Posts Tagged ‘security’

Personal Security Tips

March 6, 2020 Leave a comment

See for a curated checklist of 100+ tips for protecting digital security and privacy.

Categories: network Tags: ,

funny git commits

February 19, 2017 Leave a comment

Some funny GitHub commits:

Found here.

What to do if shit happened.

Categories: Uncategorized Tags: , , , ,

MongoDB: connect remotely

August 8, 2016 Leave a comment

I have a Digital Ocean VPS running MongoDB. There is a web application on this machine that is on port 80. MongoDB is hidden from the outside world and can only be accessed internally. There is also an SSH port where I can log in.

How to connect to my MongoDB server from home? Say I want to use a graphical client, e.g. MongoChef. The client runs on my home machine and I want to connect to MongoDB with it on my DO VPS. How to do that?

I found the solution here. In short: we connect securely to our database through an SSH tunnel.

Make sure that:

  • you can SSH into your Mongo droplet
  • your MongoDB is bound to localhost

For connecting, I use this script:

cmd="ssh -p ${REMOTE_SSH_PORT} -L ${LOCAL_PORT}:localhost:${REMOTE_MONGO_PORT} user@your.remote.ip"
echo "#" $cmd
echo "# connect on your home machine to port ${LOCAL_PORT}"
echo "# example:    mongo --port ${LOCAL_PORT}"

The default SSH port is 22, but it’s a good idea to change it. With the command “ssh -p ${REMOTE_SSH_PORT} user@your.remote.ip” I could log in to my VPS. However, MongoDB was not accessible from outside, thus executing “mongo --host your.remote.ip --port ${REMOTE_MONGO_PORT}” failed.

The SSH tunneling above works as follows. On your home machine you open the port ${LOCAL_PORT} that is connected to your remote machine via the SSH port ${REMOTE_SSH_PORT}, and the connection is tunneled to localhost:${REMOTE_MONGO_PORT}, where localhost means the remote machine where we logged in with SSH.

So, when you execute the script above, you’ll have to log in to your remote machine via SSH. Then open a new terminal and type “mongo --port 2345” and voilá, you are connected to MongoDB on your remote machine!

If you use a Mongo client (e.g. MongoChef), then simply create a new connection and specify localhost with port 2345. Connect, and you are in.

It works as long as you are logged in in a terminal via SSH. When you log out, the local port closes that is tunneled to your remote machine.

KeePassX + TrueCrypt + Dropbox: a secure and portable password management solution

April 14, 2013 4 comments

Read the update at the bottom.

I’ve arrived at the point that I’m fed up with the f* passwords. I can’t memorize them all so I usually write them in an exercise book that I keep at home. But what if I need something from it at my workplace? On the other hand, this booklet is already full (with other pieces of info too), so when I need a password from it, I need to search it for minutes… Damn. It would be so nice if I had all this information in a file on my machine but in a secure way.

The ideal solution is a password manager. But which one to choose? There are a lot. Since I also use Windows from time to time, I needed a cross-platform solution. First I thought of using a command line manager but finally I decided to use a graphical one; after all it looks nicer and easier to use (and I didn’t want to learn new command line options that I forget if I don’t use it for a few weeks…). This is how I got to KeePassX, which perfectly fulfills my needs. It’s also in the Ubuntu repos.

As I use several machines, the password database should be available everywhere. So let’s store it on Dropbox. But how safe is it? Well, it’s rather safe; your KeePassX database has a master password, which uses an AES-256 encryption but still… the devil never sleeps. Could we add an extra layer of security?

