Validating a downloaded program

# import company key into your system
# sometimes called signing key or public key
# the file of import should start with this line ‘—–BEGIN PGP PUBLIC KEY BLOCK—–‘
$ gpg --keyid-format long --import [public_key/signing_key]

# run validation with signature and program.
$ gpg --keyid-format 0xlong --verify program.exe.sig program.exe

# you may get several different responses but the one that is bad for sure is ‘gpg: BAD signature from …’

good example and instructions
https://tails.boum.org/doc/get/verify/index.en.html
click on ‘Using Linux with the command line’

# view imported keys from gpg imports
$ gpg --list-keys
# view imported keys from ppa imports
$ sudo apt-key list

# remove keys
$ gpg --delete-keys "name"
$ gpg --delete-keys "Tails developers"

# site to hold manage keys
https://keybase.io/

# additional information
http://www.thegeekstuff.com/2013/02/gpg-encrypt-decrypt/
https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages-on-an-ubuntu-12-04-vps

Installing Burp Suite

# Using Ubuntu 12.04.4 LTS

$ sudo -su
$ cd /opt
$ mkdir burpsuite
$ cd /opt/burpsuite

# or the current version see http://portswigger.net/burp/download.html
$ wget http://portswigger.net/burp/burpsuite_free_v1.5.jar
$ cd /opt/burpsuite
$ java -jar burpsuite_free_v1.5.jar

Setup ssl https for you apache site

Follow every step in:
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04

Get a secure https connections:
1. buy a certificate (namecheap is a good option)
2. Install it in your server
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx
https://www.namecheap.com/support/knowledgebase/article.aspx/9423//installing-a-ssl-certificate-on-apache
https://www.namecheap.com/support/knowledgebase/article.aspx/9637/68/how-can-i-complete-the-domain-control-validation-dcv-for-my-ssl-certificate

Installing Truecrypt in the command line

Download the console only Truecrypt at
http://www.truecrypt.org/downloads

extract it and the shell script (.sh) will appear then run it
$ sh truecrypt-7.1a-setup-console-x86

Truecrypt Command Line Usage

To run truecrypt
$ truecrypt ./volume

—-
Installing truecrypt in linux apt-get

Tags:
console, ubuntu server, terminal

>SSH in Windows

>One might ask “why do you need ssh?” And if you don’t know what ssh is, learn it? It’s very useful, you’ll thank me someday.

The problem I was having is that ssh is shipped with Unix operating systems such as Linux and iOS but not on Windows. What if I need to securely access my files on my Windows computer, what will I do? No worries you can have ssh on on Windows but it takes extra work. You’ll need to install cygwin a Unix-like environment and command-line interface for Windows. Click Me for detailed instructions on how to set it up.

>Whitelist. A Javascript Object

>Blacklisted are those who access were removed and whitelisted are those who are specifically granted access or privilege. Below is a Javascript whitelist object.

//START OBJECT
var white = {
list: new Array(),
request: function(permitted){
for(var value in this.list){
if(permitted == this.list[value]){
return true;
}
}
}
}
white.list = ['jon','max']; //set who has can have access
//END

//Lets test the object
if(white.request('jon')){
//if access granted
alert('welcome VIP')
}else{
//not granted access
alert('Access was never granted to you');
}

>Whitelist. A Javascript Object

>Blacklisted are those who access were removed and whitelisted are those who are specifically granted access or privilege. Below is a Javascript whitelist object.

//START OBJECT
var white = {
list: new Array(),
request: function(permitted){
for(var value in this.list){
if(permitted == this.list[value]){
return true;
}
}
}
}
white.list = ['jon','max']; //set who has can have access
//END

//Lets test the object
if(white.request('jon')){
//if access granted
alert('welcome VIP')
}else{
//not granted access
alert('Access was never granted to you');
}

>Hide a file in Windows

>There various ways to make a file hidden in windows but the example below will make it really hidden, it’s like magic.

open CMD

To select file:
C:\Users\Fel\Dektop>attrib [filename] +h +s

The file will disappear. You cannot find it in the GUI or the CMD when dir command is used. It also will not show if you have the “show hidden files” selected in the folder options. (make sure you hide it first to make it work)

Now for the prestige (bring it back)

C:\Users\Fel\Dektop>attrib [filename] -h -s

>Principle of Least Privilege

>The principle of least privilege can be used to improve the security of any computer system. It’s a basic but important principle that is often overlooked. The principle is as follows:

A user (or process) should have the lowest level of privilege required to perform his assigned task.

It applies in MySQL as it does elsewhere. For example, to run queries from the Web, a user does not need all the privileges to which “root” has access. You should therefore create another user who has only the necessary privileges to access the database you just created.

Excerpt from PHP and MySQL Web Development page 223