Monthly Archives: August 2014

Yes, you read that right. No matter what the warlords at Apple may tell you, you can run open source apps even if you are using Mac OS, which itself is closed source.

Wondering why you ought to choose open source? Well, for a start, owning a Mac is an expensive proposition, so opting for open source applications on the Mac is one decision your wallet will appreciate. Second, it is common knowledge that open source applications are updated more frequently, are community-driven, and easily customisable. What more can one ask for?

The Internet
Mozilla Firefox: Seriously, who doesn’t know Firefox? It is one of the leading open source Web browsers (and it eats Safari for lunch). Definitely one of the most loved applications, irrespective of your platform!
Link: http://www.mozilla.org/en-US/firefox/new/ 
 
Chromium: If you are using Mac OS, chances are that you’ve opted for Google Chrome, instead of its open source sibling, Chromium. However, just for your information, if you need a true open source browser for the Mac, you can take a look at Chromium.
Link: www.chromium.org

Adium: This is an open source messenger that lets you connect to multiple IM platforms, such as AOL and GTalk (via Jabber). If you are a social networking addict and like to chat with your friends online, Adium can come in handy.
Link: http://adiumx.com/ 
 
Mozilla Thunderbird: Here’s an email suite-cum-calendar-and-planner. It comes loaded with features such as powerful spam filters, easier email management, task planning, and more.
Link: http://www.mozilla.org/products/thunderbird/
RSSOwl: This is a cross-platform RSS client that lets you easily manage and read your RSS subscriptions.
Link: http://www.rssowl.org/download 
 
Vienna: Here’s yet another RSS client, modelled along the lines of RSSOwl.
Link: http://www.vienna-rss.org/vienna2.php

Juice: Do you happen to be a creative artist? If you use the Internet to showcase your work using podcasts, you won’t find a better podcasting tool for Mac than Juice. It is totally free and open source, so give it a spin!
Link: http://juicereceiver.sourceforge.net/index.php
 
Colloquy: This is a free and open source IRC client for the Mac.
Link: http://colloquy.info/downloads.html

Office suites and productivity
Bean: If you need a word processor for general use (creating and editing documents, dealing with multiple file formats like DOC, ODT and RTF, and so on), but do not wish to opt for super-expensive suites like MS Office, Bean should be worth a try. It is an open source word processor for Mac users, and comes loaded with great features.
Link: http://www.bean-osx.com/Bean.html

AbiWord: Here’s yet another open source and totally free word processor.
Link: http://www.abisource.com/download/

LibreOffice: If a mere word processor won’t do for you, instead of burning money on proprietary office suites, take a look at LibreOffice. It’s a full-fledged productivity suite that comes with its own word processor, spreadsheet, drawing program and many other features.
Link: http://www.libreoffice.org/download/

Scribus: This is an open source desktop publishing program. The installation procedure on the Mac is a little complicated, but it is totally worth the effort as Scribus is one of the most impressive DTP tools, no matter what OS you are running!
Link: http://www.scribus.net/

Freemind: This is an open source note taking application.
Link: http://www.macupdate.com/info.php/id/19325

Audio and video
Miro: You do get QuickTime with your Mac machine, but sometimes, the default programs just do not suffice (just as Windows users no longer stick to IE, even though it comes pre-loaded). Miro is an open source video player that supports multiple file formats, and even lets you stream and download videos via YouTube.
Link: http://www.getmiro.com/ 
 
Miro Video Converter: MVC lets you convert your video files to work on the Mac and other Apple devices, as well as other PCs and Android handsets. You can get it from the Mac App Store for free.
Link: http://www.mirovideoconverter.com/

VLC Media Player: This world-renowned media player is also available for the Mac.
Link: http://www.videolan.org/vlc/index.html

MPlayer: While not as good-looking as Miro, and with an interface that does not blend well with the look and feel of a Mac, it does support more video formats than VLC or QuickTime—and that’s what matters, at the end of the day!
Link: http://mplayerosx.sourceforge.net/

iPodDisk: Here is an open source utility that lets you copy music to and from your iPod—you do not need iTunes or any other proprietary software.
Link: http://www.macupdate.com/info.php/id/19890

Audacity: This is a sound-recording and audio-editing application that is both free and open source.
Link: http://audacity.sourceforge.net/download/mac

Pictures and graphics
The GIMP: This is one of the best open source photo-editing and image-retouching software. It is available for multiple operating systems, and has its own plugins and extensions repository.
Link: www.gimp.org 
 
Seashore: This is a photo-editing software based on the GIMP, but it does not require X11 and thus becomes ideal for Mac users.
Link: http://seashore.sourceforge.net/index.php

