Latest Posts

The purpose of this article is to remind myself why you should create a Python Virtual Environment for all my projects. If it helps anyone else in debugging a suddenly broken test suite all the better.

Create a python virtual environment:

virtualenv –python=pythonexecutable destdir

Example

$ virtualenv --python=python3 ../virtualenv

Next step is switch the default to this.  Firstly run the following command to test where the current locations is:

$ which python

/usr/local/bin/python
$ source ../virtualenv/bin/activate

where the location is an extension of what was chosen with the above “virtualenv” command.

$ which python

/my/folder/root/virtualenv/bin/python

Why virtual environments

Creating Virtual Environments allows you to install different versions of python modules for different projects. An example being that while going through the book “Test-Driven Development with Python” I was having issues suddenly with my functional tests.  These began failing for no apparent reason. I then when back to previous commits in my git repository and found that all of them were not broken.  It turned out that it had broken due to three things being updated.  That being Django, Selenium and Firefox.  I had to roll back all three of these.

(virtualenv) $ pip install django==1.8

[....]

(virtual....... Read More
                        

One way attackers can get into your system is by an email phishing attack. This is very much like real world fishing, in that you present a target with a lure that has something behind it to snag the victim. A lot of these phishing attacks are trying to get you to either enter sensitive details into a website or install software on your computer.

Most of the phishing attacks I’ve seen over the years can be described as very amateurish. By that I mean they have obvious mistakes in the text (spelling and grammatical) plus the images were low enough in quality to be noticeable. More recently I’ve noticed that they are getting better, though there is still some very easy ways to foil most attacks, these are as follows:

Paypal email phishing attack

The below email I have seen multiple times. It is one of the most convincing ones, at least on the surface.

paypal fishing attack

Check Email Address

An easy way to detect most of these types of emails is to check the source address. As you can see below th....... Read More

Tips to keep you safe online

Jul 19,2016 at 10:27 am By Ben Hutton

One topic that comes up from time to time is how do people keep themselves safe online in todays technology rich environment. This is one of those areas where a little bit of knowledge can go a long way. First thing to note is not to rely too heavily on security products like Antivirus, Antispyware and Firewalls. These products you will need to invest in, especially if you are in a Windows Environment. Mac and Linux can get away without using Antivirus and Antispyware however some sort of Firewall is advisable.

Over my reasonably long tenure in the IT industry one truth has been constant, that being the weakest link in any security system is the human one. This is not a criticism against people or me telling you that most people are stupid. It’s more that most people aren’t aware of some of the things unsavoury people can use to convince people to let them in.

The technique used for conning people into compromising the security of the network they are using, whether this is your home and a business network is called Social Engineering. This technique is as old as computer networking and is the most effective to use against a system and the hardest to combat against.

Social Engineering is the number one technique for getting into someones computer. This technique can either be by phone or email. The most common is email since you can scale the attack (as in send multiple emails), as in send lots of emails whereas you can only interact w....... Read More

Let’s Encrypt

Jul 19,2016 at 10:27 am By Ben Hutton

It’s not surprising something like the Let’s Encrypt service has come since the increased threat of someone spying on the traffic coming to and from your PC. I’ve been wanted to have a look into this for some time now but have lacked the time. At the time of writing this article I finally made the time so I thought I’d documented it while writing this article. Also the aim here is to use this blog as my test bed for using this service (which it is now running).

It’s not easy to get started with it

While Let’s Encrypt provides free certificates it’s not easy to get started with it. Now standard SSLs can be a bit overwhelming the first time you use them there is these days so much information on the web that it’s an easy Google search away to get it sorted. Plus most certificate providers have clear instructions on creating and signing them for most platforms.

Unlike conventional certificate signing you cannot just use openssl to generate a signing request and past this into a website. Let’s encrypt requires a client tool to initiate the request, the Let’s Encrypt servers then do a test on whether you are the valid owner of the domain and then send you the relevant information for the tool to create the certificate.

In this example I have used the letsencrypt.sh tool. On my FreeBSD servers this was a simple as pkg install letsencrypt.sh and s....... Read More

Security through obscurity

Jul 15,2016 at 10:30 am By Ben Hutton

One method of securing a computer system is called “Security through obscurity”. While a poor method by itself it is however a good compliment to a holistic security methodology. All this amounts to is not advertising (hiding) what systems are or where they are within your network, whether this is at home or the office.

Rely on the laziness of others

A prime example of this is not keeping your wifi SSID as the factory default or naming it something that clearly relates to you. While this may not stop a hacker it will at least slow one down. I believe this is a valid compliment to your security because when it comes down to it most people are lazy and when confronted with two networks an attacker is likely to go after the easier one to exploit, so you can be doing yourself a favour by making it more difficult.

One thing anyone who has tested perimeter security will tell you it can be quite difficult to initially determine the makeup of a potential target, especially if they’ve made an effort to ensure services don’t announce themselves (like Apache giving you version number and all the modules installed). By making it difficult to determine the makeup of a network you will force many attackers to scan the network, which will make it more likely for security systems to detect the attack.

Not the smoking gun

While being a good addition to a secure network I have seen some people use this as....... Read More

Copyright © 2017 | Ben Hutton