Portable apps have proven to be very popular and quite resilient in spite of the popularity of on-line apps. On-line apps like Google Apps, Zoho and Basecamp offer solutions for collaboration and portability, but there aren’t many good on-line solutions for applications like text editors, image editors, operating systems and browsers. Because of the need for these types of applications and the benefits of using USB apps I have been adding to my USB app collection. To be fair I have replaced some portable apps with on-line apps, e.g. I prefer Google Reader to GreatNews because desktop RSS readers become bloated and slow down as you add feeds, but at the same time I have discovered a few new portable applications. (more…)

OpenID is often compared to Microsoft’s Passport and normally it’s said to be better because “it’s not controlled by any one big corporation”. You may have heard or read about OpenID, but chances are that you 1) aren’t using it or 2) have not really looked into it and 3) even if you have, you still don’t understand it. As with many open source projects documentation is scattered, complicated and mostly technical. Over the last few weeks I have tried to make some sense of OpenID and here is my take on it. (more…)

MarkMonitor released its Summer 2007 Brandjacking Index, a quarterly report that measures the effect of online threats to brands. The report describes trends of how domain names are used in scamming efforts to hijack well-known brands.

Cybersquatting is a well known form of domain hijacking, but according the report it only grew by 8% in the last quarter, compared to newer and lesser known scams like domain kiting which grew at 242%. Cybersquatting is when someone registers a domain name which contains a brand, slogan or trademark to which the registrant has no right. Owners of registered brands, slogans and trademarks can quite easily approach cybersquatters and gain ownership of the domains. Domain kiting, however, is an advanced hack of cybersquatting and is much more difficult to fight.

Domain Kiting: The process whereby domains are registered and dropped within the 5 day ICANN grace period, and then registered again for another 5 days. Kiting a domain lets the registrant gain the benefit of ownership without ever paying for the domain.

The highest growth rates of kiting is experienced in the media industry. Kiters rotate their domain names through registrars and some registrars simply ignore the practice - it seems they actually thrive on this business!

The report says a lot about spamming and phishing in the pharmaceutical drug industry, but I’m surprised that there’s no mention of stock spam because I have been getting a lot of that lately!

In a previous post I discussed the very useful Hamachi personal VPN. OpenVPN is an open source VPN solution that has enterprise scale capabilities and is a “real” virtual private network solution. It’s a Tech World has a very good article on configuring OpenVPN. Like most open source applications, however, it can take some time to understand, but once you do it grows on you.

TrueCrypt is an open source application that allows you to create encrypted virtual drives on your computer. That way you can secure files on your computer by putting them in an encrypted space that will only be accessible by mounting the virtual drive which is password protected.

The TrueCrypt file can be emailed, backed up and FTP’ed and remain secure because of the strong encryption. It can also be run from a USB flash drive. The virtual disks can be mounted on any operating system.

Once a volume is mounted, files that are written to the virtual disk are encrypted on the fly.  Performance is excellent and you hardly notice anything - except if you choose some ridiculous encryption algorithm.

You can create almost any size virtual drive and chose from most popular file systems, e.g. FAT32 and NTFS.

Make sure to save your password:  There is no way to recover a lost password!

• Creates a virtual encrypted disk within a file and mounts it as a real disk.
• Encrypts an entire hard disk partition or a device.
• Encryption is automatic, real-time (on-the-fly) and transparent.

It’s very simple:

1. Download and install TrueCrypt: http://www.truecrypt.org/downloads.php
2. Start the application
3. Click on Create Volume
4. Select a location and file name for the virtual drive. The virtual drive is saved as one big encrypted file (or a whole disk)
5. Choose an encryption algorithm
6. Choose the virtual drive size
7. Choose a password
8. Select the file that you just created and choose a drive letter on which to mount it
9. Click on Mount and enter password

The drive is available to you and anyone else connected to the computer for as long as it is mounted. See the Beginner’s Tutorial for more information.

If you haven’t heard of Sysinternals you better visit their Website while it’s still live (and free) because they have been purchased by Microsoft. Sysinternals has a huge list of free Windows utilities that are very useful for system administrators.

The Sysinternals web site provides you with advanced utilities, technical information, and source code related to Windows internals that you won’t find anywhere else.

Some of my favorite utilities are:

• BlueScreen - A “blue screen of death” screensaver : )
• Junction - Symbolic links for Windows
• Du - Disk usage by directory
• MoveFile -  Schedule file rename and delete commands for the next reboot
• Process Explorer - Task Manager on steriods

I frequently get asked how to encrypt files using Pretty Good Privacy (PGP). There is very good documentation available on the Web, but here is my condensed version.

Public key cryptography uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. Your public key can be distributed to anyone and does not pose a risk. Your private key needs to be kept safe and not given to anyone. Anyone with a copy of your public key can encrypt information that only you can decrypt using your private key.

I use free software called GnuPG (http://gnupg.org/). Once you have the software installed you need to create a public/private key pair and then you need to exchange public keys with the party you wish to exchange encrypted files.

Here’s what you need to do:

1. Download and follow the instructions to install the software:
http://www.gnupg.org/(en)/download/index.html (look for the Binaries section to make your life easier)

2. Generate a public/private key pair: Go to your GnuPG install directory and type in gpg --gen-key. The default settings are usually good (DSA (1024 bit) and Elgamal (2048 bit)/never expires).

(more…)