InkScape: This lets you work with vector images and graphics. You can create logos and other vector-based artwork using InkScape.
Link: www.inkscape.com

Blender: This is a 3D modelling tool that gives even proprietary software a run for their money.
Link: www.blender.org

CD/DVD ripping
Handbreak: This is a DVD ripper and MPEG-4 encoder for Mac.
Link: http://handbrake.fr/downloads.php

Burn: It is a simple and easy-to-use CD/DVD burning app for the Mac OS.
Link: http://burn-osx.sourceforge.net/ 
 
FTP
Fugu: An open source FTP client, Fugu can be used only for SFTP.
Link: http://rsug.itd.umich.edu/software/fugu/download.html

Cyberduck: This is a good open source FTP client that comes with an impressive set of features.
Link: http://cyberduck.ch/

OneButton FTP: Here’s another FTP client for Mac users.
Link: http://onebutton.org/index.php

Development
Q Emulator: This lets you run Windows programs on your Mac machine.
Link: http://www.macupdate.com/info.php/id/20830/

Blue Griffon: This is an open source WYSIWYG HTML editor for Mac platforms.
Link: http://bluegriffon.org/pages/Download

WaveMaker: It lets you develop Web and cloud applications with ease.
Link: http://www.wavemaker.com/downloads/

jEdit: This is primarily a Java IDE, but with the use of plug-ins, it can also handle Perl, PHP, Python and Ruby. It comes with several formatting tools and features to help you code effectively.
Link: http://www.jedit.org/

General utility
The Unarchiver: It lets you uncompress and open file formats such as RAR, bz2, gzip, 7zip and tar, which are often not supported by the pre-installed archiving tools.
Link: http://wakaba.c3.cx/s/apps/unarchiver.html

Cabos: This is an easy-to-use peer-to-peer file sharing program for Mac users.
Link: http://cabos.sourceforge.jp/

SolarSeek: Another file sharing client for Mac devices.
Link: http://www.solarseek.net/

With this, we come to the end of this round-up of open source tools that you can use to enhance your computing experience on Mac machines.

Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these benefits comes a threat: wireless networks are prone to attacks. This article discusses techniques to protect FOSS networks, which systems administrators can implement to achieve adequate security.

Before we talk about wireless security and vulnerability attacks, we must understand the basic radio transmissions, and the IEEE 802.11 protocol, also commonly known as the WLAN protocol. This protocol links two or more devices over a short distance, using spread spectrum signals. Spread spectrum, at its core, is based on radio communication frequencies to establish point-to-point wireless communication between a transmitter and a receiver, while achieving resistance to signal jamming and signal fading. As shown in Figure 1, to establish a wireless network, you need a wireless access point (AP) and also a wireless adaptor for each node to be connected. The AP is also called a hot-spot; it hosts a radio transceiver similar to a walkie-talkie. It also contains hardware to convert digital data into radio signals and vice-versa.

The AP has a unique feature called a beacon transmission, whereby it keeps transmitting a digitised signal, typically, a few times every second. This signal contains the network identification data, the service set identifier (SSID) and some trivial error-correction information. Nodes such as laptops or other wireless devices detect this signal in order to show it in the list of available wireless networks. It also detects whether or not the AP is using any security, the level of the security protocol, etc.

The AP contains a TCP/IP stack, which responds to ARP requests when a node tries to connect to it. Since wireless networks can allow multiple nodes, it is essential to have an authentication layer prior to letting data transfer take place. It is the APs responsibility to ensure this security, as well as to monitor packet transmission and data integrity.

Wi-Fi security
Since wireless networks don’t have built-in security mechanisms, a secure layer on top of the wireless protocol stack is achieved by encryption and authentication techniques such as WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access). This is especially important because, unlike a wired network, wireless signals can be easily intercepted using a signal-trapping device. Let’s discuss how these encryption techniques work, in detail.

To establish a secure channel, the client first sends an authentication request to the AP, and receives a challenge from it in text form. The client encrypts this text using the preconfigured key and sends it back. The AP decrypts it, and when it succeeds, replies to the client. If the keys don’t match, the request is dropped, and the client cannot connect to the AP. This method is called pre-shared authentication. In an improved version, the shared key is combined with the SSID of the wireless AP, to further toughen the encryption key logic. WEP encryption uses the RC4 algorithm on all packets that travel between the AP and the node. Unfortunately, these security mechanisms are either flawed by design, or are not adequate for IT infrastructures where data carried on wireless channels is sensitive.
With this basic understanding of Wi-Fi security, let us now discuss a few security attacks. In general, there are four categories of possible attacks.

