don’t worry, I know everything says xUbuntu, but they don’t mean Xubuntu, they mean any Ubuntu flavour….LOL). From there, this website provided the best instructions for me, although it is written specifically for using a VPS on DigitalOcean.  Still, most of the instructions apply for someone hosting their own ownCloud server.   https://www.digitalocean.com/community/articles/how-to-install-owncloud-and-configure-owncloud-apps-on-an-ubuntu-12-04-vps   Once I got this up and running, the next thing to do was uninstall Dropbox on my laptop and install the ownCloud client.  I got this from www.ownCloud.org as well.  After I got the ownCloud client going, it wanted to sync the whole account.  I didn’t want this and tried to stop it and remove the default ownCloud folder, but it basically hung.  After doing some research I found that the best practice is to quit the sync client and then open it back up, then immediately go to settings and pause the sync.  THEN, remove the default folder and create the new one.  I chose my Dropbox folder.  Why not?  It’s already there and it’s already where I put all my stuff.   The last thing to do was set things up on my phone.  I have an Android phone and the ownCloud client is in the App Store, so again, no worries there either.  Once it was installed and I logged into my server, BAM! all the dropbox files were available.  And don’t worry, it doesn’t download the files to your phone unless you tell it to.   I finished things off by adding linked folders on my server to my fileserver, setting up SSL and configuring the automatic camera upload feature on my phone, but it was all downhill from there.   If you are looking for an alternative to Dropbox and want to be in complete control of your data, I suggest you try it.  Have fun!

Heartbleed – NOOOOOOOO!!!!!

  • April 26, 2014
  • Comments Off on Heartbleed – NOOOOOOOO!!!!!

Wow, some big news hit the computer security industry recently.  It turns out when the mostly unused heartbeat feature built into OpenSSL IS used the server returns a packet LARGER than what was sent by the client.  This wouldn’t be such a big deal except the portion that is larger contains a snippet of recently used OpenSSL memory from the server.  So, the word is that the OpenSSL developer’s decided to write their own memory allocation manager instead of using the system allocator and as a result the memory wasn’t completely random or initialized, but instead contained actual recently used UNENCRYPTED data from the OpenSSL application.  It has been proven that it is possible to extract not only user logins, but also the actual certificate from the memory leak that is returned to the client.  This is absolutely CRAZY!!!  I have updated all my servers and am good to go, but the bigger concern is, did anyone else know about it before it was revealed and actually get certificates for bank servers and the like. Without actually knowing, since using this “attack” leaves no trace, the only assumption that can be made is that the certificates HAVE been compromised.  How will the certificate providers ever keep up with all the new certs they will have to create and all the old ones they will have to revoke?  This is going to cost a fortune.  UGH!