I have come to the conclusion that my little vps just won’t cut it for running multiple site, irc, poxy, and who knows what else.  So I have decided to make a few changes.  If you haven’t noticed the blog isn’t under ssl anymore.  This is because I have moved over to Dreamhost.  This should make things run faster and administration of the site is way easier.  Everything else is pretty much the same, just use “dev.throwthemind.com”  I sure hope I haven’t screwed anything up too bad.

Thanks
Nathan

Every week I listen to Security Now a podcast hosted by Steve Gibson and Leo Laporte. The other week I found out that most File Shredding programs don’t actually delete the files in the correct manner. A file isn’t deleted until its place on disk has been allocated to another file. This is the reason there are so many file recovery programs available. So what are we suppose to do if we want to delete a file and be sure it can never be recovered again? We download SDelete from Sysinternals and put it to work. SDelete is a command line utility and personally I don’t like having to type in a long command just to delete a file. So I wrote up a nice little batch program. You can either drag and drop one file, or one folder and it will delete the item using SDelete. All you have to do is download the batch file to the same directory as SDelete.exe and your good to go. Also the batch file tells SDelete to do five passes, just to make sure your item isn’t coming back.

Download SDelete.exe http://download.sysinternals.com/Files/SDelete.zip
Download delete.bat http://throwthemind.com/tools/delete.bat

In the last few days I have shown you how to encrypt and decrypt any file, and securely delete any file (unencrypted ones) all running off a USB Dive without Administrator access on a Windows machine. I hope you get use out of this, I know I do.

Thanks
Nathan

The other day I picked up a new 2gb USB Drive. I like to keep storage with me, as well as programs like Portable Putty, Firefox, Filezilla, VLC, 7Zip and KeePass. All of which can be downloaded free at PortableApps.com Keeping all these programs only takes up around 150MB, which isn’t bad when you have 1.9GB to play with. Now lets talk about encryption. Using a Mac or Linux a lot like I do, you find OpenSSL is awesome. You can easily encrypt and decrypt files quickly.  I recently got to looking around and found an .exe of OpenSSL. So I started playing. When I was done I had OpenSSL working off a USB Drive, and a batch file that either encrypts or decrypts based on the file extension. Oh and the batch file is run by dropping a file onto it. Here is what I did.

1. Download Win32 OpenSSL v0.9.8g Light and install.
2. Copy C:\OpenSSL\bin to your USB Drive.
3. Rename the bin directory to openssl.
4. Copy libssl32.dll, libeay32.dll, msvcr71.dll, ssleay32.dll from C:\WINDOWS\system32 to your new openssl directory.
5. Double click on openssl.exe in your openssl directory. If it works you should get a command prompt showing OpenSSL>
6. Download this file to the root of your USB Drive. encrypt-and-decrypt.bat
7. Now you have drag and drop encryption and decryption using aes-256.

The batch file will encrypt any file but will not encrypt a directory. If you want to encrypt a directory you can use 7zip to zip up the directory, then encrypt the .zip Also the batch file will only decrypt files ending in .enc Test it out and you will see what I mean. If you have any questions just leave a comment.

Thanks
Nathan

ps. If you want separated encrypt and decrypt files you can download these. encrypt.bat decrypt.bat

I have been toying with the idea of an internet based password manager.  I started by making a C program but I never really finished it.  Then I thought php would be the way to go, and never started it.  So today I ran across passlet.com.  It is a online password manager, that stores everything encrypted.  The nice thing about this is that the browser actually does the encryption and then that data is sent over ssl to be stored in the server.   This way everything is stored encrypted.

One thing I like about passlet over other systems is how simple it it.  There is no crazy css going on, just simple ajax encryption and decryption.  Also passlet isn’t afraid to show the queries between me and the server.  I can see everything going on.  I did some research on the site and it seems like it has been around for a year or so.  I would feel more comfortable if I controlled the server and database but really its probably more safe than some e-commerce sites out there.  I will be giving passlet a shot and will let you know how I feel.

Since I have moved the entire Throw The Mind empire over to SSL I have noticed no comment spam. I don’t know if this is a coincidence or if spam bots don’t know what to do about http pages. Anyway just thought I would share.

Also if you are out in public and have the need to encrypt your internet traffic you have head over to Poxy and do it.