Passive attacks: In this type, the attacker listens or eavesdrops on an open wireless channel by using a wireless modem rigged to work in a promiscuous mode. All traffic packets that contain important information, such as MAC addresses, packet sequences, etc, are stored. Passive attacks may not necessarily be malicious in nature, but help provide information for active attacks. Since passive attacks take place silently, they are almost impossible to detect and stop. Attackers using passive methods usually capture and store data, and use a packet-deciphering tool to decrypt it and steal information. This is especially true in case of the WEP protocol, due to its inherent lack of security. Passive attacks are also called wireless war-driving.

Active attacks: Once an attacker gets sufficient information by passive attacks, an active attack can be tried. Common examples are denial of service, IP spoofing, etc. In case of spoofing, the attacker gains access to an unauthorised wireless station, and performs packet crafting to impersonate a valid and authorised station. Wireless nodes are incapable of detecting this, and end up connecting to the attacker’s station and revealing information. By extending this technique, the attacker can now plant a denial of service attack on a particular node in order to disrupt its services. Typically, a SYN flood method is used, because it is sufficient to generate a packet storm on the given wireless connection bandwidth.

MITM attacks: We did explore man in the middle (MITM) attacks in one of the previous articles and most of that applies to wireless networks as well. The only technical difference here is that the attacker gains information of an actively used SSID of an AP, instead of an on-the-wire session. As shown in Figure 2, a dummy AP with exactly the same name is created by the attacker, and the signal power is raised to such an extent that the nodes are fooled into believing that it is the AP they should connect to. This creates an MITM situation. These dummy APs, also called rogue points, are usually set up close to the nodes to be hacked.
Signal-jamming attacks: Unlike the above techniques, this method uses wireless radio transmission techniques to create an attack. In this type, the attacker uses a powerful antenna and a signal generator, and creates frequency patterns in the same range as wireless signals. The frequency patterns are modulated with powerful radio frequency ripples, to create a wireless signal storm. This results in the jamming of the APs as well as the nodes, thus disabling their connectivity. While such an attack was just a theory previously, with a growing number of wireless networks these attacks have now occurred more often than earlier.
Besides these, there are a few other types of attacks, some of which make use of one or more of the attacks mentioned above.
802.11 injection attacks: Modern attackers tend to go deep into the protocol stack in order to plant an attack. For wireless networks, an attacker can first perform a passive attack to understand the protocol frame structure, and then create 802.11 protocol datagram frames and insert those into the network. This is usually done either to create a false packet stream as a hindrance for a wireless network, or to sniff the network further in an active mode. The response 802.11 frames are then captured again, interpreted and modified to perform an MITM attack. Since this attack happens at Layer 2, it is very tough to detect.
Wireless packet injection: Here, passive attacks are used to capture traffic, which is then analysed. However, there can be situations in which there won’t be enough traffic to generate sufficient data, which can lead to time-consuming or futile hacking efforts. Hence, attackers use wireless packet injection techniques whereby, besides the 802.11 frames, IP datagrams are sent to the target AP. Though the AP will drop such packets as unauthorised, this gives the attacker the necessary amount of traffic, which is captured and fed into key-cracking utilities. Since the attacker controls the packet-generator utility, specific data patterns are intentionally created to map the APs behaviour in terms of response packets, which further helps in reducing the cracking time.

PSK guessing: As we learnt earlier, a pre-shared key is used between the wireless AP and node to encrypt communication. Typically, administrators setting up Wi-Fi networks tend to leave the vendor-provided default key in place. Smart attackers usually first try to detect the manufacturer of wireless APs, and if that information is not available, they try to guess it and attempt to break the key.
Key cracking: Usually a pre-shared key should be enough to establish security. However, in case of WEP-based Wi-Fi networks, attackers can use passive methods to sniff and capture a lot of data, and subject it to key-cracking algorithms. As we saw earlier, WEP is a simple RC4 XOR type of encryption, and it only takes some amount of time to break into it. It had been demonstrated by attackers that a packet capture of more than 40000 can be sufficient data to crack a WEP key in minutes. With the introduction of WPA security features in a wireless AP, it became tough to break the key. However other brute-force attacks, such as statistical key guessing, dictionary attacks, etc, can be used to crack it.

Wireless attack detection
Before we talk about protecting the infrastructure, it is imperative to understand a few detection techniques. Unlike wired networks, a wireless network signal can be compromised easily, which makes detection difficult but certainly not impossible.

