Archive for May, 2008
GnuPG 2 with Mail.app on MacOSX
There are many reasons, why we would like to have GnuPG installed in our systems, so I wont lose time explaining the “why” of this article!
First install MacPorts. Follow the documentation here. The BSD system is a very powerful tool for our MacOSX system. Then learn how to use ports.
Afterwards, try this:
libertad:~ atma$ port search gnupg qca-gnupg devel/qca-gnupg 2.0.0-beta2 Qt Cryptographic Architecture - openssl plugin gnupg mail/gnupg 1.4.9 GNU pretty-good-privacy package gnupg12 mail/gnupg12 1.2.7 GNU Privacy Guard gnupg2 mail/gnupg2 2.0.9 GNU pretty-good-privacy package p5-gnupg-interface perl/p5-gnupg-interface 0.33 Perl interface to GnuPG py-gnupg python/py-gnupg 0.3.2 GnuPGInterface is a Python module to interface with GnuPG py25-gnupg python/py25-gnupg 0.3.2 GnuPGInterface is a Python module to interface with GnuPG
Now, let’s install the GnuPG 2.0 version which is more secure and recent anyway:
libertad:~ atma$ sudo port install gnupg2 Password: ---> Fetching bison ---> Attempting to fetch bison-2.3.tar.bz2 from http://ftp.gnu.org/gnu/bison ---> Verifying checksum(s) for bison ---> Extracting bison ---> Configuring bison ---> Building bison with target all [...] ---> Building gnupg2 with target all ---> Staging gnupg2 into destroot ---> Installing gnupg2 2.0.9_0 ---> Activating gnupg2 2.0.9_0 ---> Cleaning gnupg2
Then just issue the command:
libertad:~ atma$ sudo ln -sf /opt/local/bin/gpg2 /opt/local/bin/gpg
done here!
What are we going to do now, is create our private key-pair. Just type:
libertad:~ atma$ which gpg
/opt/local/bin/gpg
gpg (GnuPG) 2.0.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 2y
Key expires at Mon May 31 19:15:25 2010 EEST
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name: Panagiotis Atmatzidis
Email address: p.atmatzidis@panda-gr.com
Comment: atma
You selected this USER-ID:
"Panagiotis Atmatzidis (atma)
"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
can't connect to `/Users/atma/.gnupg/S.gpg-agent': No such file or directory
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 6436970B marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2009-11-20
pub 1024D/6436970B 2008-05-31 [expires: 2010-05-31]
Key fingerprint =
uid Panagiotis Atmatzidis (atma)
sub [expires: 2010-05-31]
Your keys are ready. You can find in the directory $HOME/.gnupg/ . Your keys can be used to sign and most importantly encrypt files. We are going to
use it for messages but it’s not the only use. PGP can be used to files sign also when used from command line. The last version of Nautilus, the famous
GNOME file manager, supports on the fly encryption of files with the mouse right click on the file, using GnuPG keys.
To see your key and create a public.key file just type:
libertad:~ atma$ gpg --list-keys libertad:~ atma$ gpg --export --armor ~/Desktop/atma-key.asc
Now you can share your key with anyone! You can submit to the http://pgp.mit.edu server for others to find it easily!
In order to use our GPG with Mail me need to install GPGMail package.Note that there are multiple versions available. Choose the one that applies to your system MacOSX 10.4, 10.3 or 10.5. Just download the package and put the “GPGMail.mailbundle” in the $HOME/Library/Mail/Bundles directory. If the directory does not exist, you can created it manually.
More info on GnuPG command line usage can be found at dewinter’s page, there is of course the official documentation. Note that the GnuPG can handle other algorithms like IDEA, using external plugins. Hope this small & dirty guide was helpful for you too!
Then just open the Mail.app and go to Preferences -> PGP.
Scott Stevenson interview with Aaron Hillegass
Aaron Hillegass is one of the most famous book authors in the Mac community. The interview can be found here.
