Chuck's Blog

One time passwords are a very effective way to connect to an SSH server from an untrusted computer. Consider the following scenario I deal with almost daily.

The computers where I take classes are owned by a governmental organization. Sounds secure, right? Not really. Quite often other students will mess with the computers as they see fit. Plus, installing a keylogger is trivial, since the computers are Mac Minis running Windows Vista laid out on top of a desk, right next to their respective monitor.

Usually I would simply steal the network cable from a Mac Mini for my session on my secured laptop and plug it back in after, but unfortunately this behavior is forbidden by the administration. The biggest problem is not this, but that I need to get access to my remote server to copy a file off. And it cannot wait.

So, I simply fixed the problem by following this how-to and installing putty onto a removable medium, and using my laptop to generate the one time passwords. The linked guide isn’t to hard to follow, so I won’t bother creating my own version of it. However, I did notice some interesting things that could be done with the opie-client and opie-server packages that I plan to blog about later.

If you have any problems with following the how-to I linked to just post a comment here with your problem. I’ll do my best to help.

I recently had to play with LogMeIn.com’s services for a class, and began thinking about the service’s security. Yes, they state they use encryption. Yes, they provide the ability to use one time passwords. But are they really secure? I guess I am reluctant to trust third parties with access to my computers, but hey, better safe than sorry.

If anyone does have any experiences with them I wouldn’t mind hearing them. Curiosity may have killed the cat, but the cat had nine lives anyway.

We’ve all done it. Plug in a password, think we’ll remember it a month from now, and have our memory betray us. With most Linux distros you can just pop in a livecd and change the password, providing you did not use some sort of full disk encryption, but for Windows Vista and Windows 7 things can get more complicated.

You can purchase the Microsoft solutions to this problem, but if you’re like me you would prefer a free solution. SystemRescueCd is this solution.

Just burn the cd, boot from it (type rescuecd at the boot prompt) and wait. When you get a shell prompt just follow its instructions to mount your windows partition, and enter the system32 directoryand look for a file named “SAM”. Once you’ve found it just type chntpw -u <user> /path/to/SAM and follow its instructions. Reboot cleanly, and voila.

One thing I have noticed though is that sometimes chntpw cannot change Vista passwords. If this is the case for you just set the password blank, log in under windows, and change it there.

As of the time indicated on this post, all content on this blog, excluding content owned by third parties and content otherwise specified, is now licensed under the Creative Commons Attribution 3.0 United States license.

I’m not doing this to discourage derivative works or such, just to protect me. The only requirements I have for redistributing and modifying my content is that it must somehow credit me, either by name or a link back to the original page the content was found in. So feel free to “steal” my content, just give me credit when you do.

Anyway, the link provided in this post shows what restrictions are put on the license. To sum it up you basically just have to give me credit, but if you are unsure just check the linked page.

Interesting little tidbit I found on the net last night while looking for what carriers the enV2 is compatible with. Simply dial the following while the phone is flipped open and hit send:

##lgservicemenu

And when the next dialog pops up, just enter zero’s. Once you do this a menu will pop up. With this menu you can perform phone self tests, monkey with some special settings, etc. Be warned though that you could mess up your phone if you’re not careful.