AP monitoring: As we learnt, securing the SSID of an AP or wireless router is very important. In a large organisation, keeping track of SSIDs can be a challenge; hence, this information should be programmatically stored in a secure database. Other crucial details, such as the MAC ID, IP restrictions, the wireless channel used, the beacon settings, wireless signal strength and bandwidth type are stored for each corresponding SSID. A wireless monitoring device, or a mobile device running monitoring software, is used to detect all stations and APs periodically, and the results are compared with the baseline database created earlier. Such routine audits ensure the integrity of router settings and thus the overall wireless network security.

Wi-Fi node monitoring: Along with the APs, each node needs to be monitored too. The technique is a bit different, though. For the nodes, a MAC-based security on the APs can be configured, whereby a particular AP would support only a set of MAC addresses. This ensures that the wireless client node cannot roam around beyond the configured zone, and if such a need arises the request can be fulfilled via an authorisation and approval process. For large organisations, this can result in systems administration overhead, in which case the nodes can be allowed to connect to all APs; however, each connection and disconnection can be logged and parsed for anomalous behaviour.

Traffic monitoring: Besides the above techniques, network administrators can periodically take samples of data from each AP, and check for denial of service and SYN flood attacks. Multiple connections and disconnections on a particular AP from one or more client nodes should also trigger a warning. As for Layer 2 attacks, a signal spectrum detection tool can be incorporated too, to detect signal-jamming situations.
 
Protecting FOSS systems
Along with the monitoring techniques, additional security measures are essential. For small networks, changing the default password and SSID of the AP is a must. Modern routers are equipped with a feature to disable the broadcasting of SSID, which should be turned on to ensure that passive sniffing attacks are thwarted to some extent. Periodically changing SSIDs is highly recommended, though it can be a tough task for a large number of wireless APs. To protect a Linux server farm hosted in a data-centre, the wireless signal strength of APs should be adjusted in such a way that it should be adequate for client nodes to connect and transfer data seamlessly, but at the same time it should not cross physical building boundaries, whereby it can be detected by a drive-by attacker.

Using WPA2 security instead of WEP is recommended. Besides, the shared key of WPA security should be long and complex enough to stop directory brute-force attacks. For large corporations, the Layer-7 wireless security software should be installed on client nodes as well as APs, to further strengthen the encryption process. For FOSS systems, using an X.509 certificate on either end of the wireless communication can help achieve cheaper yet effective security. Most famous flavours, such as Debian and Ubuntu, support WPA2 security with trimmings such as AES, TKIP and LEAP. Configuring those, along with MAC address filtering, and enabling firewall features can protect a serious server farm, yet let it enjoy the benefits of wireless networks.

Wireless attacks are, unfortunately, easy to carry out and difficult to detect. Modern data centres allow the presence of wireless networks connected to the product server farms, thus requiring the implementation of security measures. While there is no single solution to protect wireless networks, an appropriate combination of the techniques mentioned above can achieve adequate security. Wireless monitoring audits are an important activity that needs to be done by network administrators at regular intervals.

by -
0 102

The aim of this article is to get you up and running with CKEditor in two minutes.

Download

Visit the official CKEditor Download site. For a production site we recommend you choose the default Standard Package and click theDownload CKEditor button to get the .zip installation file. If you want to try out more editor features, you can download the Full Package instead.

Unpacking

Unpack (extract) the downloaded .zip archive to the ckeditor directory in the root of your website.

Trying Out

CKEditor comes with a collection of samples that you can try out to verify if the installation was successful as well as see some CKEditor usage scenarios, both basic and more advanced.

Open the following page in the browser: http://<your site>/ckeditor/samples/index.html

Browse the samples to see how CKEditor can be used and customized.

Adding CKEditor to Your Page

If the samples work correctly, you are ready to build your own site with CKEditor included.

To start, create a simple HTML page with a <textarea> element in it. You will then need to do two things:

  1. Add a call to the CKEditor script in the <script> element of your page.
  2. Use the CKEDITOR.replace() method to replace the existing <textarea> element with CKEditor.

See the following example:

<!DOCTYPE html>
<html>
    <head>
        <title>A Simple Page with CKEditor</title>
        <!-- Make sure the path to CKEditor is correct. -->
        <script src="../ckeditor.js"></script>
    </head>
    <body>
        <form>
            <textarea name="editor1" id="editor1" rows="10" cols="80">
                This is my textarea to be replaced with CKEditor.
            </textarea>
            <script>
                // Replace the <textarea id="editor1"> with a CKEditor
                // instance, using default configuration.
                CKEDITOR.replace( 'editor1' );
            </script>
        </form>
    </body>
</html>

When you are done, open your sample page in the browser.