Τρύπα ασφαλείας στο Gmail
Πολλοί χρήστες Gmail ανά τον πλανήτη έχουν αναφέρει τελευταία ένα περίεργο συμβάν: Κάποιοι χρήστες λάβανε email από διευθύνσεις gmail φίλων. Έως εδώ δεν υπάρχει κάτι περίεργο. Είναι ένα κλασικό trojan. Το περίεργο είναι ότι οι χρήστες “θύματα” είναι χρήστες Mac και Linux, κι αναφέρουν ότι δεν έχουν παρατηρήσει “κάτι” περίεργο. Υπάρχουν ελάχιστα trojan για MacOSX και ακόμη λιγότερα για Linux. Είναι σίγουρα είναι πολύ δύσκολο να “ξεφύγει” κάτι από έναν μέσο χρήση Linux.
Δυστυχώς η κατάσταση φαίνεται να είναι πολύ χειρότερη. Το bug πρέπει να είναι στο εσωτερικό του Gmail. Οι χρήστες αναφέρουν ότι έκαναν χρήση του web interface. Υπάρχει μια υποψία, ίσως κάποιο trojan είναι τόσο καλογραμμένο ώστε να κλέβει τους κωδικούς του χρήστη από το Gtalk ή το Google Notifier. Πριν από λίγο καιρό είχε κυκλοφορήσει στο internet μια έρευνα για ένα πρόβλημα ασφαλείας στο Gmail, παρόλα αυτά μια επίθεση βασισμένη στο forwarding όπως αναφέρει το paper μοιάζει μάλλον ξεπερασμένη
Το πρόβλημα πρέπει να είναι σε επίπεδο χρήστη (HTTP), υπάρχουν πολλές αναφορές για το πρόβλημα, για την ώρα το Google δεν φαίνεται να έχει πάρει θέση. Το πρόβλημα για την ώρα παραμένει “καλά κρυμμένο” από ότι φαίνεται αλλά υπάρχει η υποψία κάποιου backdoor στο εσωτερικό των server του Gmail. Αν αυτό είναι αλήθεια, τότε ο spammer που το κατάφερε θα μπει στην ιστορία σίγουρα! Στόχος φαίνεται να είναι μόνο οι διευθύνσεις φίλων των θυμάτων, του Gmail. Αν στόχος δεν ήταν μόνο αυτός αλλά έψαχνε για στοιχεία στα email των χρηστών Gmail θα ήταν λίγο πιο τραγική η κατάσταση… Για την ώρα όλα αυτά παραμένουν υποθέσεις, το σίγουρο είναι ότι υπάρχει κάποιο πρόβλημα ασφαλείας στο Gmail και μοιάζει να είναι server side…
UPDATE: Πληροφορίες μπορείτε να διαβάσετε κι εδώ.
Firefox 3 beta for mac looks promising
I open my iBook G4 and browse the web several hours every day. In my office I use several e-banking systems. Most of them are Java based. All of them are very different. It requires a full featured browser in order to keep track, easily, with everything going on. RSS support is natural these days but I prefer reading news through NetNewsWire, which is a very good free nowadays, news reader software. What I need a good clear tab support.
Safari is the natural choice on MacOSX. The last version of the browser adjusted several known flaws and was said to pass the ACID3 test without issues. However the e-banking systems, the torrentflux-b4rt software that I use and other web-sites such as PayPal and Facebook work much better with Firefox.
Firefox, until today was slow and looked like a deprecated cousin of Safari. The last version of the browser for MacOSX changed everything. Compared to Safari, the launch on a ppc G4 1.07 Ghz is still slow, but nothing exaggerated. The browsing seems quick enough and the new look is killer good! It works like a charm with Java applications and has a new approach on quick bookmarks which I like. Even the address-bar help that appears as you write is really helpful!! I think that Safari now has a good rival on his own platform. In order to win Safari though, it will require much more optimisation under MacOSX, speed is a crucial issue when it comes to browsers and Safari still is the fastest browser (launch & browse) under MacOSX.