Yes, we could. With TrueCrypt you can create an encrypted file that can be mounted as a new volume (as if you had attached a USB stick for instance). I put the KeePassX database on this volume. Thus, in order to use the database, first I must mount the container file as a TrueCrypt volume, and then I can open the database file, but it also asks for the master password. Now I dare put the TrueCrypt container file on Dropbox :)

So, here is my setup (summary):

  • Create a KeePassX database and provide a master password. You can change this password later under the File menu. It uses AES-256 encryption.
  • Create a container file with TrueCrypt. The KeePassX database is very small so I set the container’s size to 1 MB. Encryption algorithm: AES-Twofish-Serpent cascading encryption with the XTS method. Hash algorithm: Whirlpool (tip from here). Of course, use a different password for this container file than for the KeePassX database. The TrueCrypt password should be long (20 to 30+ characters).
  • Mount the container file and move the KeePassX database on the mounted volume.

OK. So far so good. But how to use the database painlessly? I made a simple script that mounts the container file and then opens the database. Just customize the constants in the header part. Launch it and simply type in the passwords. Instead of one password (for the database), you will have to provide two extra ones (for the TrueCrypt volume and your root password for being able to mount a new volume). I think this sacrifice is worth considering the additional security you gain. It may be a bit paranoid but on the Internet be paranoid. You know: Trust is a weakness :)

#!/usr/bin/env python

Start KeePassX.
Mount the truecrypt container if necessary.

by Jabba Laci 2013 (

import os

TRUECRYPT = '/usr/bin/truecrypt'
KEEPASSX = '/usr/bin/keepassx'
CONTAINER_FILE = "{home}/Dropbox/keepassx/container.dat".format(
MOUNT_POINT = '/media/truecrypt9'
KDB = '/media/truecrypt9/JabbaDB.kdb'

def mount_truecrypt_file():
    Open the truecrypt container file that
    includes the keepassx database.
    if not os.path.isfile(KDB):
        cmd = 'sudo {tc} {container} {mount}'.format(
            tc=TRUECRYPT, container=CONTAINER_FILE, mount=MOUNT_POINT
        print '#', cmd
        print '# container already mounted to', MOUNT_POINT

def open_kdb():
    Open the keepassx database file on the previously mounted volume.
    if not os.path.isfile(KDB):
        print "Error: the container file was not mounted."
        cmd = "{kpx} {f} &".format(kpx=KEEPASSX, f=KDB)
        print '#', cmd

def main():


if __name__ == "__main__":

[ comments @reddit ]

Update (20130501)
After two weeks of usage, I think adding truecrypt is an overkill. The problem is the following: I want to use this keepassx database on several machines, that’s why I put it on dropbox. That’s fine. But each time I need to mount the truecrypt volume that I often forget to dismount. At my workplace my machine is always on, so sometimes (often) I leave the volume mounted when I go home. If I want to add a new password to the database at home, dropbox creates a conflicted copy of the truecrypt file when I save the keepassx database. So I end up with two different databases that I will have to merge manually. It’s already happened to me 2 or 3 times…

So I removed truecrypt from the chain. Now I have a keepassx database (with a long password) stored on dropbox. I only have to pay attention to close keepassx when I leave my workplace but it’s feasible: when I copy a password from it, I close it immediately.

SecurityTube: lots of videos on security

April 7, 2013 Leave a comment
Categories: Uncategorized Tags: ,

Hacking with BackTrack Linux

November 24, 2010 1 comment

I’ve been using Ubuntu for years but I just heard about BackTrack Linux today. It’s an Ubuntu-based distribution with a collection of security and forensics tools. You can install it on your HDD, run it on a live CD, or install it on a USB drive.


Categories: ubuntu Tags: , , ,

Firesheep danger, protect yourself

October 28, 2010 2 comments

I just read about a funny Firefox add-on called Firesheep that can capture login information on free wifis. (Video in Hungarian here, text in English here.)

At, two Firefox plugins are recommended. They force your Firefox to use the https protocol wherever possible.

  1. HTTPS Everywhere
  2. Force-TLS

I installed both. HTTPS Everywhere contains a list of predefined sites but it’s difficult to add a new site. Force-TLS is the opposite. So the two nicely complement one another :)

Update (20101109): you can find some more info here.

Categories: firefox Tags: , , ,