Congratulations! You have just installed and used CKEditor on your own page in virtually no time!

Next Steps

Go ahead and play a bit more with the samples; try to add the same functionality to your own pages (you can always see the sample source for some hints). And when you are ready to dive a bit deeper into CKEditor, you can try the following:

  1. Check the Configuration section to see how to adjust the editor to your needs.
  2. Get familiar with Advanced Content Filter. This is a useful tool that adjusts the content inserted into CKEditor to the features that are enabled and filters out disallowed content.
  3. Modify your toolbar to only include the features that you need. You can find the complete list of all toolbar buttons available in your build in the “Toolbar Configurations” sample.
  4. Browse the Add-ons Repository for some additional plugins or skins.
  5. Use CKBuilder to create your custom CKEditor build.
  6. Browse the Developer’s Guide for some further ideas on what to do with CKEditor and join the community to discuss all things CKEditor with fellow developers!

“Xeams is a user friendly, free multi-platform mail server supporting SMTP, IMAP and POP3. It incorporates a powerful junk/ spam filtering engine that eliminates almost 99% of the junk mail.”

Xeams Spam filter email engine is developed using Java. Other open source software likeApache Tomcat– A web server used for the administrator console and Derby Apache – which provides an embedded JDBC, a relational database that is used for reporting purposes is also used.

Xeams is freely available to use and supports multiple platforms and multiple email servers, in fact all mail servers which have smart-host functionality. Xeams can work in 3 modes: Standalone server, Hybrid mode and Spam firewall. You can download Xeams from

http://www.xeams.com/Download.htm

Supported OS:

The OS supported by Xeams are

Windows – 2000, 2003, 2008, 2012, XP, Vista, or a newer version. Linux – any distribution, UNIX – Solaris, HP-UX, AIX, BSD, Mac OSx

Specs used for this walk through

OS 2008 R2.
RAM: – 2GB memory
Disk Space: -200 GB

No of IP:

Two IPs are used for Spam Firewall mode:

Exchange server 2013 with Multi role i.e. CAS and Mail Box role

Spam firewall:

In this mode Xeams sits in front of another email server, i.e. Microsoft Exchange or any other SMTP server. Every in-coming email filters through Xeams and only good messages are forwarded to the actual Exchange email server. Your users connect to the Exchange email server via email client and webmail to fetch and send email.

 


In this walk through we’ll see Xeams in the Spam firewall configuration on a Windows machine and its co-existence with Exchange 2013. Xeams installation is pretty simple, just a two click installation wizard asking installation path and the ‘Finish’ button

 NOTE: – This walk though concentrates ONLY on the configuration part that is necessary for Xeams Spam Firewall mode.

 After installation, the default browsers opens http://localhost:5272 OR http://SMTP-Server-IP:5272 web administration console and asks the user to set the Xeams admin password.

After login to the web console go to Server Configuration menu, click Server configuration.

1] Under Basic configuration, for Server Type select Spam firewall. The working mode Xeams will perform. Click Save

2] Under the Server Configuration menu set

‘SMTP Configuration’ –> ‘Basic Configuration’

Bind To: This is the IP through which outgoing emails will be send. Set ‘A’ and ‘PTR’ record on this IP.

In the Relaying Tab enable ‘Close Relay’ and mention the IP of the Exchange server and click SAVE

2] Under Server Configuration menu SMTP Proxy Configuration, check Enable SMTP Proxy, this enables to and fro emails passing between Exchange and Xeams.

MX record must be set on this IP

 

 2] Advance Configuration enable Multi-Domain if the Exchange mail server is authorize to receive email for multiple domains i.e. providing email service for multiple domains.

 

 Smtp HELO FQDN must have ‘A’ record configured on SMTP server IP.

 Configuring the Exchange server to use Xeams as Spam filter firewall.

 Login in to the Exchange server ECP with administrative privileges.

 1] Under Mail-Flow configuration click on Send connector. Highlight available Send connector and edit its configuration OR add a new Send connector enabling Route mail through smart hostand enter the Xeams SMTP server IP

 2] In the same way make changes in ‘receive connector’ to accept emails from Xeams server IP’s (Both IPs)

 

Xeams has multiple functionality that can be used as per requirement, it also gives you granular control over SPAM filter configuration like filtering email subject, attachment filter and email size, IP and domain whitelist/blacklist. All these settings can be fine-tuned using regular expression as well.

SOCIAL CONNECTIONS

1,074FansLike
10Subscribers+1
1,000FollowersFollow
542FollowersFollow